| Home Prev |  InControl 3.19.01 Administration Guide
|
Next |
|---|
The concept of folders can be used to organize groups of cOS Core objects into related collections. These work much like the folders concept found in a computer's file system. For example, a group of related address book IP objects can be put into an address book folder.
An alternative to using folders for organizing objects is using configuration object groups. Object groups allows the administrator to gather together and color code configuration objects under a specified title text so their relationships are more easily understood when they are displayed in a cOS Core graphical user interface. Unlike folders, they do not require each folder to be opened for individual objects to become visible. Instead, all objects in all groupings are visible at once.
Object groups can be used not only for address book objects but in most cases where cOS Core objects are displayed as tables and each line represents an object instance. The most common usage of this feature is likely to be for either the cOS Core Address Book to arrange IP addresses or for organizing rules in IP rule sets.
An Object Group Example
The example below shows the InControl client display of a simple IP rule set containing just five rules.
Shown below, is an example of how object groups could be applied to better display the relationships between the individual objects. One group is defined for the lannet related rules (green), one for the dmznet rules (orange) and another for the single rule that drops and logs remaining traffic (blue). Each group has an explanatory title at its head and each has a distinct color coding for its members.
![[Tip]](images/tip.png) |
Tip: Object groups help to document configurations |
|---|---|
|
Object groups are a recommended way to document the contents of cOS Core configurations. This can be very useful for someone seeing a configuration for the first time. In an IP rule set that contains hundreds of rules it can often prove difficult to quickly identify those rules associated with a specific aspect of network operations. |
Object Group Usage with the Web Interface
Object groups are used in the same way in both the Web Interface and InControl. The description in this section applies to how the feature is used in either user interface. Both provide the same options for manipulating groups although there are some small layout differences.Object Groups and the CLI
It is important to understand that object group feature in the Web Interface or InControl is a means of organizing the visual presentation of information so that the administrator can easily see how objects are related. It does not collect together objects into logical groups within cOS Core.This display only function means object groups do not have relevance to the command line interface (CLI). It is not possible to define or otherwise modify object groups with the CLI and they will not affect CLI output. The creation and editing of object groups must be done through the Web Interface or InControl and this is described next.
As an example of how to define a configuration object group, consider the IP rule set main containing just two entries that allow web surfing from an internal network and a third Drop-all rule to catch any other traffic so that it can be logged:
If it is desirable to create an object group for the two web surfing IP rule set entries then this is done with the following steps:
A group is now created with a title line and the IP rule set entry as its only member. The default title of "(new Group)" is used.
The entire group is also assigned a default color and the group member is also indented. The object inside the group retains the same index number to indicate its position in the whole table. The index is not affected by group membership. The group title line does not have or need an index number since it is only a textual label.
Editing Group Properties
To change the properties of a group, right-click the group title line and select the Edit option from the context menu.
A Group editing dialog will be displayed which allows two functions:
Specify the Title
The title of the group can be any text that is required and can contain newlines as well as empty lines. There is also no requirement that the group name is unique since it is used purely as a label.
Change the Display Color
Any color can be chosen for the group. The color can be selected from the 16 predefined color boxes or entered as a hexadecimal RGB value. In addition, when the hexadecimal value box is selected, a full spectrum color palette appears which allows selection by clicking any color in the box with the mouse.
In this example, we might change the name of the group to be WebSurfing and also change the group color to green. The resulting group display is shown below:
A change to any color in the 16 color palette can also be achieved by right-clicking the group title line and selecting the Group Color option.
Adding Additional Objects
A new group will always contain just one object. Now, it is possible to add more objects to the group. By right-clicking the object that immediately follows the group, the Join Preceding option is selected to add it to the preceding group.
After performing a join for the second IP rule set entry in this example, the result will be the following:
To add any object to the group we must first position it immediately following the group and then select the Join Preceding option. This is explained in more detail next.
Adding Preceding Objects
If an object precedes a group or is in any position other than immediately following the group, then this is done in a multi-step process:Right-click the object and select the Move to option.
Enter the index of the position immediately following the target group.
After the object has been moved to the new position, right-click the object again and select the Join Preceding option.
The other move operations of Up, Down and To Bottom also only move an object within the context of its group and not. However, the index number of a moved object will always change to reflect its new position within the entire list.
Moving Groups
Groups can be moved in the same way as individual objects. By right-clicking the group title line, the context menu appears and includes the full set of Move options. For example, selecting the Move > To Top option for the group title, moves the entire group to the top of the object list.Moving a group, moves all its members at the same time and results in all objects in the entire list being assigned a new index number.
Leaving a Group
A single object can be removed from a group by right-clicking it and selecting Group > Leave from the context menu.
If the object is not the last object in the group, leaving the group has the additional effect of moving the object down to a position immediately following the group. This is done because all objects in a group must appear consecutively in the object list.
A group automatically disappears when it has no members left. If a group has just one member left and that member is removed from the group, the group disappears. If a group has a large number of objects then the group can be removed by selecting all of its member objects and choosing the Group > Leave option from the context menu.When a group is removed, the group title line and color coding disappears. Individual object index positions within the table are not affected when a group is removed.
Groups Cannot Contain Folders
It is important to distinguish between collecting together objects using a folder and collecting it together using groups.Either can be used to group objects but a folder is similar to the concept of a folder in a computer's file system. However, a folder cannot be part of a group. Groups collect together related basic objects and a folder is not of this type. It is possible, on the other hand, to use groups within a folder.
It is up to the administrator how to best use these features to best arrange cOS Core objects.
