Over the last decade or so, I have worked with many organisations and while all of them are different, they have many things in common. One thing organisations have in common is the need for more flexibility in the authentication system to give them the ability to provide access to resources being managed by the people who need to see them, this needs to include the ability to view individual resources, like interfaces and chart data, which are defined at a lower level than the operating system (e.g. a node). It needs to be possible to permit users of the network management system access to more specific data from almost arbitrary objects.
Over the last few months, Opmantek has been working on an alternate authorization system which will permit our customers to be able to define views of what is being managed so that they can permit their customers to see information that they might not ordinarily be able to see without giving them access to view an entire node.
A simple example of the benefits of this capability would be for service providers who have shared equipment, where multiple customers are using one or more interfaces from one or more switches. This might be a metropolitan area network, with switches in the basements of buildings and each customer uses one or more interfaces.
With our new multi-tenancy authorization, roles are created for each customer and the associated user names, then several business service views are created by selecting the interfaces of one or more switches and adding them to a business services view for the customer. When the customer logs in, they have access to see the business services view and all of the associated interfaces. They are then able to drill into the interface to see the statistics.
Another good example of this might be an IT Services company which provides general IT services to businesses, along with network and server management. Amongst the equipment being managed are some telephones and the related network interfaces. A partner of the IT services company assists with the management of the phone systems and requires the ability to see switch ports which the phones connect to. With traditional authorization schemes the telephony engineers would require logins giving them permission to see the entire switch including interfaces for things not related to their duties.
With the new multi-tenancy authorization, a business services view can be created and the required telephony interfaces added to that view. When the telephony engineer logs into the system, they will only see the interface information they need to keep an eye on the telephony system.
As an option, the ability to display summary node information in business services views is also available, allowing key operational summary information to be shared without providing access to the full device. When clicking on an interface name, it is possible to see the detailed graph of the interface.
While providing this is already very powerful, we felt that providing more detailed access would also be beneficial, so we have extended this capability to the charts and maps in opCharts. This means that you can create a chart including, for example, the CPU load of several devices, and then permit the customer to view that chart. The same applies to maps.
Going forward Opmantek will expand this capability significantly to include more granularity in the authorization and more resources available to be permitted. We will also work to simplify administration of the system wherever possible.
We are very excited by being able to take authorization to a new level of flexibility and simplicity, enabling our customers to in turn be more flexible with their customers and manage third party vendor access more diligently.
