HP 3PAR Policy Server Administration Guide HP Part Number: QR483-96003 Published: December 2012
© Copyright 2012 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under Vendor’s standard commercial license. The information contained herein is subject to change without notice.
Table of Contents Chapter 1 About This Guide ............................................................................................1-1 Supported Platforms ...........................................................................................................1-1 Help from HP.......................................................................................................................1-1 Documentation Feedback ..................................................................................
Chapter 6 Policy Server Maintenance ............................................................................6-1 Starting and Stopping HP 3PAR Policy Server ...................................................................6-2 Getting Version Information ................................................................................................6-3 Backing Up and Restoring the Database ............................................................................6-3 Backing Up the Database ...........
Chapter 1 About This Guide This document will guide system administrators through the steps of logging in, setting their user preferences, and setting up user security. It also explains how to set up policies. Complete information for using the Policy Server application is included in the online help for the application. Installed with Policy Server, help is accessible from each page of the application. Notes: The terms "asset" and "device" are synonymous.
Chapter 2 Policy Server: User Administration This chapter assumes that you have installed and started Policy Server, whether a new installation or an upgrade installation. You should be ready sign in to the Policy Server application and either set up security and policies for assets or review the migration of your existing user data, asset data, and policies.
Signing In Start your browser and in the address bar, type the IP address and port number for Policy Server. If you are running the browser from the same machine where Policy Server is running, you can type localhost. If you are using port 80, you do not need to type a port number; otherwise, type the number of the listening port you chose for Policy Server.
Setting User Attributes Once you have signed into the HP 3PAR Policy Server application, you can modify your user information in the User Attributes page. You can change your default page, e-mail address, or your password, as follows: 1. From the dropdown menu, select Edit User Attributes, as shown here: 2. When the User Attributes page appears, you can edit your information. An example of this page is shown in the following figure: 3.
5. If desired, you can change your password by typing a new password in the Password and Confirm Password fields. By default, the password must be at least 6 characters in length. Your system administrator should tell you if the password has a different length requirement. 6. If the only change you made in this page was the Initial Screen, you do not need to enter a password. However, if you made any other changes, you must type your current password and confirm it. 7. To save your changes, click Save.
Adding Profiles To add a profile, you need to have View and Add/Edit privileges to the Users component. If you are signed in as the administrator of the internal OpenDS directory server (for example, admin/admin), you have these privileges. To create a profile, follow these steps: 1. Select the Users tab. The initial view in this tab is the Users View.
The following figure shows this view with several Profiles configured: 3. If the Actions panel does not already display the Name field and Add button (as shown in the figure above), click ADD PROFILE to display them. 4. In the Name field under ADD PROFILE in the Actions panel, type a unique identifier for the profile, using up to 50 characters. You may want to use the names of the components. For example, you might type AuditLog, Policy, PolicyView, or RemoteSessions, and then click Add.
The Profile Definition window appears. The following figure shows an example for a RemoteSessions profile with both privileges selected: 5. In the Description field, type a brief description of the profile. For example, if you are assigning both the View and Add/Edit privileges for a component, type the names of the privileges here. They are NOT shown in the Profiles table, unless you type them here. The Description field is optional. 6.
Tips for Profiles You will be grouping profiles together to create roles, so you may want to keep the profile set as simple as possible. For example, add one profile for each component that has both View and Add/Edit privileges. If you want certain users to have View but not Add/Edit privileges to a component, add a View-only profile for that component. For example, the user who will monitor Pending Requests may want to view the Policy for an asset group before accepting or denying a request.
Adding Roles To add a role, you need to have View and Add/Edit privileges to the Users component. If you are signed in as the administrator of your directory server, you have these privileges. To add a role, follow these steps: 1. Select the Users tab and then select in the View Selection bar. The ROLES view appears. The following figure shows an example of the Roles view, with roles already added: 2.
3. In the Name field, type a unique identifier for the role, using up to 50 characters, and then click Add to display the Role Definition window. The name you typed appears in the Name field in this page, as shown in the’ following figure: 4. In the Description field, type a brief explanation of the role, using up to 200 characters. 5. Since the only user available before you add users is admin, you can skip this step.
Tips for Assigning Profiles to Roles Consider the privileges that you want the user who will be assigned this role to have. For example, if the user will monitor and respond to Pending Requests from the Agents, the user must have View and Add/Edit privileges to the Pending Requests component. In addition, you may want to assign the role the View privilege to the Policy component so that the user can check the policy of an asset group before accepting or denying a request.
The following figure shows this part of the panel when expanded: 3. In the Full Name field type the first and last names of the user. You can use up to 50 alphanumeric characters, a period, and spaces. 4. In the User Name field type a unique identifier for the user, using up to 50 alphanumeric characters. Keep in mind that you cannot change this name once the user has been added. 5. In the Password and Confirm Password fields, type the initial password for the user.
Asterisks (****) in the Password fields hide the password you entered, as shown in the following figure: 8. For this user to receive notifications from Policy Server regarding asset groups assigned to the user, type the E-mail Address for the user. If more than one address is needed, separate the addresses with a comma. Use the e-mail address format, username@company.com. 9. If desired, type the Phone Number and Fax Number for the user. These fields accept numbers and hyphens. 10.
Chapter 3 Policy Server: Asset Groups This chapter explains the concepts behind asset groups in Policy Server. It also explains how to add, edit, and delete asset groups in the Policy Server application.
Understanding Asset Groups The organization of asset groups in the Policy Server database is hierarchical. By default, Policy Server provides the Global asset group, which serves as the parent for all other asset groups. If desired, you can change the name of this asset group, but you cannot change its place in the hierarchy. In general, every other asset group is a child, grandchild, or great-grandchild of the Global group.
Manual Creation of Asset Groups Although Policy Server automatically creates asset groups for models and assigns assets to those groups when Agent gateways or Policy Agents register with it, you may want to create your own asset groups for assets that should have the same policy. Note that you cannot add existing asset groups to another asset group. You can create child asset groups of Global or other automatically-created asset groups and then move assets to the new child asset group.
If you mouse over an asset name, a down arrow appears; click the arrow to display a context menu. The following figure shows an example of this menu: The context menu shows the name, description, serial number, and model of the asset. By default, the name of an asset is the Serial Number of the asset. You can give the asset a different name if desired but you cannot change the Model and Serial Number.
To create a new asset group: 1. Sign in to the Policy Server application as a user with View and Add/Edit privileges to the Assets component. 2. Click the Assets tab. 3. To create a new asset group, in the Actions panel, click Groups to display the Global group. 4. When the Global group appears, it is collapsed and a down arrow asset groups have these icons. icon appears on the right. All 5. If you want to create the asset group under a different group than Global, expand Global. 6.
Notifications As you have seen in creating an asset group, the properties for asset groups include notification information. You configure notifications so that Policy Server can send a notification to the appropriate Policy Server user(s) when it receives a request for approval of an action from an Agent in this asset group. If no user is specified for an asset group, Policy Server sends the notification to the designated Administrator for Policy Server.
To edit an asset group in the Assets tab, select the name of the group to display the down arrow. Click the down arrow to display the context menu, shown below, and then select Modify Group. When the Group Information screen appears, change the Name, Description, and Notification settings as needed, and click Save to save your changes. The names of the individual assets appear in the Pending Requests tab as well as in the Details view of the Assets tab.
Deleting Asset Groups If you select to delete an asset group, all child asset groups of that asset group are removed from the database. If an Agent running on an asset of the deleted group re-registers (that is, the Agent was restarted) with the Policy Server, a new asset group is created automatically, using the model information in the registration message. To remove an asset group, select the name of the group to display the down arrow.
Chapter 4 Policies This chapter defines the term, policy, and explains other policy-related concepts, including permissions, access rights, and filters.
What is a Policy? A policy consists of a set of actions and the permissions for performing them. When first registering with Policy Server, Agent gateways and Policy Agents send a complete list of their supported actions. Policy Server is installed with support for all known actions contained in the released version of the HP 3PAR Enterprise Server. These actions are referred to as "Base actions" and are listed and described in Table 4-1. Actions in a Base Installation.
Access Rights After creating a permission, you can assign it a different access right than the default (for the most part, Ask for Approval) and you can create filters for the permission. These filters are optional but all permissions have at least the default filter, which consists of a single access right. An access right specifies how you want the individual assets to handle the related action.
Inheritance and Permissions Any permission set in the Global group is inherited by its child asset groups. Within a child group’s policy you can override a permission set in the parent group as long as that permission is not locked in the parent group’s policy. For example, assume an Execute action permission defined in the Global policy specifies that an asset can execute any application without asking for approval.
When creating filters, you must assign the filter a name that is unique in the Policy Server database and an access right (Always Allow, Ask for Approval, or Never Allow). In addition, if you want to restrict a permission to certain users at certain times, you can add expressions, which can consist of variables, values, and operators: • For operators, you can use the equals sign (=) and the AND operator.
If the permission inherited filters from the parent asset group or if another filter was applied directly to this permission for this asset group, you will receive a warning when you try to apply other filters. This warning tells you that you will lose all other applied filters. If only the default filter is shown for the permission, then you will not see this warning. The default filter is always preserved. If the Access Right field is disabled (dimmed), this permission is locked at a higher level.
Configuring Policies To configure a policy for an asset group, you must have Add/Edit privileges to the Policy component of the Policy Server application. The main steps for configuring a policy are: 1. Select the Policies tab. 2. In the Actions Panel, click the name of the asset group whose policy you want to edit. The Policies for the group table updates for the selected asset group. Here is an example of the Policies for a group: 3. Review the current permissions for each action. 4.
Setting All Permissions You can change the access right for all displayed permissions to a specific access right. For example, you temporarily want to prevent all actions for an asset; you navigate to the Policy page for the asset group (whose name is that of the asset), and set all permissions to Never Allow. When you want to restore the policy settings to their original settings, you do so by clearing the Set All Permissions check box.
To restore all permissions to the original settings for the asset group: This step applies whether you set all permissions to the same access right or reset all permissions to the parent settings. Below the Policy table, clear the check box next to Set All Permissions. The table is updated to show the original settings (before you set all permissions to have the same access right or to reset to the permissions of the parent group).
Tips for Policies This section provides information about actions that will help you avoid problems. Avoiding Performance Problems Make sure only actions that absolutely must have Ask for Approval are defined with that access right. Policy Server already restricts five actions to only the Always Allow and Never Allow access rights. When selecting access rights, keep in mind that Ask for Approval means that every time the actions are requested, the Agent must wait for a response from Policy Server.
Base Installation Actions The following table lists and describes all actions included and managed in a base installation. Any custom actions supported by your assets are not included below. Table 4-1 Actions in a Base Installation For this Action Always Allow permits the Agent to do this without asking for permission first Parameters Alarms Send alarms to the HP 3PAR Enterprise Server. (Custom alarms started as the result of a Start Custom Alarm action, configured in a logic schema, are not affected.
For this Action Always Allow permits the Agent to do this without asking for permission first Parameters File Download Accept files downloaded from the HP 3PAR Enterprise Server. Fully-qualified path of the file(s) to download to the asset. The name(s) of the file(s) and path(s) may be explicit (for example, “c:\error.log” or include wildcards (for example, “c:\*.log” or “c:\*.*”).
For this Action Always Allow permits the Agent to do this without asking for permission first Parameters Restart Agent Restart when requested. None Run Script Run a script when requested (whether an HP 3PAR Enterprise Server -based request or Agent-initiated process). Name of the script to run Schedule a Script Schedule a script to run on the asset when requested. Script name – set to a value of * by default. Applies to all scripts.
Chapter 5 Managing Assets from the Policy Server Application This chapter provides information about using other components of the Policy Server application to manage your assets.
Finding and Removing Missing Assets An asset is missing if the Agent running on the asset is not communicating with the Policy Server. This situation might be due to network connections going down, the Agent being stopped, or the power being disconnected from the asset. Unlike the HP 3PAR Enterprise Server, the concept of "Missing Asset" in Policy Server does not take into consideration that a managed asset might be offline to its managing Agent gateway.
The Pending Requests tab shows the requests for the Global asset group by default, which means ALL pending requests in the system. To view pending requests for a particular asset, you can expand Global in the Actions panel and select the asset group to which the asset belongs. Alternatively, you can type the name of the asset in the KEYWORD field to search for it.
Monitoring Remote Sessions You can use the Remote Sessions tab of Policy Server to view the status of all remote sessions for assets managed by Policy Server. In addition, this component allows you to end remote sessions. To use these features of Policy Server, you need View and End privileges to the Remote Sessions component. When you select the Remote Sessions tab in the application, the Remote Sessions view appears.
Using Redundant Agent Gateways with Policy Server To help you understand redundant gateways, let's start with non-redundant gateway operations. Normally, in a non-redundant gateway configuration, a given managed asset is associated with one Agent gateway. The Agent gateway sends asset data (data items, alarms, for example) to the HP 3PAR Enterprise Server on behalf of the managed asset, as well as receives and executes actions that are sent from the Enterprise Server to the managed asset.
When it receives a request to execute an action whose access right is “Ask for Approval," an Agent gateway or Policy Agent sends a permission request message to the Policy Server. When a Policy Server user acts on a previously submitted permission request, the Policy Server delivers a permission response message back to the Agent. Since a permission response contains an action, it needs to be delivered to the target asset only once.
Chapter 6 Policy Server Maintenance Maintenance tasks for Policy Server after operations have started consist of backing up the database and restoring it as needed, log file maintenance, and possibly configuration changes that require you to stop and start Policy Server. It is important that you keep track of the number and size of the audit log files created on disk. You should remove unnecessary files and archive those that are not of immediate need.
Starting and Stopping HP 3PAR Policy Server Why would you want to stop and start Policy Server? Although it may not be necessary, you may find that after running Policy Server for a few months, you need to change the external directory server or your IT department moved the directory server to a new machine. Such changes require changes to the configuration files for Policy Server and Tomcat. For those changes to take effect, you need to restart Policy Server.
Getting Version Information After installation, you can see the version number in the About Policy Server popup window of the Policy Server application (available from the menu). You can also display it through a command line utility. Open a Command Prompt (Windows) or shell (Linux) and navigate to the following directory of the Policy Server installation: /HP3PAR/HP3PARpolicyserver/bin or c:\<>\bin). Run the command for your operating system: • Linux • Windows serverVersion.
If the database is shut down when you attempt to perform a backup, you will see an error message and the backup is NOT created. Make sure the database is running before a backup operation is run. Note: The backup utility does not perform syntax checking on the command. If, for example, you enter the utility is expecting an integer for the backup count but does not check that what you entered was an integer. Instead, it takes the first digit (4 in this case) for the number of backups to retain.
apm-20110922T110654.tar.gz apm-20110922T110636.tar.gz apm-20110921T174935.tar.gz apm-20110921T174930.tar.gz apm-20110921T174910.tar.gz apm-20110921T174902.tar.gz Once you have the list, you can specify a particular backup archive on the command line. After entering the command, you must confirm the request before the utility actually restores the database. If the database is still running, the utility presents an error message. You need to stop the database before you can restore.
If you see the following message when trying to perform a backup, it means that the database server is not running: $ /opt/HP3PAR/HP3PS/hsqldb/bin/backup_database 10 Failed to get a connection to 'jdbc:hsqldb:hsql://localhost:9002/apm' as user "ADMIN". Cause: java.net.
Monitoring System Activity The Policy Server application provides the Audit Log tab to help you monitor the activity in the system. The Audit Log tab shows all activity generated by Policy Server as well as activity reported in XML messages from the Agents. You can view all audit log entries, entries in a selected category, or entries for a selected asset group. You can also change the number of days that Policy Server keeps audit log files. The Audit Log screen is not editable.
Audit Log Entries Audit log entries are stored in a log file on the computer running Policy Server; by default, under the PolicyServer/audit directory. Files are created daily, and all audit log messages generated for each day (from 12:00 to 23:59) are saved to the file. By default, the daily files are created using the following syntax: APM_Audit___- .txt, where yyyy is the current four-digit year, mm is the current month, and dd is the current day.
Audited Operations HP 3PAR Policy Server generates audit log entries for the following activities performed by a Policy Server user: • Log in to or out of the application. • Accept or deny a pending request for an action. • Modify a policy. • Create, modify, or delete a permission for a policy. • Create, modify, delete, or assign a filter to a permission. • End a remote session. • Modify the configuration of an asset group. • Modify the details of an asset.
• Agent evaluates a permission that has filters attached. When one or more filters are attached to a permission and a filter matches, the audit log displays a message that shows the asset name, action name, permission name, filter name, and the fact that there was a match. When none of the filters match and the default filter (the default access right) is applied, the audit log displays the asset name, action name, permission name, and then "default filter.
Installed Directories and Files If you install all of the components on the same machine, you'll find the subdirectories and files for the components all under the root PolicyServer directory (C:\Program Files (x86)\HP 3PAR\PolicyServer or /root/HP3PAR/PolicyServer). The following table lists the main directories and their content. Table 6-1 Directory Installed Directories and Files Contents audit All audit log files will be saved to this folder by default.
Directory Tomcat6 Contents Apache Tomcat6 application subdirectories: /HP3PS - see next row in this table. /bin - serverVersion.cmd, serverVersion.sh, and server-version.jar. Also contains the StartHP3PS.bat, StartHSQLDB.bat, hsqldbsvc.bat, HP3PSsvc.bat, and tomcatsvc.bat scripts. /hsqldb - all the subdirectories and files for running HSQLDB inside Tomcat Tomcat6/HP3PS All the Policy Server subdirectories and files.
Un-installing HP 3PAR Policy Server 1. If you need to un-install HP 3PAR Policy Server and its components are all running as services (daemons), the first step is to stop the services in the following order: a. HP 3PAR Policy Server b. HP 3PAR Policy Server Database c. OpenDS 2. Navigate to the Uninstall subdirectory of your Policy Server installation. For example, C:\Program Files (x86)\HP 3PAR\PolicyServer\Uninstall. 3.
Chapter 7 Configuration Files After running Policy Server for a period of time, you may want to switch to using SSL or change to a different directory server. You may also want to modify the default values of certain settings that are not configurable during installation. This chapter explains these types of changes and what you need to do in the configuration files for Policy Server (and Tomcat) when making the changes. The procedures in this chapter apply to both Windows and Linux installations.
Changes That Require Configuration File Edits Why would you want to edit the Policy Server configuration files? After running Policy Server for a while, you may want to change how long remote sessions are displayed in the Remote Sessions table or the frequency of automatic database backups. Alternatively, you may be seeing too many audit messages from the Agents for SetDataItem actions and you want to filter out audit messages for certain data items.
Editing the OpenDS Configuration File The installer changes the Policy Server configuration file to use a port other than the default for the OpenDS directory server. However, it does NOT change the OpenDS configuration file to use a different port number. Policy Server does not work if the port number in these two configuration files is different. Therefore, if you did not take the default port (389) for the OpenDS directory server, you must edit the OpenDS configuration file, config.
Editing the Policy Server Configuration File The configuration file for Policy Server is called PolicyManager.properties. This file contains all Policy Server-specific settings initially configured based on your entries during installation. You can find this file in the Tomcat6\HP3PS\common\classes subdirectory of the Policy Server installation directory. For Windows, the complete path for this configuration file is c:\Program Files (x86)\HP 3PAR\PolicyServer\Tomcat6\HP3PS\common\classes\PolicyManager.
4. For the changes described in the section, "Changes that Require Configuration File Edits," change the following properties for Policy Server: a) Frequency of Automatic Backups -- The default number of hours between automatic backups is 3 hours. To change this value, search for the property, com.axeda.apm.checkpoint_frequency, and type a new value. b) Period of Time that Remote Sessions are displayed -- The default number of hours that a remote session is displayed in the Remote Sessions tab is 5 hours.
7. This step depends on what you changed: If you changed the directory server configuration, you must also edit the Tomcat server.xml file. Continue to the next section for details. If you decided to switch to using SSL, refer to the Tomcat document, SSL-HOW TO, at http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html. If you do not need to edit the server.xml file, restart Policy Server. Table 7-1 Name Properties in PolicyManager.
Name com.axeda.apm.jdbc. checkpoint_ frequency Description Supported values The number of hours between backups of the HP3PS database. The default value is 3 hours. You may want to start with this value and adjust it as needed. com.axeda.apm. notification. email.encoding Character set used for encoding email messages. The default value is UTF-8 (non-ASCII). Supports any valid com.axeda.apm. notification. email.
Name Description Supported values Audit Archive Settings com.axeda.apm.audit. archive.file. enable_logging_to_file Specifies whether or not daily audit The default setting, true, means that the server will save log entries are saved to a file on disk. audit log information to a file; if false, audit log information is not saved to file. com.axeda.apm.audit. archive.file.prefix Name (prefix) of the file to which audit log information is saved.
Name Description Supported values Backup/Restore Settings com.axeda.apm. backup-restore.datadirectory= Specifies the directory where the This value is set during installation, based on the installation data files are stored. You should not directory for Policy Server and the HSQL database. For need to change this value. example, on Windows, this value is C:/Program Files (x86)/HP3PAR/PolicyServer/hsqldb/apm/. com.axeda.apm.backuprestore.
Name Description Supported values Directory Server Whether you choose to configure an External Directory Server or not, the installation program sets these properties. The values shown here are for the internal OpenDS directory server. If you are using an external LDAP server, the values you provided during installation should appear in this section of PolicyManager.properties. com.axeda.apm. directory-server. port Specifies the port on the directory server to use for authentication.
Name Description Supported values Do NOT change this value: true com.axeda.apm. directory-server.on Enables the directory server. com.axeda.apm. administrator. email Specifies the e-mail address of the By default, this property has no value. If you provide an eadministrator of the directory server. mail address in this file, be sure to use proper format. For example, OpenDSadmin@axeda.com. com.axeda.apm. support.email Specifies the e-mail address for the support organization. com.axeda.apm. user.
Name Description Too many audit messages can affect com.axeda.apm. audit.filter.data-items Policy Server performance. To improve performance you can reduce the number of audit messages received from the Agents after they have processed SetDataItem actions for specific data items. Set the value of this property to be the names of the data items for which you want to filter out these audit messages. Supported values The default value is empty.
Name Description Supported values DEPRECATED -PROPERTIES Enhanced Select Lists These properties supported the old UI and are not needed for the UI as of release 6.1.5. . com.axeda.apm. enhanced-selectlist.mru-size Specifies the number of items to store in the most-recently-used list. com.axeda.apm. enhanced-selectlist.max-linesdisplayed Specifies the maximum number of DEPRECATED. This property is not used as of release 6.1.5. lines displayed when a select list is in The default value was 11 lines.
Editing the Tomcat server.xml File The server.xml file contains information specific to the operation of the Tomcat Web server. Except for enabling SSL support or adding information for an External Directory Server after installation, you should not need to change any of the settings in this file. As with the PolicyManager.properties file, you modify the values of the name-value pairs for your use of the Policy Server.
4. Search for Directory Server configuration. You should see the following lines: 5. Change the values of these properties for your directory server: a.
HSQL Database Configuration File For the HSQL database, the configuration file is server.properties. Located in the directory, \hsqldb\apm, under your Policy Server installation, this file contains information specific to the database setup and operation. Typically, you will not change any of the database settings. If you are experienced with databases, read through the explanations of the parameters, their default settings, and supported values in the following table before making any changes.
Appendix A Tomcat Troubleshooting When Tomcat is operating in standalone mode, you may need to troubleshoot for the following functionality: 1. Another web server or other process is operating on the default HTTP port that Tomcat attempts to bind to at startup (8080). If this is the case, modify server.xml and replace the default port number with another, unused port greater than 1024 (because ports of 1024 or less require super user access to bind to).
Appendix B Starting/Stopping HP3PS Manually If you did not install Policy Server as a service or daemon and need to start and stop it manually, this appendix is for you. Starting Policy Server Components Manually Important! Due to limitations of Tomcat, the directory server MUST be running during startup or shutdown of Policy Server. Follow the sequence for starting and stopping the components provided below.
3. Start HP 3PAR Policy Server last: 1. Depending on your operating system: Windows -- Log in to the computer as Administrator and open a Command prompt. Linux -- Log in to the computer as root and open a shell prompt. 5. Navigate to the /Tomcat6/bin directory, where is the path to Policy Server directory on the machine. 6. Locate and run the StartHP3PS.bat (Windows) or startHP3PS.sh (Linux) script. On Linux, be sure to type startHP3PS.
Stopping Policy Server Components Manually Important! Due to limitations of Tomcat, the directory server MUST be running during startup or shutdown of Policy Server. Follow the sequence for starting and stopping the components provided below. These instructions assume that you did not install the Policy Server and HSQL database as services and that you started them manually. 1. Make sure that the internal OpenDS directory server service is running or that your external directory server is running. 2.
Index Access Rights Actions that do not support Ask for Approval, 4-3 Always Allow, 4-3 Ask for Approval, 4-3 Never Allow, 4-3 setting all permissions to same access right, 4-8 Adding Profiles, 2-5 Always Allow, 4-3 Ask for Approval, 4-3 Asset Groups Editing, 3-6 overview, 3-1 External Directory Server configuring for Tomcat after installation, 7-14 Filters default, 4-4 evaluation, 4-6 expressions, 4-5 overview, 4-4 Time Window, 4-5 Global asset group, 3-2 Initial Screen, 2-3 Installed Directories and File
Signing In, 2-2 Policy Server Backup and restore, 6-3 signing in, 2-2 starting, 6-2 Version information, 6-3 Policy Server service stopping on Windows, 7-4 PolicyManager.properties editing, 7-4 table listing content of this file, 7-6 Profiles, 2-5 Remote Sessions how long to display, 7-11 Roles assigning to users, 2-13 Security setup, 2-4 Server Information (name and version), 7-6 server.