eTIPS has a rich set of features for Trust and Identity Policy management. Listed below are the current set of product features and platform capabilities supported in eTIPS:
| Policies |
- Powerful rules engine, with extensible attribute dictionary based rules definitions. Rule definitions based on roles, health, time, date, location, protocol attributes, white and black lists, MAC & IP address lists
|
| Network access control framework native support |
- Cisco NAC Framework
- Microsoft NAP Framework
- Extensible architecture to support other frameworks
|
| Scalability |
- Redundancy support with eTIPS cluster nodes
- Automatic replication to slave nodes
- Cascaded replication
- Centralized management of all cluster nodes
|
| APIs |
- Configuration SOAP API to configure all aspects of the eTIPS system
- Policy server SOAP API for third-party interfacing to the policy system
|
| Administration |
- HTTPS – secure browser access to administration console
- CLI (ssh or serial port)
- Centralized management of cluster nodes
- Multi-level administration
|
| Access type and authentication methods |
- Wireless 802.1x (EAP-FAST, EAP-TLS, EAP-TTLS, PEAP)
- Wired 802.1x (EAP-FAST [EAP-GTC, EAP-MSCHAPv2, EAP-TLS], EAP-TLS, EAP-TTLS, PEAP [EAP-GTC, EAP-MSCHAPv2, EAP-TLS])
- IPSec VPN
- EAPoUDP (Cisco L2IP & L3IP) – EAP-PEAP, EAP-FAST
|
| Identity Stores |
- Active Directory
- Any LDAP-compliant directory service
- ODBC-compliant SQL store (Oracle, MS-SQL, mySQL …)
- Token Servers (RSA SecurID, …)
|
| Posture / health validation & supplicant (client technology) |
- Cisco Trust Agent and associated posture plugins
- Microsoft Quarantine Agent and associated system health agents
- Cisco Secure Services Client, Funk Odyssey, Microsoft, …
|
| Posture/health validation (server) |
- Internal posture validation (OS version, Firewall, Anti-spyware, HIPS and others)
- External posture validation with Symantec, McAfee, TrendMicro and other posture validation servers
|
| Client OS support for identity and posture |
- Windows XP, Windows Vista, Windows NT 4.0, Windows 2000, Red Hat Linux
|
| Audit |
- Triggered audits with Qualys, Altiris and other audit servers
|
| Agent-less hosts |
- MAC authentication bypass
- Non-responsive host with triggered audits
|
| Remediation |
- Auto remediation
- Remediation portal using HTTP redirect URL support in network devices
- Manual remediation with remediation URL notification on the client agent
|
| Enforcement |
- VLAN
- Downloadable ACLs
- Policy-based ACLs
- Filter-ID based ACLs
- Private VLAN
- Session timeout and max-sessions
|
| Policy simulation |
- Simulate policies on the administrative console before deployment
- Service categorization, role mapping, posture validation, audit, enforcement policy and chained simulation
|
| Monitor mode |
- Track and generate inventory reports for system assets and health state of the systems in your network before enforcing any network access control
|
| Guest access |
- Receptionist console for guest handling
- Guest portal for authentication
- Uses existing support in devices – Web-auth and authentication proxy
|
| Reporting, Monitoring and Accounting |
- Activity Dashboard for all session activities with detailed session information
- Canned and custom filters for monitoring and report generation based on correlated session and accounting data
- Consolidated cluster view for monitoring, reporting and accounting records
|
| Device administrator authentication and authorization |
- Industry-standard TACACS+ implementation for administrative access to network devices and management systems
- TACACS+ accounting
- Support for command authorization
|
| Logging and Troubleshooting |
- Consistent logging for all modules, including standard syslog support
- Control cluster-wide logging from the administration interface
|
| RFC and standards compliance |
- RFC – 2246, 2548, 2716, 2759, 2865, 2866, 2869, 2882, 3079, 3579, 3580, 3748, 4017
- Internet Drafts: PEAPv0, PEAPv2, EAP-FAST, EAP-FAST dynamic provisioning, EAP-TTLS, Microsoft CHAP Extensions
|
| Processor |
- Single or multi-processor, dual core 64-bit processor, with different speeds based on model number
|
| Ports |
- 2 Gigabit Ethernet ports, 1 serial port
|
| Dimensions and Weight |
- 16.7”W x 1.7”H x 16”D
- 20 lb
|
| Power Supply |
- Thermal control 275W AC power supply with PFC
- UL approved; FCC compliant
|
| Assembly |
- Custom cabling for optimal chassis cooling
- Rigorous system-specific quality control
|
