HP PCM+ Identity Driven Manager v4 Software Module @ 500-user License J9752A Data Sheet
Product codes
J9752A
2
Features and benefits
Performance
• Traffic prioritization: can be automatically
applied to each session based on user, device,
location, and time of day, allowing appropriate
prioritization of network traffic
location, and time of day, allowing appropriate
prioritization of network traffic
• Rate limiting: inbound and outbound rate limits
can be automatically applied to a session in order
to limit the impact of lower-priority connections and
reserve bandwidth for important business use
to limit the impact of lower-priority connections and
reserve bandwidth for important business use
Security
• Policy-based network access rights: network
access policies specifying network security and
performance are defined based on the user, time,
location, device, and endpoint posture and then
dynamically enforced at the edge of the network,
where users and devices connect
performance are defined based on the user, time,
location, device, and endpoint posture and then
dynamically enforced at the edge of the network,
where users and devices connect
• Automatic VLAN assignment: users can be
automatically assigned to the appropriate VLAN
based on their identity, device, device posture,
location, and time of day
based on their identity, device, device posture,
location, and time of day
• User-based access control lists (ACLs): users
can be allowed or denied access to network
resources (e.g., servers, printers) based on the
destination IP address or a range of IP addresses,
and/or to network services (e.g., Web pages,
instant messaging, or FTP) based on well-known or
user-defined TCP/UDP ports
resources (e.g., servers, printers) based on the
destination IP address or a range of IP addresses,
and/or to network services (e.g., Web pages,
instant messaging, or FTP) based on well-known or
user-defined TCP/UDP ports
• Endpoint posture awareness: when used with
an endpoint integrity solution such as Microsoft
Network Access Protection (NAP) or the StillSecure
Safe Access solution, access policies can be based
on the posture of the endpoint connecting to the
network, allowing noncompliant endpoints to be
isolated until they comply with organizational
policies
Network Access Protection (NAP) or the StillSecure
Safe Access solution, access policies can be based
on the posture of the endpoint connecting to the
network, allowing noncompliant endpoints to be
isolated until they comply with organizational
policies
Integration
• HP network management solutions:
– HP PCM Plus: IDM is delivered on the HP PCM+
Secure Domain Architecture, which delivers
increased scalability and security
increased scalability and security
– HP Network Immunity Manager: IDM
delivers enhanced integration with HP Network
Immunity Manager, which monitors the network
for threats and applies policy-based mitigations to
offending endpoints or users; IDM and NIM work
together to provide consistent and effective
network security
Immunity Manager, which monitors the network
for threats and applies policy-based mitigations to
offending endpoints or users; IDM and NIM work
together to provide consistent and effective
network security
• RADIUS authentication servers: integrates with
standard RADIUS authentication servers, including
Microsoft Network Policy Server (NPS), Microsoft
Internet Authentication Service (IAS), and
FreeRADIUS on Linux platforms, enforcing network
access policies through RADIUS authentication and
authorization
Microsoft Network Policy Server (NPS), Microsoft
Internet Authentication Service (IAS), and
FreeRADIUS on Linux platforms, enforcing network
access policies through RADIUS authentication and
authorization
• Microsoft Network Access Protection (NAP):
cooperates with Microsoft NAP, bringing together
NAP endpoint health status with IDM network access
policy enforcement
NAP endpoint health status with IDM network access
policy enforcement
• User directory integration:
– Microsoft Active Directory: connects to
Microsoft Active Directory, automatically mapping
Active Directory group membership to IDM Access
Policy Groups; changes made in Active Directory
are reflected in IDM so that user management
occurs in one centralized place
Active Directory group membership to IDM Access
Policy Groups; changes made in Active Directory
are reflected in IDM so that user management
occurs in one centralized place
– LDAP directories or XML files: user and
group membership can be imported from an LDAP
directory or XML file
directory or XML file
Ease of use
•
NEW
Simple Network Access Control:
– Self-registration: reduces administration effort
by enabling end users to add themselves to the
access control database; user access is validated
via an Active Directory; no additional software is
required on end-user systems
access control database; user access is validated
via an Active Directory; no additional software is
required on end-user systems
– Auto-allow groups: devices such as IP phones,
printers, and certain uncontrolled devices can be
given network access and segregated by device
type
given network access and segregated by device
type
• Graphical user interface (GUI): IDM provides
a powerful GUI for defining network access policies
and monitoring users on the network; administrators
can quickly see which users are currently on the
network and easily drill down to know where and
when they connected
and monitoring users on the network; administrators
can quickly see which users are currently on the
network and easily drill down to know where and
when they connected