Realm Overview
Realms and Tenant Systems
Realms are a way to partition configurations and apply different security policies to SRX Series Firewalls and tenant systems. When you associate a device or tenant system with a realm in Juniper ATP Cloud, that device receives the threat management features configured for the realm. You can also provide different levels of administrator access to individual realms.
Unlike physical devices, which automatically make submissions to the realm they are enrolled in, tenant system submissions are ignored until they are explicitly associated with a realm using the Realm Management page in the Juniper ATP Cloud Web UI. See Realm Management for those instructions.
For example, if a managed security service provider (MSSP) partitions customers by realm and then associates all SRX Series tenant systems for an individual customer with their assigned realm, that MSSP can deliver targeted threat prevention policies to multiple customers while allowing administrators to easily switch between realms for monitoring purposes.
Alternatively, if customers are partitioned by tenant system, an MSSP could configure a one-to-one mapping of realms to tenant systems for each customer.
For monitoring, each tenant system is included in log file events and different administrators can be given varying levels of access to each realm. The main realm to which other realms are attached would then serve as a “super realm” that provides a global view of key statistics across all realms. To configure monitoring access to a realm, log into the realm as a “system administrator” and add users with the role of “observer.” See Create and Edit User Profiles for details.
Configuration Overview
Attach new realms to the current realm (the realm you currently logged into) in Juniper ATP Cloud by navigating to Configure > Misc Configuration > Realm Management. You must enter a Username and Password for the realm in order to attach it.
All the devices and tenant systems on the Enrolled Device page appear in the Realm Management page where you can change their realm associations. See Realm Management for details.
You should be aware that when you associate realms with devices or change those associations, it changes the way threat management is delivered to those devices, which can affect anti-malware and security-intelligence policies. Be sure all changes in realm/device associations are well-planned and that the consequences are intentional.
Easily alternate between realms using the Realm field at the top right of the Web UI. Click inside the realm name field and a drop-down with all available realms appears. Select a new realm to view configurations for that realm. Note that switching between realms is not available for all Web UI pages, only applicable ones.
You cannot create new security realms from the Realm Management page. To create a security realm, log out of the Web UI. Access the login screen and click the Create a security realm link on the bottom left of the login window.
SRX Series and Tenant System Enrollment
When an SRX Series Firewall is enrolled to Juniper ATP Cloud, any tenant systems configured on the device are also enrolled. The names of associated tenant systems appear in the Host name field after a colon on the Devices page in ATP Cloud. For example, when you run the enroll script on an SRX Series Firewall with the host name SRX650, that host name appears in the list of enrolled devices. If SRX650 has several tenant systems, you would have multiple host name entries starting with SRX650 followed by a colon with the name of the tenant system. For example, SRX650:subdomain1.