Introduction

Clavister InControl is a software product for the monitoring and centralized administration of one or multiple Clavister NetWall firewalls. The product provides an intuitive graphical client which runs on any suitable Windows™ based computer. This computer will sometimes be referred to in this document as the client workstation or as the management workstation.

The Client/Server Architecture

InControl consists of two main software components: the InControl client and the InControl server. One or multiple InControl client computers communicate with an InControl server which runs as a Windows service on the same or different computer. This is illustrated in the diagram below which also includes an InControl Logging Agent (ILA) which captures firewall generated logs for InControl. The ILA can be located on the same as or a different server from the InControl server. Similarly, an InControl client could run on the same computer as the InControl server. All three components are shown running on separate computers in the diagram.

The server acts as a central repository for all cOS Core configuration data and mediates all management communication between the InControl client and devices under InControl control. The diagram above illustrates a possible deployment of InControl with its components distributed across separate computers connected by the Internet. The optional Clavister InControl Logging Agent (ILA) component is a cOS Core log server provided with InControl. All InControl components could reside on the same computer.

Compatible cOS Core Versions

InControl can only be used for management of firewalls running cOS Core version 10.11.00 or later.

An error message will appear when trying to add a firewall if it is running a version of cOS Core that cannot be managed by InControl.

Management Tasks Performed through InControl

The following key tasks can be performed on a NetWall firewall using the InControl client:

Uploading Multiple Configurations

An important benefit of using InControl is the ability to upload common configuration elements to large numbers of Clavister firewalls in a single operation. This feature is vital to reducing the complexity of managing large numbers of firewalls in a complex network topology and is a key reason for using InControl instead of the web interface built into cOS Core.

Comparison with the Web Interface

InControl can perform all the functions of the web interface plus many more. In many cases, the web interface look and feel is duplicated in InControl, as is the way configuration information is displayed. This duplication, however, forms only a subset of InControl's complete feature set.

The most important difference with the Web Interface is that a single Web Interface browser window can be used to manage one firewall at a time. The Web Interface does not therefore provide the ability to share configuration objects between firewalls and define objects that are common to a number of firewalls.

Various other features are also not provided by the Web Interface and include InControl's version control.

Restricting Management Privileges

Not all InControl clients need to have the same management privileges. A single, primary administrator with the username admin always exists that has, by default, full administrative privileges.

Other types of user accounts can be created that have varying degrees of lesser access privileges. A new client account may be defined, for example, that is allowed to only perform real-time monitoring tasks. This topic is discussed further in Chapter 20, User Accounts and Groups.

The InControl SDK

InControl provides the option to write third party applications which take over the role of the standard Clavister InControl client and provide customized functionality. This is done using the InControl SDK. The SDK provides an Application Programming Interface (API) that allows source code to directly access the functions of the InControl server and to manage the devices connected to the server.

This manual does not discuss the SDK further. More information on this topic can be found at http://www.clavister.com and in the separate InControl SDK Guide PDF document. The InControl API is based on the Windows Communication Foundation (WCF) interface which allows code development to be done using any one of a number of programming languages and platforms.

Other InControl Documentation

Further information about using the InControl product can be found in a series of Clavister Knowledge Base articles at the following link:

https://kb.clavister.com

References to specific articles in the Knowledge Base along with a link to those articles can be found throughout this administration guide.