Most firewalls are administered by a group of administrators and not just by a single individual. In a PNS system each administrator can have their own MC console and administrators can be separated geographically. Regardless of their locations they administer the same set of PNS firewalls through a single MS host machine. Therefore, to avoid configuration errors caused by more than one administrator working with the same component simultaneously, a configuration lock mechanism ensures that a component's configuration can only be modified by a single administrator at a given time. Locking is per component: as soon as you change, for example, a setting in a component, the status bar displays the following string: Unsaved changes and that component is locked for you. Active locks can be viewed at Management > Locks:

Figure 3.21. Management > Locks - Viewing active locks

The Owner column can take two values:

Lock placement is automatic. The first administrator that starts modifying a component's settings gets the lock. In the Active locks column the exact name of the locked component (Site/Host/Component) is displayed. Locks are cooperative, meaning that any administrator can release any other administrator's locks by selecting the desired component in the Lock management window and then clicking Release. The administrator whose lock is released this way is immediately notified in a warning dialog.

It is not possible to edit a component that is already locked by someone else, because a warning dialog immediately appears upon trying to change anything inside the given component:

Figure 3.22. Question on a locked component

As soon as the locking administrator commits the changes, the lock is released and the information box above disappears.

A component can be locked by multiple administrators at once; there is a lock queue mechanism implemented in MS, meaning administrators can preregister for future locks while the current lock is active. Since there is no hierarchy among PNS administrators from MS's aspect and anyone can release anyone else's locks, it is crucial for administrators to cooperate well and respect each other's work – and each other's locks.