Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
329330331332333334335336337338
A-28
Addendum to the ProCurve Access Control Security Design Guide
Updating the Access Control Design Process
several components on the NPS and policy enforcement points. Because the
NAP solution tends to be more distributed, it may require more management
resources to maintain.
For either solution, IDM increases manageability. In the graphical interface of
IDM, you easily set up access controls based on endpoint integrity. IDM also
enhances NPS by dynamically managing the access rights on a per-session
basis.
In short, both solutions require a degree of setup. If your company must
upgrade its servers to Windows Server 2008 or its stations to Windows XP or
Windows Vista, this effort will make it more difficult to deploy NAP. However,
your company may be planning these upgrades for other reasons. In that case,
deploying the NAC 800 may add more work.
Keep in mind that whichever option you select, IDM dramatically improves
the manageability and functionality.
Examples. PCU has not upgraded to Vista and Windows Server 2008, and it
does not want to do so at this time. Network administrators suggest deploying
NAC 800 managed by IDM.
Again, ProCurve, Inc. has upgraded to Visa and Windows Server 2008. These
network administrators recommend NAP because they think it will be easier
to configure another service on the Windows Server 2008. They also recom-
mend using IDM to make management that much easier.
Interoperability Requirements
Finally, you should consider your network’s interoperability requirements. If
you prefer the suite of Windows security solutions and services, you can select
NAP, in which all the servers interact with each other. At this point, the NAC
800 does not interoperate with NAP. However, IDM does support NAP fully,
and you can still use IDM to manage all of your access controls.
If you require interoperability in a heterogeneous requirement, you should
select the NAC 800. The NAC 800 follows industry standards, whereas NAP
does not. For example, NAP uses non-standard EAP and VPN extensions, so
it might not work with your existing solutions. NAP also specifies proprietary
DHCP options, requiring you to use the Windows Server 2008 DHCP service.
Because the NAC 800 follows industry-standards, it will continue to interop-
erate with other products in the future, protecting your investment.