Table of Contents
Advertisement
Network and Security Manager Administration Guide
Device Schemas
Security
22
device configuration in the DM into objects and object attributes in the ADM, and uses
the ADM to display current information in the UI.
For more details on the ADM and DMs, see "Managing Devices" on page 265.
The structure of the ADM and the DMs is defined by a DM schema, which lists all the
possible fields and attributes for a type of object or device. The DM schema reads from
a capability file, which lists the fields and attributes that a specific operating system
version supports, to determine the supported features for the operating system version
that is running on the managed devices. NSM uses capability files to enable Juniper
Networks software upgrades without changing the device configuration in NSM.
The device schemas for each of the firmware versions supported for ScreenOS and IDP
devices are built into Network-Security Manager.
Device families introduced in Release 2008.1 and later are described by schemas that
are maintained on a schema repository owned by Juniper Networks. These schemas can
be added dynamically to NSM. These devices include:
Devices running Junos OS:
J Series Services Routers and SRX Series Services Gateways
M Series Multiservice Edge Routers and MX Series Ethernet Services Routers
EX Series Ethernet Switches
Secure Access products
Infranet Controller products
See "Managed Devices" on page 13 for lists of specific models of these products that
support management through NSM.
Unlike schemas for ScreenOS and IDP devices, schemas for these devices can be updated
asynchronously with releases of NSM. You decide when to check for new schemas, which
schemas to download, and when to activate them.
NSM integrates application-level encryption and authentication and uses high-grade
encryption and public-key algorithms to eliminate the need for separate IPsec tunnels
between each device and the management station.
For communication between the UI and the GUI Server, NSM uses Transport Layer Security
(TLS), a cryptographic protocol that provides secure communication.
For communication between the GUI Server, and the Device Server, NSM uses Secure
Server Protocol (SSP), a modified version of TCP that is more reliable than ordinary TCP,
requires less CPU and memory resources from servers, and reduces the number of
acknowledgement packets on the network. SSP uses AES encryption and SHA1
authentication for all connections.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
