Flexible Integration Options
SafeConnect offers standards-based Layer2 and Layer3 enforcement, allowing you to choice the right method for your network.
SafeConnect is specifically designed as a vendor-independent network access control solution that easily integrates into existing (or future) network architecture. No switch manipulation. No forklift upgrades. Fewer moving parts.
Directory Services Integration
SafeConnect utilizes directory services infrastructure (i.e. LDAP, MS Active Directory, RADIUS) to authenticate end user devices. The system can also apply identity- or role-based policies and enforcement rules based on how a user is defined within the directory system (student, employee, guest, vendor, etc.) Users who cannot be authenticated can be quarantined or blocked from accessing the network. SafeConnect also features a Single Sign-On (SSO) authentication capability that could allow existing AD managed users to maintain their existing login process user experience.
How Does SafeConnect NAC Work?
The Policy Enforcer
The SafeConnect Policy Enforcer is a pre-configured hardware and software appliance bundle. It is installed on your premises (and is also available virtually) and connected to your existing Layer3 switch/router in an out-of-line network fashion. A single Policy Enforcer can manage network access policies for up to 10,000 concurrent endpoint devices. For environments with more than 10,000 current endpoints additional enforcers are added. SafeConnect is currently running on hundreds of environments with over 25,000 concurrent endpoints. Our largest deployment is managing more than 80,000 devices.The entire system is managed locally by the organization through the SafeConnect Policy Management Console.
The Policy Management Console
The SafeConnect Policy Management Console is a centralized Web-based portal that allows authorized users (typically a policy administrator) to set the acceptable use standards the Policy Enforcer will implement. Administrators can select from a series of pre-configured policies on authentication, anti-virus or anti-spyware protection, patch maintenance levels, and peer-to-peer file sharing, or create their own using the custom policy builder module. Network access can also be managed by group or location, or based on roles users occupy within the organization.
The Policy Management Console also displays real-time policy status reporting to provide valuable insight into group or individual policy compliance. Help Desk personnel can quickly ascertain the security posture and network access condition of any device on the network by searching IP, MAC Address, or User Name. Granular historical database reporting is also available for trending analysis, compliance auditing, and archiving.
Organizations can completely customize the look and feel of the policy notification web pages to match company marketing efforts and enhance the end user experience.
Standard Policy Modules
The SafeConnect system provides the ability to build and assign unique/granular policies based on IP address range, VLAN segment, or subnet, or MAC Address. Assign policies by device type (Windows, Apple, Linux, PDA, Gaming Console, etc.) and by individual user identity based on their role/group membership as defined by the organization’s existing Directory Services (Active Directory, LDAP, etc.) infrastructure.
Easy Integration Into Your Network
Impulse will assist in developing a deployment plan and will provide support throughout the deployment process. Impulse’s managed service offering also includes on-going “how-to” consultative support that will enable the organization to maximize their investment.
- Working with Impulse, you determine your policies and configure your enforcement rules using the SafeConnect Policy Management Console by network segment or directory services group.
- Endpoint devices connecting to the network are identified, authenticated, presented with the your acceptable use policies.
- SafeConnect certifies that the device adheres to your endpoint security policies on a continuous/real-time basis and reports any non-compliance to the SafeConnect system and delivers individualized remediation guidance.
SafeConnect meets Voluntary Product Accessibility Template (VPAT), Section 508 Compliance