Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
51525354555657585960
1-45
Access Control Concepts
ProCurve NAC 800
ProCurve NAC 800
You should now have a solid grounding in access control concepts, both those
relating to authentication and those relating to endpoint integrity. Let’s turn
to ProCurve’s network access controller, the NAC 800—a versatile solution
that can provide both types of access control:
Endpoint integrity alone
RADIUS authentication alone
Endpoint integrity and RADIUS authentication integrated together
Depending on the services that you require, you can choose one of three
deployment methods for your NAC 800; these deployment methods corre-
spond to the three standard quarantine methods described in “Quarantine
Methods” on page 1-42.
The following sections describe the variety of services provided by the NAC
800; they also walk you, step-by-step, through the processes by which the NAC
800 provides these services.
Note A particular NAC 800 provides different services based on its server type. You
will learn more about selecting the appropriate server types later. For now,
these brief descriptions will help you follow the discussion below:
MS—A management server (MS) stores NAC policies and manages
enforcement clusters, which consist of multiple enforcement servers
(ESs).
ES—An ES tests endpoints’ integrity and enforces access control
decisions.
CS—A CS acts as a stand-alone device, performing all MS and ES roles.
NAC 800 as an Endpoint Integrity Only Solution
The NAC 800 can make policy decisions based on endpoint integrity alone. It
tests endpoints for compliance with security policies called NAC policies and
decides whether to grant the endpoints network access or quarantine them.