This article provides information on our sub-estate and role-based administration features which combine to create an effective tool for delegating network security management among IT staff in your organization.
Applies to the following Sophos product(s) and version(s) Enterprise Console 4.5.0Enterprise Console 4.7.0Enterprise Console 5.0.0Enterprise Console 5.1.0
Sub-estates are logical subdivisions of your network. Most often, they are the same as your distinct sites, such as a branch office in another city or a manufacturing site in another country. But sometimes you need to set up sub-estates because you have more than 25,000 endpoints that will be managed by Enterprise Console. In this case, you may choose to create one sub-estate for your sales and marketing endpoints, another for your production endpoints and yet another for all of the other departments in your organization. In educational establishments, you may have one sub-estate for the endpoints in the humanities and another for the endpoints in the sciences and all other faculties.
Role-based administration refers to the logical subdivision of responsibilities in each of the sub-estates. For instance, from our previous example, there may be one IT manager in the school of arts and humanities, but three other IT staff of various rank who have different responsibilities over the endpoints computers in that same school. Some of those people may work on a helpdesk within computer labs to help students with immediate problems on computers. These staff may not be responsible for planning security policies. The role that you choose for each individual will reflect these differences in responsibility.
We recommend following these steps when designing your sub-estates and the roles for your network:
Bear in mind that you will definitely want some people to have limited rights on more than one sub-estate in order to provide cover for staff vacation and sick days. The System Administrator always has full rights on all sub-estates.
Knowing which computer groups go into each sub-estate in advance will save you time and effort if you must move groups (and computers) between sub-estates later.
Tous les commentaires envoyés sont lus par un membre de notre équipe. En revanche, nous ne répondons pas aux questions techniques spécifiques. Si vous avez besoin d'assistance technique, veuillez poser votre question sur notre communauté. Pour tous produits sous licence, veuillez ouvrir un incident support.