Huawei Policy Center Brochure
Policy Center
Product Overview Huawei Policy Center provides unified policy engine, which deploy a unified access policy for the whole company that contains wired and wireless devices and can be access by intranet and internet. The authentication can be deploy based on user, device type, asset type, access time, access location, and access method, so Policy Center can meeting enterprises hierarchy multiterminal access requirement, and full lifecycle guest management, which offer guests function anywhere anytime, improving guests efficiency, enhance enterprise brand. Policy Center also provides an abundant security policy set to improve terminal security level and prevent unsafe terminal or terminal which does not meet enterprise security policies from enterprise intranet, improve enterprise security level. User terminal Access network Aggregation network Server system AP AC Employee Laptop PC PolicyCenter SW Guest Smart terminal
Characteristics Unified Policy Engine Customized Feature Identify the user, terminal type, access location, time period, and access method WYSIWYG customized portal Flexible and customized web push features based on terminal IP range or position Policy authorization based on role and scenario 5W1H Flexible authorization Controllable Access Situational Portal, Flexible Awareness Web Push Access Anywhere Anytime No Sensing Intelligent terminal identification improve user experience Customized Authentication Assist BYOD Industry-lead Terminal Security Policy Health Checks Strengthening DLP More than 200 builtin equipment type templates, support various identification mode. Reduce difficulty of implementing BYOD Customized & Brand enhancement Enterprise compliance, No security no access Prevent unsafe terminal or terminal which does not meet enterprise security policies from enterprise intranet, improve enterprise security level. Comprehensive control of mobile storage media, prevent mobile storage media from data leak risk. Unified policy engine, Situational awareness based on 5W1H Huawei Policy Center provides unified policy engine, which deploy an unified access policy for the whole company, that contains wired and wireless devices and can be access by intranet and internet. The authentication can be deploy based on user, device type, asset type, access time, access location, and access method, guarantee enterprise user access security and user s behavior authorized.
Customized Portal, flexible web push features Policy Center provides customized portal, which offers WYSIWYG customization features, reduce secondary development costs, enhance enterprise brand. Policy Center provides flexible web push features based on terminal IP range or position, which meet enterprise s customized AD push requirement. Assist BYOD by anywhere anytime access technology and no sensing authentication features Intelligent terminal identification: Policy Center builds more than 200 kinds of equipment type template. By identifying terminal device type, provides different authentication methods for different terminals, or push web page suitable for different terminal and limit its network access policy in Web identify model. Intelligent no sensing authentication features: Policy Center provides no sensing authentication experience after logging in, by portal priority based on MAC address authentication to improving user experience and to reduce difficulty of implementing BYOD. Industry-lead terminal security policy set, Health checks strengthening data leak prevention Provides abundant terminal security check policies, prevents unsafe terminal or terminal which does not meet enterprise security policies from enterprise intranet, improve enterprise security level. Provides abundant stuff behavior management, security reinforcement, asset management, patch management, and software distribution features, lower IT O&M cost, improve enterprise information security level. Provides comprehensive control of mobile storage media, authorize, including enable, disable, and encrypt, based on user and computer dimension, prevent mobile storage media from data leak risk. Running Environment Policy Center is installed on an independent server or installed on the esight server. Please refer << Huawei esight Configuration Of Software and Hardware >> when installed on the esight server The following table lists the running environments when installed on independent server(s), Managed Users Hardware Operating System Database 0 10,000 users CPU: 1 x 6-core processors, 2 GHz or above Memory: 8 GB Disk space: 300 GB NOTE: Use PC Servers. 10,000 100,000 users CPU: 1 x 6-core processors, 2 GHz or above Memory: 8 GB Disk space: 300 GB NOTE: Use PC Servers. The number of servers can be calculated based on a single server can manage 10,000 access users Windows Server 2008 R2 standard (64-bit) + Microsoft SQL Server 2008 R2 standard Windows Server 2008 R2 standard (64-bit) + Microsoft SQL Server 2008 R2 standard
Specifications Function Identity authentication Policy Engine Network access control Guest access lifecycle management Terminal Identification Security management Desktop management Policy management Maintainable report Specifications System-based account authentication Windows Active Directory (AD) authentication Third-party LDAP authentication Mobile certificate authentication Anonymous authentication: The administrator can enable anonymous authentication in a network area where terminal users can access the intranet without any passwords. 5W1H context awareness-based (identification of user identities, terminal types, access locations, access time, and access modes) access control and role- and context-based policy authorization; Pushes services based on multiple factors, such as terminal IP addresses, APs, and SSIDs and supports portal customization. Compliance check: Security assessments and system configurations prevent non-compliant terminals from accessing the protected resources. Automatic isolation of non-compliant terminals and one-click repair for terminal faults User-based access authorization: Unauthorized access is denied. Supports self-service account application for visitors and employees Notifies visitors of account credentials through Web pop-ups, emails, and SMS Provides the APIs for guest account creation, deletion, modification Supports the customization of guest account registration and login pages Support distinguishes between PC,Mobile phones,ip phones etc Support distinguishes between Windows, Linux, ios, Android and Mac OS operating systems of various versions Support various information and measures, such as DHCP, RADIUS, HTTP, and MAC OUI, SNMP scanning. Security hardening: Static configuration check (antivirus software, patches, suspicious registries, suspicious processes, and illegitimate software) and dynamic audit (port use, enabling least services, peripheral access, ARP detection, and traffic monitoring) to discover and eliminate security threats Office behavior management: Covers web access, media download, and non-office software installation. Information leak prevention: The Policy Center system manages peripherals and mobile storage devices, restricts illegitimate Internet access, and controls network applications. Network protection: The Policy Center system isolates traffic from legitimate and illegitimate terminals to prevent them from becoming attack sources. Patch management: The Policy Center system provides professional patch management for one-stop patch check and recovery. You can view information about patch deployment by device or patch. The Policy Center system can collaborate with the WSUS. IP asset auto-discovery: The Policy Center system automatically discovers non-applicable devices, such as IP printers, IP phones, smart phones, cash registers, and bar code scanners. Asset lifecycle management: The Policy Center system prevents the loss of software and hardware assets, and provides realtime visibility of corporate assets. Software distribution: The Policy Center system uses the distributed storage and express forwarding technologies for delivering large files on the intranet. These technologies have low bandwidth requirements and are highly efficient. Remote desktop assistance Message announcement: The Policy Center system pushes bulletin messages to specific users or departments. You can set the validity period of bulletin messages. Hierarchical and domain-based management: The Policy Center system ensures that administrators manage different services in different departments. Policy template: You can configure policies and set parameters in one policy template. Different users or departments can reference the same policy template. Location awareness: Appropriate security policies are applied to terminals at different locations. You can define or obtain policies from the security center. Predefined report templates Predefined trend reports You can define or obtain reports from the security center.
Function System management Networking mode Specifications System status monitoring: When an anomaly occurs on the server, the Policy Center system generates alarms, including dialog box alarms and email alarms. Online client fault diagnosis: The Policy Center system diagnoses and rectifies all managed client faults. Remote database backup Centralized networking: This mode applies to small networks. Distributed networking: This mode applies to large networks or networks with many branches. Hierarchical networking: This mode applies to large networks that require multiple systems. Deployment Scenarios There is no special requirement on the deployment network as long as the physical server where Policy Center is deployed can connect to terminals and linked network devices. Policy Center can provide portal authentication integrate with Huawei switches, routers, wireless devices, and firewalls, or provide 802.1x authentication integrate with mainstream switches from other vendors. PolicyCenter Portal Server Authorization & Policy Server STOP User authentication access point Egress traffic monitoring points Campus Network Access Switch STOP 802.1x Portal Authorization MAC Authorization Aggregation switch Egress router WAN STOP STOP AP Protected Resources Ordering Information Item Quantity Remarks Policy Center Access Control Features 1 Mandatory, Policy Center access control component Policy Center Guest Management Features 1 Optional, provides guest full lifecycle management Policy Center Advance Features (Terminal Security Management Features) Policy Center Mobile Storage Media Management Features 1 Optional, provides terminal health check, user behavior, asset management, patch management, software distribution functions and etc. 1 Optional, provides mobile storage media authorize, enable, disable, encrypt functions. Policy Center Terminal Licenses for Features Above Ladder Optional, according to the above features, select the corresponding license number of terminals (Provide 250,500,1000,2000,5000 terminals ladder quote licenses)
Copyright Huawei Technologies Co., Ltd. 2013. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademark Notice, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd. Other trademarks, product, service and company names mentioned are the property of their respective owners. General Disclaimer The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.