Asentria SiteBoss 530 User Manual
60
Restricted trust
Restricted trust (introduced in SitePath 1.01.000 and Omnix Release 2.04.030) is a way of using a unit with SitePath
such that the end user does not trust SitePath completely; in other words, the end user maintains full
admin privileges over the unit (and SitePath does not have full admin privilege of the unit) and restricts their trust of
SitePath. The unit and SitePath are still connected but SitePath (and any SitePath users or the SitePath administrator)
is not always authorized (i.e., is not completely trusted) to access the unit and CPEs behind that unit. Restricted trust
helps end users have more control over what CPEs are accessible when by SitePath, as well as the degree to which
SitePath can do certain functions on the unit (such as loading updates and settings).
There are two ways of thinking about restricted trust: coarse adjustment and fine adjustment.
Coarse adjustment
Restricted trust is configured with a setting called
sys.sitepath.trustmode
on the unit at the time of
commissioning (also in the Commissioning page of the unit web UI). There are two values: FULL and RESTRICTED.
•
FULL means the unit (and the end user) trust SitePath fully: SitePath or anyone behind SitePath can do
anything on the unit (this is called master access to the unit) and the end user network.
•
RESTRICTED is for end users less trusting of SitePath or at least more strict about authorizing what SitePath
can do on their networks. It means the unit (and end user) do not trust SitePath fully. In this mode of
operation, SitePath does not have master access to the unit. Without master access, you can't configure
CPE's, and you can't Telnet/SSH to nodes on the end user's LAN from the unit.
Restricted trust must be configured at the time of commissioning. If one configures full trust, commissions the unit, and
then changes the trust mode setting to restricted trust, that alone is not enough to make the unit restricted from
SitePath's perspective -- you must recommission (i.e., decommission and then commission again) the unit while the
unit is configured with restricted trust.
Restricted trust also has two other associated settings,
sec.action.loadsk
and
sec.action.loadupdate
.
These control whether a unit commissioned under restricted trust allows SitePath to load update files onto the unit or
load settings onto the unit. By contrast, when a unit is commissioned under full trust, SitePath always has the authority
to load settings and updates. In the unit web UI, these two settings are represented by the "Trust SitePath to load
settings/updates" controls in the Commissioning page. These two drop-down controls are yes or no, but the actual
values of the settings are are access levels (0-7). In a more general sense, these settings specify the minimum access
level (master, admin3, etc.) of a user that is necessary for that user to load settings or updates. Specifically for
SitePath, this means that:
•
when the web UI control is set to YES and trust mode is RESTRICTED, then the
sec.action.*
setting is
set to access level 5 (which equals admin3). Since SitePath is given admin3 rights to the unit in restricted trust
mode, this setting being 5 means that SitePath can do what the setting says (either load settings or updates).
•
when the web UI control is set to NO and trust mode is RESTRICTED, then the
sec.action.*
setting is set
to access level 6, meaning that SitePath cannot do the associated action (load settings or updates). In FULL
trust mode, SitePath is given master rights to the unit, so it does not matter what the
sec.action.*
settings
are (which is why their associated controls in the web UI are dimmed out when the trust mode is set to FULL).
Restricted trust affects a SitePath user in that when they go to initiate access to any CPEs they have permission to
access (permission as granted by the SitePath Administrator, confgured via the SECURITY section of the SitePath
Web User Interface), they may get a message saying that a CPE is unauthorized. They then have the option of
requesting authorization from the end user through in that same web UI page. When the end user authorizes access,
the SitePath user can then proceed with their remote access tasks. At any time the end user can deny access to
SitePath (and by extension, all SitePath users).
Restricted trust affects end users in that they can feel comfortable knowing that although they have outsourced
management of certain aspects of their network, the end user solely posseses the authority on deciding what gets
accessed when on their network. End users also have a fine-grained way to control access to CPEs which is
discussed in the next section.
In sum, restructed trust means that SitePath, and by extension the SitePath administrator, and by further extension
the SitePath users, cannot access any end-user-LAN IP address unless it is configured as a CPE, and only the
Summary of Contents for SiteBoss 530
Page 6: ......