Network Organization; Role-Based Administration; Centralized Device Configuration - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Network Organization

Role-Based Administration

Centralized Device Configuration

Copyright © 2010, Juniper Networks, Inc.
With NSM, you can use domains to segment your network functionally or geographically
to define specific network areas that multiple administrators can manage easily.
A domain logically groups devices, their policies, and their access privileges. Use a single
domain for small networks with a few security administrators, or use multiple domains
for enterprise networks to separate large, geographically distant or functionally distinct
systems, control administrative access to individual systems, or obfuscate systems for
service provider deployments.
With multiple domains, you can create objects, policies, and templates in the global
domain, and then create subdomains that automatically inherit these definitions from
the global domain.
Control access to management with NSM—define strategic roles for your administrators,
delegate management tasks, and enhance existing permission structures with new
task-based functionality.
Use NSM to create a security environment that reflects your current offline administrator
roles and responsibilities. Because management is centralized, it's easy to configure
multiple administrators for multiple domains. By specifying the exact tasks your NSM
administrators can perform within a domain, you minimize the probability of errors and
security violations, and enable a clear audit trail for every management event.
Initially, when you log in to NSM as the super administrator, you have full access to all
functionality within the global domain. From the global domain, you can add the following
NSM administrators, configure their roles, and specify the subdomains to which they
have access:
Activities and Roles—An activity is a predefined task performed in the NSM system,
and a role is a collection of activities that defines an administrative function. Use
activities to create custom roles for your NSM administrators.
Administrators—An administrator is a user of NSM or IDP; each administrator has a
specific level of permissions. Create multiple administrators with specific roles to
control access to the devices in each domain.
Default Roles—Use the predefined roles System Administrator, Read-Only System
Administrator, Domain Administrator, Read-Only Domain Administrator, IDP
Administrator, or Read-Only IDP Administrator to quickly create permissions for your
administrators.
No network is too large—because you manage your security devices from one location,
you can use the following system management mechanisms to help you quickly and
efficiently create or modify multiple device configurations at one time:
Chapter 1: NSM User Interface and NSM Key Management Features
5