Previous Topic: How the Migration Process Works

Next Topic: How Policies Are Initially Sent to a Migrated Endpoint

Upgrade GuideMigrating PMDs to an Advanced Policy Management EnvironmentHow the Migration Process WorksHow Policies Are Created and Assigned

How Policies Are Created and Assigned

When you migrate from a PMD environment to an advanced policy management environment, you use CA Access Control to create policies from the rules in the PMDB and assign the policies to host groups on the DMS.

The following process explains how CA Access Control creates and assigns policies:

  1. CA Access Control exports the rules in the PMDB to a policy file.

    Note: You can specify that CA Access Control only exports rules that modify resources in a particular class.

  2. CA Access Control changes each rule that creates a new resource or accessor to a rule that modifies the resource or accessor. For example, CA Access Control changes all newres rules to editres rules.

    This step prevents the deployment errors that result if you deploy a rule that creates a new resource or accessor more than once to the same endpoint.

  3. CA Access Control creates a host group (GHNODE object) that corresponds to the PMD on the DMS.
  4. For each endpoint subscriber that is listed in the PMDB, CA Access Control checks if a corresponding host (HNODE object) is already created in the DMS.

    Note: CA Access Control does not create hosts that correspond to subscriber PMDBs.

  5. CA Access Control uses the rules in the exported policy file to create a POLICY object in the DMS.

    Note: CA Access Control does not create an undeploy script for the POLICY object.

  6. CA Access Control assigns the POLICY object to the host group that it created in Step 3.

More information:

Migrate a PMDB