How to Create and Use Domains

Policy Manager provides the ability to create multiple policy configurations by allowing you to group your roles and devices into Policy Domains. A Policy Domain contains any number of roles and a set of devices that are uniquely assigned to that particular domain. For example, a university may have a Dormitory domain with a policy configuration created for students, and an Administration domain with a policy configuration for staff members.

You can create multiple domains and easily switch from one domain to another. You can also export policy domain configuration data to a .pmd file, (one file per domain)  for backup and troubleshooting purposes, and you can import data from a .pmd file into a policy domain.

In order for your network devices to be displayed in the Policy Manager Network Elements tree, they must be assigned to a Policy Domain. Initially, you must use Console to add your devices to the NetSight database. Once your devices are in the database, you can assign the devices to a Policy Domain. As soon as the devices are assigned to a domain, they are automatically displayed in the Policy Manager Network Elements tree. Only devices that support policy are displayed in the Policy Manager tree.

Policy Manager automatically locks the current Policy Domain when you begin to edit the domain configuration. Other Policy Manager clients are notified that the domain is locked and they will not be able to save their own domain changes until the lock is released. For more information, see Controlling Client Interactions with Locks. After a modification is made, you must save the domain to notify all clients that are viewing that domain of the change, and automatically update their view with the new configuration.

Instructions on:

Creating a New Domain

Use these steps to create a new Policy Domain.

  1. Select Domain > Create.
  2. Enter the name for the new domain. Select the Do Not Use Global Services checkbox if you don't want the domain to include and display services that are common to all domains. Click OK.
  3. A new (blank) Policy Manager Domain opens.
  4. Proceed with assigning devices to the domain and then configuring the desired policies.

Opening a Domain

In Policy Manager, you work in one current domain at a time. To change to a different domain, use the Domain menu to select the desired domain. If you have made changes to the current domain, you will be prompted to update the database with the current domain configuration prior to opening the new domain.

Assigning Devices to a Domain

Initially, you must use Console to add your devices to the NetSight database. Once your devices have been added to the database, you must assign the devices to a Policy Domain. A device can exist in only one Policy Domain. As soon as the devices are assigned to a domain, they are automatically displayed in the Policy Manager Network Elements tree. Only devices that are assigned to the Policy Domain you are currently viewing are displayed in the tree.

Use these steps to assign devices to a Policy Domain.

  1. If necessary, open the domain that you want to assign devices to.
  2. Select Domain > Assign Devices to Domain. The Assign Devices to Domain window opens.
  3. Devices that are in the database but not assigned to a domain are listed in the left-panel Unassigned folder (including devices that do not support policy). The left panel also displays any other domains and the devices assigned to those domains. Use the drop-down list to select a single domain or All Other Domains. If you select All Other Domains, use the bottom panel to view which domain each device is assigned to.
  4. The right panel displays the current domain and the devices assigned to that domain. To add a device to the current domain, select the device in the left panel and click Add. You can also select and add multiple devices.
  5. To remove a device from the current domain, select the device and click Remove. This removes the device from the current domain and places it back in the device tree as either unassigned or as a member of the domain it came from. It does not delete the device from the NetSight database.
  6. Click OK.
  7. The selected devices are assigned to the current domain and displayed in the Policy Manager Network Elements tree. (Only devices that support policy are assigned to the domain and displayed in the Policy Manager tree.)

Removing Devices From a Domain

Removing a device from a domain, removes the device from the Policy Manager Network Elements tree and places it in the Unassigned folder in the Assign Devices to Domain window.

  NOTE: Removing a device from a domain does not delete the device from the NetSight database. To delete a device from the database, right-click on the device in the left-panel Network Elements tab, and select Delete from the menu. When a device is deleted from the database, it is automatically removed from the Console and Policy Manager device tree.
  1. If necessary, open the domain that you want to remove devices from.
  2. Select Domain > Assign Devices to Domain. The Assign Devices to Domain window opens.
  3. The right panel displays the current domain and the devices assigned to that domain. To remove a device from the current domain, select the device and click Remove. This removes the device from the current domain and places it back in the device tree as either unassigned or as a member of the domain it came from. It does not delete the device from the NetSight database.
  4. Click OK.

Importing a File into a Domain

You can import policy data from a .pmd file into a Policy Domain.

  1. Make sure that the domain you want to import a file into is your current domain.
  2. Select File > Import > Import From File. The Import from File window opens.
  3. Enter the name and path for the data file (.pmd) you want to import, or browse to the file. If you click Browse, you will see multiple .pmd files to select from. These different PMDs are designed for typical networking requirements. They contain Policy Manager roles and rules appropriate for the specific scenario.
  4. Select the specific data elements you want to import or click Select All to select all the data import options at once. See Data Elements to Import for important information on each element and how they will be imported.
  5. Select how you want the imported data applied to your current domain. Click on the links below for detailed information on how each specific action affects the import of certain data elements.
    • Append data to existing elements
    • Update existing data with elements from domain
    • Overwrite existing elements
  6. Click OK. The data elements will be imported and you will see a message regarding import status.
  NOTE: If you decide that you want to return to the previous configuration (that the import overwrote), you can perform a File > Read Policy Domain operation to restore the configuration, as long as you have not saved the data you imported.

Exporting a Domain to a File

You can export policy data from a Policy Domain to a .pmd file.

  1. If necessary, open the domain that you want to export to a file.
  2. Select File > Export to File.
  3. Navigate to the directory where you want to save the .pmd file.
  4. In the File name field, enter the name of the file with the .pmd extension. Special characters such as  / \ : ? " <  > | are not allowed in the file name. On the Windows platform, the file name is not case-sensitive; therefore, Policy Manager sees X.pmd and x.pmd as the same file name. On the Linux platform, the file name iscase-sensitive; therefore, Policy Manager sees X.pmd and x.pmd as two different file names.
  5. From the Files of type drop-down list, select Policy Manager Database files (*.pmd).
  6. Click Save.

Generating a Policy Report for a Domain

You can generate a summary report of the current domain's policy configuration in PDF format. Each report contains a description of the domain, plus a detailed summary of each of the domain's roles and services, and the rules contained in each service. In addition, the report provides information on the devices assigned to the domain, the domain's Network Resources, Class of Service information (including transmit queues and rate limiting information), and VLAN information.

  1. Make sure that the domain you want to generate a report on is selected as your current domain.
  2. Select Domain > Generate Policy Report.
  3. The report is saved to the following directory: Documents and Settings\<user home directory>\Application Data\NetSight\System\PolicyMgr.

Importing Data from a Domain

You can import policy configuration data from one policy domain into another.

  1. Make sure that the domain you want to import data into is your current domain.
  2. Select File > Import > Import From Domain. (This menu option is not available if only one domain exists, as there are no other domains from which to import data.) The Import from Domain window opens.
  3. Use the drop-down list to select the domain whose data you want to import.
  4. Select the specific data elements you want to import or click Select All to select all the data import options at once. See Data Elements to Import for important information on each element and how they will be imported.
  5. Select how you want the imported data applied to your current domain. Click on the links below for detailed information on how each specific action affects the import of certain data elements.
    • Append data to existing elements
    • Update existing data with elements from domain
    • Overwrite existing elements
  6. Click OK. The data elements will be imported and you will see a message regarding import status.
  NOTE: If you decide that you want to return to the previous configuration (that the import overwrote), you can perform a File > Read Policy Domain operation to restore the configuration, as long as you have not saved the data you imported.

Saving a Domain

After a Policy Domain has been changed, you must save the domain to notify all clients that are viewing that domain of the change and automatically update their view with the new configuration. A Save icon  is displayed in the status bar when you have made changes to the domain that need to be saved. You can save a Policy Domain by selecting File > Save Policy Domain or by clicking the Save toolbar button.

Reading a Domain

Reading a Policy Domain lets you update your current Policy Domain with the latest saved domain data. You can read a Policy Domain by selecting File > Read Policy Domain or by clicking the Read toolbar button.

Renaming a Domain

You can rename the current Policy Domain by selecting Domain > Rename and entering a new name.

Deleting a Domain

You can delete one or more Policy Domains by selecting Domain > Delete.

Related Information

For information on related tasks:

For information on related windows:

top