topic Re: SDWAN Infrastructure As Code in Controllers

SDWAN Infrastructure As Code

apfeil — Tue, 17 May 2022 15:17:31 GMT

I was wondering how you can manage SDWAN with IaC and stop somebody from logging into the GUI and making a configuration change. There are some obvious ways as in not giving out admin access to the GUI. However, I was wondering if there were some ways of managing it with IaC that stops a user from making a change.

Re: SDWAN Infrastructure As Code

bigevilbeard — Tue, 17 May 2022 19:37:54 GMT

@apfeil RBAC rules are same for GUI and APIs.

For example if user belongs to operator group, user can only view the information and can't do configuration on vManage GUI and similarly the user will not be able to trigger the API calls related to configuration of policies or templates.

Hope this helps.

Re: SDWAN Infrastructure As Code

apfeil — Tue, 17 May 2022 19:41:42 GMT

But there is nothing in the solution that would stop an admin from logging into a GUI and making a change. I am just wondering how you can keep a git repository as the production running configuration and then merge changes from a git branch as a production change and at the same time a person logs into the GUI as an admin and makes a change.