Version 3.1 SP2 Reference Guide - Extreme Networks

Administering RidgelineBy default, Ridgeline provides its own authentication and authorization for Ridgeline users. However,through the Ridgeline Administration window, you can configure Ridgeline to act as a RemoteAuthentication Dial In User Service (RADIUS) client, allowing it to use an external RADIUS server toauthenticate Ridgeline users. Alternatively, you can configure an external RADIUS server to return userrole information as well as user authentication. Or you can configure Ridgeline to act as a RADIUSserver; however, the RADIUS server built into Ridgeline should only be used for demonstration ortesting purposes. It should not be used to provide primary authentication services in a productionenvironment.Finally, the Ridgeline Administration window provides an interface that allows a Ridgelineadministrator to modify a number of properties that affect the performance and configuration of theRidgeline server. These properties are stored in the Ridgeline database along with other Ridgeline data.Administration FunctionsUnlike many of the other Ridgeline functions, the Administrator function does not provide access to itsfeatures through menus. Instead, functional areas are accessed through tabs in the RidgelineAdministration window.The Ridgeline Administration window provides the standard Ridgeline menus (File, Tools, and Help).Right-click pop-up menus are not available in this feature.Ridgeline Access RolesThe Ridgeline server provides four predefined roles that define levels of access to Ridgeline functions:AdministratorDisabledManagerMonitorUsers who can create, modify, and delete user accounts, and can create or modifyroles. By default Administrators also have read/write access to all other Ridgelinefeatures, enabling them to modify device parameters as well as view status informationand statistics.Users whose account information is maintained, but who do not have Ridgeline access.Users who, by default, have read/write access to all Ridgeline features (but do nothave Administrator capabilities). They can modify device parameters as well as viewstatus information and statistics.Users who, by default, have read-only access to Ridgeline features—they can viewstatus information and statistics.The access for each of these roles can be specified on a feature-by-feature basis. With the exception ofthe Disabled role, access to Ridgeline features can be changed or disabled per feature (see “Adding orModifying a Role” on page 462). A Ridgeline Administrator can also create new roles as needed. Theseroles can have any combination of access to features. While access to Ridgeline features can be changedor disabled for the Administrator role, the administrator’s ability to create, modify, and delete useraccounts and roles cannot be changed.The four predefined roles cannot be deleted.In addition to modifying Ridgeline feature access through roles, an Administrator can disable access toindividual Ridgeline features on a global basis. When a feature is globally disabled, it cannot be enabledfor any roles. See “Features Properties” on page 472 for information on globally enabling or disablingRidgeline features.458Ridgeline Reference Guide