Overview of an Application Profile
An Application Profile (or App Profile) is a logical concept used to subdivide a CoIP Platform tenant into different applications that can be managed independently. For example, a tenant for a single customer may serve multiple independent business units - one App Profile may be used to control all Finance applications, while Engineering servers and data use a separate App Profile.
Endpoints onboarded to different App Profiles are not able to communicate with each other. This maintains separation between the servers and data in various App Profiles.
Access Policies and Chamber Policies are scoped at the App Profile level. Access Policies defined in one App Profile are not accessible from another App Profile.
However, certain objects are scoped at the tenant level, and can be used across all App Profiles. These include:
Users and user roles
Address Objects
Service Port Objects
Application Process Objects
Chamber Policy Objects
Changing the definition of objects that have tenant scope, has the potential to affect other App Profiles. Be sure to name objects in a way that helps you manage the scope of your changes.
Creating an Application Profile
To create an App Profile, ensure the proper customer tenant is selected, then click on the App Profile selector and select “Add Application Profile”.
When defining the App Profile, you may select the handling of CoIP LAN traffic (east-west traffic between hosts that can route directly to each other). Checking the “Encrypt CoIP LAN Traffic” option causes all CoIP LAN traffic to be transported through TLS 1.3 tunnels built directly between each host.
You may also select the ports to be used for encrypted (default: 9798) and non-encrypted traffic (default: 9797).
Editing an Application Profile
After creation, you may edit an App Profile by selecting it, then clicking the pencil icon in the selector. This brings up the edit menu, where you can change the name, description, or options for encryption for the App Profile.
Comments
0 comments
Please sign in to leave a comment.