George Persian Logout

53-Software Management for Access Users

Software Management for Access Users

To view this video, click the download link.

 

Software Version Used

This video was recorded based on the following versions:

l          iMC: iMC PLAT 3.20-E2501, iMC UAM 3.60-E6101, iMC EAD 3.60-E6101

l          iNode: iNode 3.60-E6101

Web interfaces of different versions may vary.

 

Application Scenario

iMC EAD provides the software management function. This function helps administrators effectively control software installation and usage on PCs of enterprise internal users. Usually, software that is required to be installed is called white software and software that is forbidden to be installed is called black software. During EAD authentication, iMC isolates or kicks out those users who are using PCs with black software installed or without white software installed. The users can pass the EAD authentication only after all kinds of white software are installed and all kinds of black software are uninstalled.

 

Recommended Configuration Flow

 

Step1   Add Access Device

Add an access device that supports AAA to the iMC system, so that the access device acts as the AAA client to cooperate with the iMC system.

Step2   Add Controllable Software Group

This step shows how to create one controllable software group for white software and one group for black software.

Step3   Add Security Level

This step shows how to add a security level, and define the actions to be taken against certain violations. The actions can be monitor, inform, isolate and kick out. Typically isolate is selected for white software and kick out for black software.

Step4   Add Security Policy

This step shows how to configure a security policy, including selecting the security level configured at Step 3 for this policy, specifying a control policy (forbidden or required) for each software group, and enabling real-time monitoring.

Step5   Add Service

A service is a set of policies for user authentication and authorization.

The service configured here includes the security policy configured at Step 4 for this service.

Step6   Add Account

Each user accessing the network must have an account configured in the iMC. It contains such information as account name and password.

This step shows how to add an account and apply for the service configured at Step 5.

Step7   Configure Policy Server Parameters (Optional)

Set the real-time monitoring interval, at which iMC will check the software of online users. The interval defaults to 60 seconds.

Step8   Configure Access Device

An access device is used to control access of users, including restricting users that fail the software checking to access only the isolated area. The file server with white software programs locates in this area.

This step shows how to configure a RADIUS scheme, an ISP domain, 802.1X feature, and security/isolation ACLs on the device.

Step9   Verify Configuration

This video will show the following three examples one by one to verify the software management function:

1)        Use iNode to initiate authentication on a PC installed with forbidden software and not installed with required software. The user cannot pass the security checking.

2)        Uninstall all forbidden software and install all required software, and then initiate authentication again. The user can successfully pass the security checking and access the network.

3)        When the user is online, uninstall some required software. iMC will detect the violation in time and act in response.