[an error occurred while processing this directive]

Cisco Policy Decision Point

CEPM In-Process PDP Deployment Guide

Hierarchical Navigation

Downloads

 Feedback

Table Of Contents

CEPM In-Process PDP Deployment Guide

Contents

About This Document

Objective

Audience

What is In-Process PDP

How to Deploy In-Process PDP

Documentation Updates

Related Documentation

Obtaining Documentation and Submitting a Service Request


CEPM In-Process PDP Deployment Guide

Revised: August 3, 2009, Doc Part No: OL-19557-01

Contents

About This Document

What is In-Process PDP

How to Deploy In-Process PDP

Documentation Updates

Related Documentation

Obtaining Documentation and Submitting a Service Request

About This Document

Objective

This document intends to provide guidelines for deployment of CEPM In-Process PDP in the client-side application.

Audience

This guide is for administrators who use CEPM and are responsible for resource modelling and entitlement management.

What is In-Process PDP

The in-process PDP is a special component replaced for the Policy Enforcement Point (PEP), which is embedded in the client-side application for sending, acknowledging, and implementing policy requests to and from the PDP. This component is useful when the client-side application is a standalone (desktop) application. The in-process PDP is the combination of PEP and PDP defined within the normal CEPM environment. The structure of the in-process PDP is displayed in Figure 1.

Figure 1 In-Process PDP Flow Diagram

PEP and PDP are combined to form a single component called in-process PDP. Adjustments have been made to enable the user to send a request from the PEP to get the decision from PDP within this composite in-process PDP. In CEPM context, the Agent-PDP communication is basically done through various data transport protocols, such as HTTP, SOAP, and RMI. In case of the in-process PDP, only Java is used as the transport protocol.

After the in-process PDP is embedded in the client-side application, the PDP sends a Xacml response for each and every request from the PEP.

How to Deploy In-Process PDP

Step 1 Unzip CEPM_InprocessPDPV3.3.0.0.zip on your local machine. The unzipped directory is considered CEPM_HOME for in-process PDP.

Step 2 Set Java_Home to your Java Development Kit (JDK).

Step 3 Open the configure.properties file from the <unzipped directory>/bin folder and update the parameters in the following sequence:

a. Update DOMAIN_NAME= parameter with the domain name.

b. Update CEPM.DB_SELECTION= parameter with database properties. If you do not specify a value, the system automatically sets the oracle default value..

c. If the DB_SELECTION is oracle then specify the Oracle version that is uncomment the version `Oracle_Version'.

d. Update the following database properties:

CEPM.DB_URL= Database URL in the form of jdbc:oracle:thin:@hostname:port:databaseName

For example: 

# MSSQL  DataBase url:  
jdbc:sqlserver://IPADDRESS:PORT;databaseName=SID;selectMethod=cursor

# ORACLE DataBase url:  jdbc:oracle:thin:@IPADDRESS:PORT:SID

# DB2 DataBase url:  jdbc:db2j:net://IPADDRESS:PORT/SID

CEPM.DB_USR= Database username

CEPM.DB_PWD= Database password

CEPM.DB_DRIVER= Database driver name 

# MSSQL  Driver:  com.microsoft.sqlserver.jdbc.SQLServerDriver

# ORACLE Driver:  oracle.jdbc.driver.OracleDriver

# DB2 Driver:  com.ibm.db2.jcc.DB2Driver

Note The database password encrypted in the configuration files. To retrieve an encrypted password, run the <CEPM_HOME>\bin\encryptor.bat(sh) file using the following command:

For Windows: encryptor.bat JAVA_HOME Password

For Solaris/Linux: encryptor.sh JAVA_HOME Password

where JAVA_HOME is replaced with the corresponding folder path for JAVA_HOME and Password is replaced with the chosen database password. When this command is executes, an encrypted password is displayed. You must enter this encrypted password in the Password parameter of the database properties in the configure.properties file.

e. Save and close configure.properties.

Step 4 Run <Unzipped Folder>/bin/configure.bat (for Windows) or <Unzipped Folder>/bin/configure.sh (for Linux/Solaris).

Step 5 Run <Unzipped Folder>/db/script/oracle/pdp.sql or pdp_wrapped.sql in the Oracle client to compile the procedures for Oracle10g.

Step 6 Execute the database procedures as follows, depending on your Database type:

Table 1 Database Type 

DB Type
Action

Oracle9i

To execute the procedure in Oracle 9i, open any Oracle client and run the pdp.sql file from <Unzipped Folder>/db/script/oracle/ oracle9i folder.

Example: Open the Oracle Client SQL Plus and use the following command to invoke pdp.sql in the client: 

SQL> @ CEPM_InProcessPDPV3.3.0.0/db/scripts/oracle/oracle9i/pdp.sql

Oracle (10g/11g)

To execute the procedure in Oracle 10g or 11g, open the Oracle client and run the pdp_wrapped.sql or pdp.sql file from the <Unzipped Folder>/db/script/oracle/oracle folder.

CEPM highly recommends running Wrapped sqls at the client end. These sqls are masked code which cannot be read normally and can be understood only by Oracle. If you open any wrapped sqls, you will not find anything in a readable format. These wrapped sqls are supported from Oracle10g onwards. However, if you use Oracle9i, you can run regular sqls.

MSSQL (2000/2005)

To execute the procedure in MS SQL Server 2005, open the MS SQL client and run the pdp.sql file from<Unzipped Folder>/db/script/mssql folder.

In case of MSSQL Server 2000, these scripts are available in <Unzipped Folder>/db/script/mssql/mssql2000 folder.

It is recommended to run these scripts in MSSQL Query Analyzer, because executing these scripts through SQLCMD might not compile all the functions and procedures

DB2

To execute the procedure in DB2, open the DB2 client and run the pdp.sql file from the <Unzipped Folder>/db/script/DB2 folder.


Step 7 To test whether the in-process PDP is working or not:

a. Open InprocessPDPTest.java and enter the userName, resourceName, action and save.

b. Run InprocessPDPSampleTest.bat (for Windows).

c. Run InprocessPDPSampleTest.sh (for Linux/Solaris).

If the system returns the correct response, that the in-process PDP is deployed successfully.

Note When you want to embed the in-process PDP in your desktop application, make sure that the unzipped folder (in Step 1) is CEPM_HOME and keep the inprocesspdp.jar file in the classpath of your application.

Refer to the CEPM PDP Configuration Guide to configure caching mechanism for In-ProcessPDP.

Documentation Updates

Table 2 Updates to CEPM In-Process PDP Deployment Guide

Date
Description

July 9, 2009

Minor edits and template/boilerplate updates for publication to Cisco.com

April 3, 2009

Cisco Enterprise Policy Manager (EPM) Release 3.3.0.0


Related Documentation

Cisco Enterprise Policy Manager User Guide (OL-19552-01)

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flip Video, Flip Video (Design), Flipshare (Design), Flip Ultra, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0907R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2009 Cisco Systems, Inc. All rights reserved

[an error occurred while processing this directive]