Management Console page | Feature (to configure or change this feature) | Required settings for read permission | Required settings for read/write permission |
Manage > Topology: Sites & Networks | Networks | Network Settings Read-Only | Network Settings read/write Policy Push read/write |
Sites | Network Settings Read-Only QoS/Path Selection Read-Only | Network Settings read/write Policy Push read/write QoS/Path Selection read/write | |
Manage > Applications: App Definitions | Applications | Network Settings Read-Only | Network Settings read/write Policy Push read/write |
Manage > Services: Quality of Service | Enable QoS | Network Settings Read-Only | Network Settings read/write QoS/Path Selection read/write Policy Push read/write |
Manage QoS Per Interface | Network Settings Read-Only | Network Settings read/write QoS/Path Selection read/write Policy Push read/write | |
QoS Profile | QoS/Path Selection Read-Only | QoS/Path Selection read/write Policy Push read/write | |
Manage > Services: QoS Profile Details | QoS Profile Name | QoS/Path Selection Read-Only | QoS/Path Selection read/write Policy Push read/write |
QoS Classes | QoS/Path Selection Read-Only | QoS/Path Selection read/write Policy Push read/write | |
QoS Rules | QoS/Path Selection Read-Only | Network Settings read/write QoS/Path Selection read/write Policy Push read/write | |
Manage > Services: Path Selection | Enable Path Selection | Network Settings Read-Only | Network Settings read/write Policy Push read/write |
Path Selection Rules | Network Settings Read-Only QoS/Path Selection Read-Only | Network Settings read/write QoS/Path Selection read/write Policy Push read/write | |
Uplink Status | Network Settings Read-Only QoS/Path Selection Read-Only Reports read/write | — | |
Manage > Topology: Clusters | Interceptor Clusters | Network Settings Read-Only | Interceptor/Cluster Settings read/write Policy Push read/write |
Page | Description |
SCC Settings | Manages the SCC features: for example, host settings, network settings and reports. |
AAA Configurations | Authenticates and authorizes SCC users. |
Page | Description |
Global | Configures Global group settings. |
<group> | Configures the <group> settings. |
Control | Description |
admin/monitor | Click the right arrow to modify the admin and monitor accounts. |
Clear Login Failure Details | Clears the account log in failure details and closes the fields for changing the password. |
Change Password | Enables password protection. Password protection is an account control feature that allows you to select a password policy for more security. When you enable account control on the Administration > Security: Password Policy page, a user must use a password. When a user has a null password to start with, the administrator can still set the user password with account control enabled. However, once the user or administrator changes the password, it can’t be reset to null as long as account control is enabled. • Password - Specify a password in the text box. • Password Confirm - Retype the new administrator password. |
Enable Account | Activates the account. Clear the check box to disable the administrator or monitor account. When enabled, you may make the account the default user for RADIUS and TACACS+ authorization. You may only designate one account as the default user. Once enabled, the default user account may not be disabled or removed. The Accounts table displays the account as permanent. |
Allow Policy Push for Non-Admin Connected Appliances | Enables administrator users to perform configuration pushes to appliances connected with nonadministrator role-based management users, provided the nonadministrator role-based management users have read/write privileges on the appliance. |
Apply | Applies your changes to the running configuration. |
Control | Description |
Add a New User | Displays the controls for adding a new user. |
Account Name | Specify a name for the role-based account. |
Password | Specify a password in the text box, and then retype the password for confirmation. |
Enable Account | Select the check box to enable the new account. |
Make this The AAA Default User (for RADIUS and TACACS+ logins) | Select to make the user the default AAA user to provide strict AAA access for RADIUS and TACACS+ logins. |
Policy Visibility Restricted | Restricts viewing, editing, and deleting of policies in groups for which RBM users don’t have access. • Users with deny access to a group can’t view the policies associated with that group from the Manage->Policy page. • Users with read-only access to a group can only view the policies associated with that group from the Manage > Policy page. Read-only users can’t edit policies. • Users can‘t view or attach a policy to an accessible group if that policy is already attached to a group for which the user doesn’t have read/write permission. Users can still view and edit the policies associated with the groups for which they have access. Users with only read/write access to a group can view and edit the policies associated for that group. |
User Roles | Create system administrator or role-based management accounts for users. • Administrator - Creates a system administrator account for the user. This is an administrator account with full access to configurations and reports on this appliance. This account can also be used to create, edit, and remove user accounts. Create a system administrator account to increase security and to conform to Defense Information Systems Agency (DISA) requirements. In cases where an AAA server isn’t reachable and the admin user or system administrator isn’t able to login, you can create a safety account in the Administrator > Security: General Settings page. For details, see Configuring general security settings. • RBM User - Select to create a role based management user and apply permissions for each role below. – CMC (SCC) Settings - Manages the SCC features: for example, host settings, network settings and reports. – AAA Configurations - Authenticates and authorizes SCC users. |
Groups | • Global - Configures Global group permissions. |
Appliance Management | Controls appliance upgrades, policy pushes, and so forth. • Appliance Upgrade - Configures permissions for appliance upgrade. • File Transfer - Configures permissions for file transfers on managed appliances. • Non Admin Connected Appliance's Policy - Enables administrator users to perform configuration pushes to appliances connected with nonadministrator role-based management users, provided the nonadministrator role-based management users have read/write privileges on the appliance. If the push fails, verify if the nonadministrator role-based management user has the required permissions to modify the page that’s being pushed on the appliance and on the SCC: for example, to push QoS changes the user must also have read/write permissions for Role Based Accounts > Appliance Management Roles > Optimization Settings > Qos/Path Selection. • SteelHead Backup - Configures permissions for SteelHead backups on managed appliances. • Operation Status - Configures permissions for operation status on managed appliances. • CLI Commands - Configures permissions for CLI commands to managed appliances. |
Appliance Settings | Manage appliance permissions, such as cluster configuration, host settings, network settings, and so forth. • Interceptor/Cluster Settings - Configures permissions for Interceptor clusters. You must also include the Policy Push role. • General Settings - Configures permissions for general system settings. • Network Settings - Configures permissions for topology definitions, site and network definitions, application definitions, host interface settings, network interface, DNS cache, hardware assist rules, host labels, and port labels. You must include this role for users configuring path selection or enforcing QoS policies in addition to the QoS and Path Selection roles. • Reports - Configures permissions for reports. • Basic Diagnostics - Configures permissions for basic diagnostic reports. • SteelFusion Branch Storage Device Service - Configures permissions for SteelFusion Branch. • TCP Dumps - Configures permissions for TCP Dump. |
Appliance AAA Configuration | Appliance security permissions. • Security Settings - Configures security permissions, including RADIUS and TACACS authentication settings and the secure vault password. |
Optimization Settings | Manage appliance optimization setup. • SteelHead In-Path Rules - Configures permissions for TCP traffic for optimization and optimizing traffic with in-path rules. This role includes WAN visibility to preserve TCP/IP address or port information. For details about WAN visibility, see the SteelHead Deployment Guide • QoS/Path Selection - Configures permissions for QoS policies and path selection. You must also include the Network Settings role for QoS and path selection. |
Application Optimization Policies | Configure optimization permissions for different applications. • Optimization Service - Configures permissions for alarms, performance features, SkipWare, HS-TCP, and TCP optimization. • CIFS Optimization - Configures permissions for CIFS optimization settings (including SMB signing) and Overlapping Open optimization. • HTTP Optimization - Configures permissions for enhanced HTTP optimization: URL learning, parse and prefetch, object prefetch table, keepalive, insert cookie, file extensions to prefetch, and the ability to set up HTTP optimization for a specific server subnet. • Oracle Forms Optimization - Configures permissions for Oracle E-business application content and forms applications. • MAPI Optimization - Configures permissions for MAPI and sets Exchange and NSPI ports. • SQL Optimization - Configures permissions for SQL optimization. • NFS Optimization - Configures permissions for NFS optimization. • Notes Optimization - Configures permissions for Lotus Notes optimization. • Citrix Optimization - Configures permissions for Citrix optimization. • SSL Optimization - Configures permissions for SSL support and the secure inner channel. • Replication Optimization - Configures permissions for the SRDF/A, FCIP, and SnapMirror storage optimization modules. • Domain Authentication - Configures permissions for joining a Windows domain and configuring Windows domain authentication. |
Branch Services | Branch services permissions: • Proxy File Service (PFS) - Configures permissions for a virtualized environment on the client SteelHead. The functionality can include third-party packages such as a firewall security package, a streaming video server, or a package that provides core networking services (for example, DNS and DHCP). This role includes permission to install VMware tools and add subnet side rules. For details, see the RSP User Guide. • RSP/VSP - Configures permissions for Riverbed Services Platform (RSP) and Virtual Services Platform (VSP). |
Add | Adds your settings to the system. |
Remove Selected Accounts | Select the check box next to the name and click Remove Selected. |