scribd.vdownloaders.com 07-elasticnet-ume-security-management
advertisement
ElasticNet UME Security Management CONTENTS Security Management Overview Security Guideline Initial User Configuration Daily Security Management Operations Security Management Overview Security management ensures legal use, and proper, reliable, and continuous operation of the UME system. With security management, the security administrator can create account rules; manage roles, operation sets, user groups, and users, and provide unified authentication and authorization for each service component of the platform. Thus users with different rights can access or manage different network resources. © ZTE All rights reserved Basic Terms Operation Set: consists of some operation rights. Defines the operations that a role can do. Role: defines the operation rights of a user, including operation sets and management resources. After a role is assigned to a user, the user has the rights of this role. Management resources: Include physical resources and logic resources. Physical resources: NEs or types of configuration objects that a role can manage. Logic resources: define the product rights of a role. A user of this role can manage the alarms, performance indicators, and other data of NEs of specified systems. User Group: the simulation of an real administration department, used to facilitate the organization and management of users. User: an operator who logs in to and operates on the UME system. © ZTE All rights reserved Relational Model Different users are assigned with different roles. A user must have a role and belong to a user group. A user must have at least one role, and a role can be assigned to many number of users. An operation set includes some operation rights. Ranges 0...N and 1...N represent the correspondence among users, roles, operation sets, and user groups. © ZTE All rights reserved Security Management Page Use a security administrator account to log in to the UME system, and then click the UAC Security Management icon to open the Security Management page Security Guideline User Management Account Rules Role Management Subsystem Management User Dispatch Status Parameter Configuration Authentication Configuration Proxy Account Management Vault Model Configuration © ZTE All rights reserved CONTENTS Security Management Overview Security Guideline Initial User Configuration Daily Security Management Operations Security Guideline Performing Quick Security Management Configuration: On the Security Guideline page, operation set, role, and user are briefly introduced, and operation buttons are given. Click the Security Guideline item in the left panel Import security data: After the system is reinstalled or upgraded, it is not needed to configure the parameters again, instead, you can directly import the backup data to restore the security management configuration easily and conveniently. Export security data: After configuring the operation sets, roles, users, and related parameters, you can export the data to the local hard disk drive as a backup © ZTE All rights reserved Security Guideline Import security data: Click Import Security Data. The Security Data Import page is displayed, Click Select File, and select the security data backup file. Configure the parameters to import the security data. Click Import. The security data file is imported © ZTE All rights reserved Security Guideline Export security data: Click Export Security Data. The Security Data Export dialog box is displayed, Configure the export parameters. © ZTE All rights reserved Security Guideline Create an operation set Click Create Operation Set. The Create Operation Set page is displayed. Enter the information about the operation set, select the rights, and click Create © ZTE All rights reserved Security Guideline Create a role Click Create Role. The Create Role page is displayed. Enter the name of the role, set the rights, and click Create. © ZTE All rights reserved Security Guideline Create a user Click Create User. The Create User page is displayed. Enter the name of the user to be created; set the password, account rule, and user group; and click Next. Set the rights, and click Create. © ZTE All rights reserved CONTENTS Security Management Overview Security Guideline Initial User Configuration Daily Security Management Operations Initial User Configuration After the UME system is installed, you can create users and assign resource management rights to the users. The UME system can be connected to LEM modules and other UME systems. You can also create users for the connected systems. © ZTE All rights reserved Creating a Role The default roles include Security Administrator Role, Administrator Role, Maintenance Role, Operator Role, and Supervisor Role. If the operation sets and management resources of a default role cannot meet the requirements, the security administrator can create a role as required. © ZTE All rights reserved Creating a Role 1. Click the Create Role button on the Role tab. A dialog box is displayed, prompting you to select the role type Domain Security Administrator Role: The domain security administrator role is assigned with the security rights only. Other Role: The other role can be assigned with different resources and granted corresponding rights. 2. Select the role type, and then click the Confirm button. © ZTE All rights reserved Creating a Role 3. The Create Role page is displayed: If the role type is set to be Other Role, on the Create Role page, enter the name and description of the role to be created, select management resources from the Resource Tree below the Cutline, and select operation rights from the Operation Set Info list Click Create to complete the creation and exit the Create Role page. © ZTE All rights reserved Creating a Role 3.The Create Role page is displayed: If the role type is set to be Domain Security Administrator Role, on the Create Role page, enter the name and description of the role to be created, select management resources from the Rights Assignment Click Create to complete the creation and exit the Create Role page. © ZTE All rights reserved Create an Operation Set The UME system provides five operation sets: Security Administrator Right, Administrator Right, System Maintenance Right, Operator Right, and View Right. Click the Role Management item in the left panel On the Operation Set tab, click the Create Operation Set button. © ZTE All rights reserved Create an Operation Set The Create Operation Set page is displayed: Enter a name and description for the operation set to be created, and select operation rights from the tree below. The name of each operation set must be unique. © ZTE All rights reserved Role Management Related Tasks View the details about a default role: On the Role Management page, click the name of a default role. The View Role page is displayed, with the role name, role description, management resources, and operation set. View the details about a customized role: On the Role Management page, click the Role tab. The customized roles are displayed. Click the name of a customized role. The View Role page is displayed, with the role name, role description, management resources, and operation set. Modify a role: On the Role Management page, click the Role tab. The customized roles are displayed. Click Modify. The Modify Role page is displayed. Modify the role description, management resources, or operation set. View users: On the Role Management page, click the Role tab. The customized roles are displayed. Click View Users to view the information of all the users that are assigned the corresponding role. Delete a role: On the Role Management page, click the Role tab. The customized roles are displayed. In the Operation column, click More > Delete. A confirmation dialog box is displayed. Click Delete. © ZTE All rights reserved Role Management Related Tasks Copy a Role: On the Role Management page, click the Role tab. The customized roles are displayed. In the Operation column, click Copy or More > Copy. The Copy Role dialog box is displayed. Enter the name and description of the role to be copied. Add an NE role: On the Role Management page, click the NE Element Role tab. Click the Create Net Element Role button. The Create Net Element Role page is displayed. Enter the role name and description, and then click Create to create an NE role, and then you can create an NE user. Export the NE role model: On the Role Management page, click the NE Element Role tab. Click the Export Model button to export the NE role template, which can be used to create NE role information in batches. Import an NE role: On the Role Management page, click the NE Element Role tab. Click the Import Net Element Roles button and select the file containing role information. Click the Open button to import the NE role information into the system. © ZTE All rights reserved Role Management Related Tasks Query default operation sets: In the Operation Set column of the Role Management page, click the corresponding operation set right button of the specified operation set. Query customized operation sets: On the Role Management page, click the Operation Set tab. The customized operation sets are displayed. Click an operation set. Modify an operation set: On the Role Management page, click the Operation Set tab. The customized operation sets are displayed. Click the Modify button for the operation set to be modified Delete an operation set: On the Role Management page, click the Operation Set tab. The customized operation sets are displayed. In the Operation column, click Delete. Import an operation set: On the Role Management page, click the Operation Set tab. The customized operation sets are displayed. Click Import Operation Set. Export an operation set: On the Role Management page, click the Operation Set tab. The customized operation sets are displayed. Click the Export Operation Set to export the operation set data file. © ZTE All rights reserved Creating a User Group User groups are used to manage the administrative organizations of users. In practical applications, the security administrator can divide users into groups in accordance with the regions or administrative organizations of users. The system has a root group by default. The root group represents the highest organization, and all other groups are its sub-organizations. 1. Click the User Management item in the left panel © ZTE All rights reserved Creating a User Group 2. Click the User Group icon. The User Group page is displayed 3. In the Root User Group area, move the mouse pointer onto a desired group (for example, the root user group) in the list, and 2 click the + icon that is displayed 4. Enter the name and description of the user group to 3 be created and click Create. 4 © ZTE All rights reserved Creating a User Click the User Management item in the left panel. © ZTE All rights reserved Creating a User Click the Create User button. The Create User page is displayed Set the basic information about the user, and click Next. © ZTE All rights reserved Creating a User Assign roles to the user. You can assign the roles defined for the local system, the roles defined for a connected non-local system, or the network element roles if Network Element User is selected, and click Create © ZTE All rights reserved User Management Related Tasks Modify a User : In the Operation column of the All Users page, click the Modify button for the user to be modified. The Modify User page is displayed. Modify the user information as required. The information that can be modified includes the password, account rule, and user group. Delete a user: In the Operation column of the All Users page, click the Delete button for the user to be deleted. View user rights: In the Operation column of the All Users page, click More > View User Rights Copy a user: In the Operation column of the All Users page, click More > Copy for the user to be copied. Set log authority range: In the Operation column of the All Users page, click More > Set Authority Range of Log to open the Set Authority Range of Log dialogue box. © ZTE All rights reserved Creating an Account Rule An account rule defines the attributes relating to account security, including the minimum password length and weak password rule detection. When a user is created, the user needs to be bound with an account rule. 1. Click the Account Rules item in the left panel © ZTE All rights reserved Creating an Account Rule 2. Click Create Account Rule. The Create Rule page is displayed Set the parameters of the account rule Minimum/Maximum Length: Minimum/Maximum length of password, range: 0-64 characters Cannot be same with last ** Times: If this check box is selected, the password cannot be the same of any of the last ** (a number) passwords. Range: 1–100 Enable strong password detection: Enables this function, and the system will automatically detect the strength of the password security. Click Create to complete the creation and exit the Create Rule page © ZTE All rights reserved Account Rule Related Tasks 1. Binding an Account Rule to Multiple Users An account rule can be bound to multiple users so that the account rules of the users are changed to the same one. step1: Click the Account Rules item in the left panel. The Account Rules page is displayed in the right panel. Click Bind User. © ZTE All rights reserved Account Rule Related Tasks 1. Binding an Account Rule to Multiple Users step2: The Bind User dialog box is displayed step3: Select an account rule from the Account Rules drop-down list. Select users from the left user list, and then click OK. © ZTE All rights reserved Account Rule Related Tasks 2. Modify a rule: On the Account Rule page, click the Modify button for the rule to be modified. 3. Delete a rule: On the Account Rule page, click the Delete button for the rule to be deleted. 4. Import the password common words: Click Import Common Words, and a confirmation dialog box is displayed. Click Import , select the text document file that contains the password common words, and then click Open. 5. Export the password common words: Click Export Common Words to export the common passwords that are forbidden when setting strong password rules. © ZTE All rights reserved CONTENTS Security Management Overview Security Guideline Initial User Configuration Daily Security Management Operations Querying Online Users Querying Online Users: query online users, including user name, IP address of the client, and login time. Step: Open User Management tab, Click the Login Users icon. The information of online users is displayed, including user name, client IP address, and login time © ZTE All rights reserved Forcibly Logging Out a User When performing system maintenance or detecting illegal operations, the security administrator can forcibly disconnect a user from the UME system and log out the user. step1: Open User Management tab, Click the Login Users icon. step2: Log out one user: Click the corresponding Force to Log out button in the Operation column. Log out more users: select the users to log out. Click the Force to Log Out button, and the selected users are logged out. © ZTE All rights reserved Querying Locked Users Querying Locked Users: User account lock time and locking conditions are set in account rules. In the case that Lock Time of an account locking rule is set to Lock Temporarily or Lock Permanently, the UME system locks this account if a user has failed to enter the correct password for a specified number of times. The security administrator can query locked users and unlock them as required. step: Open User Management tab, Click the Locked User icon. Locked users are displayed, including locked users, locker IP, and time of locking To unlock © ZTE All rights reserved a user, click the Unlock button in the Operation column for the user. Disabling a User If a user is not allowed to log in to the system any more, the security administrator can disable this user. A disabled user cannot log in to the system. step: Open User Management tab, show all users. Select Disable in the corresponding Status column. © ZTE All rights reserved Modifying User Passwords in Batches Passwords of users other than security administrators can be modified in batches. The modification is not limited by the account rules. Select the users to modify their passwords as required. The passwords of the users will be changed to the same one. step1: Open User Management tab, show all users. step2: Click the Batch Change Password button. step3: Select users from the left user list. Enter the new password in the Password text box, enter the password again in the Confirm Password text box, and then click Confirm. © ZTE All rights reserved Connecting a System or Module to the UME System Other UME systems or LEM modules can be connected to the local UME system. The security administrator of the UME system can create users for the connected UME systems and modules. step1: Open the Security Management , Click the Subsystem Management item in the left panel. The Subsystem Management page is displayed. Click Create System © ZTE All rights reserved Connecting a System or Module to the UME System step2: The Create System page is displayed, Set the system connection parameters. step3: Click the Test button for the user URL and role URL respectively to verify that the URLs are correct. Click Create. The configuration is completed. © ZTE All rights reserved Collecting Roles from Connected Systems The UME system can collect roles from the connected systems or modules. After the role information has been successfully collected, the security administrator can create users for the connected systems or modules, and then synchronize the user information with the connected systems or modules. step: Open the Security Management, Click the System Management item in the left panel. Select connected systems and click Collect Roles. © ZTE All rights reserved Dispatching Users User dispatch status shows the information about user synchronization with the connected UME systems or LEM modules. You can query the dispatch status of all users or specified users, and manually dispatch user status. step: Open the Security Management, Click the User Dispatch Status item in the left panel. © ZTE All rights reserved Parameter Configuration 1. Setting the Idle Time for Automatic Logout step1: Open the Security Management, Click the Parameter Configuration item in the left panel step2: Click Modify, set the User Idle Time parameter in the Auth Configuration area, and click Confirm 2. Setting the Number of Simultaneous Login Users of the Same Account step: set the One User Simultaneous Login Number Restriction to Custom, enter the number in the text box 3. Modifying Login Banner Information set Login Banner Status in the Login Banner Configuration area to Open 4. Configuring Subsystem Management Parameters configure the subsystem management parameters in the Subsystem Management Configuration area © ZTE All rights reserved Thank you!
