beautypg.com

Idm configuration model, Configuration process review, Configuration process review -2 – HP Identity Driven Manager Software Series User Manual

Page 40

background image

Using Identity Driven Manager
IDM Configuration Model

IDM Configuration Model

As described in the IDM model on page 2-5, everything relates to the top level,
or Realm. Each User in the Realm belongs to an Access Policy Group (APG).
The APG has an Access Policy defined for it that governs the access rights that
are applied to its Users as they enter the network.

The Access Policy is defined using a set of Access Rules. These rules take
three inputs:

Location (where is the user accessing the network from?)

Time (what time is the user accessing the network?)

System (from what system is the user accessing the network?)

Using these input parameters, IDM evaluates each of the rules. When a
matching rule is found, then the access rights (called an Access Profile)
associated with that rule are applied to the user. The Access Profile defines
the VLAN, QoS, and rate-limits (Bandwidth) that are applied to the user as
they access the network. Thus, based on the rules defined in the APG, the user
gets the appropriate level of access to the network.

In summary, for identity driven management each user in a Realm belongs to
an Access Policy Group. The Access Policy Group defines the rules that are
evaluated to determine the access policies that are applied at the switch when
the user connects to the network.

Configuration Process Review

Assuming that you opted to let IDM run long enough to discover the Realm,
users, and RADIUS server, your configuration process will be:

1. Define "locations" (optional) from which users access the network. The

location may relate to port-based VLANS, or to all ports on a switch.

2. Define "times" (optional) at which users will be allowed or denied access.

This can be by day, week or even hour.

3. If you intend to restrict a user’s access to specific systems, you need to

modify the User profile to include the MAC address for each system from
which the user is allowed to login.

4. Create the Access Profiles to set the VLAN, QoS, and rate-limits (Band-

width) that will be applied to users in an APG.

3-2

See also other documents in the category HP Software: