How to enable global operations (or account scope) in Capture Client
02/22/2021 0 581
This article attempts to explain global operations (or account scope) in Capture Client and how partners can enable this functionality
Global operations consists of
The concept of Accounts is introduced in Capture Client 3.5. Accounts are containers of
multiple tenants and can be used to define global policies to be applied across multiple tenants managed by
the same organizations – as is typical of Managed Security Services Providers (MSSPs) or distributed
enterprises that are split into multiple tenants for separate governance.
By default, all tenants will be created within a SonicWall-managed Account, which will only have a default
policy pre-configured but will not be updated. MSSPs and Distributed Enterprise customers can get their own
accounts to better manage multiple tenants.
With this change, there is now a multi-tier hierarchy of “scope of operations” within Capture Client. By
selecting a scope from the Scope selector, your operations will be made specific to the Account, Tenant or
Group. See Using Scope Selector. The available scopes are: Account scope, Tenant scope & Group scope
Inheritance refers to the ability to configure a policy at a child scope to be automatically inherited from the policy of a parent scope. For example: If an MSSP has a baseline policy for Threat Protection, they can configure it at the Account level and enable inheritance for every new tenant they provision. If inheritance is enabled, any changes to the policy at the parent level are automatically propagated to child scopes. Inheritance propagates from Accounts to Tenants and from Tenants to Groups. And if inheritance is enabled at the Tenant and Group level, the account policy is effectively applied to the Group level.
For more details please refer to https://www.sonicwall.com/support/technical-documentation/docs/capture_client-protecting_assets/Content/Scope-And-Policies/scopes-and-policies.htm/.
Guidelines for enablement
This functionality is available for our MSSP partners. Please reach out to your Sonicwall Sales representative with below details for enabling the same
- Email addresses corresponding to your MySonicWall account(s).
- Specify which MySonicWall account(s) should have admin privileges with access to account level policies.
Please note any group/tenant level inheritance flags will be retained after account scope is enabled. If you have any existing tenants running older versions of Capture Client (3.1 or earlier) and want to retain them, they need to be moved to a new MSW account. In that case, your regular MSW account will be activated account scope for global operations. Please mention this in your request to sales rep.