Security Solutions

1-58

Access Control Concepts

ProCurve IDM

ProCurve IDM manages RADIUS servers, including NAC 800s.

IDM is a centralized, easy-to-use solution for assigning network rights to users.

It offers fine-grained network access control that is based on user iden-

tity—and other configurable criteria—rather than on network equipment

alone.

The IDM server runs as a plug-in to the ProCurve Manager Plus (PCM+)

network management software and provides configuration and event logging

services to the IDM agent. An easy-to-use interface enables straightforward

management of access policy groups.

Each access policy group consists of a list of users and rules that control the

users’ access. You can manually import lists of users from a directory, or IDM

can synchronize with AD and automatically import complete domain groups

as access policy groups.

Access policy rules match a group’s users to profiles—VLAN assignments,

QoS parameters, bandwidth restrictions, and ACL settings—based on these

criteria:

■ Time of access

■ Location of access

■ WLAN

■ System

■ Endpoint integrity posture—if you are using NAC 800s

These rules become policy instructions, which the IDM agent residing in the

RADIUS server and examining authentication requests, feeds to the RADIUS

server. Although configured on the IDM server, the policy instructions are

pushed to the IDM agent that resides on the RADIUS server, making them

permanently available to the RADIUS server.