- Print
- PDF
Partition is a grouping of managed elements that will be given a name. Skylight orchestrator’s network partitioning functionality allows you to identify resources that a particular user (or group of users) is able to view in the system. Users will be limited via a network partition to see their specific resources.
Note: Network partitioning is available with Skylight orchestrator 23.04 and above.
Network Partitions Page
Select Network Partitions in the left pane to create and configure a set of resources in the system that can then be identified as a partition. Once configured, the admin user can assign one or multiple users to this partition.
Notes:
Only the Admin-level users can create, edit and delete partition configurations. Only the Admin-lever users can assign the other user roles to a partition.
A user who is not assigned to any partition will be granted full network resources.
One or multiple users can be assigned to one or multiple partitions.
Partitioning is not possible with modules. Only the modules that belong to one of the Skylight sensor: control of the user's assigned partitions are displayed.
Impact of Networking Partitioning
The following section explains how network partitioning affects various Skylight orchestrator functions.
Devices
- Devices that belong to one of the user's assigned partitions are displayed. This applies to both the Firmware page and the Backup & restores page.
- Only the Modules that belong to one of the user’s Skylight sensor: controls assigned to partitions are displayed.
Commission
- Only devices in a user partition can be selected throughout job executor creation and network flow executors. Similarly, only all devices belonging to a network partition of a user are permitted to be executed in an executor.
- A user is able to see all the assigned devices as well as details of all the devices from the previous run of job executors and flow executors, even devices outside of this user partitioning scope.
- The executors only work with devices that belong to a user’s network partitions although these executors use ME Reference Datasets.
- An error message related to out-of-scope devices will appear and all out-of-scope devices will appear while using Dry run button in a previously configured executor with any devices not belonging to user's network partition.
- During scheduled jobs execution, it will be performed with all devices that are assigned in this job.
- All devices that are automatically added into Skylight orchestrator by Discovery Trigger will not be assigned to any partition. Only admin user and users with no network partition restrictions will be able to see them.
Inventory
- Inventory queries are limited to the elements and modules in a user’s network partition and the device filter will only display devices from the current user’s network partitions.
- Some behaviors similar to the commission section will occur during an export execution:
- An error message related to out-of-scope devices will appear while the user executes an export execution configured before with any devices do not belong to user's network partition.
- During scheduled export execution, it will be performed with all devices that are assigned in this export configuration.
- If the "All devices" checkbox is selected while configuring the export:
- If the method of this export is done show manually, this export will only perform with all devices on this user's network partition (user configures this export).
- If the method of this export done scheduled show, this export will perform with all devices on the Skylight orchestrator system.
Service performance
- The tests and test results of modules and devices are only visible to the user if they are in this user’s network partition.
- While creating a test:
- The user only sees and selects devices and modules belonging to their network partition.
- All users can see and select all reflectors on the Skylight orchestrator system.
- If a module or element is a far-end element that has an L3 Two-Way loopback required, the far-end loopback will be bypassed if that element is not in the user’s partition.
Collection
Only devices belong this user’s network partition are shown in the Device Configuration and Reporting Status tabs.
Sessions
- Only sessions from the sender belonging to this user's network partition are displayed.
- While creating a session:
- On sender configuration, only interfaces of devices belonging to user's network partition are shown and can be selected.
- On reflector configuration, all interfaces of all devices (all reflectors) on the Skylight orchestrator system are shown and can be selected.
REST API
Skylight orchestrator now supports creating, editing or deleting Y.1564 and RFC 2544 configurations via API.
The user can use RESTfull API to search information related to resources (devices, modules) belonging to their network partition.
Job executors will not start and an error message related to out-of-scope devices will be returned if there are any assigned devices that do not belong to this user's network partition. This behavior will be the same with all manager NBI operations (primarily endpoints and sessions).
- Concerning SLA:
- Partitioning validation will be enforced if the user is attempting to get a specific SLA session or delete a specific session.
- Any user can get all SLA sessions.
RADIUS
Authenticated users have the same privileges as Local users:
- Local admin and RADIUS admin users are able to configure the network partition, but cannot be assigned to a partition (will be hidden from the partition view).
- The Local and RADIUS users that have other roles such as Operator, WS, Viewer, and FW Management can be assigned to a partition (will be displayed in the partition view).
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks