Providing Endpoint Security with IVE > Before You Integrate IVE into an SDX Environment

Before You Integrate IVE into an SDX Environment

Integrating IVE into an SDX-managed environment requires:

• The SDX Host Check Result portal installed with your SDX application library software.
• SDX-managed JUNOSe routers or JUNOS routing platforms in the network.
• Working knowledge of the IVE platform. For the IVE OS product documentation, see

http://www.juniper.net/techpubs

For complete information about IVE Host Checker features, see the Juniper Networks Secure Access and Secure Meeting Administration Guide.

Before you extend IVE host checking to SDX subscriber traffic, you would typically preconfigure IVE software as follows:

1. Define Host Checker policies to verify that the subscriber's system meets the service provider's requirements.
   

   NOTE: We recommend that you specify one rule for each Host Checker policy to provide detailed results.

   
   
2. Create two roles, HCComplied (for subscribers complying to the policies) and HCViolated (for subscribers violating the policies), and set the SDX Host Check Result portal as the start page for these roles.
3. Create an anonymous authentication realm for subscribers.
4. Assign the defined Host Checker policies to the realm as authentication policies.
5. Define role-mapping rules for the anonymous realm that map subscribers (complying or violating Host Checker policies) to different roles. The rules are evaluated in sequential order.
6. Define a sign-in policy that maps a URL to the anonymous authentication realm created in Step 3.
7. Define a remote SSO Form POST policy for both roles defined in Step 2 that includes the following information:

• Resource: URL of the SDX Host Check Result portal
• Role: Policy applied to both roles
• Action: POST performed as defined by the Post to URL and Post parameters values
• Post to URL: URL of the SDX Host Check Result portal servlet
• Post parameters:

• subscriberIp

• IP address of the subscriber
• Value—<sourceIp>

• compliedPolicy<x>

• The Host Checker policy assigned to the authentication realm. There must be a one-to-one correspondence between the compliedPolicy<x> parameter and each Host Checker policy.
• Value—<hostCheckerPolicy[x]>, where x is an integer in the range 1 to the number of Host Checker policies assigned to the authentication realm.

8. Customize the Logout.thtml file, which is one of the sign-in pages for the authentication realm, to automatically redirect the subscriber to the SDX Host Check Result portal. Add the following line to the <head>section of the Logout.thtml file:

<meta http-equiv="Refresh" Content="0; URL=<Portal URL>"> 

where <Portal URL> is the SDX Host Check Result portal URL.