HP Advanced Services zl Module with Microsoft® Windows Server® 2008 R2 Planning and Design Guide
5-1
5
Solution 4: Survivable Authentication and
Authorization
Problem: Need for Survivable
Authentication and Authorization
A large enterprise company has a branch office with about 400 endpoints.
This company implements 802.1X authentication on all edge ports. Currently,
users authenticate to NPS servers in the data center. These servers bind to
Active Directory domain controllers to check users’ authentication creden-
tials; they also run health checks to ensure that devices are compliant with
the company’s security policies. The servers then decide which user-based
settings to apply based on policies configured through HP Identity-Driven
Manager (IDM), a plug-in for HP ProCurve Manager Plus (PCM+). The solution
gives the company a high degree of security and control over users and
endpoints. However, with RADIUS servers only at the data center, if the WAN
connection fails, branch users will lose all network access.
The company requires a more survivable solution with authentication and
authorization services provided at the branch level. Nonetheless, the branch
services should integrate with the centralized services and policies. Similarly,
the branch requires other basic networking services to protect branch users’
network access.