Cisco Enterprise Policy Manager User Guide, Release 3.3.2.0
Preface
Download this chapter
PrefacePreface
Download the complete book
EPMUser.pdfEPMUser.pdf (PDF - 13 MB)
 Feedback

Table Of Contents

Preface

Objective

Audience

Document Organization

Document Conventions

Related Documentation

Changes to This Document

Obtaining Documentation and Submitting a Service Request


Preface

This preface explains the objectives, intended audience, and organization of the Cisco Enterprise Policy Manager User Guide and describes the conventions that convey instructions and other information.

The preface contains the following sections:

Objective

Audience

Document Organization

Document Conventions

Related Documentation

Changes to This Document

Obtaining Documentation and Submitting a Service Request

Objective

Enterprises are facing enormous pressure to simultaneously protect sensitive data and meet compliance requirements, increase business process efficiencies, and bring new revenue-generating services to market within very limited time and cost constraints. Policy-based access control is a critical component of security and compliance efforts, and it can reduce the costs and complexity of securely managing and auditing access privileges.

In most dynamic business organizations, critical information and resources, such as financial data, confidential records, and web services reside on distributed servers, each having its own unique set of users, access policies, and administrative parameters. Additionally, business resources are being exposed to a wider range of users whose roles and entitlements are dynamic and frequently changing.

Multiplied across a large enterprise, this creates an environment that is highly complex to systematically and securely administer. The solution to this problem is entitlement management: the application of policy-based, fine-grained access control.

The Cisco Enterprise Policy Manager (CEPM) is a scalable, standards-based product for managing entitlements, mainly consists of three components, Policy Admistration Point (PAP), Policy Decision Point (PDP) and Policy Enforcement Point (PEP). Whereas the PAP is the administration console to configure the entitlement policies, the PDP leverages and extends the already deployed application and security infrastructure, including existing identity management solutions or repositories. The PEP is embedded as an agent in the client application to enforce the policies created within the PAP.

A structured approach to the architecture of CEPM exposes the rationale for entitlement management by creating policies randomly clustered with policy attributes and encapsulated rules on the resources of your application.

This document describes in detail the various functionalities provided by the administration console to configure the entitlement mechanism for your applications.

Audience

This guide is for administrators who use CEPM and are responsible for resource modelling and entitlement management.

Document Organization

This guide contains the following chapters and appendixes:

Chapter 1 "Cisco Enterprise Policy Manager"

Chapter 2 "Overview of the PAP Console"

Chapter 3 "Login Page and Home Page"

Chapter 4 "Manage Entities"

Chapter 5 "Manage Entitlements"

Chapter 6 "Auditing and Reporting"

Chapter 7 "System Config"

Chapter 8 "Delegated Administration"

"PAP User Login Authentication Using LDAP and SSO"

"Policy Combining Algorithm and Obligation"

"Open Source License Acknowledgements"

Document Conventions

Caution Means reader be careful. You are capable of doing something that might result in equipment damage or loss of data.

Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in this manual.

Related Documentation

The following documents are available with CEPM 3.3.2.0 release:

Document Title
Refer to This Document For Information On:

Cisco Enterprise Policy Manager User Guide, Release 3.3.2.0

Provides detailed information about various features and functionalities available in CEPM.

Cisco Enterprise Policy Manager Java Developers Guide, Release 3.3.2.0

Provides guidelines for using the Policy Enforcement Point (PEP) and PAP APIs, and provides instructions for configuring the PEP agent and Java Server Page (JSP) tag libraries.

Cisco Enterprise Policy Manager JAX-WS Agent Guide, Release 3.3.2.0

Provides an overview about the CEPM JAX-WS Agent and explains the steps for configuring this agent in the applications running in Tomcat server and WebSphere Application Server.

Cisco Enterprise Policy Manager Installation and Configuration Guide, Release 3.3.2.0

Provides details on installing and configuring the Cisco Enterprise Policy Manager.

Release Notes for Cisco Enterprise Policy Manager, Version 3.3.2.0

Provides details on the latest 3.3.2.0 release, including:

New features and enhancements

Supported platforms

Known caveats

Resolved caveats

Installation notes


Changes to This Document

lists the changes made to this document since it was first released.

Table 1 Changes to This Document

Date
Change Summary

March 14, 2012

Cisco Enterprise Policy Manager, Version 3.3.2.0

The following changes are made to this document in this release:

External User and Known User info is added in Role Management (CSCtj72127).

A note is added in Set attributes to be returned as obligation (CSCtj25009).


Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.