Managing a UGMC includes managing services on the console itself and managing the realms created in the console.
Managing UGMC Services
Managing UGMC services includes the following tasks:
|
Name |
Description |
|---|---|
|
Configuring UGMC |
All these settings only affect the operation of the UGMC service and do not affect the administration of managed realms. |
|
Licensing |
Acquire a license for the product (enter a PIN code and register the product) and assign managed devices to each managed realm (optional). If no limits have been defined, any realm may use any number of managed devices as long as the total number does not exceed the number of licensed devices. Подробнее о лицензировании смотрите в главе Лицензирование UserGate Management Center. |
|
Creating managed realms |
Create the managed realms. You can create an unlimited number of managed realms. |
|
Creating root administrators for managed realms |
Create root administrators for managed realms. |
Managing UGMC Realms
Realms are managed by realm administrators. This includes the following tasks:
|
Name |
Description |
|---|---|
|
Create additional realm administrators |
When a managed realm is added, a root administrator is created for it. The administrator has the full rights to manage the realm. The root realm administrator can create additional administrators and assign them all their appropriate rights. |
|
Configure authentication servers |
Create connections to LDAP servers to allow LDAP users to act as realm administrators. |
|
Create device templates |
Create and configure device templates. |
|
Create template groups |
Create template groups that contain previously created templates. |
|
Add managed devices |
Add managed devices to UGMC and assign them to template groups. |
Role-Based Management
During the initial UGMC configuration, creating at least one managed realm will create the following administrators:
-
UGMC Administrator. Usually, this is the user with the login name Admin. To log in to the console, they must specify the name as Admin/system, where "system" means they are logged in to manage UGMC services and not the managed realm.
-
The root administrator of the realm. This user can have any login name, e.g., Admin. To log in to the console, they must enter their name as Admin/realm_code, where realm_code is the code of the managed realm.
UGMC Administrators can create additional UGMC administrators and give them special rights (administrator profiles) to manage UGMC services. При этом администраторы UGMC ограничены только возможностью управления сервисами UGMC (смотрите главу Настройка UserGate Management Center), не имея доступа к управлению областями. Example of UGMC administrators' access rights:
|
Administrator |
Administrator Profile |
Access level |
|---|---|---|
|
Admin/system |
Root profile |
Full. The administrator and their profile are created when the UGMC services are initialized. |
|
AdminRO/system |
ReadOnly |
View-only access to all UGMC services without the ability to modify them. |
|
AdminRealm/system |
RO+realms |
Create managed realms and their administrators as well as view any other UGMC settings without the right to modify them. |
|
AdminDash/system |
Dashboard |
Only allowed to view the Dashboard section. |
Root realm administrators can create additional administrators in their realm and assign them special rights (administrator profiles). Администраторы области ограничены только возможностью управления своей областью (смотрите главу Управляемые области), не имея доступа к управлению другими областями или сервисами UGMC. The root realm administrator can only be local and cannot be bound to an LDAP directory. Additional administrators created by the root realm administrator can be either local or bound to an LDAP directory. Examples of access rights for realm administrators:
|
Administrator |
Administrator Profile |
Access level |
|---|---|---|
|
Admin/realm_code |
Root profile |
Full. Administrators and their profiles are created by the UGMC administrator. |
|
AdminRO/realm_code |
ReadOnly |
View-only access to all realm settings; no modification rights. |
|
AdminTemplates/realm_code |
Templates |
Create and modify all realm templates. |
|
AdminTemplateGeneral/realm_code |
TemplateGeneral |
Only modify the General template. |
|
AdminTemplateGeneralNET/realm_code |
TemplateGeneralNET |
Only modify network settings in the General template. |