Sub-section 4 of7
In Progress

Creation and configuration of Domain Roles

Evan Linwood November 24, 2021

The next step towards configuring an overall platform integration setup within ArenaCore is to define a Domain Role item within the Directory Manager.

Note that ArenaCore Roles are a generalised way to define a group of security items that can be assigned under the ‘umbrella’ of a single Role within the ArenaCore access rights structure.

The term ‘Domain’ is used in this context because we are wanting ultimately to capture changes against Resources within a given sub-domain of all resources owned by the customer organisation. Domain Roles therefore are a specialised type of Role that supports handling of Domain type Policy Item and Policy Item Value items (described previously).

Additionally, Domain Roles are where ‘Resource Filtering’ rules are defined. These rules are used to define which types of resources should be captured within the scope of this Domain Role. In the case of Physical Resources, filtering is currently supported by Manufacturer. This allows changes to resources that have been sourced from different manufacturers to be routed ultimately through to different management platforms.

Note that support for Logical Resource filtering is available also, however some additional extensions to the ArenaCore platform message handling model and logic are needed before it will be possible to manage changes against Logical resource fully through to external management platforms. This is not likely to be very far away, however it is best to avoid using Logical Resource filtering for the time being.

Once a Domain Role has been created, it can then be used within the context of a Management Domain (described in the following pages).

In order to create a Domain Role, first open the Directory Manager from the main workspace of the ArenaCore Administration Application (if it is not already open).

Next, select the desired Organisation Unit under which the Domain Role being created should be situated.

Once the desired Organisation Unit has been selected, it is a good idea to select the ‘Roles’ tab such that any newly created Domain Role items will become immediately visible following creation.

Next, initiate the creation of a new Domain Role item by clicking on the primary green ‘Create’ button, and selecting ‘Create Domain Role’ from the drop down menu.

This will result in a Domain Role Editor being presented. The first task here is to assign a name for the Role:

Following this, the Policy Item/Value that was created in the previous step can now be added to the Domain Role. This is done by selecting the ‘Add Operation’ menu item from the TASKS menu above the ‘Operation Assignments’ list:

Note that ‘Operations’ are a generalised way to refer to security related rights within ArenaCore – in this case meaning the right to publish messages out to one or more specific messaging channels (Kafka topics).

Once the ‘Add Operation’ selection has been made, a dialog will be presented listing the Domain type Policy Item/Value ‘Operations’ that have been created in the previous step. These can be described as being ‘Domain Operations’. Domain Operations are grouped here by Policy Item name, and need to be expanded to reveal the Policy Value items that they contain:

Next, expand a Domain Policy Item, and select a desired Policy Value (Domain Operation):

Click the ‘Add Selected Operations’ button to add your selection to the ‘Operation Assignments’ list.

Following this, it is necessary also to select at least one Resource Filter. This is accomplished by selecting the ‘Add Resource Filter’ menu option from the TASKS menu situated above the Resource Filters list:

Once the ‘Add Resource Filter’ menu option has been selected, a dialog will appear:

Within this dialog it is necessary to select whether the filter will collect Physical or Logical resources, and to specify for which manufacturer:

Once a selection has been made, it is now possible to save the entire Domain Role using the Save or Save & Close buttons:

Note that within the overall Domain Role context, Domain Operations are not grouped within Resource Filters, or vice versa. Resources that match the filter rule(s) described will be included for event generation across Kafka topic channels defined by all Domain Operations (Domain Policy Item/values) that have been selected.

The final step required to configure the ‘ArenaCore’ end of an external management platform integration is the Creation and management of ArenaCore Management Domains.