Micetro Takes Role Based Access Control to the Next Level with Micetro 10.1
Oct 25th, 2021
On October 19th, 2021 Men&Mice announced the new release of our Micetro software focused on consistently improving the ability for our customers to embrace sustainable networking. The main focus of this release is around Access Management, which is what I’d like to concentrate on in this blog. However, I’d be remiss not to mention some of the other capabilities which have now been added and improved in the Web UI:
· Access Management - Now a pure Role-Based Access model. Permissions may only be granted by assigning a user or group to a role. Assign roles to all objects or specific objects in Micetro.
· Active Directory Sites - Add new AD forests, optionally set them as read-only. View and manage multiple forests, sites, and subnets in an organized way all in the Web UI.
· Folders and Smart Folders - Users may create and remove Folders. New dynamic Smart Folders functionality replacing Saved Filters. Smart Folders may be nested under regular Folders or other Smart Folders.
· General Subnet Management - Specify network type from creation: Network, DHCP Scope, or Container. Join and split ranges easily all from the Web UI.
· SNMP Profiles - Synchronize IP addresses and subnets found on routers with the Micetro database and bulk add or edit routers from the Web UI
· License Management - View all your license modules in the Web UI, expired licenses, and usage of your licenses. Get license details at any time and easily contact Men&Mice with this information.
Role-Based Access Control, or RBAC, is not a new concept. I remember studying it 20 years ago when I was working on my MCSE certification. Certainly Microsoft uses the concept in Active Directory and in fact, RBAC was available in Micetro previously. The change we’ve made in Micetro is that it’s only RBAC now, meaning you can only add permissions to a role and then you add users or groups to that role.
Permissions could be considered to be ground zero when we’re talking about security. Many times having proper permissions will just save you from accidental changes that may cause problems, not to mention intentional or malicious activity. It was complex when we may have only been talking about Active Directory, but when you add in multicloud factors with multiple access models, you can imagine how difficult that can be.
Being able to create the right roles that can be used across multiple platforms (in the cloud and on-prem) then, becomes the most secure and simplest way to ensure your users are getting the correct permissions. It also ensures that adding new users with the correct permissions, or more importantly taking users out of a role because they’ve left the company is invaluable.
We’ve all done it before, just assigned ourselves as a Super Admin, or just run a quick sudo -su so we don’t have to deal with any access errors. The problem when we do that, though, is that human error can often occur and possibly cause chaos in a production environment. This is when large companies usually “blame the intern.” However, the intern really shouldn’t be blamed ever, because they shouldn’t have had access to cause the problems in the first place.
There’s a principle that’s often talked about, but not always implemented, and that is the principle of least privileges. The idea of this principle is that a user needs only the minimum access privileges necessary to perform a specific job and nothing more. So, if someone only needs to view DNS information, they should not have any change or remove privileges. Nor should they have access to DHCP at all, for example. In this case, very few users should have super admin privileges, and even when they do, they shouldn’t be using them for day-to-day work.
Micetro 10.1 arrives with a new role-based access model that correlates with the needs of enterprise network environments in 2021. The access management in Micetro 10.1 simplifies permissions and their configuration. Built-in roles are designed to cover the majority of network access needs, with functionality to support less common use cases as well. There are two new built-in roles, which are DNS Viewers and DHCP Viewers, but IT teams may also create their own roles. There is also the ability to apply these roles to the entire system or to apply roles to specific objects, such as DHCP ranges or DNS zones.
Note: If you’re already a Micetro user, your current permissions will still work after you upgrade. Legacy roles will automatically be created and users will retain their permissions.
“The new access management model will significantly improve usability and oversight, and therefore, the quality of life for our customers,” says Sigfus Magnusson, CTO at Men&Mice. “Modern, diverse networks that are managed with often globally distributed teams need a reliable, intuitive, and secure method to control access to tens of thousands of network assets. Micetro’s new access controls streamline this traditionally byzantine area of management.”