Using the idm auto-discover feature, Idm configuration process overview – HP Identity Driven Manager Software Series User Manual

Getting Started

Before You Begin

The IDM Client is included with the PCM+ software. To install a remote PCM/
IDM Client, download the PCM Client to a remote PC using the same process
as for installing the IDM Agent, just select the PCM Client option from the PCM
server. For details, see the ProCurve Manager Getting Started Guide.

Using the IDM Auto-Discover Feature

You can manually configure the RADIUS server, Realms, and Users in IDM, or
you can let IDM do the hard work for you. Just install the IDM Agent on the
system with the RADIUS Server, then let it run to collect the information as
users log into the network. Even after you begin creating configurations in
IDM, it will continue to collect information on new users, and Realms and pass
that information to the IDM server.

If you are using multiple RADIUS servers, you need to install an IDM Agent
on each of the servers. The IDM Agent collects information only on the system
where it is installed. The IDM client can display information for all RADIUS
servers where the IDM Agent is installed.

When you start the IDM Client and expand the navigation tree in the IDM Home
tab, you will see any discovered or defined Realms found on the RADIUS
server, along with the IP Address for the RADIUS Server(s).

IDM Configuration Process Overview

To configure IDM to provide access control on your network, first let IDM run
long enough to "discover" the Realms, RADIUS servers, and users on your
network. Once IDM has performed these tasks for you, your configuration
process would be as follows:

1. If you intend to use them, define "locations" from which users will access

the network. A location may relate to port-based VLANS, or to all ports
on a device. (See page 3-4)

2. If you intend to use them, define "times" at which users are allowed or

denied access. This can be by day, week or even hour. (See page 3-9)

3. If you intend to restrict a user access to specific systems, you need to set

the User profile to include the MAC address for each system that the user
is allowed to login on. (See page 3-28)

4. Create the Access Profiles, to set the VLAN, QoS, and rate-limits (band-

width) that are applied to users in an Access Policy Group. (See page 3-13)

2-3