• Define the areas of the wireless network that individual IT administrators (users) can manage.
• Customize virtual domain names by geographical regions, customer names, building, campus, or other customized parameters to meet each organization's individual needs.
• Create up to 128 distinct hierarchical virtual domains.
• Maintain tight control of the wireless network infrastructure that is managed by each IT administrator.
Group-By Hierarchical Domains
Figure 1. Cisco WCS Virtual Domains Grouped by Hierarchical Domains
Robust IT Administrator Access Control
Figure 2. Assigning an IT Administrator (User) To One or More Virtual Domains
Note: IT administrators (users) will automatically be placed in the root virtual domain during the upgrade of Cisco WCS to WCS Software Release 5.1 or later. Organizations must create each virtual domain under the root domain and assign users to each virtual domain.
Note: If an AAA server is used to authenticate users, the format of the virtual domain attribute value must be exported to the AAA server. Both TACACS+ and RADIUS servers are supported.
Simplified Configuration of Virtual Domains
Figure 3. Cisco WCS Virtual Domains Administration Configuration Screens
Deployment Configuration Options
• Distributed controller deployments: A dedicated controller is deployed for each virtual domain. Configuration of each controller and its associated access points can be applied in a standalone manner within each individual domain.
• Centralized controller deployments: Controllers are shared across multiple virtual domains. Each IT administrator is able to monitor and view the controller that is part of their domain, but they are not able to configure the controller or its associated access points. In this type of deployment, configuration of shared controllers can only be completed by the IT administrator with access rights to the top-most level of the virtual domain hierarchy.
• Infrastructure components include wireless LAN controllers, lightweight access points, standalone (autonomous) access points, configuration templates, rogue access points, rogue ad hoc access points, summary page, events, reports, alarms, tags, clients, and chokepoints.
• Service entities include guest access, Cisco 2700 Series Wireless Location Appliance and Cisco 3300 Series Mobility Services Engine (MSE).
• Geographic regions include maps, buildings, floors, and campus areas.
Figure 4. Cisco WCS Virtual Domains Assigned by Organization Name
Figure 5. Cisco WCS Virtual Domains Assigned by Geographic Regions
• Enhanced access control that allows organizations to limit an individual IT administrator's access to only those wireless network segments that are under the IT administrator's individual responsibility.
• Reduced operational costs through the use of a single, centralized Cisco WCS platform to support multiple IT administrators, each of whom has access to only those domains to which they have been assigned.
• Operational cost savings through error reductions because each IT administrator can only make changes to the areas assigned to them.
• Improved productivity because each IT administrator is notified about only the alerts and alarms within their assigned virtual domains. For example, in Figure 1, IT Administrator #2 will only see alerts and alarms for the Central Region and IT Administrator #3 will only see alerts and alarms for the Eastern Region.
• Scalable, simplified WLAN management of all local, remote, and worldwide locations from an easily accessible, centralized management console.
• Managed service providers can easily manage multiple customer WLANs from a single Cisco WCS platform.
• Cisco Unified Wireless Network
• Cisco Wireless Control System (WCS) running Software Release 5.1 or later
• Cisco Aironet® Access Points
• Cisco Wireless LAN Controllers