Table of Contents
Advertisement
Network and Security Manager Administration Guide
64
complex your geographical divisions. Two common geographical divisions are defined
below:
Corporate—The corporate domain is the global domain. In the global domain, the super
administrator creates the devices, objects, and policies that exist in the corporate
network, and creates subdomains for each region.
Region—Each region is a subdomain. Within each subdomain, the super administrator
creates a regional administrator to manage the subdomain. The super administrator
also specifies the roles the regional administrator has to view and manipulate devices,
remote users, configuration actions, and report information within that subdomain.
NOC and SOC
To ensure continual network uptime and provide prompt response to network attacks,
each geographical division is often monitored by a dedicated network operations center
(NOC), a security operations center (SOC), or both. The NOC and SOC are typically the
same location for small organizations, but might be physically separate for larger, more
complex organizations. Whether combined or separate, NOC and SOC administrators
perform distinct roles:
NOC administrators focus on network connectivity and status.
SOC administrators focus on network attacks and events associated with security
policies.
Administrator Types
Many organizations have different types of administrators for different roles within the
company. Each organization has a unique vision for the granularity of their permission
structure.
Tiered NOC/SOC
Typically, a NOC/SOC uses a three-tier permission structure. The administrators in each
tier have a specific level of skill and understanding of the underlying network and
technology, as well as access permissions to view or change configurations. An example
NOC/SOC center might use the following role structure:
Tier 1 administrators view events and audit configurations.
Tier 2 administrators view events and audit configurations, but also change network
configurations during troubleshooting.
Tier 3 administrators have full access to all functionality on the device, and make
configuration and policy changes.
Configuration Responsibilities
Some enterprise organizations use different administrator groups to manage specific
aspects of device configuration. Configuration responsibilities might use the following
role structure:
IT group—Integrates new devices into the existing network infrastructure. This group
has roles with activities for setting up Layer 2 and Layer 3 aspects of the device (IP
addressing, Routing, VLANs, Syslog, and so on). Within the IT group, the network
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
