When deploying CA ControlMinder, you should consider the hierarchy of your environment. At many sites, the network includes a variety of architectures. Some policy rules, such as the list of trusted programs, are architecture-dependent. On the other hand, most rules are independent of the system's architecture.
You can cover both kinds of rules by using a hierarchy. You can define a global database for architecture-independent rules, and give it subscriber PMDBs that define architecture-dependent rules.
Note: The root PMDB and all of its subscribers can reside on the same computer or on separate computers, depending on the physical needs of your environment.
Example: A Two-tiered Deployment Hierarchy
The following UNIX example also applies to a Windows architecture with small modifications.
In the example, the site consists of IBM AIX and Sun Solaris systems. Since the list of trusted programs on IBM AIX differs from the one on Sun Solaris, the PMDBs need to consider architecture dependency.
To set up a multiple-architecture PMDB, set up your PMDBs as follows:
The PMDBs pm_aix and pm_solaris are subscribers of the PMDB whole_world. All IBM AIX computers at the site are subscribers of pm_aix. All Sun Solaris computers at the site are subscribers of pm_sol. The concept is illustrated in the following chart.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|