Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
Administrators—An administrator is a user of NSM. Each administrator has a specific
level of permissions. Create multiple administrators with specific roles to control access
to the devices in each domain.
Default Roles—Use the predefined roles System Administrator, Read-Only System
Administrator, Domain Administrator, Read-Only Domain Administrator, IDP
Administrator, or Read-Only IDP Administrator to create permissions for your
administrators quickly.
NOTE: In a mixed environment, an administrator with the IDP Administrator role is
unable to take full command of all managed devices because of the predefined
restrictions. If IDP Administrators are expected to manage other devices in a mixed
environment, they need to know the restrictions and have their roles modified to include
the necessary permissions.
Centralized Device Configuration
No matter how large your network, you can use several system management mechanisms
to help you create or modify multiple device configurations quickly and efficiently at one
time:
Templates—A template is a predefined device configuration that helps you reuse
specific information. Create a device template that defines specific configuration
values, and then apply that template to devices to configure multiple devices at one
time. For more flexibility, you can combine and apply multiple device templates to a
single device configuration.
Configuration groups—In Junos devices, configuration groups allow you to create a
group containing configuration statements and to direct the inheritance of that group's
statements in the rest of the configuration. The same group can be applied to different
sections of the configuration, and different sections of one group's configuration
statements can be inherited in different places in the configuration.
Shared objects—An object is an NSM definition that is valid in the global domain and
all subdomains. Any object created in the global domain is a shared object that is
shared by all subdomains; the subdomain automatically inherits any shared objects
defined in the global domain. You will not see global objects in the Object Manager of
a subdomain; however, you can use the objects when selecting objects in a policy.
The global domain is a good location for security devices and systems that are used
throughout your organization, address book entries for commonly used network
components, or other frequently used objects. A subdomain, alternatively, enables you
to separate firewalls, systems, and address objects from the global domain and other
subdomains, creating a private area to which you can restrict access.
Grouping—A group is a collection of similar devices or objects. Use device groups and
object groups to update multiple devices simultaneously, simplify rule creation and
deployment, and enable group-specific reporting. You can even link groups using Group
Expressions to create a custom group.
Chapter 1: Introduction to Network and Security Manager
5
Advertisement
Table of Contents
