Administration Domains

Administration Domains allow you to organize devices into separate domains and delegate their management to Domain Administrators.

Service Providers typically use this feature to restrict the scope of administrators to a subset of network devices.

Domains are only available with an Enterprise license.

Managing Domains

The Domain Management page allows you to create, modify, and delete Administration Domains. This page is only displayed if you are logged in as a Global Administrator.

Click Administration > Domains on the menu to display the domain list:

To add a new domain:

1. Click Add Domain. The New Domain page appears:

2. Complete the following details:

   Name	Enter a name for the domain (e.g., Customer Name, Business Unit, etc.).
   Contact (optional)	Enter the name of the main contact for the domain.
   Telephone (optional)	Enter a contact telephone number.
   Email (optional)	Enter a contact email.
   Address (optional)	Enter a customer or Business Unit address.
   Notes (optional)	Enter any additional information.

3. Click the Devices tab to use the device selector and add devices to the domain. Additionally, you can configure the following:

   • Max. devices: the maximum permitted number of devices that can be added to this domain.

   • One or more IP address ranges that are allowed for this domain.

   • A domain-wide NAT IP address, which overrides the system-wide setting. For more information, see Network Address Translation (NAT). This setting can be overridden by the device-specific setting.

   • The devices that are part of the new domain.

4. Click the Branding tab (optional) to customize the top left-hand side corner image that will be displayed to a Domain Administrator. Click Choose File to locate a suitable image file on your PC. For best results, the logo should be exactly 100 pixels wide and up to 100 pixels tall, and no more than 40KB in size.

   Remove Licence Info	Hides the expiration date for users in this domain.
   Remove Serial Number	Hides the appliance serial number for users in this domain.
   Remove Help Menu	Disables access to help for users in this domain.

5. Click the License tab (optional) to restrict the domain to expire on a certain date. Click Enforce License to enable the function, and choose a date.

   Disable Schedule	Stops all scheduled jobs for this domain when a defined date is reached.
   Prevent User Login	Disables users of this domain from accessing the appliance when a defined date is reached.

6. Click Save. The system returns to the domain list.

To edit an existing domain, click the name of the domain.

Administrator Roles

If Administration Domains are enabled, administrators have either a global or a domain scope:

Global Users	Have visibility and can operate on all the devices on the system, regardless of the domain the devices are assigned to. Logs and status pages display information about all the devices defined on the system.
Domain Users	Users with at least one domain set. Their visibility is restricted to devices in their own domain(s). Logs and status pages only display information on the devices in the selected domain(s).

Restorepoint supports six built-in user roles:

Global Admin	A “Super User” that has full control on any aspect of the appliance:
	create/modify/delete devices in any domain
	create/modify/delete global and domain administrators
	initiate backups/restores
	change the appliance configuration
	an encryption password that allows Restorepoint to transition from the lock-down state to the normal state
Global Backup	Backup Operator; can perform backups/restores of devices in any domain, but cannot modify devices, users, or appliance configuration.
Global View Only	Monitor Operator; can only view existing backups and verify that the system is operating normally.
Domain Admin	Has full control of devices and users in their domain. Does not have visibility of devices in other domains, cannot modify the appliance configuration, or transition the appliance from lock-down state to normal state. Logs and status screens only display information related to the domain.
Domain Backup	Can perform backups/restores of devices in their domain.
Domain View Only	Can only view existing backups, access logs, and status information of devices in their domain.

You can also define custom user roles. For more information, see Custom User Roles.

You can use the Users page to add or delete administrator or modify their password, scope, or permissions.

Adding a New Domain User

To add a new domain user:

1. Select Administration > Users from the menu. Restorepoint displays the User Management page.

2. Click Add User. Restorepoint displays the New User page as shown:

3. Complete the following fields:

   Full Name	Enter the full name of the user.
   Username	Enter the new username (up to 16 characters).
   Password	Enter the password for the new user (passwords must be between 8 and 24 characters long).
   Role	Select the privilege level from the drop-down list. See for the privileges associated with each admin level.

Privileges	View Only	Backup	Admin
View devices/configurations	Y	Y	Y
Run device operations	N	Y	Y
Add users/devices; modify system	N	N	Y

 

Table 4 : Default Administrator privilege levels (simplified)

Encryption Password	This field appears if an Admin-level administrator is selected. The encryption password must be between 8 and 24 characters long and must be different from the administrator password.
Domains	Assign the user to one or more domains to restrict the user’s scope:



4. Click Update. The updated Users page appears:

Editing Devices

If Administration Domains are enabled, you can use the Domain drop-down menu in the Edit Device modal to move a device from a domain to another.

The domain selector will only be displayed if you are logged on as a Global Administrator.