The ID Indexing System (IDex) provides a way of reliably identifying already authenticated users in a wide variety of wide-area, Active Directory domain networks, where link and speed cannot be guaranteed. The ID Indexing System consists of:
- IDex Agent Installed on Active Directory domain controllers
- IDex Client Installed locally on Windows workstations
- IDex Cluster Used in a Central Management solution; shares user information between all Smoothwall nodes
- IDex Directory A database of authenticated users, which can be used by all Smoothwall services that require user identity information, such as Guardian and the Firewall
The IDex Directory is a passive connection that receives user information from the IDex Client or IDex Agent, and maps these to local user configuration on the Smoothwall for web filtering, Firewall-ing, and so on, purposes. All user information received is trusted to be correct.
No other configuration is required, other than enabling the directory connection, and the installation of either the Client, the Agent, or both.
How does this differ from the Active Directory configuration in the Smoothwall?
The Active Directory configuration on the Smoothwall is more involved as the Smoothwall must be able to query the Active Directory domain to verify the user credentials it receives. This also means that other areas of the Smoothwall must be configured with details of your Active Directory domain, such as DNS servers. Your Active Directory servers must also be setup to expect and respond to communication from the Smoothwall.
It should be noted that a failure in communication between the Smoothwall and Active Directory domain controller could result in users being placed in the Unauthenticated IPs group, therefore potentially being blocked from browsing to the Internet.
IDex Directory is suitable if you:
- Have a large centralized or Multi-Tenant deployment
- Such as a managed service provider, or public sector network
- Support a large number of independent domains over a wide-area network
- Connectivity to Active Directory domain controllers is difficult or over a low-bandwidth link
- Have the IDex Agent installed on your domain controllers (using the IDex Directory is a must with the IDex Agent)
- Have the IDex Client installed on your network workstations and require your domain user groups to be mapped to Smoothwall local user groups for web filtering, Firewall, and so on, purposes.
- Turning on the Diagnostics for the IDex Agent
- Resynchronizing Active Directory Groups to the IDex Directory