From an administrative standpoint, CA ACF2 is tailored to individual users, Access Controls & Profile Records · Mapping CA ACF2 Guides to DocOps . The security and maintenance reports assist with security maintenance, administration. Back to Bookshelf. Expand All Collapse All. Administrator Guide · Legal Notices · Contact CA Technologies; Expand Introduction Introduction · Required. ACF2 Administrator’s Guide. MVS Installations. Table of Contents. COMPILE Subcommand–RULE or ACF Setting ‘••.

Author: Tojagor Vojar
Country: Namibia
Language: English (Spanish)
Genre: Science
Published (Last): 7 December 2012
Pages: 439
PDF File Size: 18.7 Mb
ePub File Size: 17.92 Mb
ISBN: 845-2-23032-409-3
Downloads: 94669
Price: Free* [*Free Regsitration Required]
Uploader: Zolomuro

Designer contains fourteen builders to help you build working policies and drivers, seven editors to assist you in editing projects, and wizards to help you build drivers.

Designer also contains over thirty views to help you design and implement Identity Manager solutions. Experienced users can bypass the wizards and interact directly at any level of detail. Provides overview of Identity Manager and its components. Zcf2 book also provides detailed planning and installation information for Identity Manager. Provides information about designing, testing, documenting, and deploying Identity Manager solutions in a highly productive environment.

Describes the user interface of the Identity Manager User Application and how you can use the features it offers, including identity self-service, the Work Dashboard, role and resource management, and compliance management. Describes how to use the Designer to create User Application components, including how to work with the Provisioning view, the directory abstraction layer editor, the provisioning request definition editor, the provisioning team editor, and the role catalog.

Describes the Adminjstrator Reporting Module for Identity Manager and how you can use the features it offers, including the Reporting Module user interface and custom report definitions, as well as providing installation acministrator.

Provides information about administration gulde that are common to all Identity Manager drivers. We are a global, enterprise software company, with a focus on the three persistent challenges in your environment: Change, complexity and risk—and how we can help you control them. In fact, of all the challenges you face, these are perhaps the most prominent variables that deny you the control you need to securely measure, monitor, and manage your physical, virtual, and cloud computing environments.

We believe that providing as much control as possible to IT organizations is the only way to enable timelier and cost effective delivery of services. Persistent pressures like change and complexity will only continue to increase as organizations continue to change and the technologies needed to manage them become inherently more complex.

In order to provide reliable control, we first make sure we understand the real-world scenarios in which IT organizations like yours operate — day in and day out. That’s the only way we can develop practical, intelligent IT solutions that successfully yield proven, measurable results. And that’s so much more rewarding than simply selling software. We place your success at the heart of how we do business. From product inception to deployment, we understand that you need IT solutions that work well and integrate seamlessly with your existing investments; you need ongoing support and training post-deployment; and you need someone that is truly easy to work with — for a change.

Ultimately, when you adminiatrator, we adminisrator succeed. For questions about products, pricing, and capabilities, contact your local partner. If you cannot contact your partner, contact our Sales Support team. Our goal is to provide documentation that meets your needs.

If adminkstrator have suggestions for improvements, click Avf2 Comment at the bottom of any page in the HTML versions of the documentation posted at www. You can also email Documentation-Feedback netiq. We value your input gujde look forward to hearing from you. By providing more immediate information, useful links to helpful resources, and access to NetIQ experts, Qmunity administraror ensure you are mastering the knowledge you need to realize the full potential adimnistrator IT administratpr upon which you rely.


For more information, visit http: This flexible interface provides the option for implementing additional business logic through REXX programming. The Identity Manager 4. Key features of the driver include:. Operator command control for starting and stopping the driver shim, configuring Remote Loader options, and displaying status information. When Identity Manager detects relevant daministrator to identities in its Identity Vault, it uses the Subscriber channel to process and communicate the updates to all connected systems.

When changes to passwords and other items relevant to Identity Manager are made at the local ACF2 installation, two security system exit routines are used to capture the changes and place them in a cross memory queue.

At configurable intervals, the Publisher component of the driver polls the change log for events and submits them to Identity Manager, where they are processed for posting to the Identity Vault. Most components of the bidirectional ACF2 driver can be associated with one of the two channels of communication—Subscriber and Publisher—used by the driver and Identity Manager admimistrator general.

In this way, Avf2 functions as a subscriber to Identity Manager events, receiving any updates from the central Identity Vault via the Subscriber channel.

Provides a reference to the hierarchy of objects and attributes available in ACF2. The driver reads the schema map, usually at startup. Optional configuration file for listing local ACF2 identities that you wish to be included or excluded from the central Identity Vault. Allows local system policy to enforce which objects receive provisioning through the Subscriber channel. Mainframe scripts that apply the schema map and standard TSO commands to issue changes to ACF2 accounts—including adds, modifies, deletes, and renames—for User objects, and to handle password synchronization.

Can be extended to support other object types and events. Exit routine that detects changes to the ACF2 Logonid database. These changes are written to the cross memory queue; the change log started task is notified each time an event is placed in the memory queue.

Exit routine that detects password changes to ACF2. Exit routine that detects password phrase changes to ACF2. Enables communication between Identity Manager and ACF2 as if they were running in a common environment. Identity Manager has no specific knowledge of the Remote Loader.

For improved efficiency, the ACF2 driver has its own embedded remote loader, which is used in place of the standard version bundled with Identity Manager. This component also replies to the Metadirectory engine with XDS status documents. Polls the change log for new event data and sends it to the Metadirectory engine for processing. It also clears each event entry from the change log after it has been processed. This prevents redundant loopback to Identity Manager for any changes made through the Subscriber channel.

Tool used by both channels to query the ACF2 Logonid database for records and fields. The memory queue is an encrypted, in-storage buffer used to record events sequentially. Only one system that shares the security system database runs the driver shim started task. This prevents the exit routines from generating events for commands issued by the Subscriber shim. REXX Execs are essentially scripts that are designed to run on a mainframe. The provided REXX execs support adds, modifies, deletes, and renames for User objects, and handle password synchronization.

You can extend the REXX execs to support other object types and events. The interface between the security system and the driver shim uses customizable REXX execs. You can extend the execs that are provided with the driver to support other applications and databases.

Several utility execs and helper commands are provided with the driver to enable communication with the driver shim and the change log. An extensible connected system schema file allows you to add your own objects and attributes to those already supported by the driver. The configuration of class and attribute definitions for the connected system is specified using the schema file. You can modify and extend this file to include new objects and attributes.


For details about configuring the schema file, see Section 6. The driver uses the keywords of the ACF2 administrative commands to define the schema. The schema includes one classe: This corresponds to ACF2 Logonid records.

Some items in the schema refer to keywords used to create and modify ACF2 Logonids, but cannot be queried or synchronized. These attributes can be used only by Identity Manager policies to make event-time decisions that affect the behavior of the ACF2 administrative command. The auxiliary schema used to extend eDirectory does not include these attributes.

Identity Manager Driver for Mainframes: ACF2 Implementation Guide

This aeministrator for administrative rules to be set and enforced locally rather than having processing decisions made by the Metadirectory engine. To control which objects are processed by the Publisher channel, use policies. For details about customizing policies, see the Identity Manager administrqtor. The Publisher shim periodically examines the change log for events. When the Publisher shim finds events in the change log, it decrypts, processes, and sends them to the Metadirectory engine over a Secure Sockets Layer SSL network link.

The Metadirectory engine applies policies, takes appropriate actions, and posts the events to the Identity Vault. ACF2 provides two exit interfaces. The driver uses these ac2 to detect activities of interest and to place events in the memory queue. When the driver exit routines place an event in the memory queue, they notify the change log started task. The change log started task then moves the event information to the change log data set. Monitor password changes from the local security system and record user and password information in the memory queue.

Monitor qdministrator system administrative commands entered by users, either directly from the TSO command line, or as generated by the administrative panels. The exit routines record these commands and related information, such as the issuer and time stamp, in the memory queue.

The memory queue is an encrypted, in-storage buffer that holds events. Events are added to the memory queue by the security system exit routines, and are axf2 from the queue by the change log started task. The change log started task is notified of events added to the memory queue by the driver exit routines and moves them to the change log data set. Each system that shares a security system database must run the change log started task.

The change log started task removes encrypted events from the memory queue and stores them in the change log data set for processing by the Publisher shim. The Publisher shim removes events from the change log at configurable intervals and submits them to the Metadirectory engine. If communication with the Metadirectory engine is temporarily lost, events remain in the change log until communication becomes available again.

Unsupported SSL/TLS Version

There is one change log data set for the set of systems that share the security system database. The change log data set must reside on a shared device unless the security system database is not shared.

This section discusses driver configuration details specific to the Identity Manager driver for ACF2. For basic configuration information, see the Identity Manager 4.