Part Ii. Zoneranger Concepts - Tavve zoneranger User Manual

Part II. ZoneRanger Concepts

This section introduces and describes foundational concepts and mechanisms that are important for
ZoneRanger users to understand, so that they can properly configure and administer their ZoneRangers, and
obtain maximum value from their ZoneRanger deployments. Later chapters will build on these concepts and
mechanisms and will assume that the reader is reasonably familiar with the content of this section.
The following concepts and mechanisms are discussed:
•
Address Patterns – IP address or hostname values that contain wild card characters or range
descriptions and thus can describe a range of IP addresses or hostnames.
•
Address Transforms – Rules that specify how to transform IP addresses or hostnames to new values
(e.g. to accommodate NAT).
•
Audit – The automated process whereby Ranger Gateway and ZoneRanger perform periodic self-
checks, and, where necessary, perform corrective actions.
•
Backups/Profiles – Mechanisms for saving and restoring all or part of a ZoneRanger and Ranger
Gateway configuration.
•
Destination Groups – ZoneRanger mechanism for defined named groups of Ranger Gateways and
UDP packet destinations to be applied to forwarding rules as a means to create and manage fewer
rules.
•
Device Groups – Ranger Gateway mechanism for defining named groups of managed devices, and
using these named groups in a variety of configuration rules.
•
Node Groups – ZoneRanger mechanism for defining named groups of IP address patterns, and
using these node groups in a variety of configuration rules particularly forwarding and proxy rules.
•
Pooling/Redundancy/VIP/Grouping – Mechanisms for providing high availability and/or load-
balancing ZoneRanger deployments.
•
Gateway Virtual Interface (GVI) and Remote Gateway Virtual Interface (RGVI) – Mechanisms
whereby the Ranger Gateway intercepts requests generated by management applications that are
destined for managed devices, so that these requests can be relayed through a ZoneRanger to the
target devices.
•
Joining – The process by which a working association between Ranger Gateway and a ZoneRanger
is established.
•
Managed Nodes – Mechanism whereby a ZoneRanger user identifies the set of nodes (e.g. network
devices, servers) to which ZoneRanger proxy and management services will be applied.
•
Proxy Access Control – Mechanism whereby the Ranger Gateway identifies the management
protocol to be used for a given destination address, transport protocol, and destination port. Also can
be used to restrict access to proxy services based on source address, destination address, transport
protocol and destination port.
•
Proxy Caching – Mechanism for reducing management traffic by saving the results of recent ICMP
and SNMP proxy requests, and, where appropriate, returning saved values instead of passing the
request along to the managed device.
•
Proxy Map – Mechanism whereby the Ranger Gateway selects an appropriate ZoneRanger to proxy
a management protocol transaction, based on configured rules.
•
Server Groups – ZoneRanger mechanism for defining named groups of TACACS+/RADIUS
servers and associated settings.
ZoneRanger 5.5 User's Guide 13