Previous Topic: Issue a Security CommandNext Topic: View Security Object Relationships in the Topology Viewer

Manage Data and ObjectsDefine Security and Policy Administration Nodes

Define Security and Policy Administration Nodes

To use the CA Chorus for Security and Compliance Management discipline in CA Chorus, define the security and Compliance Policy Administration interface nodes whose data you want to monitor and manage. Use the E1MI0014 member in your_chorussec_hlq.CE1MJCL to define nodes for CA Chorus for Security and Compliance Management. The E1MI0014 member lets you define several LDAP nodes for security administration against CA ACF2 and CA Top Secret databases, and policy administration against a policy database.

Follow these steps:

  1. Edit the E1MI0014 member in your_chorussec_hlq.CE1MJCL to specify the following parameters and save your changes:
    SWORKDIR

    Specifies the CA Chorus installation home directory.

    Default: /cai/your_chorussec_hlq

    INSTALL_HOME

    Specifies the CA Chorus installation home directory.

    Default: /cai/your_chorussec_hlq

    NODETYPE

    Determines what type of node is being added. Specify ACF2, TSS, or CMGR.

    LDAP_NODE_DESCRIPTION

    Specifies a description for the CA LDAP Server node that is displayed in the Security Administration or Policy Administration UI.

    LPAR_NODE_HOST

    Specifies the host name that the CA LDAP Server instance is running on.

    LDAP_NODE_PORT

    Specifies the TCP/IP host port where the CA LDAP Server instance is listening.

    Example: 389

    LDAP_NODE_SUFFIX

    Specifies a unique suffix for the CA LDAP Server that is used to determine which defined CA LDAP Server database handles the request from CA Chorus for Security and Compliance Management.

    Example: o=ca,c=us

    Note: You can obtain status and back-end values for CA LDAP Server using the following z/OS modify commands: F LDAPRnn,STATUS and F LDAPRnn,BACKEND, where.nn represents the CA LDAP Server version or release. For example, LDAPRN15,STATUS and LDAPR15,BACKEND.

    E1MI0014 is updated.

  2. Submit the E1MI0014 member in your_chorussec_hlq.CE1MJCL.

    After successful execution (RC=0), the following files are created in <chorus-install-home>/config:

    acf2_config.xml

    Defines CA ACF2 security administration nodes.

    tss_config.xml

    Defines CA Top Secret security administration nodes.

    cmgr_config.xml

    Defines CA Compliance Manager administration nodes.

    The respective nodes appear in the CA Chorus Investigator.

    Note: To correct the security or policy administration node data that is defined in these files, use the E1MDELND member in your_chorussec_hlq.CE1MJCL. E1MDELND lets you delete security or policy administration nodes. For example, if the wrong port or suffix data was entered. For more information about configuring these files, see the CA Chorus for Security and Compliance Management User Guide.

  3. (Optional) Update the xml files created in the previous step as follows to show only product-specific information in the PolicyAdmin UI drop-down selections:
    1. Add the <showProduct> element to the <server_info> of the host node. 
      <showProduct>ACF2,TSS</showProduct>

      Note: This entry shows all external security manager (ESM) types.

    2. Remove the security product or products you do not want to appear. For example, specify the following text to show only CA ACF2 information: 
      <showProduct>ACF2</showProduct>
    3. Save your changes.

    The ESM data that is specified appears in the PolicyAdmin UI. If you are running multiple external security managers and you do not want to restrict the data that appears, skip this step.