42
EPICenter Software Installation and User Guide
EPICenter and Policy Manager Overview
It is very important to understand the relationship of the target traffic flow, the QoS profile, and the
profile configuration in each switch. The policy rules generated by the EPICenter Policy Manager
associate a QoS profile with a particular traffic flow, but the configuration of that profile (its bandwidth
and priority parameters) are defined in each individual switch. Therefore, you may create a policy that
always associates profile QP1 with the traffic between Host1 and Host2, but the actual treatment of that
traffic, in terms of the minimum and maximum bandwidth and traffic priority, may be different in each
switch because profile QP1 is configured differently in each switch.
Using Groups in Policy Definitions
In many cases, you may want to define multiple policies that should apply to the same set of endpoints,
or that should have the same set of devices as the policy domain or scope. The ability to create groups
of users, hosts, devices, ports, custom applications, and VLANs can make the definition of these policies
easier.
For example, you may want to define several Access List policies to prioritize traffic between several
different application servers and a specific set of users. To accomplish this easily, you could create a
group that contains those users, and then use the group as the user or client endpoint in the traffic
definition for each of the policies you create. Further, you may want to include the same set of network
devices in the scope for these policies. Again, you can create a group for these devices, and use that
group to define the scope for each of the policies.
You can use the Grouping Manager to define a group of users:
•
Use the EPICenter Grouping Manager to define the user resources, either by entering them
individually through the GUI or by importing them.
•
Ensure that a mapping relationship exists from each user to an IP address. This is necessary so that
the Policy Manager can use them to create identifiable traffic flows. User-host-IP address
relationships are often created as part of the import process. If Netlogin/DLCS is running on your
Extreme network devices, it may do this mapping for you. You can also create these relationships
directly through the Grouping Manager GUI. In the case of Access-based access-based Security
policies, the user IP is dynamically determined when the user logs into the system
•
When you have your user resources set up and mapped to IP addresses, you can create a group and
add your users as members of the group.
To create a group for the devices you want to use for the policy scope, you have two options:
•
You can create a Device Group in the Inventory Manager, and assign the devices to this group.
•
You can add devices as members of a non-exclusive resource group through the Grouping Manager.
The same device can be a member of multiple groups of this type, so future grouping requirements
do not need to impact the group you set up for your policy scope purpose.
Regardless of how you set up your group, you can then use this group to specify the scope for the
policies you create.
There is one consideration in using a group of devices in a policy scope, which is that the same QoS
profile applies to the entire group. For example, if you specify a group in the policy scope, and assign
profile QP3 to that group, all devices included in the group will then use QP3 for that policy. The
configuration of QP3 may be different on each device, but the policy will always apply QP3, however it
is defined, to the traffic flow defined by the policy. (The Policy Manager does allow you to inspect the
QoS profiles and their association with policies on devices or device ports, and you can adjust the
settings if needed).
Summary of Contents for EPICenter 4.1
Page 20: ...20 EPICenter Software Installation and User Guide Preface ...
Page 46: ...46 EPICenter Software Installation and User Guide EPICenter and Policy Manager Overview ...
Page 190: ...190 EPICenter Software Installation and User Guide Configuration Manager ...
Page 204: ...204 EPICenter Software Installation and User Guide Using the Interactive Telnet Application ...
Page 242: ...242 EPICenter Software Installation and User Guide Using the IP MAC Address Finder ...
Page 266: ...266 EPICenter Software Installation and User Guide Using ExtremeView ...
Page 284: ...284 EPICenter Software Installation and User Guide Real Time Statistics ...
Page 436: ...436 EPICenter Software Installation and User Guide Using the Policy Manager ...
Page 454: ...454 EPICenter Software Installation and User Guide The ACL Viewer ...
Page 468: ...468 EPICenter Software Installation and User Guide Troubleshooting ...
Page 504: ...504 EPICenter Software Installation and User Guide EPICenter External Access Protocol ...
Page 510: ...510 EPICenter Software Installation and User Guide EPICenter Database Views ...
Page 522: ...522 EPICenter Software Installation and User Guide EPICenter Backup ...
Page 526: ...526 EPICenter Software Installation and User Guide Dynamic Link Context System DLCS ...
Page 546: ......