Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    How NSM Works with the CLI and Distributed Data Collection

    Before we can discuss how NSM works with the CLI, the following terms need to be defined:

    • ADM (Abstract Data Model)—The Abstract Data Model is an XML file that contains all the configuration information for a domain.
    • configlet—A configlet is a small, static configuration file that contains information about how a device can connect to NSM.
    • Device Server—The Device Server is the component of the NSM management system that handles communication between the GUI Server and the device, collects data from the managed devices on your network, formats configuration information sent to your managed device, and consolidates log and event data.
    • DM (Data Model)—A Data Model is an XML file that contains configuration data for an individual device. The DM is stored in the Device Server; when you create, update, or import a device, the GUI Server edits the Abstract Data Model (ADM) to reflect the changes, then translates that information to the DM
    • GUI Server—The GUI Server manages the system resources and data that drives NSM functionality. The GUI Server contains the NSM databases and centralizes information for devices and their configurations, attack and server objects, and policies.

    NSM and the CLI communicate through the GUI and Device Servers that translate objects and object attributes in both directions. Device configuration information is translated into Data Model (DM) objects or Abstract Data Model (ADM) object attributes, and conversely DM objects and ADM object attributes are translated into XML configlets and documents.

    NSM uses a distributed data collection system. Each device is described by a unique DM. The DM is stored in the Device Server which communicates with the GUI Server and the device.

    When you create, update, or import a device into NSM, the GUI Server edits the ADM to reflect the changes, then translates that information to the DM. The ADM contains configuration data for all objects in a specific domain. When you use the UI to interface with your managed devices, the ADM and DMs work together.

    Figure 1: NSM Network Architecture

    NSM Network Architecture
    • When you update a device configuration, the GUI Server translates the objects and object attributes in the ADM domain into device configuration information in a DM. For DMI based devices which include the M Series and MX Series, the Device Server converts the DM into an XML configlet and sends the configlet through NetConf protocol to the device.
    • When you import a device configuration, the device sends the configuration through the NetConf protocol as an XML document to the Device Server, which translates the XML document into a DM with device configuration information. The GUI Server then translates the device configuration in the DM into objects and object attributes in the ADM, and uses the ADM to display current information in the UI.

      For more details on the ADM and DMs, see “Managing Devices” in the Network Security Manager Administration Guide.

    The management system also provides an application programming interface (API) for integrating NSM into larger enterprise business systems. This NSM API provides an alternative interface to that provided by the UI. For details, see the Network and Security Manager API Guide.

    Published: 2013-01-02