For each of the physical Remote Console Switches on the network that you want to integrate with Active Directory for Authentication and Authorization, you must create at least one RCS Device Object to represent the physical switch and one Association Object. The Association object is used to link together the users or groups with a specific set of privileges to one or more SIPs. This model provides an Administrator maximum flexibility over the different combinations of users, RCS privileges, and SIPs on the Remote Console Switch without adding too much complexity.
The RCS Device Object is the link to the Remote Console Switch for querying Active Directory for authentication and authorization. When a Remote Console Switch is added to the network, the Administrator must configure the Remote Console Switch and its device object with its Active Directory name so that users can perform authentication and authorization with Active Directory. The Administrator will also need to add the Remote Console Switch to at least one Association Object in order for users to authenticate.
Figure 9‑6 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization.
You can create as many or as few association objects as you want or need. However, you must create at least one Association Object, and you must have one RCS Device Object for each Remote Console Switch on the network that you want to integrate with Active Directory for Authentication and Authorization. The Association Object allows for as many or as few users and/or groups as well as RCS Device Objects. However, the Association Object only has one Privilege Object per Association Object. The Association Object connects the "Users" who have "Privileges" on the RCSs.
Figure 9‑7 shows how you set up the Active Directory objects in this scenario.
Figure 9‑8 shows how you can set up the Active Directory Objects in multiple domains. In this scenario, you have two Remote Console Switches (RCS1 and RCS2) and three existing Active Directory users (user1, user2, and user3). User1 is in Domain1, and user2 and user 3 are in Domain2. You want to give user1 and user 2 an administrator privilege to both Remote Console Switches and give user3 a login privilege to the RCS2.