Table of Contents
Advertisement
Network and Security Manager Administration Guide
Configuring Role-Based Administration
66
Internal Network
Internally, a Service Provider network is similar to an enterprise network; both view their
networks as regions with dedicated NOC/SOC, and both use the same types of
administrators.
Managed Security Service Provider (MSSP)
Telcos and Service Providers use their networks to generate revenue. Customers pay the
MSSP to deploy devices and to manage the VPN or firewall infrastructure. MSSPs use
different role structures that best match their organizational structure:
MSSP owns devices; customer manages infrastructure.
Customer owns devices; MSSP manages infrastructure.
Customer leases devices; MSSP manages the infrastructure.
MSSP owns devices and manages infrastructure (Customer Network Management
(CNM)).
CNM Service Providers vary widely in how they control access to their customer networks.
Some CNMs assign one or more customers to a network administrator that has control
over the device and policies used by those customers. Other CNMs assign one network
administrator to view reports for all customers. CNMs might use the following role
structure:
Super administrator. At the global domain, the super administrator creates
The internal network of the CNM.
A subdomain for each customer. The customer subdomain contains the devices and
objects that belong to the customer network. Because the customer network is
completely contained within a subdomain, it is isolated from other subdomains for
other customers.
Customer administrators to manage one or more subdomains. The super
administrator assigns roles to the customer administrator in one or more customer
subdomains, enabling the customer administrator to handle multiple customer
networks without access to the CNM internal network.
Additionally, the super administrator can create a role structure that maps to the specific
tasks performed by each customer administrator, as described in "Specific Tasks" on
page 65.
MSSPs can also use virtual systems (available on NetScreen-500 and NetScreen-5000
series) to share a single device between multiple customers. For each customer, the
MSSP creates a customer subdomain and a virtual system within that subdomain.
When you have analyzed your network and permission structure and designed your
domain strategy, you are ready to create subdomains and new NSM administrators for
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
