Creating SDX Administrative Domains
SDX administrative domains feature helps you to create multiple administrative domains. You can use the administrative domains to segregate resources for different departments. Administrative domains can therefore improve control over resources, and the resources can be distributed among various domains for optimal use.
A SDX appliance is shipped with fixed resources, such as CPU cores, data throughput, memory, disk space, SSL chips, and a specific number of instances that can be provisioned. The number of instances that you can create depends on the license.
A SDX appliance supports up to three levels of administrative domains. When the appliance is shipped, all the resources are allocated to owner.
Any administrative domains that you create are subdomains of the owner domain. In each case, the subdomain’s resources are allocated from the parent domain’s pool of resources. The users in an administrative domain have access to that domain’s resources. They do not have access to the resources of other domains at the same hierarchical level, nor to the parent-domain resources that have not been specifically allocated to their domain. However, users in a parent domain can access the resources of that domain’s subdomains.
Examples of Allocating Resources to Subdomains
Table 1 lists the resources of a root domain named nsroot (which is the default name of the root domain). The SDX administrator can allocate these resources to subdomains. In this case, the administrator can allocate a maximum of, for example, 10 CPU cores and 840 GB of disk space.
Table 1. Owner Resources | | | | —————– | —– | | CPU core | 10 | | Throughput (Mbps) | 18500 | | Memory (MB) | 87300 | | Disk Space (GB) | 840 | | SSL Chips | 36 | | Instances | 36 |
Table 2 lists the resources allocated a subdomain named Test. This subdomain has been allocated 5 of its parent domain’s 10 CPU cores, leaving 5 cores that can be allocated to other subdomains of Owner.
Table 2. Test Domain’s Resources
|Disk Space (GB)||40|
When creating subdomains, the Test domain administrator can allocate only the resources listed in Table 2. The Test domain can have only one level of subdomains, because only three levels of domains can be created.
The following figure shows another example of resource allocation among subdomains, using different values from the ones listed in tables 1 and 2.
To create an administrative domain, navigate to Configuration > System > Administrative Domain and select the options that you want. follow the on-screen instructions. Once a new domain is created, log in to the newly created domain by using the Management Service’s login page and provide the domain name and user name in the User Name field. For example, if you created a domain named NewDomain with a user NewUser then login as NewDomain\NewUser.
Assigning Users to Domains
When a sub-domain is created, two user groups are automatically created: an admin group and a read-only group. By default, each user is the part of the admin group. A user can be added to multiple groups.