Hello,
With Scansafe, the options are having Passive Identity Management (PIM), Connector, Anywhere+, and now Anyconnect 3.0
Anywhere+ is a client that is installed as a Windows service. It makes use of Keys for communication with Scansafe towers. You must decide if you will use a single company or group authentication key, or multiple user authentication keys. These key will be used to detemine policy applied to clients.
PIM gets run on the users’ machines through a local logon script and modifies the browser user-agent string, adding a unique identifier for that user. That identifier is also sent to towers in order to register the user. Following this registration, the user’s browsing sessions will be identified by their unique identifier in the HTTP headers, enabling our scanning towers to apply the correct policy to them.
Connector is software installed on a server, Connector identifies users by merging their details from Active Directory using LDAP, or Windows Domain integration and an authentication key. With Connector, users with a dynamic IP address can connect to the Web Scanning Services with a company, group, or user authentication key. Policy applied depends on this key.
Details of anyconnect 3.0 here http://www.cisco.com/en/US/customer/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html#wp1247707
More scansafe information here (select the scansafe links) : http://www.cisco.com/en/US/customer/products/hw/vpndevc/products.html#email
I hope this answers your query.
Regards,
Eric