Table of Contents
Advertisement
Network and Security Manager Administration Guide
About Roles
62
authentication servers, groups—a representation of all or a subset of the physical devices
and functionality on your network.
NSM contains a default top-level domain, called the global domain, which can contain
additional domains, called subdomains. Use subdomains to manage multiple domains
in a single hierarchical structure. You can create all your devices and their configurations
in the global domain, or you can configure additional subdomains within the global
domain.
NOTE: You can create only one level of subdomains in NSM.
Typically, multiple domains are used for two main reasons: to define network structure
and to control administrator access. Multiple domains help to separate large,
geographically distant systems into smaller, more manageable sections, and also to
control administrative access to individual systems.
For example, a small organization might only have one domain (the global domain) for
their entire network, while a large, international organization might have dozens of
subdomains that exist within the global domain to represent each of its regional office
networks across the world. A service provider might use domains to build a virtual network
for each client network, and then assign access permissions for each client domain.
Domain selection is important if you plan to use VPNs in your network. Because you can
create VPNs only between devices in the same domain, be sure to add the devices you
want to connect with a VPN to the same domain.
Roles define who can perform which task and view which information. NSM uses a
powerful, role-based access control system that enables you to create custom roles for
individual administrators. Use role-based management to control administrative access
to NSM functionality.
All NSM users are some type of administrator. During NSM installation, you are prompted
for a password for the (default) administrator account for NSM; this administrator account
is the first administrator, and is therefore the super administrator. The super administrator
automatically has all permissions, and can create other domains, administrators, and
roles. As super administrator, you specify who has what permissions for NSM functionality
for the entire NSM system, a single domain, or specific functionality within a domain.
NOTE: All passwords handled by NSM are case-sensitive.
System administrators can be active or read-only. All system administrators, including
those assigned a Read-Only role, can create and run their own reports.
You can define multiple NSM administrators and assign dedicated roles to each
administrator:
A role is a set of activities that specify the functions the administrator can perform.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
