|
Table Of Contents
CEPM In-Process PDP Deployment Guide
Obtaining Documentation and Submitting a Service Request
CEPM In-Process PDP Deployment Guide
Revised: August 3, 2009, Doc Part No: OL-19557-01Contents
•Obtaining Documentation and Submitting a Service Request
About This Document
Objective
This document intends to provide guidelines for deployment of CEPM In-Process PDP in the client-side application.
Audience
This guide is for administrators who use CEPM and are responsible for resource modelling and entitlement management.
What is In-Process PDP
The in-process PDP is a special component replaced for the Policy Enforcement Point (PEP), which is embedded in the client-side application for sending, acknowledging, and implementing policy requests to and from the PDP. This component is useful when the client-side application is a standalone (desktop) application. The in-process PDP is the combination of PEP and PDP defined within the normal CEPM environment. The structure of the in-process PDP is displayed in Figure 1.
Figure 1 In-Process PDP Flow Diagram
PEP and PDP are combined to form a single component called in-process PDP. Adjustments have been made to enable the user to send a request from the PEP to get the decision from PDP within this composite in-process PDP. In CEPM context, the Agent-PDP communication is basically done through various data transport protocols, such as HTTP, SOAP, and RMI. In case of the in-process PDP, only Java is used as the transport protocol.
After the in-process PDP is embedded in the client-side application, the PDP sends a Xacml response for each and every request from the PEP.
How to Deploy In-Process PDP
Step 1 Unzip CEPM_InprocessPDPV3.3.0.0.zip on your local machine. The unzipped directory is considered CEPM_HOME for in-process PDP.
Step 2 Set Java_Home to your Java Development Kit (JDK).
Step 3 Open the configure.properties file from the <unzipped directory>/bin folder and update the parameters in the following sequence:
a. Update DOMAIN_NAME= parameter with the domain name.
b. Update CEPM.DB_SELECTION= parameter with database properties. If you do not specify a value, the system automatically sets the oracle default value..
c. If the DB_SELECTION is oracle then specify the Oracle version that is uncomment the version `Oracle_Version'.
d. Update the following database properties:
–CEPM.DB_URL= Database URL in the form of jdbc:oracle:thin:@hostname:port:databaseName
For example:
# MSSQL DataBase url: jdbc:sqlserver://IPADDRESS:PORT;databaseName=SID;selectMethod=cursor# ORACLE DataBase url: jdbc:oracle:thin:@IPADDRESS:PORT:SID# DB2 DataBase url: jdbc:db2j:net://IPADDRESS:PORT/SID–CEPM.DB_USR= Database username
–CEPM.DB_PWD= Database password
–CEPM.DB_DRIVER= Database driver name
# MSSQL Driver: com.microsoft.sqlserver.jdbc.SQLServerDriver# ORACLE Driver: oracle.jdbc.driver.OracleDriver# DB2 Driver: com.ibm.db2.jcc.DB2Driver
Note The database password encrypted in the configuration files. To retrieve an encrypted password, run the <CEPM_HOME>\bin\encryptor.bat(sh) file using the following command:
For Windows: encryptor.bat JAVA_HOME Password
For Solaris/Linux: encryptor.sh JAVA_HOME Password
where JAVA_HOME is replaced with the corresponding folder path for JAVA_HOME and Password is replaced with the chosen database password. When this command is executes, an encrypted password is displayed. You must enter this encrypted password in the Password parameter of the database properties in the configure.properties file.e. Save and close configure.properties.
Step 4 Run <Unzipped Folder>/bin/configure.bat (for Windows) or <Unzipped Folder>/bin/configure.sh (for Linux/Solaris).
Step 5 Run <Unzipped Folder>/db/script/oracle/pdp.sql or pdp_wrapped.sql in the Oracle client to compile the procedures for Oracle10g.
Step 6 Execute the database procedures as follows, depending on your Database type:
Step 7 To test whether the in-process PDP is working or not:
a. Open InprocessPDPTest.java and enter the userName, resourceName, action and save.
b. Run InprocessPDPSampleTest.bat (for Windows).
c. Run InprocessPDPSampleTest.sh (for Linux/Solaris).
If the system returns the correct response, that the in-process PDP is deployed successfully.
Note When you want to embed the in-process PDP in your desktop application, make sure that the unzipped folder (in Step 1) is CEPM_HOME and keep the inprocesspdp.jar file in the classpath of your application.
Refer to the CEPM PDP Configuration Guide to configure caching mechanism for In-ProcessPDP.
Documentation Updates
Table 2 Updates to CEPM In-Process PDP Deployment Guide
Date DescriptionJuly 9, 2009
Minor edits and template/boilerplate updates for publication to Cisco.com
April 3, 2009
Cisco Enterprise Policy Manager (EPM) Release 3.3.0.0
Related Documentation
Cisco Enterprise Policy Manager User Guide (OL-19552-01)
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flip Video, Flip Video (Design), Flipshare (Design), Flip Ultra, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0907R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2009 Cisco Systems, Inc. All rights reserved