Table of Contents
Advertisement
Network and Security Manager Administration Guide
Super Admin User
Regional Server Management
Management Modes for J Series and SRX Series Devices
620
Self-Sufficient Regional Server
Regional servers can enforce global policies even when Central Manager is not running.
Regional servers maintain copies of pushed Central Manager pre/post rules and associated
objects. In addition, regional servers do not use any Central Manager data directly.
The Central Manager super administrator accounts have access to all features offered
in Central Manager. The super user is created while installing Central Manager. It is also
the only administrator account created during installation.
As a super administrator user, you can use the single sign-on feature to access regional
servers directly from Central Manager without logging out of Central Manager inputting
regional server login credentials.
Central Manager treats regional servers as objects similar to other objects. As with other
objects, Central Manager can add, modify, and delete regional servers. Regional server
objects are shared objects that contain essential connection information such as its own
IP address, port, and so on. Central Manager administrators can use additional credential
information in the regional server objects to sign onto each regional server.
Once logged into a Central Manager server, super administrators can select any of the
regional servers managed by Central Manager and begin managing the servers using all
assigned permissions. No extra log on/off steps are required for administrators to navigate
from one regional server to another or from Central Manager server to a regional server.
Any regional server accessible through Central Manager, is opened using a separate
window. There is a maximum number of 25 concurrent regional servers Central Manager
can open at any one time.
With J Series and SRX Series devices, the NSM Central Manager can operate in either
central management or device management mode.
In central management mode, a device references the central policy manager and central
manager objects. In device management mode, a device does not reference the central
policy manager or a central manager object.
The following sections briefly summarize these differences. For detailed information,
refer to the configuration manuals.
Central Management Mode
In default central management mode, a device has a link to a central policy manager.
All firewall, VPN, and IDP policy information and policy related configurations (shared
configurations such as addresses and services) are hidden from device editor view.
Policies from the central policy manager are shared across ScreenOS-based firewall
devices, standalone IDP devices, and J Series devices.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
