04-27-2012 01:28 AM
Can anyone recommend a Thin Client device that supports 802.1x Wired LAN access using EAP-TLS with Active Directory and is scalable upto 3500 devices?
We currently have the T5565 and this device does not appear scalable as it's Linux based and has no AD integration. The problems I am trying to address are:-
1. Scalability, can each device have it's own user certificate and be easily be revoked/renewed individually? I'm concerned that we need to manually import the private key. - This key may not be exportable due to security concerns.
2. Managability, from what I have seen so far, linux shell scripts are required to add/revoke certs, is there a device that is more slick? Windows based for example?
3. As these 3500 thin clients may have a number of hotdesks, it's important that any user can use any thin client, so is this also possible?
4. We only need 802.1x to allow VLAN assignment, and maybe Downloadable ACL's to permit just Citrix, Web protocols etc. to any LAN port were the thin client is plugged in. Are there any gotcha's??
Any advice or help much appreciated.
05-25-2012 03:31 AM
Looks like there may be a way using SCEP, although not with HP thin clients unfortunately.
Igel and Tadpole so far have support for SCEP with 802.1x EAP-TLS for wired access. I'm sure there will others too :-)
06-13-2012 01:36 AM
We are currently working on this type of project, we have 3000 TC (t5740e), not member of a domain, the enrollment will be done with powershell script (push by HPDM), procedure are not very friendly but it's work.
07-24-2013 10:28 PM
any tips you have available on how to accomplish such a masterpiece? I have HP T610s that I'd love to run smart client on, but manual certs over 300 devices make me puke. I've switched to WES7, but that is a nightmare.