94
In addition to this, you will need to create two groups; one Network Node Group that will
include the Terminal Services servers or Citrix Servers, and one Directory User Group that
will include the Directory Users. Both groups will use the same Internet Usage Rule set to
Web Authentication-NTLM.
The main advantage to this option is the ability to individually identify and filter users
through Terminal Server or Citrix Server sessions. Although users will be using identical
devices to browse the Web, you can enforce different filtering policies based on Directory
Users. The main disadvantage is that all application reporting and control are global for
these users. Essentially, you will be able to control application and bandwidth traffic for the
Terminal Services server or Citrix server, but you will not be able to control application and
bandwidth traffic for specific users. Also, you will need to configure proxy settings
accordingly. This option will only support Windows (2000 SP4 or above) devices.
Directory Option 4: Directory Agent with Login Page
This option is designed as a failsafe in the event that Directory Option 2 or Directory Option
3 does not succeed, or if users have directory accounts but their devices are not members
of the domain. This option allows you to present users with a login page, where they can
enter in their username and password. Optinet will then verify the credentials and enforce
any filtering or shaping rules to the devices used to access the network.
This option requires that the Directory Agent is installed on your directory server and that
you create an IUR set to Require Web based authentication. This allows Optinet to identify
users by on initial web (HTTP) requests and then query the directory server to confirm the
user. You can also edit the login page presented to users under Admin -> Redirection
Pages -> Login Page. This menu allows you to name the Login Page, add a description, and
a username hint. You can also completely alter the page by using HTML code present on
the page.
The main advantage to this scenario is you can confirm Directory Users regardless of the
device in use. Whether users access the network via Microsoft PC, Macintosh computers,
Linux devices, or even hand held PDAs, Optinet will present all users with a login page
before accessing the Web.
The main disadvantage to this scenario is (depending upon your network) users may be
presented with two login processes: one for the computer or network and one for Internet
access. Also, users must have a login for the directory to use this feature. You cannot
create a Optinet login specific for this feature. If you are attempting to use this feature for
guest users, we recommend you create a guest account on your directory server and inform
guest users of the credentials or alter the login page to present this information.
Another disadvantage is that users will not be correctly identified until Optinet first receives
web (HTTP) traffic from users. As such, there may be some discrepancy with application
control and reporting for users.
In addition to this, as with all Web Authentication options, you will need to create two
groups for users, one for their devices (Network Node Group) and one for Directory Users
(Directory Group). Both groups will need to use the same Internet Usage Rule set to Web
Authentication.
