Example for Three Server Groups
This use case consists of three server groups, global SNMP settings, and ACLs that are specified at the global and policy level.
casa
This use case consists of three server groups, global SNMP settings, and ACLs that are specified at the global and policy level.
The data center consists of the following server groups:
- Infrastructure Manager Servers:
- Server Automationsystem.
- SQL Server systems.
- CA EEM system.
- One or more distribution servers.
- Three infrastructure manager systems (im1.ca.com, im2.ca.com, and im3.ca.com). These systems are managed through va-im.ca.com and im1.ca.com.
- Sales Servers:All servers that belong to the Sales department, managed through va-im.ca.com, im1.ca.com, and im2.ca.com.
- Development ServersAll servers that belong to the development department, managed through va-im.ca.com, im1.ca.com, and im3.ca.com.
Server Group | Global Community Settings | Global Access Control Lists | Policy Level Access Control Lists |
Infrastructure Manager Servers | _public_ | va-im.ca.com, im1.ca.com | - |
_admin_ | va-im.ca.com, im1.ca.com | - | |
Sales Servers | _public_ | va-im.ca.com, im1.ca.com | im2.ca.com |
_admin_ | va-im.ca.com, im1.ca.com | im2.ca.com | |
Development Servers | _public_ | va-im.ca.com, im1.ca.com | im3.ca.com |
_admin_ | va-im.ca.com, im1.ca.com | im3.ca.com |
Access Control List (ACL) Relationships
_relationships.png)
Follow these steps:
- Specify the following global SNMP objects underAdministration,SNMP:Object NamePortAccessCommunityACLinfrastructure-read161read-only_public_va-im.ca.com, im1.ca.cominfrastructure-write161read/write_admin_va-im.ca.com, im1.ca.comsales-read161read-only_public_va-im.ca.com, im1.ca.comsales-write161read/write_admin_va-im.ca.com, im1.ca.comdevelopment-read161read-only_public_va-im.ca.com, im1.ca.comdevelopment-write161read/write_admin_va-im.ca.com, im1.ca.com
- Create three policies (one for each server group) that are based on the default policy:
- infrastructure
- sales
- development
- Change to theinfrastructurepolicy page and selectCustom Selectionto apply global SNMP settings from the table.
- Addinfrastructure-readandinfrastructure-writeglobal SNMP objects to the infrastructure policy.
- Save the policy.
- Change to thesalespolicy page and selectCustom Selectionto apply global SNMP settings from the table.
- Addsales-readandsales-writeglobal SNMP objects to the sales policy.
- For thesales-readandsales-writeobjects, click the correspondingViewlink.The corresponding ACL dialog opens.
- Addim2.ca.comto thesales-readandsales-writeobjects (Policy-specific SNMP Access Control List) and clickOK.
- Save the policy.
- Change to thedevelopmentpolicy page, selectCustom Selectionto apply global SNMP settings from the table.
- Adddevelopment-readanddevelopment-writeglobal SNMP objects to the development policy.
- For thedevelopment-readanddevelopment-writeobjects, click the correspondingViewlink.The corresponding ACL dialog opens.
- Addim3.ca.comto thedevelopment-readanddevelopment-writeobjects and clickOK.
- Save the policy.
- Apply each policy (infrastructure,sales,development) to an associated server group.