The ProCurve Network Access Controller 800 combines a RADIUS-based authentication server and the ability to validate the integrity of the systems connecting to the network, allowing network administrators to secure the network from unauthorized users and systems that pose a threat to the network resources.
Features
Management
•
Centralized endpoint policy management: endpoint testing policies are centrally managed by a single management server and shared by up to 10 enforcement servers
•
Administration console: a Web-based console provides an easy-to-use interface for configuring endpoint policies and enforcement clusters as well as a dashboard-style interface for viewing the status of endpoint integrity testing
•
Default testing policies: default testing policies provide a great starting point for endpoint testing and can be easily utilized as the basis for custom testing policies
•
Network management server integration: the ProCurve Network Access Controller 800 management server is discovered and monitored by the ProCurve Manager (PCM) management platform to enable unified device and security management; the Web-based administration console of the ProCurve NAC 800 is integrated into the PCM management display for a cohesive management experience
Performance
•
Efficient endpoint testing: typical endpoint testing can be completed in less than 10 seconds, avoiding lengthy wait times as endpoints are connected to the network
•
Support for up to 25,000 concurrent endpoints in one management domain: each enforcement server can support up to 2,500 endpoints, and one management server can control up to 10 enforcement servers
Resiliency and high availability
•
Enforcement server resiliency and redundancy: enable high network availability for mission-critical LAN deployments; enforcement servers continue to provide authentication and endpoint testing services in the absence of a management server and can be configured in clusters to provide redundancy and load-balancing for endpoint testing
Security
•
Built-in RADIUS server: can perform authentication services or act as a proxy server for a remote RADIUS authentication service
•
Flexible enforcement modesoffer multiple enforcement modes that can be used together and centrally managed by a single management server for sharing of endpoint policies and licenses: RADIUS: integrates with RADIUS authentication to allow access only to authorized users and devices; uses RADIUS authorization capabilities to isolate endpoints for testing prior to providing complete network access and isolation of noncompliant endpoints; DHCP: integrates with DHCP servers to isolate and test endpoints before they are allowed to access production networks and interact with other network clients and resources; Inline: actively monitors a link for new endpoints and tests them before they are allowed to access the network; enables testing of remote endpoints connecting through a VPN concentrator
•
Flexible testing methodsenables endpoint testing that meets the broad needs of most businesses, including solutions for both managed and unmanaged endpoints: Agent-based: a permanent agent can be installed on endpoints to evaluate endpoint integrity status; it is the most efficient mode for managed endpoints that will continually connect to the network; Transient agent: an agent is temporarily downloaded to the endpoint to evaluate endpoint integrity, and then it enables unmanaged endpoints to be tested without the need to have an agent preloaded and remain on the endpoint; Agentless: uses administrative credentials for an endpoint along with native communications protocols to evaluate the endpoint integrity status; enables endpoints that are part of a managed domain or have known administrative credentials to be tested without ever loading an agent
•
Endpoint integrity assessmentenables both pre-authentication and post-authentication testing of network-attached endpoints; includes an extensive set of built-in endpoint tests and is extensible to test for any prohibited or required software: Operating system: versions, service pack levels, and hot fixes; Security settings: firewall, auto-update, and browser security settings; Security software: anti-virus, anti-spyware, firewalls; Malware: spyware, worms, viruses, trojans; Applications: peer-to-peer and instant messaging software
•
Endpoint quarantine: policy-based enforcement allows for isolation of noncompliant endpoints
Policy management
•
Policy-based network access rights: integrate with ProCurve Identity Driven Manager (IDM) and network devices to apply centrally managed network access policies to be enforced at the edge of the network where users and devices attach; allow network administrators to easily create and maintain robust access policies, including secure guest access to appropriate network services, without risk to the network
Product Architecture
•
The ProCurve Network Access Controller 800 can be configured to take on different roles in a secure network access solution: Management server: a centralized server that manages and monitors multiple enforcement servers, including the endpoint integrity policies and centralized logging of endpoint authentication and test results, availability, and status; Enforcement server: provides RADIUS-based authentication of endpoints, along with testing of endpoints to evaluate compliance with endpoint integrity policies, policy-based isolation of noncompliant endpoints, and customized user feedback on how to remediate issues; Combination server: a single-server solution that combines the management server and enforcement server roles into a single appliance solution. A combination server only manages the enforcement server that is running in the combination server.
2 RJ-45 auto-sensing 10/100/1000 ports (IEEE 802.3 Type 10Base-T, IEEE 802.3u Type 100Base-TX, IEEE 802.3ab Type 1000Base-T); Duplex: 10Base-T/100Base-TX: half or full; 1000Base-T: full only; 1 serial console port
HP is committed to providing our customers with information about the chemical substances in our products as needed to comply with legal requirements such as REACH (Regulation EC No 1907/2006 of the European Parliament and the Council). A chemical information report for this product can be found at: www.hp.com/go/reach.
♦ For as long as you own the product, with next-business-day advance replacement (available in most countries). The following hardware products and their related family modules have a one-year warranty with extensions available: The ProCurve Routing Switch 9300m Series, ProCurve Routing Switch 9408sl Series, ProCurve Switch 8100fl Series, ProCurve Access Control Server 745wl, and the ProCurve Network Access Controller 800. Standalone software may have a different warranty duration. For details, refer to the ProCurve Software License, Warranty, and Support booklet at: www.procurve.eu/warranty
Printable version
