1 Featuring IDM 2.2 and ProCurve Network Access Controller 800Presenter April 2007

2 Table of contents Objectives for this training Slide 3Overview Slide 4-13 Market landscape and/or potential Slide 14-17 Product/Solution components Slide 18-39 Services Slide 39-45 Target customers Slide 46-51 Business benefits (Customer/IT/Reseller) Slide 52-55 Competition Slide 56-61 Key differentiators Slide 62-63 Addressing customer questions/objections Slide 64-66 Summary: ProCurve Value proposition & Edge Architecture fit Slide 67-71 Additional resources Slide 72-74

3 Objectives After completing this training, you should be able to:Identify the market potential for the Access Control solution Describe the Access Control solution and the products that comprise it Position this solution within the ProCurve family Describe the key features and benefits of the Access Control solution Target potential customers by work environments and needs Articulate Customer business benefits IT benefits Reseller business benefits Review the competition Identify the ProCurve Access Control solution’s key differentiators Address customer objections/concerns Emphasize the ProCurve EDGE ArchitectureTM and value propositions fit

4 Overview

5 Security overview The challenges to secure today's enterprise networks are everywhere: Hackers Internet intruders Eavesdroppers Forgers “Traditional” security techniques no longer enough Threats no longer just from the outside – internal Network administrators need to take a more “proactive” approach to controlling access to their networks Simply controlling access to the network based solely on the identity of the user is no longer “enough” Today’s network security policies have been [historically] aimed, for the most part, at authenticating the identity of users of the network. These policies have included adding access control lists on network edge devices such as routers and firewalls and using data encryption on virtual private network or VPN connections. However, with threats continuing to evolve and challenge these “traditional” security measures, more extensive techniques have been put into place to secure the network. Today, a perfectly valid user with perfect credentials might have malware on his laptop – acquired in any number of ways (kids borrowing laptop to download music, etc.). In a “traditional” environment this user would be able to access the network and could spread the malware because there was no additional screening for the malware. This example points out a glaring hole in traditional network security methods. There is a need to add another level of access control to networks.

6 What organizations need to do todayApply access rights and take control over network usage Eliminate viruses and unwanted network traffic Turn security intelligence into actionable network operations Understand and demonstrate regulatory compliance Deploy easy-to-use security solutions that are standards- based, interoperable and reliable Security management involves managing risks and practicing an appropriate standard of care We recommend that customer’s deploy the following layers of security: Access Control Virus detection and response solutions to protect against both internal and external threats Deploy network security solutions that can automatically respond to threats Perform a security assessment and deploy the right level of security to meet needs that are easy to deploy, standards-based, interoperable and reliable. Security can be expensive and hard to deploy, customers have many choices in the market place, a proper assessment can ensure the best possible solution.

7 What the others are doing Fragmented approachesNetwork Vendors Bolt-on security at the WAN perimeter Firewalls IDS/IPS Bolt-on security enforcement in the core Upgrade to get separate Wired and Wireless NAC Servers Clients Traditional Core Not coordinated between security and network vendor approaches. Needs to be communication between the solutions (like in ProActive Defense) Embedded point – you don’t have to pay extra for ‘bolt-on’ capabilities --- with ProCurve they are “built-in”. Use that money for other projects. Net-net on this slide: Network vendors have had a piecemeal approach and are starting to now recognize the need for a better approach Security vendors have had to address the market with overlay because they don’t have network equipment nor access to that market This is the perfect set-up for what ProActive Defense is and how it is different Just focusing on the outside of a network is not sufficient because: not all end-points are controlled and have an agent – hard to deploy once on the network, bad things can still happen or happen after they connect many edge scenarios are not easily supported today – multi-clients on shared media, multiple apps on a client Prior to this current rave, the focus was on the perimeter and protecting against the external threats using firewalls, etc. Didn’t help with internal threats Expensive and management difficulties Many network players are putting their enforcement on core switch/router blades – like putting the security guard in the middle of the building. Security vendors have to overlay their solutions without the network’s involvement. Creates a management problem and doesn’t take advantage of the networks inherent capabilities. Firewall VPN Wireless Access Points Security Vendors Overlay the network with dedicated security appliances Update host-based software with intrusive agents Wireless Clients

8 ProCurve overview The ProCurve Network Access Control solution is an integral part of the ProActive Defense strategy, encompassing a holistic approach to network security. It allows for the continuous protection, detection and response to security threats at the network edge. This comprehensive vision delivers a trusted network infrastructure, which is controllable for appropriate use, immune to threats, and is able to protect data integrity for all users. Obviously, the process of securing the network is complex and perhaps the most difficult challenge facing IT departments in today's environment. So how can these threats be dealt with yet still allow users access to freely use network resources? ProCurve Networking believes the answer to that question is to recognize that network security is an ongoing process and not just a point product and that there is a need to address these threats proactively. To meet the challenge, ProCurve has created a holistic, all encompassing security architecture strategy called ProActive Defense.

9 ProCurve’s security architecture In practicePolicies Validation ProCurve’s ProActive Defense security architecture is designed to prevent and protect the network before a security breach, detect attacks during a security breach and respond to a security breach when if happens. The ProCurve security architecture is designed with management tools that allow centralized management or “command from the center” of the network edge devices, allowing for more efficient use of IT resources. Trusted Network Infrastructure

10 ProActive Defense ProCurve Security solutions Access Control NetworkImmunity ProCurve Networking addresses today’s mounting security issues with its “ProActive Defense” approach to network security, allowing for the continuous protection, detection and response to security threats at the network edge. This comprehensive vision delivers a trusted network infrastructure, which is controllable for appropriate use, immune to threats, and is able to protect data integrity for all users. There are three main components to the ProActive Defense strategy – it’s built on a Secure Infrastructure, then adds Access Control and Network Immunity. Having both ProActive and Defense technologies integrated has the benefits of: - Combining multiple approaches to address the blended threat – which is more the risk today – not a point attack anymore Having access to more data within the integrated system provides a greater opportunity to convert that intelligence into actionable items. The next two slides demonstrate how we integrate the proactive controls (access control) with defense controls (threat management) right into the edge of the network. It is important to note that network management applications should be used as the console for the automated process described above. In all cases, we use the Policy Controlled Intelligent Edge as the enforcement point for security policy. We want to do this as close to the end-user (source of attack) as possible. Secure Infrastructure

11 Procurve Animation The ProActive piece of the ProActive Defense strategy is about preventing problems “proactively” by providing an access control solution Adaptive Edge Architecture adapts to users and provides the appropriate level of access based on the user. The AEA has been a fundamental tenant of ProCurve’s vision offering command from the center with control to the edge. IDM solution provides the appropriate level of access based on policies set for user type, time of access, and location of access and endpoint integrity status Access control must be ‘comprehensive’ because there is no true way to guarantee a homogenous environment of clients connecting to the network. Some will be managed, some will not. There will be guests, contractors, etc. The edge must supplement the access controls for un-trusted and uncontrolled clients accessing the network.

12 Defense Animation The Defense piece of the ProActive Defense strategy is about securing the network infrastructure This is done by controlling who can configure switches and providing switch device authentication It is also done by making the network immune to threats by monitoring network activity to detect and respond to those threats Embedded threat management in all edge devices; LAN, WAN, WLAN. An example would be to have capabilities like Virus Throttle at EVERY edge point (extending beyond those ProCurve devices that already have VT) The LAN, WAN, WLAN devices form a trusted infrastructure by being trustworthy themselves. They are solid, reliable and secure. Capable of forming the trusted infrastructure through authentication (e.g. device-to-device 802.1X) and eventually encryption.

13 The edge is the enforcement pointThe edge is the first point of attachment to the network Support applications at their point of entry Deliver “command from the center” and “control to the edge” through an Adaptive EDGE Architecture™ Servers Clients Internet Wireless Clients Clients The ProActive Defense strategy is simply an extension of the Adaptive EDGE Architecture strategy that ProCurve has promoted for a couple years now – offering command from the center with control to the edge. The important thing to remember is that the edge is the enforcement point for all the security policies set by the ProActive Defense strategy. WLAN WAN LAN Command From The Center

14 Market Landscape or Potential

15 Market trends In addition to the obvious and known need to contain the ever-growing and self-propagating security threats such as worms, viruses and spyware, according to the Security website “Secure Access Central”* and other sources, a number of key trends account for the growing importance of endpoint security and NAC for enterprises and non-commercial organizations alike: More and different types of users are being granted privileges to access data and applications on private networks Computing devices - regardless of ownership - are now commonly used for BOTH business and personal purposes Portable and wireless digital devices have become common in the workplace (e.g., memory sticks, MP3 players, smartphones) Wireless access points have exposed networks to new paths for attacks Regulatory compliance While networks have been a vital element of business productivity for some time, the perceived need for network access control is relatively new. There are a multitude of reasons behind this increased awareness: The adoption of wireless networking is one of the most significant catalysts of this raised awareness. When wireless networking was being adopted, there was tremendous hype over the need to “control access” … because we cannot control or even see where our wireless network extends. While that was true, it was equally true that even though we generally knew where wired network connections ended, we did not necessarily know who or what devices were connecting into that wired network. Once we recognized this basic need for controlling network access, it was left to large companies to heighten our awareness of this security issue and then provide solutions for this newly recognized need. That has certainly been the case with NAC. Finally, the need for compliance with both corporate and governmental regulations with respect to data privacy have increased the benefits of enforcing controls over who accesses our networks and the data available to each user. Since exposure to malicious code has become almost unavoidable when personal activities are conducted on public Internet sites (e.g., web surfing, messaging, file sharing), personal use of the Internet increasingly threatens business resources residing on the end device and accessed private networks. Not only do these devices expose sensitive business data to both intentional and unintentional misuse, they will also increasingly transport malicious code to internal networks, bypassing perimeter security defenses *

16 What is the market potential?According to a report published by Synergy Research Group, based in Reno, NV, the worldwide network security market increased 6% sequentially and grew 10% in 2006 compared to 2005, approaching $5 billion dollars According to Infonetics Research, manufacturer revenue for NAC enforcement was $323M in 2005 and is expected to grow (by 1,101%) to $3.9B by 2008 It is generally well-known that “security” is a hot topic and of growing concern amongst IT administrators across the range of vertical industries. No longer is one organization more concerned than another. At the same time, the number of different “security solutions” has increased. For those individuals selling security products and/or services – the market is RIPE. The total security market is, by one report, close to $5 “billion” dollars! Having any type of security offering is bound to get the attention of your customers and is not a hard sell. And for those individuals selling ProCurve products there is the *new* Access Control Solution – a comprehensive NAC solution comprised of IDM 2.2 and the new ProCurve Network Access Controller IDM 2.2 simplifies access control configuration on network devices, includes automatic authentication directory synchronization, provides new reporting options for regulatory compliance and is more seamless with endpoint integrity solutions. And the new ProCurve Network Access Controller 800 simplifies deployment by integrating multiple components of an access control solution into a single, 1U, rack-mountable, network appliance.

17 NAC market expectationsImplementation Status By Company Size Reasons Cited: Cost Manageability Difficulty of Deployment Network Access Control is a market that is growing significantly. A recent Forrester report indicates that while there are relatively few NAC implementations in place today, many companies have plans to implement a NAC solution. To date, only about 4% of companies have implemented a Network Access Control solution. The same study indicates that 36% of companies have plans for a NAC solution this year. Not surprisingly, network access control is being implemented in larger companies more often than small and medium businesses. This study showed that roughly half of Global 2000 Enterprise companies have a network access control solution And that NAC solutions are in about one-third of large enterprise companies And only about one-quarter of small and medium businesses have adopted a NAC solution When asked if it was wired network access, wireless network access, or remote network access that was driving this need … most respondents, over half, indicated that it was the combination of all three of these. Of those respondents who did not have plans to implement a NAC solution soon … only about 3% listed “Don’t Need” as the reason, while most pointed to the “Cost”, “Manageability” and “Difficulty of Deployment” as the reasons that are holding them back. Source: Forrester, May 2006

18 Products (Solution components)

19 ProCurve’s Access Control SolutionAccess Control is a comprehensive way of managing access to the network and uniquely handling all types of users while preventing untrusted network use Deployable and manageable network access control (ease of use) Appropriate network access (IDM) Endpoint integrity validation (ProCurve NAC 800) Built in RADIUS server (cost savings) Network access reporting (regulatory compliance, forensics) Resilient and scalable Comprehensive network access control (wired, wireless, remote, 802.1X/VPN) The ProCurve Access Control Security Solution protects the network by helping ensure that only authorized users are allowed onto wired or wireless networks. This affordable solution encompasses not only switch products and software applications, but also industry-leading services and support.

20 Access Control Solution 2.0 Components and implementation optionsIdentity Driven Manager (IDM) 2.2 (Requires ProCurve Manager Plus 2.2) + 802.1X - capable switches and wireless APs + ProCurve Network Access Controller (NAC) 800 Starting in Q3’07” ProCurve enhances their Access Control Solution with the introduction of ProCurve Manager Plus (PCM+) 2.2, Identity Driven Management (IDM) version 2.2 and the new ProCurve Network Access Controller 800 appliance (also known as the ProCurve NAC 800). This new solution requires selling Endpoint Integrity licenses and must be sold in combination with implementation start-up services. + ProCurve NAC Endpoint Integrity (EI) Agent License + ProCurve NAC EI Implementation Start-up Service

21 Access Control Solution 1. 0 Before launching IDM 2Access Control Solution 1.0 Before launching IDM 2.2 and ProCurve NAC 800 Authentication Server Authentication Server Authentication Directory Active Directory LDAP HTTP Request Web-Auth MAC Address 802.1X Supplicant MAC-Auth RADIUS Server 802.1X Supplicant IDM Agent In the previous version of the Access Control Solution, ProCurve network devices and the ProCurve Identity Driven Manager provided network access control with adaptive network access rights. However, there are other parts to the solution which are not provided directly by ProCurve. This version of the Access Control Solution ProCurve took a traditional 802.1X environment and expanded it to make it more flexible with granular and streamlined access controls. Using ProCurve’s Identity Driven Manager, network administrators could easily create access policies that specified allowed access based not only on the user’s (supplicant’s) authentication credentials but also on the Time and Location of that access. Additionally, they could set VLANs, bandwidth limits, quality of service parameters and even apply Access Control Lists directly to the port to which the user was connected. (ACLs available on 5400, 5300, 3500, 3400 switches, 530APs and the WESM module). The solution was easy to configure and provided a great deal of additional flexibility in controlling access to valuable network resources, however, since the solution did require some 3rd party software to add critical end-point integrity functionality, customer’s were sometimes reluctant to implement it. 802.1X Authenticator Policy Enforcement Point (PEP) Supported in ProCurve edge devices 5300 / 5400 / 3400 / 3500 4100 / 4200 2600 / 2600-PWR / 2800 2500 420 / 530 / WESM Network Mgmt Server PCM / IDM Server ProCurve owned 3rd Party Software

22 Endpoint Integrity Agent Endpoint Integrity AgentAccess Control Solution 2.0 Identity Driven Manager 2.2 (IDM) & ProCurve NAC 800 Endpoint tests for: Operating systems versions & updates Anti-Virus & anti-spyware software Required or prohibited software Network Access Controller 800 EI Policy Definitions Endpoint Integrity Agent On-demand Endpoint Integrity Agent Authentication Directory Active Directory eDirectory LDAP 802.1X Supplicant Any 802.1X Client RADIUS Server The new ProCurve Network Access Control Solution 2.0 not only has the functionality of the previous access control solution built into the ProCurve devices (multiple devices are no longer needed), it also adds new functionality previously available only though 3rd party products. In this solution, we replace the 3rd party RADIUS server with the ProCurve Network Access Controller In the ProCurve NAC 800, we provide a shallow, 1U access security appliance that contains an on-board RADIUS server with an integrated IDM agent. It has the ability to specify endpoint integrity policies that define what software must be on a client computer (anti-virus software and updates, personal firewalls, operating system patches, etc…) and any software that is prohibited (file sharing software such as Kazaa, for example). In this way we can now control network access based not only on the user and the Time and Location from which he attempts to access the network, but also on the security state of the physical client computer. Additionally, ProCurve’s Identity Driven Manager 2.2 provides automatic authentication directory synchronization which saves valuable IT time and resources as well as an access control configuration wizard allowing the administrator to easily prepare many ProCurve network devices to enforce access controls and end-point integrity on clients at one time. IDM Agent 802.1X Authenticator TNC Policy Enforcement Point (PEP) Network Mgmt Server PCM / IDM 2.2 Server ProCurve owned

23 Solution set IDM & ProCurve NACProCurve NAC EI Agents 100 clients 250 clients 1000 clients 5000 clients ProCurve NAC EI Implementation Start-up Service Pre-requisite for Agents ProCurve Identity Driven Manager (IDM) ProCurve Network Access Controller 800 (ProCurve NAC 800) RADIUS Server IDM Agent EI Software (license req’d) Adaptive Access Control With 3rd party RADIUS Various solutions can be created for differing customer needs Adaptive Access Control - for customers not currently interested in EI, you can still build a cost-effective access control solution that includes adaptive access created by IDM and the ProCurve EDGE devices A customer can use the ProCurve NAC 800 as a RADIUS server or integrate this solution with their existing RADIUS servers (IAS, Steel-Belted Radius, or FreeRADIUS) Access Control with Endpoint Integrity - for customers who do not need to provide differentiated services, the ProCurve NAC 800 and ProCurve NAC EI Agents allow an administrator to control who accesses the network and test client devices before they are allowed onto the network. Adaptive Access Control with Endpoint Integrity – the complete solution provides for endpoint integrity checking, along with the Adaptive EDGE capabilities created by IDM and the ProCurve EDGE devices. Protecting the network from unauthorized users and non-compliant or dangerous devices while providing customized network access for authorized users with clean devices. Adaptive Access Control Access Control with Endpoint Integrity Adaptive Access Control with Endpoint Integrity

24 What is ProCurve IDM 2.2? ProCurve Identity Driven Manager (IDM) provides adaptive access control for secure, customized access to network resources Secure network access: IDM works with standard RADIUS authentication to secure the network, allowing only approved users, when and where they are authorized to access the network Custom network access: IDM dynamically assigns access rights to identities (users) who are authorized to use the network IDM 2.2 is a product that catches each user’s login authentication request and sets their access policies according to business related criteria. IDM 2.2 allows the administrator allow, deny or customize access to the network based on user, device, time, place or endpoint integrity status. IDM 2.2 adds automatic authentication database synchronization so that when a new user is added to the database (Active Directory, LDAP etc..) they are immediately placed in the correct IDM group and have their specific access rights enforced with no additional administrative input. Also, IDM 2.2 now has a Secure Access Wizard which allows the administrator to configure multiple ProCurve edge devices for port-based access control from a centralized location all at the same time. In concert with ProCurve Manager Plus (PCM+ 2.2), IDM 2.2 provides Command from the Center … an affordable, feature-rich, unified, and centralized approach to enterprise network management

25 Identity Driven Manager 2.2 cont.Allows easy creation and management of user policy groups for optimizing network performance and increasing user productivity Dynamically apply security, access and performance settings at port level based on policies Automatic Authentication Database Sync Access control configuration wizard IDM adds network reports and logs based on users for audit Client Integrity Status Based on => User/Group, Time, Location, Device ID Each user has been placed in an access policy group (APG) by the administrator. When a user is authenticated IDM looks at the rules for the user’s access policy group. The rules are based on time, location, Device ID, and client integrity status. When a rule match is found then an associated ‘Access Profile’ is invoked that sets a policy on the user’s port that can include ACL’s, VLANs, QoS and Bandwidth limitations. Access Control Lists (ACL’s) and client integrity checking are the new features. Access Controls Lists are filters on users enforced at the port or AP that allows or denies access to protocols, destination IP addresses, or destination TCP/UDP ports. The addresses (TCP/UDP or IP) may also be specified in ranges as well as individual addresses. Client integrity is an indicator sent to IDM by the ProCurve NAC When IDM sees the client status indicator it can send a ‘dirty’ client to a remediation VLAN or server. Set => Bandwidth Limit VLAN QoS ACLs

26 Identity Driven Manager v2.2 What’s newIDM 2.2 is a NO COST upgrade to IDM 2.0 and offers: Manageable access control Secure Access Wizard Dynamic Active Directory synchronization Management and monitoring of the ProCurve NAC appliance Comprehensive access control Adaptive access control It is important to note that customers seeking the benefits of IDM can purchase IDM v2.0 and upgrade to v2.2 *at no cost* when it is released.

27 ProCurve Network Access Controller 800New ProCurve Network Access Controller 800 Simplifies deployment by integrating many components of an access control solution into a single network appliance The ProCurve NAC 800 is a shallow-depth 1U network security appliance that integrates many important access control features into a single platform. In this compact package, ProCurve has included all of necessary components to ensure an extremely flexible and ultimately much more secure network environment. It also mounts easily into network racks and has very easy front access to all the connections and controls (other then the power cord). The NAC 800 includes: An on-board RADIUS service which can be integrated with many back-end authentication services The ProCurve Identity Driven Manager agent that allows the NAC 800 to apply the adaptive network access policies set by IDM A local authentication database for smaller environments without back-end servers End-point integrity assessment with multiple client checking options including in-line DHCP mode, Active X mode and 802.1X mode to provide network protection for all types of client devices The integrity checking functionality is constantly updated with new security patches and software updates as long as the client has a valid EI maintenance contract. Network rack-mountable: 1U and shallow-depth Manageable by the PCM+ / IDM management server On-board RADIUS server Convenient front console and LCD menu USB drive helps simplify many maintenance tasks Local authentication database for smaller environments w/o back-end servers

28 Console, LCD, USB and Ethernet portsUSB Port Port 1 In-band Management Port2 Varies by implementation mode The console port is used to access the PSP Console Port: Out-of-band console access RJ45 Connector/Console Cable ( ) Access to the ProCurve Service Partition (PSP) Configuration Settings Diagnostics Recovery Reboot The LCD Panel is the interface used for mode selection: Combination Server Management Server Enforcement Server And for IP Address configuration: IP address Network mask Default gateway The USB port creates a convenient way to do any scheduled maintenance or software updates. Upgrade system software Update Hardware BIOS Backup and Restore Console Port LCD Panel Interface for mode selection IP Address configuration

29 ProCurve Network Access Controller 800 RolesManagement Server Configuration Endpoint policies Monitor device activity Reports License management Test updates Enforcement Server Endpoint testing based on enforcement method Access control status Combination Server Performs the combined roles of Management Server and Enforcement Server Basically this product can function in any one of three modes – as a management server, enforcement server or as a management/enforcement server combo.

30 ProCurve Network Access Controller 800 Implementation optionsMultiple deployment options: 802.1X w/IDM as RADIUS only DHCP DHCP w/multiple VLANs Inline Server installation options: Combination Server Multiple Server Testing method options: NAC Agent ActiveX Agentless The implementation options presented on this slide are ProCurve Network Access Controller 800 installation and testing options available as part of the ProCurve Access Control Solution 2.0. The ProCurve NAC 800 offers flexible deployment modes to meet the needs of specific network environments: 802.1X – the most secure access control deployment method – can be used in conjunction with IDM for the most comprehensive identity-based profiling – can also uniquely serve as a RADIUS server DHCP – endpoint integrity validation for non-802.1X networks In-line – effective for remote access clients – endpoint integrity validation is performed after tunneling in but prior to getting any access to the corporate network The ProCurve Network Access Controller 800 can be installed in two ways: 1. As a single Combination Server: In this case the management server and enforcement server are on the same NAC 800 controller appliance and allow for only one deployment option (802.1x OR DHCP OR Inline). 2. Multiple Server installation: In this case there are multiple NAC 800’s – one is used as a management server only and the rest are used as enforcement servers for different deployment options. Implementation also involves the use of one or more testing methods: “NAC Agent” is recommended for IT controlled environments “ActiveX” option requires that users launch a web browser before testing can occur (NOTE: retesting cannot occur if user closes browser) “Agentless” requires that you know or are provided local administrator rights for testing

31 Centralized management of ProCurve NACDiscovered by PCM Integrated into IDM GUI Launched with context Complete EI navigation within PCM/IDM The ProCurve NAC 800 is integrated into the ProCurve Manager management platform. It is discovered and grouped appropriately on the PCM device tree. As with other devices within PCM, the ProCurve NAC 800 user interface can be launched from the management server and is displayed within the PCM interface. Depending on where the interface is launched from, the appropriate view of the ProCurve NAC 800 will be displayed.

32 Endpoint integrity checksAntivirus, spyware, firewalls, peer-to-peer, allowed and prohibited programs and services OS versions, services packs, hot-fixes Security settings for browsers and applications New tests developed and delivered regularly The ProCurve NAC 800 provides a comprehensive set of endpoint tests in the areas of Antivirus software, spyware, firewalls, peer-to-peer, allowed and prohibited programs and services, OS versions, services packs, hot-fixes and security settings for browsers and applications. New tests are continually being developed to address changes in software and new virus definitions. These new tests are updated to the ProCurve NAC 800 automatically when a maintenance license is in place.

33 ProCurve NAC EI Agent Maintenance subscription provides:ProCurve NAC EI Agents 100 clients 250 clients 1000 clients 5000 clients ProCurve NAC EI Agent 1-yr maintenance 100 clients 250 clients 1000 clients 5000 clients Initial Purchase includes Software license-to-use 1-yr updates for EI Agent tests The initial purchase has two parts: Software license-to-use – this is the software client that enables endpoint integrity checking through the ProCurve NAC 800 hardware 1-yr maintenance – this software maintenance contract enables updates of live content for 1 year Annual maintenance contract : Offered in the same levels as the original product – continued updates of live content Maintenance subscription 1-yr updates for EI Agent tests Maintenance subscription provides: Live-content updates to endpoint integrity checks (OS patches, virus signatures, AV software versions, AV virus definitions, …)

34 Access Control Solution 2.0 Product structureProCurve Identity Driven Manager J9012A ProCurve Identity Driven Manager – 500 Users J9013A ProCurve Identity Driven Manager – Upgrade from 1.0 J9014A ProCurve Identity Driven Manager – add 2000 Users J9065A ProCurve Network Access Controller 800 J9083A J9084A ProCurve NAC Implementation Start-up Service (basic) ProCurve NAC Implementation Start-up Service (advanced) ProCurve NAC Endpoint Integrity Agent Software (includes 12 months maintenance) J9066A ProCurve NAC Endpoint Integrity Agent 100 clients J9067A ProCurve NAC Endpoint Integrity Agent 250 clients J9068A ProCurve NAC Endpoint Integrity Agent 1000 clients J9069A ProCurve NAC Endpoint Integrity Agent 5000 clients ProCurve NAC Endpoint Integrity Agent 12 month maintenance J9070A ProCurve NAC Endpoint Integrity Agent 1-yr Maintenance for 100 clients J9071A ProCurve NAC Endpoint Integrity Agent 1-yr Maintenance for 250 clients J9072A ProCurve NAC Endpoint Integrity Agent 1-yr Maintenance for 1000 clients J9073A ProCurve NAC Endpoint Integrity Agent 1-yr Maintenance for 5000 clients New New New Note: The IDM product numbers and licensing have not changed in this release. Installation of the ProCurve NAC Endpoint Integrity Agent software requires that an implementation startup service be provided by ProCurve certified partners, or is available directly from ProCurve. ProCurve certified partners have been trained and certified to both define and provide their own services to meet these needs. New

35 Positioning the Access Control Solution within the ProCurve familyThe new Access Control solution – with updated IDM and the brand new ProCurve Network Access Controller 800 – is a new addition to the ProCurve family of products and solutions. This new solution fits within the ProCurve Adaptive Network vision and is one of the main components to the ProActive Defense security strategy, allowing for the continuous protection, detection and response to security threats at the network edge. This comprehensive new vision delivers a trusted network infrastructure, which is controllable for appropriate use, immune to threats, and is able to protect data integrity for all users. Access Control Network Immunity ProActive Defense Secure Infrastructure The foundation of the ProActive Defense is the trusted network upon which the strategy is based – also known as the “secure infrastructure”. This means the network devices and applications that are detecting and responding to threats are themselves managed and protected with secure reliable technologies. The Access Control solution falls on the “proactive” side of the ProActive Defense strategy as it “proactively” prevents security breaches by controlling which users have access to systems and how they connect in both wired and wireless environments. And the Network Immunity component of the ProActive Defense strategy is an affordable, scalable, and easily manageable solution which delivers per port intrusion detection and response to stop malicious network traffic at the edge of both the wired and wireless networks.

36 Warranty and support Warranty & Support Product 90-day media warrantyProCurve Identity Driven Manager 90-day media warranty No-cost lifetime phone support ProCurve Network Access Controller 800 1 year parts & labor on hardware No-cost software updates* ProCurve NAC EI Agents Software updates while covered by a valid maintenance license ProCurve Identity Driven Manager offers A 90 media warranty is standard in the industry No-cost lifetime phone support is a unique value to our ProCurve customers ProCurve Network Access Controller 800 1 year parts & labor on hardware meets or exceeds competitive solutions No-cost software updates exceed any competitive products. This is analogous to the no-cost software updates on other ProCurve devices and includes any enhancements and new features to the base platform. Endpoint integrity test definitions are NOT part of the base platform and require a maintenance license for updates ProCurve NAC EI Agents Software updates to endpoint integrity test definitions require a valid maintenance license. Endpoint integrity testing will continue to run and be warranted from defects. However, tests for new software, viruses, etc. will not be available without the valid maintenance license * Software updates are done on a best-effort basis without commitment for future functional enhancements. Endpoint integrity test definitions are NOT part of the base platform and require a maintenance license for updates.

37 Features overview Identity Driven Management (IDM) 2.2: FeatureDescription Secure Access Wizard Steps the administrator through configuring security consistently across devices, ports, and the authentication server Dynamic Active Directory Synchronization Enhanced directory integration including automatic updates to IDM Unified Access Control Enhanced wireless support brings wireless access security on par with wired access security Network Authentication Network authentication based on user, device, location, and time Network Authorization Dynamically configures user VLAN, QoS, Bandwidth, ACLs (per user, per port) Endpoint Authorization Access Policy Groups enhanced to utilize Endpoint Integrity (EI) status Automated Reporting Automated and detailed reporting RADIUS Support Additional RADIUS support: Funk Steel-Belted RADIUS for Windows FreeRADIUS for Linux platforms

38 Features Overview (continued)ProCurve Network Access Controller 800: Feature Description Endpoint Integrity Verifies that devices connecting to the network comply with business requirements and are not a threat to the network or other network citizens Clientless Endpoint Testing The ability to test endpoint devices without requiring pre-loaded client software Remediation Services Provides feedback and facilities to the end user to remediate non-compliant systems Reporting Configurable and automated reporting facilities Authentication Service Establishes network access rights for users and devices connecting to the network based on user role Ease of Deployment Ability to easily implement a NAC solution with minimal impact on current network infrastructure Centralized Management Discovered by PCM+/IDM Integrated with complete EI navigation within PCM+/IDM Distributed Architecture Allows for strategic NAC implementation while providing scalability and resiliency

39 Services

40 Network Access Controller 800 Services StrategyNew Network Access Controller 800 Services Strategy NEW to ProCurve! – the sale of start-up/implementation services is REQUIRED with the sale of the Network Access Controller 800 complete solution ProCurve’s intent is to enable our channel partners to sell and deliver the appropriate services for the solution As a secondary service provider, ProCurve will offer an implementation startup service which will be delivered by ProCurve certified specialists Channel partners required to complete a qualification process before they can deliver implementation services Once ‘qualified’ each partner will receive a block of ‘Service Registration ID’ numbers which are used during the ‘registration’ process of the solution implementation Service Registration ID#’s will be entered through the customer’s “My ProCurve” account during the implementation process and are required to provide initial* access to the Endpoint Integrity licenses With the release of our new ProCurve Network Access Controller, ProCurve wants to ensure customers experience minimal problems when installing the NAC and the Endpoint Integrity Agent software. To help ensure the customer’s network is ready, ProCurve has created the ProCurve NAC Endpoint Integrity Implementation Start-Up Service. ProCurve encourages customers to work with their preferred partner to purchase the ProCurve Implementation Service. ProCurve has also qualified a select number of security partners to deliver their own version of the Implementation Start-up service. Either version should help the customer assess the readiness of their network to implement the Network Access Control Server and Endpoint Integrity software. The HP ProCurve branded service includes configuration of the NAC Server and testing of up to 5 clients. ProCurve’s strategy for the ProCurve NAC solution is to enable our Channel Partners to sell and deliver the appropriate services for the solution (which include a required implementation service). As a secondary service provider, ProCurve will offer a implementation startup service which will be delivered by ProCurve specialists. The ProCurve Channel partner will be required to complete a qualification process before they are considered ‘qualified’ to deliver implementation services. Once they have been ‘qualified’ they will receive a block of ‘Service Registration ID’ numbers which will be required during the ‘registration’ process of the solution implementation. This Service Registration ID#’ will be entered through the customer’s My ProCurve account during the implementation process and will provide access to the End Point Integrity licenses (for downloading to the customer’s clients.) * If a customer chooses to purchase additional Endpoint Integrity licenses in the future, no additional ProCurve NAC start-up/implementation services will be required. My ProCurve will retain the record of the initial start up service purchase and entitle the customer to download the additional licenses.

41 Network Access Controller Services OfferingService Level Duration Delivered by Hardware-only Support Services Offsite Parts Exchange, next business day 1, 3, 4, 5 years HP Next Day Response, local business hours HW Onsite support, 4 hour response, 13x5 HW Onsite support, 4 hour response, 24x7 HW Onsite support, 6 hour call-to-repair Deployment Services ProCurve Installation and Startup One time event ProCurve Network Access Control Endpoint Integrity Implementation Start-up Service ProCurve Engineers ProCurve Network Access Control Deployment Service Value-added Reseller Hardware-only support services are available as support contracts, fixed Care Packs and Flexible Care Packs. Duration varies based on type of support agreement. HP ProCurve Installation and Startup is physical installation of the ProCurve Network Access Controller Server itself. ProCurve Network Access Control Implementation and Startup Service is a consultative service designed to help the customer prepare their network for the installation of the ProCurve NAC.

42 Network Access Controller Services Sales scenariosEngage a value-added reseller to sell their own branded NAC Services Scenario #2: Reseller sells new ProCurve delivered service J9083A - HP ProCurve Network Access Controller EndPoint Integrity Startup Service (inline and DHCP) J9084A - HP ProCurve Network Access Controller EndPoint Integrity Startup Service (802.1X) ProCurve recommends engaging a certified value-added reseller to sell and deliver their branded services with the ProCurve Network Access Controller 800 End Point Integrity solution. If a value-added reseller is not engaged, ProCurve recommends that the reseller sells the new “ProCurve-branded” services and deliver the service.

43 Network Access Controller Services Corporate Price ListList Price Street Price Product Number Product Description $5,499 $3,739 J9012A ProCurve Identity Driven Manager – 500 Users $1,499 $1,019 J9013A ProCurve Identity Driven Manager – Upgrade from 1.0 J9014A ProCurve Identity Driven Manager – add 2000 Users $TBA J9083A ProCurve NAC Endpoint Integrity Implementation Start-up Service (inline and DHCP) J9084A ProCurve NAC Endpoint Integrity Implementation Start-up Service (802.1x) $3,299 $2,243 J9065A ProCurve Network Access Controller 800 $3,999 $2,719 J9066A ProCurve NAC Endpoint Integrity Agent 100 clients $8,799 $5,983 J9067A ProCurve NAC Endpoint Integrity Agent 250 clients $29,999 $20,399 J9068A ProCurve NAC Endpoint Integrity Agent 1000 clients $99,999 $67,999 J9069A ProCurve NAC Endpoint Integrity Agent 5000 clients $706 $480 J9070A ProCurve NAC Endpoint Integrity Agent 1-yr Maintenance for 100 clients $1,554 $1,056 J9071A ProCurve NAC Endpoint Integrity Agent 1-yr Maintenance for 250 clients $5,298 $3,602 J9072A ProCurve NAC Endpoint Integrity Agent 1-yr Maintenance for 1000 clients $17,660 12,008 J9073A ProCurve NAC Endpoint Integrity Agent 1-yr Maintenance for 5000 clients Implementation services are sold/purchased just like any other ProCurve product and use “J” product numbers. J9083A is for inline and DHCP solutions. J9084A is for 802.1x solutions. Customers that choose a ProCurve Partner branded solution will need to work with their partner to determine pricing. Implementation service is sold or purchased just like any other ProCurve product. The physical product includes: a set of instructions to log into the customer’s My ProCurve account. If the customer does not currently have a My ProCurve account, they are instructed to create one. the unique Implementation Service Registration ID used to unlock the Endpoint Integrity licenses the Terms and Conditions in multiple languages.

44 Network Access Controller Services Process Flow1 2 3 4 Purchase Install Channel Partner Implementation Service Qualified reseller Partner branded service Service reg. ID # provided by PNB Register Download PNB Channel Partner Implementation Service Partner schedule Partner on-site install Service completed licenses Customer purchase: ProCurve NAC Implementation StartupService Provided by either: PNB Channel Partner (Partner branded service) ProCurve (PNB branded service) Channel My ProCurve Portal (customer’s portal) Hardware reg. ID # Service reg. ID # Installer Name End Point Integrity Licenses (customer’s portal) Registration Entitlement ProCurve (#2) ProCurve NAC Implementation Start-up Service Product Service reg. ID # Instruction card During the purchasing of the following products: ProCurve NAC hardware product and End Point Integrity products The ProCurve Channel partner will be required to complete a qualification process before they are considered ‘qualified’ to deliver implementation services. Once they have been ‘qualified’ they will receive a block of ‘Service Registration ID’ numbers which will be required during the ‘registration’ process of the solution implementation. This Service Registration ID#’ will be entered through the customer’s My ProCurve account during the implementation process and will provide access to the End Point Integrity licenses (for downloading to the customer’s clients.) ProCurve Implementation Start-up Service Service deployment notification Service scheduled On-site install Service completed 44 44

45 More information on required servicesFor more details on the required services including specific partner requirements, qualification process, training and services toolkit information, please see the Powerpoint presentation, “ProCurve Network Access Controller Start-up Service Sales Training” located at the ProCurve Sales Resource Center:

46 Target Customers

47 Target customers This solution applies to all customers needing to address network security issues involving user authentication for wired and wireless networks. Nearly every customer can benefit from the security of the ProCurve Access Control Solution, however, the “low hanging fruit” for this solution may be universities and schools who currently have NO access control at all. They are especially vulnerable to security issues because of the transient nature of their end users. This solution offers them multiple options to eliminate these vulnerabilities on their network. The other major initiative may be with those customers that have existing 802.1x environments. They are obviously aware of and appreciate the benefits of a port-based access control solution, and what you can bring to them is this “little box” that allows them to extend the port-based access they are used to include endpoint integrity and dynamic access control and configuration.

48 Vertical markets Education Public Sector Government Corporate (campus)Higher Education Public Sector Government Corporate (campus) Retail (branch offices) Healthcare Financial

49 Target customer business needsProtection of valuable network resources and intellectual property from internal and external security threats Comprehensive yet affordable solution that answers critical network security issues A solution that is easy to implement and maintain Appropriate access to network resources based on time, location, and role -- allowing for increased productivity and higher efficiency in network resource utilization Provide network access to only approved “clean” devices to ensure network security The ProCurve Networking Access Control Security Solution helps protect valuable network resources and intellectual property from internal and external security threats: For those customers implementing the entire solution, all access areas, wired or wireless, are secured via 802.1X- and RADIUS-based user authentication to the network fabric Guest access can be enabled based on location and time to ensure the network is not widely available to anyone but authorized users  User authentication for both wired and wireless access based on time, location, user profile and client integrity status enables a higher level of security, in addition to ensuring that the network is available to only authorized users on secure client machines, resulting in higher network efficiency The ProCurve Networking Access Control Security Solution is a comprehensive yet affordable solution that answers critical network security issues: The solution encompasses not only multiple network devices (switches and wireless) to address different customer use scenarios, but also encompasses software applications and industry-leading services and support The ProCurve Networking Access Control Security Solution is easy to implement and maintain: Certified ProCurve Elite Partners are trained and certified to assess your environment, design your solution, install the solution, and provide service and support The product components of the solution are designed and accepted in the industry as easy to install and configure, providing the proverbial "out of the box" experience

50 ProCurve Adaptive Edge DevicesTarget customer scenario Single campus network environment Corporate VLAN Remediation VLAN PCM/IDM Server ProCurve NAC 800 w/ProCurve NAC Agent Licenses ProCurve Adaptive Edge Devices Solution includes: IDM, ProCurve NAC 800, and ProCurve NAC EI Agent Licenses Remediation VLAN configured to all secured edge ports, in addition to all other company VLANs used Clients authenticate via 802.1x, and are placed on VLAN based on EI status: Corporate VLAN if the have recently passed EI testing Remediation VLAN if they are Unknown … will be tested now and re-authenticated if they pass the EI test Remediation VLAN if they fail EI testing IDM also sets ACLs, QoS, and Bandwidth limits based on access policy Works for both wired and wireless ProCurve edge devices ProCurve Adaptive Network Access with Endpoint Integrity in a single campus environment In this scenario, we provide an example of the typical ProCurve Access Control Solution 2.0 on a single campus. In this environment, all network clients are authenticated with 802.1X. During the authentication process the “posture” or security integrity state of the client is determined. Initially, all clients are considered “Unknown” and are placed on the Remediation VLAN to be checked as to whether they meet the pre-defined security parameters for network access. While in this state they may only have access to a limited section of the network. They are then tested and if they pass are placed on the corporate VLAN and have access to any and all resources granted to them by their Identity Driven Manager access profile. If the client fails a particular client-integrity or “posture” check, they remain on the Remediation VLAN and are presented with the reason(s) why they failed inspection. They can then either be re-directed to approved remediation servers which would contain the necessary software fixes or be permitted access only to a limited portion of the network and perhaps the Internet until the client is up to date. Passed Connected to Corporate VLAN Unknown On Remediation VLAN to be tested Failed On Remediation VLAN, will be retested at next authentication

51 Typical target customer scenario With a more specific sub-headerManager ProCurve NAC 800 Main Enterprise Site Remote Office PCM/IDM Server Corporate VLAN Remediation VLAN ProCurve NAC 800 ProCurve NAC 800 ProCurve NAC 800 Corporate Network with Remote Site Building upon the last scenario, we now introduce a remote site into our single campus corporate environment. The mechanisms of network access remain the same in this scenario, however we have now included much more redundancy and fault-tolerance into the solution. On the main corporate campus we now have multiple NAC 800’s, one acting as the management server or the central point in the end-point integrity and authentication environment and others acting as enforcement servers, authenticating users and enforcing the security policies set by the network administrator on the management server. These enforcement servers can be grouped into clusters to provides redundancy within the main corporate LAN in case any one of them should become unavailable. At the remote site, we again have a NAC 800 acting as an enforcement server and reflecting back to the management server at the main site. If the NAC 800 at the remote site were to become unavailable, clients could still access the servers at the main site over the WAN to gain access to the necessary network resources.

52 Business benefits Customer IT Reseller

53 ProCurve Access Control solution meets customer business needsThe Access Control solution reduces the vulnerability of a customer’s network to potentially harmful systems or users through multiple enforcement modes – ensuring maximum uptime Maximum Network Uptime The comprehensive auditing and reporting mechanisms of the Access Control solution allow the customer to be in compliance with stricter government regulations on network user access Regulatory Compliance Assistance Provides flexible enforcement modes for existing network infrastructure The Access Control Solution 2.0 leverages the security and access control technologies already built into ProCurve edge devices, allowing customers to take advantage of the new functionality offered by the solution without having to completely retool their networks Investment Protection

54 ProCurve Access Control Solution 2.0 Save time and resourcesProCurve Access Control solution meets customer IT needs ProCurve Access Control Solution 2.0 IDM 2.2’s automated database synchronization avoids duplicating work by allowing the administrator to update the IDM database at the same time as their authentication database IDM 2.2’s new Secure Access Wizard enables the administrator to configure network access control on as many or as few network devices as are needed at any given time all at the same time from a central point Save time and resources Protect the network The ProCurve NAC 800 adds another layer of security that can be applied to clients attempting to access the network, further improving network uptime and reducing the number of security breaches When combined with the new Network Immunity Manager 1.0, IDM 2.2 can provide IT staff with an audit trail pin-pointing the IP address, MAC address and user name of any offending users exhibiting unauthorized network behavior. Improve reporting

55 ProCurve Access Control solution meets reseller business needsWith the introduction of the Access Control Solution, ProCurve can now provide a complete ProCurve-centric network access solution Resellers can approach clients confidently with a single vendor solution that is still standards compliant Some of the advanced features of the Access Control Solution (such as IDM 2.2’s ACLs) require the higher end Intelligent edge switches, providing resellers an opportunity to sell customers on a network upgrade Increase sales For the first time ProCurve has created a product designed specifically to sell the start-up implementation services of qualified resellers -- this could be a great revenue opportunity for qualified companies Consulting and Services

56 Competition

57 Competitive SolutionsCisco NAC Appliance (Clean Access) Purchased through the Perfigo acquisition Previously an alternative to Cisco NAC, now used as the leading NAC solution Very similar product structure to ProCurve NAC proposal Enterasys Sentinel Seems to be an in-house developed NAC solution Makes use of partnerships, for instance with Lockdown Networks Tiered pricing, but no real low cost solution Extreme Sentriant OEM of StillSecure Safe Access solution, with no known additions No pricing information at this time, believed to be still in beta Tiered pricing that enables purchase of any number of licenses (not pre-defined blocks)

58 Cisco NAC Appliance (Clean Access)ProCurve Differentiators Purpose-built inspection engine for pre-admission scanning Makes the ProCurve scan much faster than Cisco (5-10 seconds vs. 30+ seconds for Cisco) Personal firewall integration Multiple scanning options with the same level of depth ProCurve NAC 800 can perform the same baseline scans regardless of what scanning method is used (DHCP, ActiveX or 802.1X) With Cisco, if the scanning agent is not installed, the depth of the scan and the things it can detect are greatly decreased The ProCurve solution is built to operate in an off-line (out of the way) mode Unless the customer has a complete end-to-end Cisco solution with all of the latest software, the Cisco NAC appliance must be in-line, a “bump on the wire” which can effect throughput and overall productivity RE: Purpose-built inspection engine for pre-admission scanning -- makes the ProCurve scan much faster than Cisco (5-10 seconds vs. 30+ seconds for Cisco). This is true because Cisco gained this functionality through the Perfigo acquisition which uses the NESSUS scanning engine. The NESSUS open-source scanning engine was originally developed for in-depth vulnerability scanning, as such it is not built for speed, but rather for depth of scan. RE: Personal firewall integration -- the Cisco solution will not work through a personal firewall (again because of the NESSUS engine). If connections to the ports it scans are blocked, the scan can not continue

59 Enterasys Sentinel ProCurve DifferentiatorsPurpose-built inspection engine for pre-admission scanning As with Cisco, Enterasys also uses the NESSUS scanning engine (through a partnership with Lockdown Networks) and has all of the same issues Scanning engine built for depth, not speed (again 5-10 sec. vs. 30+) Enterasys has no personal firewalls The Enterasys solution will not work through a personal firewall (again because of the NESSUS engine) -- if connections to the ports it scans are blocked, the scan can not continue Must be a “bump on the wire” Multiple scanning options with the same level of depth ProCurve NAC 800 can perform the same baseline scans regardless of what scanning method is used (DHCP, ActiveX or 802.1X) With Enterasys, if the scanning agent is not installed, the depth of the scan and the things it can detect are greatly decreased

60 Extreme Sentriant ProCurve DifferentiatorsProCurve provides integrated end-point integrity checking and authentication dedicated appliance Extreme Sentriant solution provides *only* end-point integrity checking Despite the fact that the products are very similar in terms of ensuring client integrity, ProCurve has included an on-board RADIUS server in the NAC 800 product ProCurve has added integration features not available from Extreme The ProCurve NAC 800 is fully centrally manageable through the PCM/IDM console NAC 800 has a preloaded IDM agent for the implementation of user access rights NAC 800 has connectors that allow it to access both Active Directory and LDAP user databases natively, not through RADIUS

61 Competitive positioning for key featuresCisco NAC Appliance Enterasys Sentinel Extreme Sentriant ProCurve NAC Authentication service: establishes network access rights for users and devices connecting to the network √ Endpoint integrity: verify that devices connecting to the network comply with business requirements and are not a threat to the network or other network citizens +$$ + Endpoint support: provide support for verifying endpoint integrity of a broad set of endpoints (i.e. Microsoft, Linux, Solaris, AIX, MacOS, FreeBSD, …) - Consistent authentication: consistent policies for authenticating via LAN, WLAN, WAN or VPN access Clientless authentication: the ability to authenticate users and devices without requiring pre-loaded client software Remediation services: provide feedback and facilities to the end user to remediate non-compliant systems Reporting: configurable and automated reporting facilities Compliance data collection: collect and export data that can be used for audit compliance reports with respect to network access Manageability: seamless integration with the management platform Ease of deployment: ability to easily implement a NAC solution with minimal impact on current network infrastructure Identity-based network access levels: differentiated network access rights based on user, device, time, and location √$$ + leading deficient - parity √ extra cost $$

62 Key Differentiators

63 Key differentiators The ProCurve Access Control 2.0 solution is unique from competitive solutions as follows: Identity-based network access levels ProCurve’s IDM 2.2, a main component of the Access Control 2.0 solution, provides for differentiated network access rights based on user, device, time, and location Rich reporting and integration with ProCurve Manager allows ProCurve NAC to support regulatory compliance auditing Ease of deployment Unlike several competitive NAC security solutions, the ProCurve Access Control solution can be easily implemented, integrating seamlessly into customer’s networks with minimal impact on their existing network infrastructure “TOTAL” solution – not just point product The ProCurve Access Control solution offers a complete suite of products from management software and 802.1x compatible switches to the new Network Access Controller 800 and endpoint integrity licenses for one-stop shopping OR components of the solution can be integrated into networks with competitive offerings

64 Addressing customer questions, concerns or objections

65 Customer questions/concerns/objections and ProCurve responsesQuestion/concern/objection: I’m running all the latest security standards, have firewalls in place and authenticate my users when they log in, isn’t that enough? Answer: While all of these steps are important, they do not cover your network completely when it comes to internal network threats from valid users. It is almost guaranteed that at some point a perfectly valid user with acceptable authentication credentials will connect to the network with a client that has been compromised by some sort of mal-ware. In this instance, any firewall or user authentication method are essentially useless. The mal-ware would be inside your network on the trusted side of the firewall where it is free to spread and cause business disruptions. The ProCurve Access Control Solution 2.0 provides an effective defense in this eventuality.

66 Customer questions/concerns/objections and ProCurve responsesQuestion/concern/objection: I’m waiting for Microsoft's NAP solution. Answer: ProCurve was one of the first network vendors to pledge that they would support Microsoft’s NAP solution and that has not changed. The NAC 800 can already integrate into an Active Directory authentication environment and further integration is planned when NAP becomes more fully realized. It is important to note a couple points: Microsoft NAP itself is not a released solution (it is not complete until the upcoming Longhorn release) ProCurve network devices integrate with Microsoft NAP today based on their authenticated port security technologies (802.1X authentication, MAC-authentication, and Web-authentication) IDM currently integrates with the MS IAS on the MS Windows 2003 platform and is expected to support the new NPS server when Windows Server Code -- named Longhorn – ships In this role, IDM will work with MS NAP and be able to add the ProCurve adaptive network settings based on IDM policies ProCurve is actively working with Microsoft in an effort to achieve the most complimentary solution we can.

67 Summary: ProCurve Value Proposition and Adaptive EDGE ArchitectureTM fit

68 Continuing to deliver ProCurve valueAffordable technology Industry-leading performance and price points on all components of the Access Control solution make it one of the most affordable on the market today Investment protection with lifetime warranty Reduced complexity The ProCurve Access Control Solution eliminates the need to purchase many 3rd party devices – simplifying the infrastructure without sacrificing functionality Supported on multiple switch platforms – wired to wireless – for ease of use and flexibility Trusted ProCurve is #2 in the networking market, and has been at the cutting edge of the industry’s initiatives for more than 20 years Reliable ProCurve has invested significantly into the research and development of the Access Control solution Industry-leading lifetime warranty Choice & flexibility The industry-standards based Access Control Solution allows customers the ability to increase their network protection without a complete overhaul of their infrastructure Affordable technology: With industry-leading performance and price points on the different products, the solution offers affordability in addition to flexibility Lifetime warranty on the products provides increased security, with the knowledge that your investment will be protected in the future Reduced complexity A single source for all elements of the access control problem helps ensure that your solution will work An industry-standard approach to solving the security problem results in lowered complexity and wider supportability With multiple switch platforms, from wired to wireless products, the ProCurve Access Control Security Solution is flexible and easy to adapt to a customer's environment Trusted Many years of switching experience and a standards-based approach to security mean that customers are going to get the same trusted partner for their security needs as they have for their switching needs Reliable ProCurve’s research pays off for the customer – equating to a 100% reliable vendor and solution Lifetime warranty on the switches Choice & flexibility Solution supported on multiple platforms 

69 Continuing to deliver on the ProCurve Adaptive EDGE Architecture™Command from the center/control to the edge The ProCurve Access Control Solution enforces key security parameters at the edge of the network, while utilizing ProCurve Manager to allow centralized configuration and management Security The ProCurve Access Control Solution is part of the most comprehensive approach to security, the ProActive Defense strategy Mobility The Access Control Solution protects the network at multiple levels – decreasing the vulnerability to exposure that an increased mobile user environment brings Convergence A highly secure network is a highly available network, as inappropriate access is mitigated and the threat of network failure is reduced Command from the center/control to the edge With the ability to define policy on a central policy server for authentication access, the AC solution allows for simplified network access management from the center with control out to edge switches Security Based on ProCurve’s “ProActive Defense” security vision and strategy which allows for the continuous protection, detection and response to security threats at the network edge This comprehensive vision delivers a trusted network infrastructure, which is controllable for appropriate use, immune to threats, and is able to protect data integrity for all users Mobility By allowing users to securely access network resources (wired or wireless) throughout an enterprise campus, the AC solution truly creates a mobile workforce With support for network authentication on the wireless infrastructure, access security is not compromised in a wireless environment and, as a result, mobility is further encouraged Convergence With restricted or defined access policy enforcement based on time, location, and role, the network is not clogged with non-business-critical traffic and, therefore, is more available and efficient--essential needs in a converged network

70 Summary of key points for the ProCurve Access Control Solution 2.0ProCurve’s Access Control solution helps customers meet today’s security challenges Protects the network and resources from unauthorized or harmful users and/or systems while enforcing security policies Provides a unified (wired/wireless), scalable and resilient solution while still maintaining a secure infrastructure Provides adaptive and appropriate network access based on roles including authenticated guest access Documents network access for audit compliance – who, what, when, where … how much! Deploys an easy-to-use security solution that is standards-based, and reliable “More security with less complexity” Recalling some of the key trends we discussed at the beginning of this training that account for the growing importance of endpoint security and NAC for enterprises and non-commercial organizations alike: More and different types of users are being granted privileges to access data and applications on private networks Computing devices - regardless of ownership - are now commonly used for BOTH business and personal purposes Portable and wireless digital devices have become common in the workplace (e.g., memory sticks, MP3 players, smartphones) Regulatory compliance Security solutions are generally perceived as “complex” ProCurve’s Access Control solution 2.0 addresses these security issues head-on!

71 Summary In this training, you have learned to:Identify the market potential for the Access Control solutions Describe the Access Control solution and the products that comprise it Position this solution within the ProCurve family Describe the key features and benefits of the Access Control solution Target potential customers by work environments and needs Articulate Customer business benefits IT benefits Reseller business benefits Review the competition Identify the ProCurve Access Control solution’s key differentiators Address customer objections/concerns Emphasize the ProCurve EDGE ArchitectureTM and value propositions fit

72 Additional Resources

73 Internal ProCurve resourcesSales training: ProCurve Sales Resource Center Technical training: For Collateral: ProCurve Intranet Access Control resources available: ProCurve Access Control Solution Customer NDA Presentation ProCurve Access Control Solution Reseller NDA Presentation ProCurve Access Control Solution Customer Presentation ProCurve Access Control Solution NPI Sales Training ProCurve Access Control Solution Technical Training ProCurve Access Control Solution White Paper

74 External ProCurve ResourcesTo access all the most up to date white papers, datasheets and training information, please visit: For specific information on Procurve security solutions, please visit: Add any specific white paper titles to this slide when available.

75 The ProCurve Networking Adaptive EDGE ArchitectureTM makes your future applications possible

76