Managing realms

Realms define security perimeters within the network that do not overlap. Each device belongs to a single realm. When you initially install TrueSight Network Automation, all devices belong to a single realm called Default.

You can manage realms in Network Automation by navigating to Network > Spans > Realms. Realms are not exposed on the GUI until more than one realm is defined.

When a realm is successfully created in Network Automation, the system automatically grants realm network access to the user who created the realm. If the user creating the realm does not have 'Full Network Rights' or is a non-root user, Network Automation internally generates a new role with access granted only to this new realm.

The newly generated role is associated only with the user who creates the realm. The role follows a naming convention - 'Access Only Realm: <realm_name>'. For example, for a newly-created realm 'Speedy Legal Services', the automatically generated role-name would be 'Access Only Realm: Speedy Legal Services'. If the role name already exists, in other words, if the user deleted the realm and re-created it with the same name, the new role is postfixed with a 3-digit number to make the name unique, for example, 'Access Only Realm: Speedy Legal Services:001'. For additional such roles created, the postfix number is incremented.

Events are logged to indicate when the role could be generated successfully or not.

An administrator can, at any point in time thereafter, reconcile the realm rights to the user's other roles and delete the automatically generated role.

Where to go from here

To add or edit a realm, see Adding-or-editing-a-realm.

To view the list of realms, see Viewing-the-realms-listing.

To delete realms, see Deleting-a-realm.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*