CA VM:Secure Features and Concepts › VM Single System Image

VM Single System Image

The VM Single System Image facility is a capability which enables multiple VM systems to be defined and managed as if they were a single VM system. CA VM:Secure and CA VM:Director support this facility by supplying the following environmental characteristics:

• The CP Object Directory on each member system is identical. A USER virtual machine definition is exactly the same, no matter which member system that user runs on.
• Directory Management Interfaces on each member system are identical. You enter product commands exactly the same way, no matter which member you run on. All authorizations to product commands and services are identical for an administrator, directory manager, or general user.
• CA VM:Secure RULEs definitions on each member system are identical. You have exactly the same access to those resources controlled by rules, on every member in the complex.

In a Single System Image complex, CA VM:Secure and CA VM:Director operate as a set of servers, with one server virtual machine running on each member system. A master server runs on one member to perform all the function of a non-SSI product server, including:

• Processing commands
• Updating Configuration, Source Directory Entries, and Rules files
• Compiling the Object Directory and Rules tables
• Responding to External Security Manager requests from CP

An agent server runs on each other member node to perform this subset of the functions of the master server:

• Compiling the Object Directory and Rules tables
• Responding to External Security Manager requests from CP

The agent also implements additional new function:

• Responds to synchronization requests from the master product server
• Converts to replace the master server if an outage situation occurs