RG-SMP

Security Management Platform

RG-SMP

RG-SMP

  • Unified Wired and Wireless Network Access Control
  • BYOD Solution Support
  • Comprehensive Identity Authentication
  • Host Endpoint Protection Support
  • Simple Web Operation
  • Detailed Security Track Record

Description

The Ruijie RG-SMP (Security Management Platform) is an enterprise-class security management application that provides insight into and control of Ruijie security and network devices. The Ruijie RG-SMP offers comprehensive security management across a wide range of Ruijie security appliances, including Ruijie intelligent switches and Wireless solutions. The Ruijie RG-SMP is also compatible with other third-party networking devices with 802.1X protocol, enabling the AAA (authentication, authorization and accounting) network access control(NAC) policy according to user requirements. The Ruijie RG-SMP allows users to manage office networks of all sizes for a broad spectrum of industries, with security compliance requirements of user identity, host health and security of network communication.

Unified Wired and Wireless Network Access Control

The Ruijie RG-SMP offers a single, integrated security management platform for all wired, wireless and VPN (Virtual Private Network) devices. It supports not only dynamic authentication for different smart devices but also integration with third-party RADIUS (Remote Authentication Dial-In User Service) and LDAP (Lightweight Directory Access Protocol) Directory services.


RG-SMP

Exclusive End-to-End NAC Solution

Specification

RG-SMP

Specifications
Model RG-SMP
Network Access Control
Support wired, wireless and VPN network access control (NAC)
Support IEEE 802.1x access authentication, without the need for any client agent installation
Support MAC address authentication, without the need for any client agent installation
Support Web Portal authentication for staff.
Support two-factor authentication using user credentials as well as one-time password via SMS to verify user’s pre-registered mobile phone number
Support Web Portal authentication for visitors
Support Web Self-Service Platform for visitors to establish temporary/one-time user accounts (via SMS)
Support QR-Code authentication for Visitors
Visitors require QR-Code authorization by any authenticated user before network access
Support different QoS bandwidth policies application to different users based on their role within the organization and the device type currently in use
Support per user, per device, and per application/TCP-port prioritization (require integration with Ruijie RG-ACE Internet Application Security Gateway)
Support web-based management interface
Support report and analysis generation to show details and correlation of user, authentication and device information for troubleshooting and locating problems
Support AAA framework providing complete separation of Authentication and Authorization sources
Support authorization for LDAP, AD, Kerberos, Token Server, SQL compliant database
Support integrated, network based, device profiler utilizing collection via SNMP, DHCP, HTTP, AD and ActiveSync
Support complex PKI deployment and AAA server certificate signed by external CA whilst validating internal PKI signed client certificates
Support NAC health check allowing both agent and agentless methods and the solution acts as a permanent or dissolvable health agent for Windows, Linux, and Macintosh platforms
Third-party Certification System Integration
Support 3rd party Radius authentication integration
Support from based on Java / web service interface to read the user data of third-party certification information
Support Microsoft Windows Active Directory (AD) domain integration, including with seamless Single-Sign-On integration for a complete 802.1X authentication and Windows AD authentication
Support the integration with the LDAP server to obtain user identity information to achieve unified authentication
Learning and Support for Multi-element Binding Support terminal hard drive serial number, SSID, user name, password, terminal IP, terminal MAC, network access control device (NAS) IP, NAS port active learning as well as multi-element flexible combination of binding elements. (May require agent installation)
User Management
Support account creation, cancellation, user group management
Support customized user information fields, such as department, age, etc.
Support Self-Service Platform (Web) for visitors to establish temporary/one-time user accounts
Support dynamic user blacklist which prohibit user for landing in specified period of time
Support for setting account period of use, auto account cancellation when expired with user notification in advance
Support users login broadcast messages pop up, or web page pop-up
Support Disclaimer Acceptance message pop up, visitor need to click “Accept” before entering the network
Support authentication suspension period, during that period the user disable cannot authenticate and no Internet access
Support online user management, including message broadcast, online users status review, forced offline as well as online user re-authentication, information gathering and remote assistance
Support maximum user password attempts before user account locked
Support direct access to the user's physical NIC MAC address, to prevent tampering with the MAC address
Support limited number of devices, quota or bandwidth per user
Support caching of MAC address for post guest authentication and guests do not need to re-authenticate during the valid access period
Support bulk import of guest accounts and enable notification of credentials via email
Support sponsored approval workflow for guest self-registration which new SSID registration requires approval from internal staff
Support display of post login session statistics page for users to review and monitor usage or quota assigned
Supports network-based devices ACL, VLAN, and host ACL network access control
User Authentication
Support seamless 802.1x authentication, without the need for any client agent installation and multi-vendor network access
Support Web Portal authentication for staff
Optionally support two-factor authentication using user credentials as well as one-time password via SMS to verify user’s pre-registered mobile phone number
Support Web Portal authentication for visitors
Support Web Self-Service Platform for visitors to establish temporary/one-time user accounts (via SMS or e-mail)
Support QR-Code authentication for Visitors
Visitors require QR-Code authorization by any authenticated user before network access
Support MAC Address Bypass (MAB) authentication for devices cannot support IEEE 802.1x protocol
Support auto-login for self-registration workflow
End Point Compatibility
Support the latest Windows, Mac desktops and support for Apple, Android mobile device platform
Support device-based portal page and automatic screen fit feature for various screen resolution mobile device platform
Host Security Management
(Agent installation required)
Support 3rd party antivirus software integration, allowing software installation detection, operation, and updates patches can be pushed remotely
Support integration with Windows Security Center
Support the installation program to detect and repair of software that must be installed to force the download and installation, prohibit the installation software prompts to uninstall; support processes running, registry keys, Windows service entry inspection and repair; supports external connection port for management, prohibiting the use of USB, CD-ROM loaded with connectors; supports Windows patch updates the mandatory or non-mandatory; support switch-based ACL, the switch VLAN, ACL implementation of quarantine host
Asset Management
(Agent installation required)
Support the collection of the user's software and hardware information, hardware information when the user changes, the ability for CPU, memory, motherboards, hard drives and other information for logging
Network Security Management
Support ARP spoofing prevention capabilities that enable trusted gateway ARP entries to prevent ARP spoofing gateway device is, the client also supports static binding ARP information.
Support role-based user security management
Support dynamic, stateful access rights into the network once authenticated based on source, destination, and/or ports
Support defining rules for access rights based on any combination of time, location, user identity, device identity, and extended attributes from the authentication database
Support defining policies for users who can access the network, with which mobile device and which areas of the network they can access
Support to allow traffic, deny traffic, reject traffic, route traffic, and blacklist (remove from the network)
Support blacklisting of wireless devices once firewall / ACL access rule violations are detected or revocation it
(Ruijie SMP Client installation is required)
Support to automatically recognize the operating system and product type of the end device
Support display of internet usage by users (integration with RG-ACE Internet Application Security Gateway required)
Support integration with RG-IDS devices that can collect IDS devices reported security incidents and the source of the attack for direct processing; critical server's IP address set for more sensitive event handling for protection
User-based Internet Application Control Support integration with RG-ACE Internet Application Security Gateway; the gateway support real-time analysis on the L7 Internet Application that the authenticated users are using; the gateway support user-based application control which the user can be selected from the Authentication System
System Reliability
Support Microsoft Windows and SQL Server cluster hot standby
Support over 50,000 users by license extension
Support backup cluster node with uninterrupted authentication traffic during node failure occur
Support high availability redundancy design for resiliency