Why idm, Why idm? -3 – HP Identity Driven Manager Software Series User Manual

1-3

About ProCurve Identity Driven Manager

Introduction

Why IDM?

Today, access control using a RADIUS system and ProCurve devices (switches
or wireless access points) is typically made up of several steps.

Figure 1-2. Current Access Control process

1.

A client (user) attempts to connect to the network.

2.

The edge device recognizes a connection state change, and requests
identifying information about the client. This can include MAC address,
username and password, or more complex information.

3.

The switch forwards an access request, including the client information
to the authentication server (RADIUS).

4.

The RADIUS server validates the user’s identity in the user directory,
which can be an Active Directory, database or flat file. Based on the
validation result received from the user directory, the authentication
server returns an accept or deny response to the switch.

5.

If the user is authenticated, the ProCurve device grants the user access to
the network. If the user is not authenticated, access is denied.

For networks using IDM, access control is enhanced to include authorization
parameters along with the authentication response. IDM enhances existing
network security by adding network authorization information, with access
and resource usage parameters, to the existing authentication process. Using
IDM you can assign access rights and connection attributes at the network
switch, with dynamic configuration based on the time, place, and client that
is generating the access request.