Previous Topic: How the Migration Process WorksNext Topic: How Policies Are Initially Sent to a Migrated Endpoint


How Policies Are Created and Assigned

When you migrate from a PMD environment to an advanced policy management environment, you use CA ControlMinder to create policies from the rules in the PMDB and assign the policies to host groups on the DMS.

The following process explains how CA ControlMinder creates and assigns policies:

  1. CA ControlMinder exports the rules in the PMDB to a policy file.

    Note: You can specify that CA ControlMinder only exports rules that modify resources in a particular class.

  2. CA ControlMinder changes each rule that creates a new resource or accessor to a rule that modifies the resource or accessor. For example, CA ControlMinder changes all newres rules to editres rules.

    This step prevents the deployment errors that result if you deploy a rule that creates a new resource or accessor more than once to the same endpoint.

  3. CA ControlMinder creates a host group (GHNODE object) that corresponds to the PMD on the DMS.
  4. For each endpoint subscriber that is listed in the PMDB, CA ControlMinder checks if a corresponding host (HNODE object) is already created in the DMS.

    Note: CA ControlMinder does not create hosts that correspond to subscriber PMDBs.

  5. CA ControlMinder uses the rules in the exported policy file to create a POLICY object in the DMS.

    Note: CA ControlMinder does not create an undeploy script for the POLICY object.

  6. CA ControlMinder assigns the POLICY object to the host group that it created in Step 3.