IPS Components

IPS solution consists of the following main components:

  • Ivanti Policy Secure (IPS)—A central policy management server that validates the user’s identity, determines the endpoint’s security compliance, and manages network policies.
  • Enforcer—Policy enforcement points for user authentication. For example, switches, firewall, and WLCs.
  • Ivanti Secure Access Client—Client running on endpoints for user authentication, device compliance using IPS.
  • Profiler—It dynamically identifies and classifies endpoints across managed and unmanaged endpoint devices, so that access to network and resources can be controlled based on the type of the device.

IPS offers the following benefits:

  • Centralized management of Access and Compliance policies.
  • Easy integration with several Authentication, Authorization, and Accounting (AAA) servers.
  • Role-based, application-level enforcement.
  • Allows context-aware policy enforcement for wired and wireless connections across desktop and mobile platforms.
  • Distributed enforcement of network access policies.
  • Dynamic endpoint assessment and enforcement.
  • Supports compliance based network access for endpoints.
  • Supports comprehensive network visibility with simplified auditing, and monitoring of devices.
  • Supports interoperability with existing network infrastructure such as switches, wireless controllers, AD, firewalls, IDS, and Security Information and Event Management (SIEM).
  • Extends policy enforcement with information from Enterprise Mobility Management (EMM) solutions. IPS supports leading global-device management solutions from MobileIron, AirWatch, and Microsoft Intune. IPS works with the Mobile Device Management (MDM) solution to evaluate whether the BYOD or corporate devices are compliant with organizational and MDM policies.
  • Supports automated device onboarding, self-service enrollment, and integration with existing infrastructure to simplify deployments.
  • Supports Simple Network Management Protocol (SNMP) in the network device definition for the Profiling service to communicate with the network devices and profile endpoints that are connected to the network devices.
  • Delivers guest user access control capabilities for simple, seamless, and authorized network access to guests.
  • Supports captive portal capabilities for allowing users onto their guest networks and capturing relevant information