Table Of Contents
Preface
Objective
Audience
Document Organization
Document Conventions
Related Documentation
Changes to This Document
Obtaining Documentation and Submitting a Service Request
Preface
This preface explains the objectives, intended audience, and organization of the Cisco Enterprise Policy Manager User Guide and describes the conventions that convey instructions and other information.
The preface contains the following sections:
•Objective
•Audience
•Document Organization
•Document Conventions
•Related Documentation
•Changes to This Document
•Obtaining Documentation and Submitting a Service Request
Objective
Enterprises are facing enormous pressure to simultaneously protect sensitive data and meet compliance requirements, increase business process efficiencies, and bring new revenue-generating services to market within very limited time and cost constraints. Policy-based access control is a critical component of security and compliance efforts, and it can reduce the costs and complexity of securely managing and auditing access privileges.
In most dynamic business organizations, critical information and resources, such as financial data, confidential records, and web services reside on distributed servers, each having its own unique set of users, access policies, and administrative parameters. Additionally, business resources are being exposed to a wider range of users whose roles and entitlements are dynamic and frequently changing.
Multiplied across a large enterprise, this creates an environment that is highly complex to systematically and securely administer. The solution to this problem is entitlement management: the application of policy-based, fine-grained access control.
The Cisco Enterprise Policy Manager (CEPM) is a scalable, standards-based product for managing entitlements, mainly consists of three components, Policy Admistration Point (PAP), Policy Decision Point (PDP) and Policy Enforcement Point (PEP). Whereas the PAP is the administration console to configure the entitlement policies, the PDP leverages and extends the already deployed application and security infrastructure, including existing identity management solutions or repositories. The PEP is embedded as an agent in the client application to enforce the policies created within the PAP.
A structured approach to the architecture of CEPM exposes the rationale for entitlement management by creating policies randomly clustered with policy attributes and encapsulated rules on the resources of your application.
This document describes in detail the various functionalities provided by the administration console to configure the entitlement mechanism for your applications.
Audience
This guide is for administrators who use CEPM and are responsible for resource modelling and entitlement management.
Document Organization
This guide contains the following chapters and appendixes:
•Chapter 1 "Cisco Enterprise Policy Manager"
•Chapter 2 "Overview of the PAP Console"
•Chapter 3 "Login Page and Home Page"
•Chapter 4 "Manage Entities"
•Chapter 5 "Manage Entitlements"
•Chapter 6 "Auditing and Reporting"
•Chapter 7 "System Config"
•Chapter 8 "Delegated Administration"
•"PAP User Login Authentication Using LDAP and SSO"
•"Policy Combining Algorithm and Obligation"
•"Open Source License Acknowledgements"
Document Conventions
Caution Means
reader be careful. You are capable of doing something that might result in equipment damage or loss of data.
Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in this manual.
Related Documentation
The following documents are available with CEPM 3.3.2.0 release:
Changes to This Document
lists the changes made to this document since it was first released.
Table 1 Changes to This Document
Date
|
Change Summary
|
March 14, 2012
|
Cisco Enterprise Policy Manager, Version 3.3.2.0
The following changes are made to this document in this release:
•External User and Known User info is added in Role Management (CSCtj72127).
•A note is added in Set attributes to be returned as obligation (CSCtj25009).
|
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.