Endpoint Admission Defense Help >> Operation Guide >>Hierarchical Node

Hierarchical Node

Hierarchical node management is used for hierarchical management of UAM/EAD nodes in the network. A medium- to large-sized network usually has multiple administrators to manage user access in different network scopes. In this case, you may need to configure global policies for all users, and assign different rights to different administrators. The hierarchical node management function can slove these problems. Before performing hierarchical management, you must grade the entire network into multiple upper and lower grades. Each grade needs a network node for management. The node of the highest grade (also called the root node) specifies security polices of the entire network and deploys the policies grade by grade. The deployed items include services, security polices and the corresponding security levels, PC software control groups, traffic monitoring policies, registration table monitoring policies, share control policies, patches, and PC security software etc. The root node can maintain all data and supports scope based privilege administration of services. Non-root nodes can maintain only the access user data and non-security data, and do not support scope-based privilege administration of services.

Functions

• Add/Modify Child Node
• Delete Child Node
• Deploy Services
• Confirm Parent Node
• Delete Parent Node
• Deploy Information
• Configure Automatic Deployment
• Policy Deployment History
• Upper-Level Tasks

Parameters

• Node Name: Name of the child node.
• Status: Status of the child node, Normal or Abnormal.
• Reason for Abnormality: Possible reasons for abnormality include: The last report time is null, more than 40 minutes has passed since the last report, the last deployment failed, and data report errors. A data report error means that no data is received from the child node, which is usually caused by a network problem or the child node not confirming the parent node.
• IP Address: Specifies the IP address of the child node.
• Port: Specifies the listening port of the child node.
• Protocol Type: Selects the communication protocol of the child node.
• AUTH for Accessing Child Node: Specifies whether to authenticate the login username and password when accessing the child node.
• Login Name: Specifies the username the system uses to automatically log in to the child node. The username must be that of an administrator of the child node.
• Login Password: Specifies the login password of the administrator.
• Last Report Time: Last time when the child node reported data to the current node.
• Last Success Deploy: Last time when the current node successfully deployed data to its child node.
• Last Deploy: Last time when the current node performed a deployment task.
• Result: Result of the last deployment.
• Operation: The functions that the current node can execute, including configuring services, deploying information, querying deployment history, modifying and deleting the child node.
• Policy Update Time: Time when the policy in Security Policy Management or the access service in Access Policy Management was last added, modified, or deleted.
• Real-time statistics on the number of users on the child nodes (time): Statistics on the number of users on each child node at a time. The statistics is refreshed every 30 minutes.
• Real-time statistics on the number of users failing the security check on the child node (time range): Statistics on the number of users failing the security check on each child node in a time range. The statistics is refreshed every 30 minutes.

Precautions

• For successful policy deployment, the login name used must be the administrator of the child node. Maintainers and viewers do not have the right for policy deployment.
• Ensure the correctness of the data in the child node list. If there is invalid data, the security log data may not be able to be reported to the parent node.
• The services deployed previously but not among the latest deployed ones are invalid services, which cannot be applied for users.
• Client ACLs configured in security policies will not be deployed to child nodes.
• The ACLs that are deployed to HP ProCurve device will not be deployed to child nodes.
• The parent node deploys the patch server address only for the first deployment of the policy. For subsequent deployments, the patch server address is not deployed.
• Access scenario information configured for the access service will not be deployed to child nodes.
• The EAD Hierarchical Node does not currently support deploying WSUS server manage-related configurations to a child node. Please remove the WSUS server management configuration information first, otherwise you will be prompted with "Error occurred when importing the data.".

Related Topics

• Service Configuration Management
• Security Level Management
• Traffic Monitoring Policy Management
• PC Security Software Policy
• Patch Control
• PC Software Control Group
• Registry Control
• Share Control
• Password Control