Example for Three Server Groups

This use case consists of three server groups, global SNMP settings, and ACLs that are specified at the global and policy level.
casa
This use case consists of three server groups, global SNMP settings, and ACLs that are specified at the global and policy level.
The data center consists of the following server groups:
  • Infrastructure Manager Servers:
    • Server Automation
       system.
    • SQL Server systems.
    • CA EEM system.
    • One or more distribution servers.
    • Three infrastructure manager systems (im1.ca.com, im2.ca.com, and im3.ca.com). These systems are managed through va-im.ca.com and im1.ca.com.
  • Sales Servers:
    All servers that belong to the Sales department, managed through va-im.ca.com, im1.ca.com, and im2.ca.com.
  • Development Servers
    All servers that belong to the development department, managed through va-im.ca.com, im1.ca.com, and im3.ca.com.
Server Group
Global Community Settings
Global Access Control Lists
Policy Level Access Control Lists
Infrastructure Manager Servers
_public_
va-im.ca.com, im1.ca.com
-
_admin_
va-im.ca.com, im1.ca.com
-
Sales Servers
 
_public_
va-im.ca.com, im1.ca.com
im2.ca.com
_admin_
va-im.ca.com, im1.ca.com
im2.ca.com
Development Servers
 
_public_
va-im.ca.com, im1.ca.com
im3.ca.com
_admin_
va-im.ca.com, im1.ca.com
im3.ca.com
Access Control List (ACL) Relationships
Access Control List (ACL) Relationships
Follow these steps:
  1. Specify the following global SNMP objects under
    Administration
    ,
    SNMP
    :
    Object Name
    Port
    Access
    Community
    ACL
    infrastructure-read
    161
    read-only
    _public_
    va-im.ca.com, im1.ca.com
    infrastructure-write
    161
    read/write
    _admin_
    va-im.ca.com, im1.ca.com
    sales-read
    161
    read-only
    _public_
    va-im.ca.com, im1.ca.com
    sales-write
    161
    read/write
    _admin_
    va-im.ca.com, im1.ca.com
    development-read
    161
    read-only
    _public_
    va-im.ca.com, im1.ca.com
    development-write
    161
    read/write
    _admin_
    va-im.ca.com, im1.ca.com
  2. Create three policies (one for each server group) that are based on the default policy:
    • infrastructure
    • sales
    • development
  3. Change to the
    infrastructure
    policy page and select
    Custom Selection
    to apply global SNMP settings from the table.
  4. Add
    infrastructure-read
    and
    infrastructure-write
    global SNMP objects to the infrastructure policy.
  5. Save the policy.
  6. Change to the
    sales
    policy page and select 
    Custom Selection
    to apply global SNMP settings from the table.
  7. Add
    sales-read
    and
    sales-write
    global SNMP objects to the sales policy.
  8. For the
    sales-read
    and
    sales-write
    objects, click the corresponding
    View
    link.
    The corresponding ACL dialog opens.
  9. Add
    im2.ca.com
    to the
    sales-read
    and
    sales-write
    objects (Policy-specific SNMP Access Control List) and click
    OK
    .
  10. Save the policy.
  11. Change to the
    development
    policy page, select 
    Custom Selection
    to apply global SNMP settings from the table.
  12. Add
    development-read
    and
    development-write
    global SNMP objects to the development policy.
  13. For the
    development-read
    and
    development-write
    objects, click the corresponding
    View
    link.
    The corresponding ACL dialog opens.
  14. Add
    im3.ca.com
    to the
    development-read
    and
    development-write
    objects and click
    OK
    .
  15. Save the policy.
  16. Apply each policy (
    infrastructure
    ,
    sales
    ,
    development
    ) to an associated server group.