SonicWALL SMA Planning Manual page 24

Authenticating with realms and communities
If your network uses a single authentication server to store user information, you'll probably need to create only
one realm in AMC. That realm could then reference the global community that is configured by default in AMC.
This would be useful if you have a homogenous user population with identical access requirements.
Using only one realm doesn't limit your ability to configure more granular levels of user access and End Point
Control. AMC allows you to create communities of users within a realm based on their access needs or other
security considerations. A community can consist of all the users in a realm, or only selected users or groups.
For example, you might have two distinct groups of users—employees and business partners—requiring
different forms of VPN access. The Employee community and Business partner community tables contrast the
access agents that are made available to these two groups, and how EPC is used to secure their connections. By
creating different WorkPlace styles and layouts you also can determine how WorkPlace looks to members of
these two communities.
Employee community
Access Agent
A tunnel client, enabling them to
access Web, network, and file
share resources.
Users connect from trusted computing environments (such as laptops provided by your IT department) and
require broad access to your network resources.
Business partner community
Access Agent
Limited, Web‐only access
Partners connect through unsecured computing environments and require access only to specific, limited
resources.
EPC
EPC is used to detect whether employees' computers are running an
antivirus program and firewall before placing them in a trusted zone.
EPC
Business partners are assigned to a less‐trusted zone where they are
provisioned with Cache Cleaner.
SonicWall SMA Connect Tunnel 12.0 Deployment Planning Guide
24
Planning Your VPN