93
notified of the user and will be able to associate all traffic to the corresponding Directory
User. The Directory Client supports Windows 64-bit, 32-bit (2000 SP4 or above), and
Macintosh OSX (10.3 or above) Operating Systems (OS).
Some of the disadvantages with this option are that it only supports Microsoft Active
Directory and computers that are members of the Active Directory domain. In addition to
this, this option will not report on individual users through Terminal Services sessions or
Citrix sessions.
Directory Option 2: Directory Agent with IP Lookup
This option is designed for networks that cannot deploy the Directory Client because no
login process is initiated, login credentials are cached on devices locally, or company policies
restrict pushing end client processes. With this option, Optinet identifies Directory Users
when they initiate web (HTTP) traffic. After Optinet intercepts initial web requests from
users, Optinet (through the Directory Agent) will petition the directory server to find the
credentials used to login to the device.
This option involves installing the Directory Agent on your directory server and creating an
Internet Usage Rule to use IP Lookup. Because IP Lookup will petition the directory server
to find login credentials, the Directory Agent must be installed on the Directory server with
administrator rights (Log on as Administrator). In addition to this, the Operating System
(OS) of users will need to be Windows 2000 (SP4) or above, and their computers must be
joined to the domain.
For computers to successfully communicate login credentials to the directory server, File
and Print share rights must be enabled as well as their primary DNS server set to the IP
address of the Active Directory server. Also, these computers must be joined to the domain
and use Windows (2000 SP4 or above) OS. Lastly, you will need to create two groups with
this feature; one for the devices used by the users (Network Node Group) and another for
the Directory Users (Directory Group). Both these groups will need to use the same
Internet Usage Rule (IUR) configured to use Web Based Authentication-IP Lookup.
The main advantage to this option is that you do not have to execute the Directory Client
during the login process. Also, if successfully executed, IP Lookup will seamlessly identify
users without presenting them a secondary login page. One disadvantage is that users will
not be correctly identified until Optinet first receives web (HTTP) traffic from users. As
such, there may be some discrepancy with application control and reporting for users.
Directory Option 3: Directory Agent with NTLM
This option is intended for networks that use Terminal Server and Citrix Server sessions.
Please note that Citrix Servers offer a feature called Virtual IPs (VIPs), which will allow you
to use Directory Option 1: Directory Agent with Directory Client. If you can enable VIPs
with your Citrix Servers, using Directory Option 1 is recommended.
Directory Option 3 allows Optinet to identify individual users through devices or applications
that use one single IP address for several users. With this option, you will be able to
identify and filter individual users that access the Internet from the same device.
This option requires that you install the Directory Agent on your directory server and then
deploy proxy settings to users’ web browsers. Essentially, users will send web traffic to
Optinet, acting as a proxy. This allows Optinet to identify users based on web sessions
rather than by IP addresses (method used by all other directory options).
