Idm architecture, Idm architecture -6 – HP Identity Driven Manager Software Series User Manual

1-6

About ProCurve Identity Driven Manager
Introduction

IDM Architecture

In IDM, when a user attempts to connect to the network through an edge
switch, the user is authenticated via the RADIUS Server and user directory.
Then, IDM is used to return the user’s "access profile" along with the authen-
tication response from RADIUS to the switch. The IDM information is used to
dynamically configure the edge switch to provide the appropriate authoriza-
tions to the user, that is, what VLAN the user can access, and what resources
(QoS, bandwidth) the user gets.

The following figure illustrates the IDM architecture and how it fits in with
RADIUS.

Figure 1-4. IDM Architecture

IDM consists of an IDM Agent that is co-resident on the RADIUS server, and
an IDM Server that is co-resident with PCM+. Configuration and access
management tasks are handled via the IDM GUI on the PCM+ management
workstation.

The IDM agent includes:

•

A RADIUS interface that captures user authentication information
from the RADIUS server and passes the applicable user data (user-
name, location, time of request) to the IDM Decision Manager. The
interface also passes user access parameters from IDM to the RADIUS
server.