CEPM Dotnet Agent Guide - Introduction [Cisco Policy Enforcement Point]

Table Of Contents

Introduction

CEPM Overview

CEPM Agent in the .NET Application

Introduction

CEPM Overview

To meet the demands of security, privacy, and compliance, businesses need to be able to control and audit access to their applications, transactions, content, and data, at a fine-grain level. For example, compliance requires them to maintain "Chinese Walls", enforce separation of duties, and protect the privacy of information assets. Entitlement management, or the ability to consistently administer, enforce, and audit fine-grained access to enterprise assets, has largely been addressed by ad hoc development in different departments by different application owners.

Cisco Enterprise Policy Management (CEPM) addresses this need for consistent and externalized management of authorization decisions with its policy management solution. A typical CEPM deployment consists of the following components:

•The entitlement engine which is a Policy Decision Point (PDP) that evaluates application-specific authorization policies. The PDPs connect with existing information repositories, such as LDAP, AD, databases, and IdM, which are referred to as Policy Information Points (PIPs).

•The administration console, which is a Policy Administration Point (PAP), provides central administration, management, and monitoring of entitlement policies with delegation and integration with an entitlement repository.

•The agent, which is a Policy Enforcement Point (PEP), enforces entitlement policy decisions that are made by the PDP.

This document describes about the architecture of the .NET Agent.

CEPM Agent in the .NET Application

.NET based applications can be entitled using the PEP for .NET. The agent is a DLL that can be used by any .NET based application (either a desktop or a web-based application). A COM-wrapped agent is also supported for VB, C++, and other Windows-based applications. As with the Java PEPs, the .NET PEP supports libraries for decision and administration APIs.

The two packages of interest are:

•Policy Administration Point (PAP) API

•Policy Decision Point (PDP) API

Figure 1-1 CEPM Deployment Diagram

These packages are intended to be used for customization and easier integration of the components with customer deployments. The following three categories of functionality are supported:

•Creation of custom administrative consoles [use the PAP APIs]

•Invocation of decision queries from applications [use the PDP APIs]

•Run-time queries to the PAP for creation of automated scripts or policy queries from applications [use the PEP APIs]

From V3.3.0.0 onwards, CEPM .NET Agent supports HTTP as transport protocol for PEP-PDP communication. A new set of PEP API has been crafted to support HTTP as well as SOAP. You may find examples elaborating implementation of PEP methods in both old and new authorization model.

Refer to CEPM Dotnet Developers Guide V3.3.0.0 for more information on using these APIs.

	CEPM Dotnet Agent Guide
	Introduction
CEPM Dotnet Agent Guide Preface Introduction Deploying CEPM Agent in a .NET Application Deploying the Cisco Agent in a COM Application Configuring the pep_config.xml File Configuring the log.config File Load Balancing in the PEP	Download this chapter Introduction Download the complete book CEPM Dotnet Agent Guide (PDF - 570 KB) Feedback Table Of Contents Introduction CEPM Overview CEPM Agent in the .NET Application Introduction CEPM Overview To meet the demands of security, privacy, and compliance, businesses need to be able to control and audit access to their applications, transactions, content, and data, at a fine-grain level. For example, compliance requires them to maintain "Chinese Walls", enforce separation of duties, and protect the privacy of information assets. Entitlement management, or the ability to consistently administer, enforce, and audit fine-grained access to enterprise assets, has largely been addressed by ad hoc development in different departments by different application owners. Cisco Enterprise Policy Management (CEPM) addresses this need for consistent and externalized management of authorization decisions with its policy management solution. A typical CEPM deployment consists of the following components: •The entitlement engine which is a Policy Decision Point (PDP) that evaluates application-specific authorization policies. The PDPs connect with existing information repositories, such as LDAP, AD, databases, and IdM, which are referred to as Policy Information Points (PIPs). •The administration console, which is a Policy Administration Point (PAP), provides central administration, management, and monitoring of entitlement policies with delegation and integration with an entitlement repository. •The agent, which is a Policy Enforcement Point (PEP), enforces entitlement policy decisions that are made by the PDP. This document describes about the architecture of the .NET Agent. CEPM Agent in the .NET Application .NET based applications can be entitled using the PEP for .NET. The agent is a DLL that can be used by any .NET based application (either a desktop or a web-based application). A COM-wrapped agent is also supported for VB, C++, and other Windows-based applications. As with the Java PEPs, the .NET PEP supports libraries for decision and administration APIs. The two packages of interest are: •Policy Administration Point (PAP) API •Policy Decision Point (PDP) API Figure 1-1 CEPM Deployment Diagram These packages are intended to be used for customization and easier integration of the components with customer deployments. The following three categories of functionality are supported: •Creation of custom administrative consoles [use the PAP APIs] •Invocation of decision queries from applications [use the PDP APIs] •Run-time queries to the PAP for creation of automated scripts or policy queries from applications [use the PEP APIs] From V3.3.0.0 onwards, CEPM .NET Agent supports HTTP as transport protocol for PEP-PDP communication. A new set of PEP API has been crafted to support HTTP as well as SOAP. You may find examples elaborating implementation of PEP methods in both old and new authorization model. Refer to CEPM Dotnet Developers Guide V3.3.0.0 for more information on using these APIs.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks