Deployment

Identity Awareness Software Blade is commonly enabled on a perimeter Security Gateway. It is frequently used in conjunction with Application Control Software Blade.

To protect internal data centers, Identity Awareness Software Blade can be enabled on an internal Security Gateway located in front of internal servers, such as data centers. This can be done in addition to the perimeter Security Gateway, but does not require a perimeter Security Gateway.

Identity Awareness can be deployed in Bridge mode or Route mode.

• In the Bridge mode, it can use an existing subnet with no change to the hosts' IP addresses.
• In the Route mode, the Security Gateway acts as a router with different subnets connected to its network interfaces.

For redundancy, you can deploy a cluster of Identity Awareness Security Gateways in High Availability or Load Sharing modes.

If you deploy several Identity Awareness Security Gateways in your environment and configure them to share identity information. Common scenarios include:

• Enable Identity Awareness Software Blade on your perimeter Security Gateway and on data center Security Gateway.
• Enable Identity Awareness Software Blade on several data center Security Gateways.
• Enable Identity Awareness Software Blade on branch office Security Gateways and central Security Gateways.

You can have one or more Identity Awareness Gateways acquire identities and share them with the other Identity Awareness Gateways.

You can also share identities between Identity Awareness Gateways that are managed in different Multi-Domain Servers.