|While your AAA servers might not be local,
Uplogix will ensure their security is still in place.
Your network infrastructure is only as good as its security. When it comes to controlling administrative access, organizations often want to limit and separate access and privileges among various IT groups. For example, the server people don’t need the same access as the network folks, and it makes for better administrative control and auditing when users are assigned only the privileges they need.
Current solutions include authentication at the local device level, device segmentation, and centralized AAA (Authentication, Authorization and Accounting) using TACACS or RADIUS. The latter supports fairly granular permissions, allowing control over each user’s level of access on a specific device, but if there is a problem with network connectivity, or if the device cannot communicate with the central software, then the system becomes unusable.
Local Management and the AAA Model
Uplogix applies a system of granular permissions that integrates with centralized AAA systems to provide command-level control over access and authorization. The benefits of this model are:
- Customizable roles allow and deny access to commands
- Roles can be assigned on a per-user and per-resource basis
- Security is enforced even when the network is down or if the centralized AAA service is unreachable
- When integrated with centralized AAA, last known permissions can be cached for offline enforcement
The Uplogix model for AAA ensures that you can maintain and enforce AAA regardless of the state of the network. Under normal circumstances, Uplogix Local Managers (LMs) integrate with remote authentication mechanisms, such as TACACS and RADIUS. If connectivity is lost, the LM can failover to other AAA servers before falling back on cached authentication data to maintain authorized access.
For more information, see the Uplogix website for Security and Compliance features of Local Management.