Thursday, 16 February 2012

IDM Today and Tomorrow


ProCurve solutions are inherently flexible and enable companies to enhance their networks over
time, not continually rip and replace as new technologies become available.
Today’s ProCurve PDM solutions authenticate individuals using RADIUS-based technologies
already in place. Traditional authentication processes were a yes/no affair. If a user successfully
authenticated, he or she was allowed on the network largely without restriction. If not, he or
she was simply denied access. In contrast, ProCurve PDM solutions authenticate users based on
5
several factors, including their identity, client device, location, time of day and services for
which they are given access rights.
Posted by at No comments:

ProCurve Networking’s Approach to IDM


ProCurve is a leader in enabling business-driven networks that behave uniquely and
appropriately for every user. The foundation of such a network is the ProCurve Adaptive EDGE
Architecture™, which delivers continuous command from the center with control to the edge.
With intelligence pushed to the edge, security is enhanced, traffic prioritization is improved, and
users can connect anytime, anywhere with a singular view of the network. With command from
the center, companies have centralized control of network configuration, making it easier to
implement new applications and support new traffic types across the enterprise.
More importantly, with command from the center and control to the edge, the network is able to
adapt dynamically to business and user needs.
ProCurve IDM solutions use command from the center to dynamically automate the
configuration of the edge to provide unique behavior for every individual or group. Control to
the edge allows switch and access point features to make correct decisions at the perimeter of
the network. This creates the ability to easily manage and facilitate:
Posted by at No comments:

Performance

Network performance can also be compromised through this model because various individuals
and groups have diverse networking needs. For example, an engineering organization may need
constant, uninterrupted access to high-bandwidth services such as computer-automated design
(CAD) applications, whereas guests may need only Internet access. However, with the network
behaving uniformly for every user, there is no prioritization for these particular individuals or
the groups with which they are associated. This hinders an organization’s ability to create
efficiencies and maximize network performance based on factors such as traffic, bandwidth and
QoS propagation.
Posted by at No comments:

Management


The traditional model of device- and connection-centric infrastructure also renders network
management complex and expensive. Network administrators have to manually configure each
core routing switch and edge switch to behave a particular way for a particular client or service.
There is no specificity of network behavior based on individuals or groups with varying network
3
requirements. The result is a static, rigid infrastructure that, once configured, does not change
or adapt.
Nevertheless, change is an inescapable truism in the business world. With organizational and
technological needs continually evolving – new applications and network services, new edge
switches, wireless network connections, new clients that connect to the network, new
employees, etc. – companies get locked into an ongoing, time-consuming, expensive cycle of
network reconfigurations, redesigns and upgrades.
Posted by at No comments:

Security


Security is frequently compromised and difficult to manage with traditional network access
strategies. Since the infrastructure is able only to recognize clients connecting to the network,
there are no safeguards to identify the people operating these clients. And since all decisionmaking
and access enforcement responsibilities reside in the core devices, users are oftentimes
already on the network before the core routing switches are able to identify and approve their
clients’ access rights, if at all. Furthermore, networks are frequently left wide open within a
building or campus, with security gates being relegated to users logging on remotely; few, if
any, safeguards exist at the port level. Consequently, most enterprise networks offer minimal,
inconsistent security checks, clearing the way for malicious traffic to infiltrate the infrastructure.
Posted by at No comments:

The Old Model: Technology Driven Network Access


Network management and operation has traditionally, and quite obviously, been a technologyfocused
endeavor. Getting enterprise networks up and running and maintaining performance
over time has required a distinct focus on connection facilitation. The emphasis has been to
make sure various clients, such as personal computers (PCs), laptops and personal digital
assistants (PDAs), can link to the network from various locations, such as a local area network
(LAN) or dial-up connection.
The network’s principal responsibilities, therefore, have been discovering devices, ensuring they
are properly configured and establishing the linkage between those devices and the services
residing on the network. Largely disregarded, however, have been users’ varying access,
application, bandwidth and quality of service (QoS) needs.
With this old model, all network intelligence and decision-making abilities are placed in the core
devices, handling device identification and enforcement of access and security policies. Basic,
simplistic configuration is employed for basic, simplistic connectivity across multiple domains to
ensure the core switches can handle all identification and connection decisions. Conversely,
edge devices are essentially brainless and unable to assist in the authentication and connection
process. They are able only to pass packets to the core routing switch, with no recognition or
decision-making capacity.
As a result, the infrastructure behaves uniformly no matter what user is connecting to the
network, whether it is a guest or a CIO. In fact, the network is unable to distinguish among
different users, and is capable only of recognizing the devices through which these users are
trying to connect.
This traditional model of network management and access facilitation not only hinders
workforce productivity, but also creates several problems and limitations. Chief among them are
challenges associated with network security, management, performance and operation.
Posted by at No comments:

Introduction

In establishing their information technology (IT) networks, companies have traditionally focused
on the connection between user devices and the corporate infrastructure, ignoring the unique
needs of individuals and groups using the network. Not only does this emphasis hinder
workforce productivity, it also creates problems for network security, management and
performance.
A new strategy is to implement identity driven management (PDM) functionality that is able to
automatically configure the network edge through security and performance policies defined on
a centrally administered management server. These PDM solutions facilitate business-driven
networks that behave uniquely and appropriately for every user.
This paper describes traditional network access management strategies and defines ProCurve
Networking by ProCurve’s approach to a new, identity driven methodology. It also highlights the
benefits that can be attained by deploying ProCurve PDM solutions.
Posted by at No comments:
Subscribe to: Posts (Atom)