108 C
OMMAND
C
ENTER
S
ECURE
G
ATEWAY
A
DMINISTRATOR
G
UIDE
User Groups
User groups are used to define a group of users and CC-SG privileges they possess. When a user
logs on, they will see the CC-SG interface. The user group privileges define what the user can do
with CC-SG. The default
System Administrators
user group has access to all managed devices
and ports as well as all CC-SG functions.
A user may just be allowed access to ports and devices or have access to all of the tools of CC-SG.
For example, you could create a user group of UNIX administrators and just allow them access to
ports that connect to UNIX target servers. Or, you could also create a group of system
administrators and give access to CC-SG tools as well as devices and ports.
You should decide upfront what user groups need to be created and what servers users in the
group have access to. The following is an example of a User Group implementation that could be
created from our sample configuration:
U
SER
G
ROUP
A
CCESS
T
O
…
Window admin group
All Windows servers.
NYC Unix admin group
All New York City Unix
servers.
IT admin group
All IT servers.
Port Groups
As you add ports, you link them to your predefined categories and elements. When you create a
port group, you will use your categories and elements to define which ports go in each group.
You could create a port group of all UNIX ports only. This could be used to only allow UNIX
administrators access.
When you use the Association Wizard to define categories and elements, a default port group is
automatically created for each element. For example, New York City is an element of the
Location category. Therefore, a New York City Ports group was created with one rule, Location
= New York City. Additional rules, for example, PortType = UNIX, could be added by using the
Port Group Manager
. To control access to this group of ports, you could create a policy to
include this port group, and apply it to the NYC Unix admin user group.
Device Groups
As you add devices, you link them to your predefined categories and elements. When you create a
device group, you will use your categories and elements to define which devices go in each group.
You could create a device group of all devices that have an IP address starting with 192.168. This
could be used to only allow administrators access to those devices on a particular subnet. To
control access to this group of devices, you could create a policy to include this device group, and
apply it to a particular administrator user group.
Summary of Contents for Command Center CC-SG
Page 2: ...This page intentionally left blank...
Page 16: ......
Page 34: ...18 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Page 64: ...48 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Page 122: ...106 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Page 168: ...152 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Page 252: ......
Page 254: ...238 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Page 258: ...242 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Page 260: ...244 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Page 268: ...252 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 255 80 5140 00...
Page 269: ...APPENDIX G FAQS 253...