Using Realms and Communities
When you set up realms and user communities, AMC enables you to specify which access agents are
provisioned to members of the communities. You also have the option of classifying community members’
devices into “zones of trust.” The following illustration shows how a realm authenticates users, assigns them to
communities to provision access agents and, with End Point Control enabled, assigns community members to
different zones based on the trustworthiness of their computers.
If your network uses only one authentication server to store user information, then you probably need to create
only one realm in AMC. If your network uses multiple authentication servers, you must create at least one realm
for each of them. You can also create multiple realms in AMC that reference separate user populations in a
single external repository.
Using only one authentication realm doesn’t limit your ability to create subsets of users based on their access
needs or other security considerations, because realms must be associated with communities of users. A
community can consist of all users in a realm or only selected users; it is used to deploy access agents and to
enforce End Point Control restrictions for members of a community. For information on communities, see Configuring an SMA Appliance to Send RADIUS Accounting Records to a Firewall.
Was This Article Helpful?
Help us to improve our support portal