Home> Products> Software > Security Management Software>

RG-SMP Security Management Platform

The Ruijie RG-SMP (Security Management Platform) is an enterprise-class security management application that provides insight into and control of Ruijie security and network devices. The Ruijie RG-SMP offers comprehensive security management across a wide range of Ruijie security appliances, including Ruijie intelligent switches and Wireless solutions. The Ruijie RG-SMP is also compatible with other third-party networking devices with 802.1X protocol, enabling the AAA (authentication, authorization and accounting) network access control(NAC) policy according to user requirements.
The Ruijie RG-SMP allows users to manage office networks of all sizes for a broad spectrum of industries, with security compliance requirements of user identity, host health and security of network communication.
 

More+

Unified Wired and Wireless Network Access Control
The Ruijie RG-SMP offers a single, integrated security management platform for all wired, wireless and VPN (Virtual Private Network) devices. It supports not only dynamic authentication for different smart devices but also integration with third-party RADIUS (Remote Authentication Dial-In User Service) and LDAP (Lightweight Directory Access Protocol) Directory services.

Exclusive End-to-End NAC Solution

BYOD Solution Support
The Ruijie RG-SMP supports dynamic Wireless Guest Account control policy based on user identity and mobile platform in use. It also supports self-service guest account creation with SMS (Short Message Services) authentication on all latest smart device platforms such as smartphone, tablet, etc.


RG-SMP for Unified Management of BYOD

Comprehensive Identity Authentication
The Ruijie RG-SMP supports web-based authentication and wireless identity authentication based on 802.1X protocol. Through flexible binding of user credentials, IP (Internet Protocol) address, MAC (Media Access Control) address, switch IP address, switch port and serial number of hard disk, the user identity can be verified. It provides network access authority control, user online/offline records and regular user account clearance. User blacklist can also be managed using the Ruijie RG-SMP. RG-SMP delivers an extensive library of authentication modes including web portal authentication, two-factor authentication for staff, QR code authentication and SMS authenticating. The following diagram illustrates the interface display and principles of the four authentication methods.

RG-SMP with Comprehensive Authentication Modes

Customized Web Portal Authentication

Two-factor Authentication for Staff (Password + SMS)

QR Code Authentication

SMS Authentication

Host Endpoint Protection Support
By obtaining updates from Microsoft WSUS (Windows Server Update Services), the Ruijie RG-SMP enables administrators to deploy the latest operating system updates to computers running Windows. Anti-virus software is also supported to protect the system against malicious attacks. Blacklist and whitelist can be managed on the endpoint device software to block undesirable or risky users. In addition, the Ruijie RG-SMP prevents unauthorized access and MAC Address Spoofing, ensuring network and service availability and business continuity. Ruijie SMP software offers multiple bindings of user instances to ensure high-level security of password, end device and network access. The features enable fast location of users and end devices for immediate troubleshooting.

User Info Multiple Binding

The RG-SMP offers comprehensive security with flexible management. The solution enables dynamic access control rules with flexible Role/User/IP-based VLAN quarantine. The solution ensures user is only allowed to access to the preset network via flexible access rights restriction based on different user groups, login domains, end device types, etc.

Flexible Access Rights Restriction

Simple Web Operation
Ruijie RG-SMP supports a user-friendly Web GUI interface to perform all the related SMP security configurations and user access status management.

Web GUI Interface Display

Detailed Security Track Record
RG-SMP presents a board array of reports and analysis to facilitate security management. The solution offers detailed online user information including Username, IP, MAC, VLAN ID, NAS IP, Login Time, Authentication Method, Wireless SSID, Upstream/Downstream Traffic , Client Type, etc.
Ruijie RG-SMP offers various kinds of logs for easy management:
•Authentication Failure Logs
•Network Access Logs
•Operation Logs
•System Logs
•User Operation Logs

Mobile Terminal Management

Log Generation and Management 

 

Product Specifications

Technical Specifications

Network Access Control

Support wired, wireless and VPN network access control (NAC)

Support IEEE 802.1x access authentication, without the need for any client agent installation

Support MAC address authentication, without the need for any client agent installation

Support Web Portal authentication for staff.

Support two-factor authentication using user credentials as well as one-time password via SMS to verify user’s pre-registered mobile phone number

Support Web Portal authentication for visitors

Support Web Self-Service Platform for visitors to establish temporary/one-time user accounts (via SMS)

Support QR-Code authentication for Visitors

Visitors require QR-Code authorization by any authenticated user before network access

Support different QoS bandwidth policies application to different users based on their role within the organization and the device type currently in use

Support per user, per device, and per application/TCP-port prioritization (require integration with Ruijie RG-ACE Internet Application Security Gateway)

Support web-based management interface

Support report and analysis generation to show details and correlation of user, authentication and device information for troubleshooting and locating problems

Support AAA framework providing complete separation of Authentication and Authorization sources

Support authorization for LDAP, AD, Kerberos, Token Server, SQL compliant database

Support integrated, network based, device profiler utilizing collection via SNMP, DHCP, HTTP, AD and ActiveSync

Support complex PKI deployment and AAA server certificate signed by external CA whilst validating internal PKI signed client certificates

Support NAC health check allowing both agent and agentless methods and the solution acts as a permanent or dissolvable health agent for Windows, Linux, and Macintosh platforms

Third-party Certification System Integration

Support 3rd party Radius authentication integration

Support from based on Java / web service interface to read the user data of third-party certification information

Support Microsoft Windows Active Directory (AD) domain integration, including with seamless Single-Sign-On integration for a complete 802.1X authentication and Windows AD authentication

Support the integration with the LDAP server to obtain user identity information to achieve unified authentication

Learning and Support for Multi-element Binding

Support terminal hard drive serial number, SSID, user name, password, terminal IP, terminal MAC, network access control device (NAS) IP, NAS port active learning as well as multi-element flexible combination of binding elements. (May require agent installation)

User Management

Support account creation, cancellation, user group management

Support customized user information fields, such as department, age, etc.

Support Self-Service Platform (Web) for visitors to establish temporary/one-time user accounts

Support dynamic user blacklist which prohibit user for landing in specified period of time

Support for setting account period of use, auto account cancellation when expired with user notification in advance

Support users login broadcast messages pop up, or web page pop-up

Support Disclaimer Acceptance message pop up, visitor need to click “Accept” before entering the network

Support authentication suspension period, during that period the user disable cannot authenticate and no Internet access

Support online user management, including message broadcast, online users status review, forced offline as well as online user re-authentication, information gathering and remote assistance

Support maximum user password attempts before user account locked

Support direct access to the user's physical NIC MAC address, to prevent tampering with the MAC address

Support limited number of devices, quota or bandwidth per user

Support caching of MAC address for post guest authentication and guests do not need to re-authenticate during the valid access period

Support bulk import of guest accounts and enable notification of credentials via email

Support sponsored approval workflow for guest self-registration which new SSID registration requires approval from internal staff

Support display of post login session statistics page for users to review and monitor usage or quota assigned

Supports network-based devices ACL, VLAN, and host ACL network access control

User Authentication

Support seamless 802.1x authentication, without the need for any client agent installation and multi-vendor network access

Support Web Portal authentication for staff

Optionally support two-factor authentication using user credentials as well as one-time password via SMS to verify user’s pre-registered mobile phone number

Support Web Portal authentication for visitors

Support Web Self-Service Platform for visitors to establish temporary/one-time user accounts (via SMS or e-mail)

Support QR-Code authentication for Visitors
Visitors require QR-Code authorization by any authenticated user before network access

Support MAC Address Bypass (MAB) authentication for devices cannot support IEEE 802.1x protocol

Support auto-login for self-registration workflow

End Point Compatibility

Support the latest Windows, Mac desktops and support for Apple, Android mobile device platform

Support device-based portal page and automatic screen fit feature for various screen resolution mobile device platform

Host Security Management

 

(Agent installation required)

Support 3rd party antivirus software integration, allowing software installation detection, operation, and updates patches can be pushed remotely

Support integration with Windows Security Center

Support the installation program to detect and repair of software that must be installed to force the download and installation, prohibit the installation software prompts to uninstall; support processes running, registry keys, Windows service entry inspection and repair; supports external connection port for management, prohibiting the use of USB, CD-ROM loaded with connectors; supports Windows patch updates the mandatory or non-mandatory; support switch-based ACL, the switch VLAN, ACL implementation of quarantine host

Asset

Management

 

(Agent installation required)

Support the collection of the user's software and hardware information, hardware information when the user changes, the ability for CPU, memory, motherboards, hard drives and other information for logging

Network Security Management

Support ARP spoofing prevention capabilities that enable trusted gateway ARP entries to prevent ARP spoofing gateway device is, the client also supports static binding ARP information.

Support role-based user security management

Support dynamic, stateful access rights into the network once authenticated based on source, destination, and/or ports

Support defining rules for access rights based on any combination of time, location, user identity, device identity, and extended attributes from the authentication database

Support defining policies for users who can access the network, with which mobile device and which areas of the network they can access

Support to allow traffic, deny traffic, reject traffic, route traffic, and blacklist (remove from the network)

Support blacklisting of wireless devices once firewall / ACL access rule violations are detected or revocation it

(Ruijie SMP Client installation is required)

Support to automatically recognize the operating system and product type of the end device

Support display of internet usage by users (integration with RG-ACE Internet Application Security Gateway required)

Support integration with RG-IDS devices that can collect IDS devices reported security incidents and the source of the attack for direct processing; critical server's IP address set for more sensitive event handling for protection

User-based Internet Application Control

Support integration with RG-ACE Internet Application Security Gateway; the gateway support real-time analysis on the L7 Internet Application that the authenticated users are using; the gateway support user-based application control which the user can be selected from the Authentication System

System Reliability

Support Microsoft Windows and SQL Server cluster hot standby

Support over 50,000 users by license extension

Support backup cluster node with uninterrupted authentication traffic during node failure occur

Support high availability redundancy design for resiliency

 

System Hardware & Software Requirements:

Minimum Specification:

Hardware Platform Requirement

Processor

Intel Xeon 2.8GHz Quad Core x 2 or above

Memory

4G or above

Storage

160G or above

Network Card

3 x Gigabit Ports

Operating System and Database

Operation System

Windows Server 2003 Enterprise Edition SP2 or above

Database

SQL Server 2005 Enterprise Edition SP2 or above

 

Recommended Specification for Large Deployment (Over 15,000 users)

Hardware Platform Requirement

Processor

Intel Xeon 2.8GHz Quad Core x 2 or above

Memory

16G or above

Storage

500G or above

Network Card

3 x Gigabit Ports

Operating System and Database

Operation System

Windows Server 2008 Enterprise Edition SP1 or above (x64)

Database

SQL Server 2008 Enterprise Edition SP1 or above (x64)

 

 

Model

Description

RG-SMP-Pro-EN

RG-SMP 2.X professional edition, supports RADIUS identity authentication, including BYOD and NAC features.

Software requirement for SMP:

Windows Server 2003 or above

SQL Server 2000 or above

RG-SMP-Pro-EN-license-50

Concurrent User License for RG-SMP 2.X professional edition, includes permission for 50 concurrent users.

 

  • Sales Enquiry