Example: Create Domain elements for different customers
You can create a different Domain for each of your organization's customers, as shown in the following example.
Company A is a Managed Security Service Provider (MSSP) with many customers. The networks of different customers must be kept separate. The administrators who manage the customer networks must only be allowed to see the networks for which they are responsible. Most of the administrators only manage a single customer’s network, but some of the administrators are responsible for several customers’ networks.
The administrator decides to use Domain elements to group the elements belonging to each customer and to make it easier to manage the different customer networks. The administrator also decides to use Category elements to tag the existing elements that are included in each Domain. As the user database information must not be available across Domains, the administrator decides to use an external LDAP server in each Domain for user authentication.
Company A’s administrator:
- Arranges a service break with the customers before introducing Domains into the system.
- Logs on to the Shared Domain and creates the following elements:
- A separate Domain element for each customer.
- The Administrator elements (the administrator accounts) for the administrators who manage several customers’ networks in several Domains.
- A Category element for each customer’s elements.
- Defines a default Category Filter that includes the customer-specific Category for each customer’s elements.
- Logs on to each customer’s Domain and creates the Administrator elements (the administrator accounts) for the administrators who manage only that particular customer’s network.
- While logged on to each Domain, configures the elements for using an external LDAP server for authenticating the users in the Domain and for storing the Domain’s user database.
- While logged on to the Shared Domain, moves all customer-specific elements from the Shared Domain to the correct customer-specific Domain.
- To make it easier to move the elements, the administrator first selects the customer-specific Category and then all elements that belong to the Category.
- When all customers’ Domains and their elements have been configured and the service break is over, the administrators for each customer company log on to the Management Client.
- The administrators who are responsible for a single customer’s networks automatically log on to the Domain assigned to them when they log on to the Management Client. They only see the elements that belong to their own configuration and the elements in the Shared Domain.
- The administrators who have permissions in several Domains must select the Domain when they have logged on to the Management Client.