Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring the Connection to a CSO Client

 

Support for Configuring the Connection to a CSO Client is supported in Juniper Identity Management Service Release 1.1 and later.

If your network environment uses Contrail Service Orchestration (CSO), you can configure Juniper Identity Management Service to serve up to 10 CSO platforms. CSO must be running Release 3.3 or a later release.

Configuring a CSO client allows the JIMS server to establish a secure link with CSO. This link is used to push the data that the JIMS server has collected about users and groups within a set of domains to CSO. This data allows administrators using CSO to make policy decisions that can be applied to a set of SRX Series devices that are handling the user firewall policy duties for that same set of domains.

Note

The JIMS server provides real-time updates about user sessions (mapping users to IP addresses and devices) to the SRX Series devices simultaneously and independently from CSO. The JIMS server and CSO work together to help improve the policy handling and enforcement on the SRX user firewall.

Before you begin, you need the username and password that the CSO HTTPS server uses to authenticate incoming connections.

To configure the connection to CSO:

  1. In the navigation pane, select Clients. Click the CSO Clients tab.
  2. In the upper Contrail Service Orchestration (CSO) Configured Clients pane, click Add. The Add CSO Client Configuration page appears.Note

    Values with a light blue background represent default values. These values can be overridden as needed.

  3. In CSO IP/Hostname text field, enter the hostname or IP address of the CSO platform.
  4. Type a description for the CSO.
  5. Type the username and password credentials that the HTTPS server on CSO uses to authenticate incoming connections.
  6. Click OK to save the settings.