Administration Domains

Download this manual as a PDF file

Administration Domains allow you to organize devices into separate domains and delegate their management to Domain Administrators.

Service Providers typically use this feature to restrict the scope of administrators to a subset of network devices.

Domains are only available with an Enterprise license.

Managing Domains

The Domain Management page allows you to create, modify, and delete Administration Domains. This page is only displayed if you are logged in as a Global Administrator.

Click Administration > Domains on the menu to display the domain list:

Image of the Restorepoint Domains page

To add a new domain:

  1. Click Add Domain. The New Domain page appears:

Image of the Restorepoint Edit Domain page

  1. Complete the following details:

    Name

    Enter a name for the domain (e.g., Customer Name, Business Unit, etc.).

    Contact (optional)

    Enter the name of the main contact for the domain.

    Telephone (optional)

    Enter a contact telephone number.

    Email (optional)

    Enter a contact email.

    Address (optional)

    Enter a customer or Business Unit address.

    Notes (optional)

    Enter any additional information.

  2. Click the Devices tab to use the device selector and add devices to the domain. Additionally, you can configure the following:

    • Max. devices: the maximum permitted number of devices that can be added to this domain.

    • One or more IP address ranges that are allowed for this domain.

    • A domain-wide NAT IP address, which overrides the system-wide setting. For more information, see Network Address Translation (NAT). This setting can be overridden by the device-specific setting.

    • The devices that are part of the new domain.

  3. Click the Branding tab (optional) to customize the top left-hand side corner image that will be displayed to a Domain Administrator. Click Choose File to locate a suitable image file on your PC. For best results, the logo should be exactly 100 pixels wide and up to 100 pixels tall, and no more than 40KB in size.

    Remove Licence Info

    Hides the expiration date for users in this domain.

    Remove Serial Number

    Hides the appliance serial number for users in this domain.

    Remove Help Menu

    Disables access to help for users in this domain.

  4. Click the License tab (optional) to restrict the domain to expire on a certain date. Click Enforce License to enable the function, and choose a date.

    Disable Schedule

    Stops all scheduled jobs for this domain when a defined date is reached.

    Prevent User Login

    Disables users of this domain from accessing the appliance when a defined date is reached.

  5. Click Save. The system returns to the domain list.

To edit an existing domain, click the name of the domain.

Administrator Roles

If Administration Domains are enabled, administrators have either a global or a domain scope:

Global Users

Have visibility and can operate on all the devices on the system, regardless of the domain the devices are assigned to. Logs and status pages display information about all the devices defined on the system. Global users can also assign global credentials to a device that is assigned to a domain.

Domain Users

Users with at least one domain set. Their visibility is restricted to devices in their own domain(s). Logs and status pages only display information on the devices in the selected domain(s).

Restorepoint supports six built-in user roles:

Global Admin

A “Super User” that has full control on any aspect of the appliance:

  • create/modify/delete devices in any domain

  • create/modify/delete global and domain administrators

  • initiate backups/restores

  • change the appliance configuration

  • an encryption password that allows Restorepoint to transition from the lock-down state to the normal state

Global Backup

Backup Operator; can perform backups/restores of devices in any domain, but cannot modify devices, users, or appliance configuration.

Global View Only

Monitor Operator; can only view existing backups and verify that the system is operating normally.

Domain Admin

Has full control of devices and users in their domain. Does not have visibility of devices in other domains, cannot modify the appliance configuration, or transition the appliance from lock-down state to normal state. Logs and status screens only display information related to the domain.

Domain Backup

Can perform backups/restores of devices in their domain.

Domain View Only

Can only view existing backups, access logs, and status information of devices in their domain.

You can also define custom user roles. For more information, see Custom User Roles.

You can use the Users page to add or delete administrator or modify their password, scope, or permissions.

Adding a New Domain User

To add a new domain user:

  1. Select Administration > Users from the menu. Restorepoint displays the User Management page.

  2. Click Add User. Restorepoint displays the New User page as shown:

  3. Complete the following fields:

    Full Name

    Enter the full name of the user.

    Username

    Enter the new username (up to 16 characters).

    Password

    Enter the password for the new user (passwords must be between 8 and 24 characters long).

    Role

    Select the privilege level from the drop-down list. See for the privileges associated with each admin level.

  4. Privileges

    View Only

    Backup

    Admin

    View devices/configurations

    Y

    Y

    Y

    Run device operations

    N

    Y

    Y

    Add users/devices; modify system

    N

    N

    Y

     

    Table 4 : Default Administrator privilege levels (simplified)

    Encryption Password

    This field appears if an Admin-level administrator is selected. The encryption password must be between 8 and 24 characters long and must be different from the administrator password.

    Domains

    Assign the user to one or more domains to restrict the user’s scope:

    Image of the Restorepoint Edit User page

  5. Click Update. The updated Users page appears:

Image of the Restorepoint User Management page

Editing Devices

If Administration Domains are enabled, you can use the Domain drop-down menu in the Edit Device modal to move a device from a domain to another.

Image of the Restorepoint Device Details page

The domain selector will only be displayed if you are logged on as a Global Administrator.