|53-Software Management for Access Users-Software Management for Access Users.rar||4.31 MB|
- Table of Contents
1 Software Management for Access Users
To view this video, click the download link.
Software Version Used
This video was recorded based on the following versions:
l iMC: iMC PLAT 3.20-E2501, iMC UAM 3.60-E6101, iMC EAD 3.60-E6101
l iNode: iNode 3.60-E6101
Web interfaces of different versions may vary.
iMC EAD provides the software management function. This function helps administrators effectively control software installation and usage on PCs of enterprise internal users. Usually, software that is required to be installed is called white software and software that is forbidden to be installed is called black software. During EAD authentication, iMC isolates or kicks out those users who are using PCs with black software installed or without white software installed. The users can pass the EAD authentication only after all kinds of white software are installed and all kinds of black software are uninstalled.
Recommended Configuration Flow
Step1 Add Access Device
Add an access device that supports AAA to the iMC system, so that the access device acts as the AAA client to cooperate with the iMC system.
Step2 Add Controllable Software Group
This step shows how to create one controllable software group for white software and one group for black software.
Step3 Add Security Level
This step shows how to add a security level, and define the actions to be taken against certain violations. The actions can be monitor, inform, isolate and kick out. Typically isolate is selected for white software and kick out for black software.
Step4 Add Security Policy
This step shows how to configure a security policy, including selecting the security level configured at Step 3 for this policy, specifying a control policy (forbidden or required) for each software group, and enabling real-time monitoring.
Step5 Add Service
A service is a set of policies for user authentication and authorization.
The service configured here includes the security policy configured at Step 4 for this service.
Step6 Add Account
Each user accessing the network must have an account configured in the iMC. It contains such information as account name and password.
This step shows how to add an account and apply for the service configured at Step 5.
Step7 Configure Policy Server Parameters (Optional)
Set the real-time monitoring interval, at which iMC will check the software of online users. The interval defaults to 60 seconds.
Step8 Configure Access Device
An access device is used to control access of users, including restricting users that fail the software checking to access only the isolated area. The file server with white software programs locates in this area.
This step shows how to configure a RADIUS scheme, an ISP domain, 802.1X feature, and security/isolation ACLs on the device.
Step9 Verify Configuration
This video will show the following three examples one by one to verify the software management function:
1) Use iNode to initiate authentication on a PC installed with forbidden software and not installed with required software. The user cannot pass the security checking.
2) Uninstall all forbidden software and install all required software, and then initiate authentication again. The user can successfully pass the security checking and access the network.
3) When the user is online, uninstall some required software. iMC will detect the violation in time and act in response.