Versions Compared

Old Version 1

changes.mady.by.user Naiming Shen

Saved on

compared with

New Version Current

changes.mady.by.user Naiming Shen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • device access
  • application access
  • external access

Each of the policies has allow/disallow settings.

...

All the EdgeView commands (except for TCP commands) are belong to Device Access. If the TCP channel endpoints is part of the Dom0 services, it is considered as Device Access. For instance, access the device meta-data service for the internal bridge.

Application Access

When setting up TCP channel over EdgeView to access the remote-end, if the remote-endpoint belongs to the applications on the EVE device, then the access is Application Access. It can be the VNC port access to the application console, or it can be the SSH or HTTP into the application VM.

In the current implementation of EdgeView, besides the policy allow/disallow for applications on device, it also checks if the application 'Remote Console' access is enabled or not. If the application's 'Remote Console' access is not enabled, even if the EdgeView Application Access is allowed, the TCP access into this particular application will be denied.

External Access

When the TCP channel access remote-endpoint is not on the EVE device (not part of the Dom0 or application domains), then it is considered as 'External Access'. For instance, the 'Local Profiler' Linux server on the same LAN as the EVE device is an 'External' endpoint.