For a user to successfully log into the GMS client, the GMS server must authenticate and authorize the user. Only then does the user have access to the GMS server and, by extension, the appliances.Based on its configuration, the GMS authenticates the user via its own built-in local database or via a network server used for access control.
n The AAA server (Authentication Authorization Accounting server) can be either a RADIUS server or a TACACS+ server.
n Add users to the GMS server’s local database via the GMS client’s GMS Administration > User Management menu. The user profile includes the user role, which maps to a particular level of authorization and determines what the user can do.
n GMS has three user roles: Admin Manager (Superuser), Network Manager, and Network Monitor. Authorization always maps to one of these three levels:
• Admin Manager has all privileges. It’s the equivalent of Superuser.
• Network Manager has read/write privileges. In practice, these are the same privileges that Admin Manager has.
• Network Monitor has view-only privileges.
• If Local Only is selected, then authentication defaults to the GMS server’s local database.
•
•
•
n The Secret Key enables the GMS to talk to the access control server. The GMS has hard-coded keys for TACACS+, so no user entry is required.
n You can also use GMS templates to create remote authentication profiles for direct access to individual appliances via Appliance Manager or the CLI. Be aware, though, that that is different than creating a remote authentication profile for the GMS.
Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com. |