HP has comparable solutions to the Cisco ISE solution, however, these solutions are integrated into their overall network management system, IMC. Unfortunately for Cisco, their mangaement systems have allways been randomly devleoped and do not integrate into an overall management framework. IMC is a comprehensive element manager for network component covering all of the FCAPS domains. It can be hierarchically implemented to support over 20’000 nodes. I thought that the following demo was an easy way to get an overview of the product and what it can do: http://h17007.www1.hp.com/us/en/demos/hpnw001.aspx
The two components which provide the dot1x and NAC services are User Access Manager (UAM) and Endpoint Admission Defense (EAD). Each can be purchased as modules which are add-ons to the base IMC platform. Unfortunately, it is very difficult to understand all of the features available, since the documentation is only available in some scripted screen shot videos and much of the options and features are omitted. Also being able to understand what alternative scenarios other than the ones presented in these videos is not possible.
UAM is a AAA/RADIUS server which provides the dot1x authentiction using a variety of methods. It supports integration with AD, supports machine certificates for TLS authentication, etc. From what I can see it seems to be a fairly complete package.
EAC manages the posture of the client, based on the iNODE NAC client. EAC and iNODE also manage the remediation. Access to the productive and remediation networks are controlled using dynamic access lists.
The iNODE intelligent client is the HP 802.1x / NAC supplicant which works together with UAM and EAD to perform the dot1x authentication and determine the posture of a client before it gets access to the network. There is no specific documentation about using Windows7 dot1x supplicant to support authentication nor is there any information about integration with the NAP architecture for posture checking. Both would be needed if you didn’t want to install the iNODE client.
Leave a Reply
You must be logged in to post a comment.