Partitions Tab

Root SOClosedSecurity officer - UKC partition administrator role. ˃ Partitions

→ presents the following:

Table of Partitions

The table of partitions. Each row presents the following attributes:

Create New Partition

To create a new partition, proceed as follows: 
Root SOClosedSecurity officer - UKC partition administrator role. ˃ Partitions ˃ Create
→The New Partition dialog appears.

This dialog is divided into two parts:

Creating a partition also creates its first client. The client's certificate file <partition name>-<client name>.pfx is downloaded to the browser's default folder.

Note
To run EP UCLClosedUnbound Command Language commands targeting a partition created using UI, register EP as the partition's client. See Registered Clients.

Partition's Bootstrapping Settings

This section of the dialog configures the minimum set of partition settings. Some of these settings are permanent. The rest of the settings are initialized to the default values that may be modified by the partition's SOClosedSecurity officer - UKC partition administrator role.. See Partition Settings in UI.

The settings include:

The First Client Setting

Note
This group of settings may be filled with dummy data if the partition's SOClosedSecurity officer - UKC partition administrator role. can manage the partition without its certificate or the partition is tagged inherited, see Partition Create Tips.

This section of the dialog creates the first partition client and its certificate.

  • Client name - We recommend using the designated client's appliance hostname as the Client name.
  • Client alternative names - An optional field. It allows specifying additional IP addresses and host names in the Subject Alternative Names setting of the certificate.
  • Important
    It is mandatory to provide the designated client's IP address in this field if
    (a) you are creating the certificate with an explicit password, and
    (b) you are planning to enable the check-ip feature on this partition.

  • Client Certificate Options: 
    • Default - use this option to create a certificate that is used internally by the CORE client software. The created certificate is protected by the secret password known to the CORE Client software.

      Note
      The client IP is assigned to the Subject alternative names setting during the client registration.

    • Password - use the explicit password option to create a certificate for applications that require explicit certificate import.

Partition Create Advanced Topics

UI and CLI Differences

Creating a partition using the web console differs from using the ucl partition create command.

  • In the UI case:
    • The appliance running the browser does not become its certified client.
    • In addition to the partition creation, you are prompted to specify its first client and the required certificate type.
  • In the CLIClosedCommand Line Interface case:
    • The appliance executing the command became its first certified CORE client (named by the appliance's hostname).

Partition Create Tips

The Root SOClosedSecurity officer - UKC partition administrator role. can create an initial set of the partition clients, users, and a key material and customize the partition's settings. To follow this approach:

  1. Create the partition as an inherited one.
  2. Navigate to the new partition by performing these steps:
    1. Click the button in the Top pane.
      → The list of the inherited partitions appears.
    2. Click the name tag of the required partition.
      → The user is redirected to the partition's management page.
    3. Click Config Tab ˃ Partition Settings.
      → The partition's settings page appears.
  3. Modify and add:
    • The required partition properties
    • Add users.
    • Add clients.

Note
If needed, to un-inherit a partition, sign in as the partition SOClosedSecurity officer - UKC partition administrator role., and deselect the Inherited partition check-box.

Commands

Root SOClosedSecurity officer - UKC partition administrator role. ˃ Partitions ˃ select a partition ˃ []

→ The list of commands appears.

Reset SO Password

To reset the selected partition's SOClosedSecurity officer - UKC partition administrator role. password, click the Reset button.
→ The Password Reset dialog appears.

Note
To reset the password of any SOClosedSecurity officer - UKC partition administrator role. of any partition, see Rescue Tab.

Recover Partition

This action addresses an unlikely case when:

  • A partition has key material
  • None of the partition clients (including the EP) have the partition certificate

To recover access to a partition, click the Recover button.

→ The Recover Partition dialog appears.

The dialog presents a subset of the Create New Partition dialog.

The recovery does not change the partition settings. However:

  • It deletes all the partition's clients (since they already lost their certificates).
  • It creates a new client and stores its certificate in the default download folder of your browser.

Delete Partition

The system deletes the selected partition if all the following conditions are met: