Home > Storage > PowerScale (Isilon) > Product Documentation > Management and Migration > PowerScale OneFS Authentication, Identity Management, and Authorization > AIMA access hierarchy
Understanding AIMA requires an understanding of the OneFS network access hierarchy and how the AIMA hierarchy ties into the network hierarchy. The following figure illustrates the PowerScale OneFS network access hierarchy:
Figure 7. PowerScale OneFS network access hierarchy
As illustrated, each Groupnet has a specific DNS and supports multiple subnets. Each subnet supports a SmartConnect Service IP (SSIP) with multiple pools associated with each subnet and SmartConnect Zone Names. For more information about PowerScale network access hierarchy, see the PowerScale: Network Design Considerations white paper.
The AIMA hierarchy ties into the network hierarchy at different levels, as illustrated in the following figure:
Figure 8. PowerScale OneFS AIMA hierarchy
When a client connects to a PowerScale cluster, AIMA plays a role at each level of the network access hierarchy. Recognizing the level at which each component resides is critical. The AIMA access hierarchy is as follows.
Note: Upon initial review, the terms in the figure and in the following description might seem confusing but will become more understandable as you proceed. We recommend that you review this section as each topic is explained and then again after you have reviewed this paper in its entirety.
At the overall cluster level, administrators define the OnDisk ID policy and set ACL policies.