HP ProCurve Threat Management Solution Design Guide 2009-04
4-4
Design
Software and Hardware Selection
Table 4-4 PCM Agent Recommended Hardware Configuration
Remote agents also require Windows Server 2003 with SP2 or Windows XP withSP2 or SP3.
Choose a Deployment
Before you proceed through the security management life cycle, you should choose the
deployment option you want to use and verify that all components are in place.
As you learned in Chapter 2: “Concepts,” you have several options for deploying a Threat
Management Solution. Table 4-5 presents the options. Select the option that provides the
benefits that you require.
Table 4-5 Deployment Options
Network Size # of Remote
Agents
CPU RAM Disk Space NIC
50 or fewer devices 1 local; remote
optional
One 3.0 GHz Xeon/Pentium V or equivalent 2 GB 40 GB 100 MB
51 to 350 devices 1 local; remote
optional
One 3.0 GHz Xeon/Pentium V or equivalent 2 GB 40 GB 100 MB
351 to 1200 devices 1 local + 3 remote Two 3.0 GHz Xeon/Pentium V or equivalent 3 GB 40 GB 100 MB
1201 to 2400 devices 0 local + 7 remote Two 3.0 GHz Xeon/Pentium V or equivalent 3 GB 40 GB 100 MB
2401 to 3500 devices 0 local + 10
remote
Two 3.0 GHz Xeon/Pentium V or equivalent 3 GB 40 GB 100 MB
Deployment Option Benefits Other Reasons for Selecting the Option
NIM Standalone • Internal threat management for a wired network,
wireless network, or both
• Anomaly-based threat detection
You want the simplest, most cost-effective
solution.
NIM + Third-Party Inline Device
(Intrusion Prevention System, or
IPS)
• Internal threat management for a wired network,
wireless network, or both
• Extra protection for a data center or any isolated
network segment
• Anomaly-based threat detection for the entire
network
• Anomaly-based and signature-based threat
detection for the data center or isolated network
segment
• You have a highly valuable and vulnerable data
center.
• You already have a third-party device.
NIM + Third-Party Monitoring
Device (Intrusion Detection
System, or IDS)
• Internal threat management for a wired network,
wireless network, or both
• Anomaly-based and signature-based detection for
the entire network
• Decreased overhead
• Your security policies call for high-confidence
threat detection and decreased false positives.
• You already have a third-party device.
• Your wired infrastructure supports remote
mirroring.
NIM + HP ProCurve Threat
Management Services (TMS) zl
Module in Routing Mode
• Internal threat management for a wired network,
wireless network, or both
• Perimeter threat management in addition to internal
threat management
• Anomaly-based and signature-based detection for
the entire network
• Extra protection for the entire network
• Ability to create areas of trust and apply unique
access policies to each one
• Control over all network traffic
• Ability to immediately block some known threats
(through the module’s firewall)
• VPN capabilities
• Your security policies call for high-confidence
threat detection throughout the network.
• You require a device that can protect your
network from perimeter threats and detect
internal threats.
• You need tighter controls over your network
traffic, so that you can determine who accesses
network resources.
• You want to create areas of trust on the network
and apply unique access policies to each area.