ISA-AA groups and partitions

General information

The NFM-P supports the configuration of ISA-AA groups and partitions. An ISA-AA partition is a unique child object of an ISA-AA group. The partition can be assigned an AA policy. There is no relationship between partitions of different ISA-AA groups. You can configure up to 128 partitions per group.

You can divide an ISA-AA group into partitions that are dedicated to VPN-specific AA services. A partition can have a set of VPN-specific custom protocols, applications, application group definitions, policy definitions, and reporting. Each partition policy can be divided into multiple application QoS policies using ASOs.

To apply one policy to multiple groups or partitions, use a policy sync group; see Policy sync groups.

ISA-AA groups

You can perform the following operations on an ISA-AA group:

• Assign ISA-AA MDAs or ESA VMs and create AA partitions.

• Specify FCs to be diverted for inspection, and choose the AA policy to apply to the group.

• Configure redundancy and a bypass mode to protect against equipment failure.

• Configure QoS on IOMs that host ISA-AA traffic.

• Configure ISA capacity planning using low and high thresholds.

Residential services are an example where all AA services can be configured as part of a single group that includes all ISA-AAs. The configuration provides the management of common applications and reporting for all subscribers and services, with common or per-customer AQP using ASO characteristics to divide the AQP of the ISA-AA into per-application profile QoS policies.

Multiple ISA-AA groups can also be used to create separate services based on different sets of common applications, traffic diversion needs, or different redundancy models.

Multiple ISA-AA groups can be used for:

• a mix of residential and business customers

• different business VPN verticals

• business services with a common template base but different levels of redundancy, FC diversion, or scaling per group

See To configure an ISA-AA group and ISA-AA partitions for information about configuring ISA-AA groups.

ISA-AA partitions

ISA-AA groups and partitions improve the scaling of policies. When partitions are configured, application identification and policy configuration apply only to the specified partitions in the ISA-AA group, and not to any other partition in the AA group. When partitions are not configured, the ISA-AA group acts as a single partition.

Although the definition of application profiles and related ASO characteristics is in the context of a partition, each application profile name in an NE configuration must be unique. Application, application group, and AQP definitions are specific to a partition.

ISA-AA partitions support accounting and customized reporting for every AA subscriber associated with a partition, and allow you to do the following:

• Define different types of reporting and accounting policies for different partitions in a single AA group.

• Display AA group protocol statistics with partition visibility; for example, you can view protocol counts for each partition in a group.

When you create or delete an ISA-AA partition, a default AA accounting policy is automatically created in or deleted from the ISA-AA partition.

See To configure an ISA-AA group and ISA-AA partitions for information about configuring ISA-AA partitions.