Manualshelf

HP ProCurve Threat Management Solution Design Guide 2009-04

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
3-2
Products
HP ProCurve Software
HP ProCurve Manager Plus
PCM+ is a general network management application for HP ProCurve network devices. It hosts
additional application components, such as NIM and IDM, and provides a single management
interface as well as device interface functions.
PCM+ provides features such as the Policy Manager, Find Node, and Traffic Monitor, which
are particularly important to threat management. You use the Policy Manager to configure NIM,
PCM+, and IDM policies, and when PCM+ is combined with NIM, the Find Node feature
identifies the source of network threats and allows NIM to direct corrective actions to those
threats.
Traffic Manager manages sFlow on the devices discovered by PCM+, using its own internal
algorithm. That is, Traffic Monitor automatically enables sFlow on devices and uses its
algorithm to determine which devices and ports are sampled over time. You can also use Traffic
Monitor to disable and re-enable sFlow sampling on each device or on particular ports on a
device. Using these sFlow traffic samples, Traffic Monitor then delivers minute-by-minute
views of the volume and even the content of traffic on your ProCurve network.
If your Threat Management Solution includes the TMS zl Module, PCM+ provides an additional
advantage. You can use PCM+ to configure and manage the module.
PCM+ also aids notification visually, with maps, graphs, and event logs.
HP ProCurve Network Immunity Manager
NIM provides a central interface for managing the threat management functions of your
network. The important functions of NIM are listed below:
Threat detectionNIM detects threats by:
Analyzing traffic samples that switches, wireless devices, and other network security
devices send to it (using sFlow and XRMON)
Receiving threat alerts from switches and from network security devices
Threat responseNIM can respond to detected threats with a variety of actions, such as
port shut down, MAC lockout, rate limiting, assignment to quarantine VLAN, port mirroring
reconfiguration, MAC mirroring reconfiguration, event logging, and so on.
ReportingNIM can furnish a variety of reports about threat detection and mitigation
activities and configurations. You can use these reports to tune the network, improve
general business processes, and satisfy regulatory reporting requirements.
ConfigurationNIM can configure switches and wireless devices to support threat
detection, response, and reporting functions.
HP ProCurve Identity Driven Manager
IDM allows you to create policies that control access and network rights based on:
User
Device
Location
Time
Endpoint integrity status
IDM supports RADIUS servers such as Microsoft Windows Internet Authentication Server
(IAS) and Network Policy Server (NPS) so that the policies you create are implemented through
your company’s existing RADIUS server. IDM also synchronizes with Microsoft Active Direc-
tory, so you do not have to recreate user accounts.