Cisco Cisco Evolved Programmable Network Manager 1.2 インストールガイド
17
•
Linux CLI—Linux shell which provides all Linux commands. The Linux shell should only be used by Cisco technical
support representatives. Regular users with system administrators should not use the Linux shell. To use this, you must have
Linux root user access. You cannot reach this shell from a remote computer using SSH; you can only reach it through the
Cisco EPN Manager Admin shell and CLI. This shell is disabled by default for increased security.
support representatives. Regular users with system administrators should not use the Linux shell. To use this, you must have
Linux root user access. You cannot reach this shell from a remote computer using SSH; you can only reach it through the
Cisco EPN Manager Admin shell and CLI. This shell is disabled by default for increased security.
User Types
The following table describes the various Cisco EPN Manager user types.
For information on how to disable the web GUI root user, see the security hardening topics in the
5
Set Up and Install High Availability (Secondary Server)
Consider Network Bandwidth and Latency Restrictions
The HA framework in Cisco EPN Manager is always subject to the following limiting factors, which affect its operations
irrespective of deployment model:
irrespective of deployment model:
•
At least 1 Gb per second of network bandwidth to handle all operations. These operations include (but are not restricted
to) HA registration, database and file synchronization, and triggering failback. As Cisco EPN Manager uses a single physical
port for all its networking needs, it may result in insufficient bandwidth which in turn will affect the HA performance.
to) HA registration, database and file synchronization, and triggering failback. As Cisco EPN Manager uses a single physical
port for all its networking needs, it may result in insufficient bandwidth which in turn will affect the HA performance.
Table 6
Cisco EPN Manager User Types
Cisco EPN Manager
User
User
Description
Cisco EPN Manager
web GUI everyday
users
web GUI everyday
users
Created by the Cisco EPN Manager web GUI root user for day-to-day operations using the web GUI.
These users can having varying degrees of privileges and are often classified into role-based access
control (RBAC) classes and subclasses.
These users can having varying degrees of privileges and are often classified into role-based access
control (RBAC) classes and subclasses.
Cisco EPN Manager
web GUI root user
web GUI root user
Created at installation and intended for first-time login to the web GUI and for creating other user
accounts.
accounts.
This account should be disabled after creating at least one Cisco EPN Manager web GUI user that has
Admin or Super User privileges (that is, a web GUI user that belongs to the Admin or Super Users user
group).
Admin or Super User privileges (that is, a web GUI user that belongs to the Admin or Super Users user
group).
Note
This user is not the same as the Linux CLI root user.
Cisco EPN Manager
CLI admin user
CLI admin user
Created at installation and used for administration operations such as stopping and restarting the
application and creating remote backup repositories. Some tasks must be performed in config mode. (A
subset of these administration operations are available from the web GUI).
application and creating remote backup repositories. Some tasks must be performed in config mode. (A
subset of these administration operations are available from the web GUI).
To display a list of operations this user can perform, enter ? at the prompt.
Cisco EPN Manager
CLI users
CLI users
Created by Cisco EPN Manager CLI admin user for a variety of reasons, using the following command:
(config)# username {
u
sername
} password
{hash
| plain
| remote} {password}
role {admin
| user}
These users may have privileges similar to admin users or lower level privileges as defined during
creation time. (There are variations of this username command.)
creation time. (There are variations of this username command.)
Linux CLI root user
Created at installation and used only by Cisco Support teams to debug product-related operational
issues. This user should be disabled after installation and/or after Linux CLI operations are completed.
issues. This user should be disabled after installation and/or after Linux CLI operations are completed.