| Access Control Concepts |
| ProCurve IDM |
|
|
N o t e | The IDM server and the PCM+ server can run on the same hardware as the |
| RADIUS server and the IDM agent. For example, you could install PCM+/IDM, |
| IAS, and the IDM agent on the same Windows Server 2003. |
| However, IDM often controls multiple RADIUS servers running on other |
| devices. Those RADIUS servers also require the IDM agent. You must install |
| the IDM agent on a |
| includes the agent. |
| In short, IDM allows you to set up a network access policy at the center of |
| |
| your network and apply it dynamically at the edges. For example: |
■
■
■
You can allow contract workers access to the network only from their desks within normal working hours on weekdays; but you can allow your
You can allow guests network access only from lobbies or conference rooms, and you can restrict them to Internet connections with limited bandwidth. Employees, on the other hand, have access to all their normal network resources at full speed even from those same lobbies and conference rooms.
You can limit access to sensitive network resources (such as accounting and personnel servers or patient information databases) to employees from the appropriate departments while denying access to employees from other departments. For example, a security policy could dictate that a certain user has access to Accounting Department resources. The RADIUS server sends the PEP instructions specifying the correct ACLs to apply to the user’s port.
■You can alter the resources that users can access depending on the WLAN through which they connect. For example, your organization might offer two wireless networks: one, intended for employees, that enforces WPA2 security and one, intended for guests, that enforces
■You can assign users with
The figure below shows the difference between the standard RADIUS process and the process with IDM.