 |
| » |
|
|
| |
|
| » |
|
| » |
|
| » |
|
| » |
|
|
| |
|
| » |
|
| » |
|
| » |
|
|
| |
|
| » |
|
|
| |
|
| » |
|
|
| |
|
|
» |
|
| » |
|
|
| |
|
| » |
|
|
| | |
| | |
| |
|
|
|
 |
|
|
|
|
|
|
|
|
|
| |
Management
- Centralized endpoint policy management: endpoint testing policies are centrally managed by a single management server and shared by up to 10 enforcement servers
- Administration console: a Web-based console provides an easy-to-use interface for configuring endpoint policies and enforcement clusters as well as a dashboard-style interface for viewing the status of endpoint integrity testing
- Default testing policies: default testing policies provide a great starting point for endpoint testing and can be easily utilized as the basis for custom testing policies
- Network management server integration: the ProCurve Network Access Controller 800 management server is discovered and monitored by the ProCurve Manager (PCM) management platform to enable unified device and security management; the Web-based administration console of the ProCurve NAC 800 is integrated into the PCM management display for a cohesive management experience
Performance
- Efficient endpoint testing: typical endpoint testing can be completed in less than 10 seconds, avoiding lengthy wait times as endpoints are connected to the network
- Support for up to 25,000 concurrent endpoints in one management domain: each enforcement server can support up to 2,500 endpoints, and one management server can control up to 10 enforcement servers
Resiliency and high availability
- Enforcement server resiliency and redundancy: enable high network availability for mission-critical LAN deployments; enforcement servers continue to provide authentication and endpoint testing services in the absence of a management server and can be configured in clusters to provide redundancy and load-balancing for endpoint testing
Security
- Built-in RADIUS server: can perform authentication services or act as a proxy server for a remote RADIUS authentication service
- Flexible enforcement modes – offer multiple enforcement modes that can be used together and centrally managed by a single management server for sharing of endpoint policies and licenses:
- RADIUS integrates with RADIUS authentication to allow access only to authorized users and devices; uses RADIUS authorization capabilities to isolate endpoints for testing prior to providing complete network access and isolation of noncompliant endpoints
- DHCP integrates with DHCP servers to isolate and test endpoints before they are allowed to access production networks and interact with other network clients and resources
- Inline actively monitors a link for new endpoints and tests them before they are allowed to access the network; enables testing of remote endpoints connecting through a VPN concentrator
- Flexible testing methods – enables endpoint testing that meets the broad needs of most businesses, including solutions for both managed and unmanaged endpoints:
- Agent-based a permanent agent can be installed on endpoints to evaluate endpoint integrity status; it is the most efficient mode for managed endpoints that will continually connect to the network
- Transient agentan agent is temporarily downloaded to the endpoint to evaluate endpoint integrity, and then it enables unmanaged endpoints to be tested without the need to have an agent preloaded and remain on the endpoint
- Agentless uses administrative credentials for an endpoint along with native communications protocols to evaluate the endpoint integrity status; enables endpoints that are part of a managed domain or have known administrative credentials to be tested without ever loading an agent
- Endpoint integrity assessment – enables both pre-authentication and post-authentication testing of network-attached endpoints; includes an extensive set of built-in endpoint tests and is extensible to test for any prohibited or required software:
- Operating system versions, service pack levels, and hot fixes
- Security settings firewall, auto-update, and browser security settings
- Security software anti-virus, anti-spyware, firewalls
- Malware spyware, worms, viruses, trojans
- Applications peer-to-peer and instant messaging software
- Endpoint quarantine: policy-based enforcement allows for isolation of noncompliant endpoints
- Configurable remediation feedback: provides administrator customized feedback to users on how they can remediate their systems and be allowed full network access
Policy management
- Policy-based network access rights: integrate with ProCurve Identity Driven Manager (IDM) and network devices to apply centrally managed network access policies to be enforced at the edge of the network where users and devices attach; allow network administrators to easily create and maintain robust access policies, including secure guest access to appropriate network services, without risk to the network
Product Architecture
- The ProCurve Network Access Controller 800 can be configured to take on different roles in a secure network access solution:
- Management server a centralized server that manages and monitors multiple enforcement servers, including the endpoint integrity policies and centralized logging of endpoint authentication and test results, availability, and status
- Enforcement server provides RADIUS-based authentication of endpoints, along with testing of endpoints to evaluate compliance with endpoint integrity policies, policy-based isolation of noncompliant endpoints, and customized user feedback on how to remediate issues
- Combination server a single-server solution that combines the management server and enforcement server roles into a single appliance solution. A combination server only manages the enforcement server that is running in the combination server. A combination server can also be used in conjunction with ProCurve Identity Driven Manager (IDM) to provide RADIUS-based authentication and the IDM adaptive networking capabilities without endpoint integrity testing
-
Note endpoint integrity testing is a capability that requires the additional purchase of ProCurve Endpoint Integrity Agent licenses which are available in four increments: J9066A – 100 clients, J9067A – 250 clients, J9068A – 1,000 clients, J9069A – 5,000 clients. These licenses are additive, and multiple licenses can be added to one management server
»Return to top
|
|
|
|
|
|
|
