HP Access Control Client Software based, Ease of, endpoints, deployment, Unsupported, application, Permanent-agent, Combined Solutions, Requirements on the, Minimal impact on users and

Access Control Concepts

Network Access Control Technologies

Agentless solutions have several benefits:

■Ease of deployment—Time and resources are saved because agentless solutions do not require users to install software on their endpoint. And you do not have to train users to set up their endpoints for testing: in most cases, the native applications that provide agent functions are already active.

■Minimal impact on users and endpoints—In many cases, agentless testing can proceed from beginning to end without any user interaction. In addition, the endpoint neither has to store a permanent agent nor download a transient agent.

You might, however, encounter issues with:

■Unsupported endpoints—The endpoint must have the proper applica- tion for the agentless solution to function.

■Requirements on the application—The application enlisted to fulfill the role of the endpoint integrity agent was not designed specifically for that purpose. To use the application, the network access controller must follow its rules. For example, RPC requires the network access controller to submit administrator credentials to the endpoint. For this reason, this agentless solution functions best on endpoints that are managed members of a Windows domain (all have the same credentials).

Combined Solutions. Some network access controllers offer multiple testing methods to accommodate various needs. The ProCurve NAC 800, in fact, provides all three.

Endpoint Requirements for Integrity Checking

The endpoint requirements for integrity checking depend almost entirely on the testing method implemented by the network access controller.

In general, the endpoint requires the following for each method:

■Permanent-agentbased—installation of an agent designed for the net- work access controller

1-40