Hp Identity Driven Manager Software Series Uživatelský manuál

Identity Driven Manager 1.0 User’s Guide The safe and simple way to manage network policies

About ProCurve Identity Driven Manager Introduction When using IDM, the authentication process proceeds as described in the first three steps, but fro

About ProCurve Identity Driven Manager Introduction IDM Architecture In IDM, when a user attempts to connect to the network through an edge switch, th

About ProCurve Identity Driven Manager Introduction • A Decision Manager that receives the user data and checks it against user data in the local IDM

About ProCurve Identity Driven Manager Terminology Terminology Authentication The process of proving the user’s identity. In networks this involves t

About ProCurve Identity Driven Manager IDM Specifications IDM Specifications Supported Devices ProCurve Identity Driven Manager (IDM) supports authori

About ProCurve Identity Driven Manager IDM Specifications Additional Requirements Implementation of an access control method, using either MAC-auth

About ProCurve Identity Driven Manager Registering Your IDM Software Registering Your IDM Software The ProCurve Manager installation CD includes a ful

About ProCurve Identity Driven Manager Registering Your IDM Software Figure 2. ProCurve License Administration dialogue You can also get to this scree

About ProCurve Identity Driven Manager Learning to Use ProCurve IDM Learning to Use ProCurve IDM The following information is available for learning t

2 Getting Started Chapter Contents Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Installing the IDM A

Getting Started Before You Begin Before You Begin If you have not already done so, please review the list of supported devices and operating requireme

Getting Started Before You Begin The IDM Client is included with the PCM+ software. To install a remote PCM/ IDM Client, download the PCM Client to a

Getting Started Before You Begin 5. Create an Access Policy Group, with rules containing the Location, Time, System, and Access Profile that is appli

Getting Started Before You Begin Understanding the IDM Model The first thing to understand, is that IDM works within the general concept of ‘domains’

Getting Started IDM GUI Overview IDM GUI Overview To use the IDM client, launch the PCM Client on your PC. Select the ProCurve Manager option from the

Getting Started IDM GUI Overview Select the IDM Tree tab at the bottom left of the PCM window to display the IDM Home window. Figure 2-2. IDM Home Win

Getting Started IDM GUI Overview IDM Dashboard The IDM Dashboard tab (window) contains four separate panels, described below. Identity Management Stat

Getting Started IDM GUI Overview Using the Navigation Tree The navigation tree in the left pane of the IDM window provides access to IDM features usin

Getting Started IDM GUI Overview Click the Users tab, underneath the realm Properties tab, to view a list of users in the Realm that were discovered b

Getting Started IDM GUI Overview Click the individual group node in the tree to display the properties. Figure 2-7. Access Policy Group Properties tab

ProCurve Identity Driven Manager Software Release 1.0 User’s Guide

Getting Started IDM GUI Overview You can expand the RADIUS Servers node to view the servers in the tree. Click the individual server to display the RA

Getting Started IDM GUI Overview Toolbars and Menus Because IDM is a module within PCM, it uses the same Main Menu and Global toolbar functions. Indiv

Getting Started Using IDM as a Monitoring Tool Using IDM as a Monitoring Tool As we stated at the start of this chapter, it is best to install the IDM

Getting Started Using IDM as a Monitoring Tool The default IDM settings are: • "Allow unknown users to access the network", and "Do no

Getting Started Using IDM as a Monitoring Tool Using IDM Reports IDM provides reports designed to help you monitor and analyze usage patterns for netw

Getting Started Using IDM as a Monitoring Tool Configuration Report: The Configuration Report provides information for each Realm and RADIUS server th

Getting Started Using IDM as a Monitoring Tool IDM Session Cleanup Policy The IDM Session Cleanup Policy is included in the PCM+ policies by default w

Getting Started Using IDM as a Monitoring Tool 4. Set the Start Date for enforcement of the policy. The default is the start date and time for IDM. Y

Getting Started Using IDM as a Monitoring Tool 2-20

3 Using Identity Driven Manager Chapter Contents IDM Configuration Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2€Configuration

© Copyright 2004 Hewlett-Packard Company All Rights Reserved. This document contains information which is protected by copyright. Reproduction, adapta

Using Identity Driven Manager IDM Configuration Model IDM Configuration Model As described in the IDM model on page 2-5, everything relates to the top

Using Identity Driven Manager IDM Configuration Model 5. Create an Access Policy Group, with rules containing the Location, Time, System, and Access

Using Identity Driven Manager Configuring Locations Configuring Locations Locations in IDM identify the switch and/or ports on the switch where users

Using Identity Driven Manager Configuring Locations 2. Type in a Name for the location 3. Type in a Description for the location 4. Click "New

Using Identity Driven Manager Configuring Locations 7. Click Ok to save the New Device settings to the Location, and close the window. 8. The Device

Using Identity Driven Manager Configuring Locations 4. Edit the Name and Description as needed. • To delete a device, select the device in the list,

Using Identity Driven Manager Configuring Locations Deleting a Location To remove an existing Location: 1. Click the "Show Location" icon i

Using Identity Driven Manager Configuring Times Configuring Times Times are used to define the hours and days when a user can connect to the network.

Using Identity Driven Manager Configuring Times 2. Click the "Create new Time" toolbar icon to display the "Create a new Time" wi

Using Identity Driven Manager Configuring Times 4. Click Ok to save the new "Time" and close the window. The new time appears in the Show T

Contents 1 About ProCurve Identity Driven Manager Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Using Identity Driven Manager Configuring Access Profiles Configuring Access Profiles IDM uses an Access Profile to set the VLAN, QoS, and Bandwidth (

Using Identity Driven Manager Configuring Access Profiles Creating a New Access Profile 1. Click the "Show Access Profiles" icon on the Glo

Using Identity Driven Manager Configuring Access Profiles NOTE: If you set a VLAN in the Access Profile that is applied to a user during the authenti

Using Identity Driven Manager Defining Access Policy Groups Defining Access Policy Groups An Access Policy Group (APG) consists of a set of rules that

Using Identity Driven Manager Defining Access Policy Groups Creating an Access Policy Group 1. Click the Access Policy Group node in the IDM tree to

Using Identity Driven Manager Defining Access Policy Groups 4. Click "New Rule" to enable the Rule fields. 5. Select an option from the pu

Using Identity Driven Manager Defining Access Policy Groups When the user is authenticated, IDM checks the Access Policies in the order listed. If it

Using Identity Driven Manager Configuring User Access Configuring User Access The process of configuring User access to network resources using IDM is

Using Identity Driven Manager Configuring User Access Last Login Attempt Date and time the user last attempted to log in, regardless if the login fai

Using Identity Driven Manager Configuring User Access 2. Click the Add Users to APG icon in the toolbar to display the Assign Users to Access Policy

Contents Configuring Access Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 Defining Access Policy Groups

Using Identity Driven Manager Deploying Configurations to the Agent Deploying Configurations to the Agent Once you have configured the Access Policy G

Using Identity Driven Manager Using Manual Configuration Using Manual Configuration It is simplest to let the IDM Agent run and collect information ab

Using Identity Driven Manager Using Manual Configuration Modifying and Deleting Realms To modify an existing Realm: 1. Select the Realm in the Realm

Using Identity Driven Manager Using Manual Configuration Defining RADIUS Servers You can let the IDM Agent learn about the RADIUS server on which it i

Using Identity Driven Manager Using Manual Configuration Modifying and Deleting RADIUS Servers To modify an existing RADIUS Server: 1. Use the IDM Tr

Using Identity Driven Manager Using Manual Configuration Adding New Users You can let the IDM Agent automatically learn about the users from the RADIU

Using Identity Driven Manager Using Manual Configuration Configuring User Systems 4. To restrict the user’s access to specific systems, click "N

Using Identity Driven Manager Using Manual Configuration Modifying and Deleting Users To modify an existing User: 1. Select the User in the User List

Using Identity Driven Manager Using Manual Configuration (This page is intentionally unsused) 3-30

4 Troubleshooting IDM Chapter Contents IDM Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2€Using Event F

1 About ProCurve Identity Driven Manager Chapter Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Troubleshooting IDM IDM Events IDM Events The IDM Events window is used to view and manage IDM events generated by the IDM application or the IDM Agen

Troubleshooting IDM IDM Events Date The Date column lists the date and time when the event occurred, given in MM/DD/YY/HH:MM format. Description The

Troubleshooting IDM IDM Events To delete an IDM event: 1. Click the Events tab on the IDM Dashboard window to display the IDM Events window. 2. Sele

Troubleshooting IDM IDM Events 2. In the Manage Filters window, click "New" to display the New Filter window. 3. Click the Filter Type dro

Troubleshooting IDM IDM Events 6. In the Criteria field, enter the criteria used to select events. The Criteria field works in conjunction with the O

Troubleshooting IDM IDM Events 4. Modify the filter attributes. 5. Click Ok to save your changes and close the Modify Filters window. The changes to

Troubleshooting IDM IDM Events 2. To delete IDM events once they are acknowledged, select the "Auto delete acknowledged events" checkbox. 3

Troubleshooting IDM Using Decision Manager Tracing Using Decision Manager Tracing IDM provides a tracing tool (DMConfig.prp) and log file (DM-IDMDM.lo

Troubleshooting IDMUsing Decision Manager Tracing(This page is intentionally unused) 4-10

A IDM Technical Reference Device Support for IDM Functionality Due to variations in hardware and software configuration of various ProCurve Devices, n

About ProCurve Identity Driven Manager Introduction Introduction Network usage has skyrocketed with the expansion of the Internet, wireless, and conve

IDM Technical Reference Best Practices Best Practices Authentication Methods The IDM application is designed to support RADIUS server implementation w

IDM Technical Reference Best Practices Handling Unknown or Unauthorized users If a user is authenticated in RADIUS, but is unknown to IDM, IDM will no

IDM Technical Reference Best Practices In this instance, if the user attempts to login in during the times specified for the Weekends, they will be re

IDM Technical Reference Types of User Events Types of User Events The USER_FAILED_LOGIN event happens whenever RADIUS sends IDM a message of an unsucc

IDM Technical Reference Types of User Events This page is intentionally unused A-6

Index A Access Policy order 3-17 Access Policy Group 3-15 Assignments 3-20 delete 3-18 edit 3-18 new 3-16 working with A-3 Access Profile 3-12

new 3-23 Rejecting access A-3 Rules sequence 3-17 Rules, evaluation 3-17 S Switch Override 3-13 T Times 3-9 changing 3-11 delete 3-11 new 3-9

© 1994–2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP

About ProCurve Identity Driven Manager Introduction Why IDM? Today, access control using a RADIUS system and ProCurve devices (switches or wireless ac