3.4.4 Evaluating operations for access control by device

After you have determined the service template and the target devices (connection destinations) for services, evaluate basing access control on use of the management functions of the connection destinations. For details about the prerequisites for using the management functions of connection destinations, see A.2 Prerequisites for connection destinations .

To restrict access to connection destinations, you must specify the IP address (or host name) for each connection destination, and register the service groups that can access each connection destination. Therefore, you must evaluate the following items in advance.

Table 3‒3: Settings in the connection destination definition
Classification	Item	Description
Connection destination information	Service group	Specify the name of a service group to be associated with the connection destination. The services in the specified service group can access only the specified connection destination. If `DefaultServiceGroup` is specified, the services in `DefaultServiceGroup` can access all connection destinations.
	Connection destination type	Select one of the following types: Host name IPv4 IPv6
	Connection destination	Specify a connection destination appropriate for the selected connection destination type. You can specify a single connection destination, a range of connection destinations, or all connection destinations.
Authentication information^#1	Protocol	Select one of the following authentication protocols according to the connection destination device: Windows device: `Windows`^#2 UNIX device: `SSH` (password authentication, public key authentication, or keyboard interactive authentication) Other devices that support `SSH` or Telnet: SSH or Telnet
	User ID^#3	Specify the user ID of a user who can remotely log in to the host at the connection destination.
	Password^#3	Specify the password for the user ID.
	Superuser password^#3	If you selected SSH or Telnet as the protocol, specify the superuser password for the host at the connection destination.

The authentication method depends on the definition of the plug-in. That is, authentication is performed based on the information specified in the plug-in property or based on the information in the connection destination definition. If authentication is performed based on the information specified in the plug-in property, authentication information in the connection destination definition is not used.

If you select Windows, SMB and WMI are used.

Whether you need to specify a user ID, a password, and a superuser password depends on the type and setting of the plug-in. For details, see Information set in definitions of Connection Destinations in the JP1/Automatic Operation Administration Guide.