The two options for configuring a Web Agent are:
Indicates that the Web Agent is configured from the Policy Server. The policy store holds the set of configuration parameters to be used by a group of Web Agents. Parameters are configured using the Administrative UI.
The Agent configuration is specified in an Agent Configuration Object.
Note: Central configuration does not apply to RADIUS, EJB, Servlet, or Custom Agents—those Agents can only perform local configuration.
Indicates that the Web Agent is configured from a local configuration file on each web server where the Agent is installed.
You can store some parameters centrally and others locally.
Note: You can only enable and disable the Web Agent from the local Agent configuration file, not from the Policy Server. This is true whether you are configuring centrally or locally.
When you centrally configure Web Agents, the settings are stored in the policy store, not on a local configuration file on a Web Server.
Compared with local configuration, central configuration provides:
On the Agent-side of a CA SiteMinder® network, there are several main components involved in Web Agent operation:
Virtual interface to a Web Server; triggers rules and enforces policies
A client computer where one or more Web Agents is installed. It handles the connection to the Policy Server. The term trusted host refers to the physical system. You can have more than one trusted host on a physical server, but each must be identified by a unique name.
The trusted host is “trusted,” because it is registered with the Policy Server. You must register a trusted host so the Web Agents installed on that host can communicate with the Policy Server.
A trusted host is identified by the following data:
Stored on the web server where the Agent resides, this file is used for local configuration. It holds the Agent configuration parameters for each Web Agent. All Web Agents use the WebAgent.conf file; however, the IIS 6.0 Web Agent uses WebAgent.conf file only for core settings needed for the Agent to start and connect to a Policy Server. For its configuration settings, the IIS 6.0 Web Agent uses the LocalConfig.conf file. There is a pointer to the LocalConfig.conf file in the IIS 6.0 WebAgent.conf file.
Stored on the web Server where the Web Agent resides, this file holds initialization parameters for the trusted host. Once the trusted host connects to a Policy Server, the trusted host uses the settings in the Host Configuration Object stored at the Policy Server. The Host Configuration Object is named in the hostconfigobject parameter of this file.
On the Policy Server-side there are three policy objects related to Web Agent configuration:
Names the Agent, establishing an Agent identity that can be mapped to a specific web server.
Contains the Web Agent configuration parameters. Use an Agent Configuration Object to centrally manage a group of Web Agents. Though this object is primarily for central Agent configuration, it also contains the parameter that tells the Policy Server to use local configuration. This object applies only to Web Agent.
Contains the trusted host configuration parameters. Except for initialization parameters, trusted host parameters are always maintained in a Host Configuration Object.
Configuration objects are stored in the policy store. Use the Administrative UI to create, modify, and view configuration objects.
You associate a configured Agent with a realm, which is a collection of resources that you want to protect. Realms are protected by rules, which get included in an access control policy.
Copyright © 2013 CA.
All rights reserved.
|
|