Security Integration Management Using NSM Overview

True security integration occurs when you can control every security device on your network and see every security event in real-time from one location. In NSM, this location is the NSM GUI, a graphical user interface that contains a virtual representation of every security device on your network. The idea behind this virtual-physical abstraction is that you can access your entire network from one location—use this console to view your network, the devices running on it, the policies controlling access to it, and the traffic that is flowing through it.

The following topics are the security integration management features of NSM:

Complete Support

You can create and manage device configurations for security devices or systems. NSM provides support for ScreenOS configuration commands, so you can retain complete control over your devices when using system-level management features like VPNs.

Network Organization

With NSM, you can use domains to segment your network functionally or geographically to define specific network areas that multiple administrators can manage easily.

A domain logically groups devices, their policies, and their access privileges. Use a single domain for small networks with a few security administrators, or use multiple domains for enterprise networks to separate large, geographically distant or functionally distinct systems, control administrative access to individual systems, or obfuscate systems for service provider deployments.

With multiple domains, you can create objects, policies, and templates in the global domain, and then create subdomains that automatically inherit these definitions from the global domain.

Role-Based Administration

Control access to management with NSM—define strategic roles for your administrators, delegate management tasks, and enhance existing permission structures with new task-based functionality.

Use NSM to create a security environment that reflects your current offline administrator roles and responsibilities. Because management is centralized, it’s easy to configure multiple administrators for multiple domains. By specifying the exact tasks your NSM administrators can perform within a domain, you minimize the probability of errors and security violations, and enable a clear audit trail for every management event.

Initially, when you log in to NSM as the super administrator, you have full access to all functionality within the global domain. From the global domain, you can add the following NSM administrators, configure their roles, and specify the subdomains to which they have access:

Centralized Device Configuration

No network is too large—because you manage your security devices from one location, you can use the following system management mechanisms to help you quickly and efficiently create or modify multiple device configurations at one time:

Migration Tools

If you have existing security devices deployed on your network or are using a previous Juniper Networks management system, you can use the NSM migration tools to quickly import your existing security devices and their configurations, address books, service objects, policies, VPNs, and administrator privileges. As NSM imports your existing device configurations, it automatically creates your virtual network based on the configuration information.

You can import device configurations directly from your security device, or from your Juniper Networks Global PRO or Global PRO Express system. Import all your security devices at one time, or, if your network is large, import one domain at a time. When importing from Global PRO or Global PRO Express, NSM automatically transfers your existing domain structure.

For details on migrating from a previous management system, see the NSM Migration Guide.

Related Documentation