Overview

The Juniper ATP Appliance Manager of Central Managers (MCM) is a device that provides a centralized Web UI for users that deploy multiple Core/Central Managers (CMs) in various geographic locations. The MCM allows customers with distributed enterprises to consolidate viewing of detected malware incidents occurring on multiple CMs registered to the central MCM.

The MCM Platform device type is represented as “mcm” in the Juniper ATP Appliance CLI. The MCM receives incident data from multiple secondary Central Manager (CM) appliances and displays that data in the primary MCM Web UI.

The MCM Web UI is a subset of the larger Juniper ATP Appliance Central Manager Web UI and includes only the Incidents tab and the Config tab for System Profile configurations, in addition to a device Refresh and Logout tab options.

Figure 1: Manager of CMs (MCM) Web UI

Note that the CM Name column details the name of each incident’s originating Central Manager.

When an admin interacts with an incident in any way from the MCM Web UI (for example, by clicking on an incident to view its details, selecting a mitigation option, downloading IVP, viewing screenshots or traces, and so on) the MCM automatically connects directly to the originating Core/CM containing the incident. In this way, the MCM maintains only incident table data.

The MCM manages a list of its users with admin privileges for viewing Incident details and performing mitigation and allowlist actions, which will be applied only to the CM that generated the incident. SAML and RADIUS is supported for login to the MCM.