Overview
|
A Configuration Profile is a store of configuration information required to run a
server (Enterprise Gateway, Service Monitor, or Policy Center). For example, a specific Enterprise Gateway
Configuration Profile can store certificates, users, core policies and services,
external connections, or listeners.
When you load a Configuration Profile to edit it, a copy is loaded into a Policy Studio
workspace (for example, when you edit policies, the changes are saved locally). When
you commit your updates, the local Configuration Profile is committed to the server,
and a new Version of the Configuration Profile is created and labeled with the comment
specified when committing.
A Configuration Profile can have a number of Versions, one per user commit. A newly created
Configuration Profile has one Version. A Version is read-only in the Policy Studio. When you
load a Configuration Profile to edit to it, the latest Version is returned to the Policy Studio.
Committed updates to the Configuration Profile are saved in a new Version.
|
Managing Deployed Configuration Profiles
|
The Deployment Details tab on the Oracle Enterprise Gateway
Dashboard enables you to manage the currently deployed Configuration Profiles
on a selected server process (Enterprise Gateway, Service Monitor, or Policy Center). For example,
these include the component configuration stores for core policies and services, external
connections, users, and certificates.
You can select a process to view the versions of the component configuration stores
that are currently running on that process. You can also change the currently deployed
Configuration Profile versions, and deploy updates to a server process. You can specify
and deploy Configuration Profile versions on the selected process, on a different process,
or on multiple processes.
Deploying Configuration Profile Versions
To change a currently deployed Configuration Profile or Version on the currently selected process,
perform the following steps:
-
Select a component configuration store from the table (for example,
Certificate
Store , or External Connections ). The available Profiles and
Versions for this configuration store are displayed in the panel at the bottom of the screen
(for example, Type: Certificate Store ).
-
Select the Profile that you wish to deploy in the drop-down list (for
example,
Oracle Enterprise Gateway(version) - Default Certificate
Store ). This enables you to deploy Configuration Profile versions currently deployed
on other processes. The list of Versions available for this Profile is displayed in the table
below. The configuration store to be updated is highlighted and marked with an asterisk in
the table above.
-
Select the Active checkbox for the Revision or version
that you wish to deploy (for example,
1 ).
-
Click the Deploy button at the bottom right. Alternatively, to cancel at
any time before deploying, right-click, and select Refresh.
|
Deploying Configuration Profiles to Multiple Processes
|
When connected to a Policy Center server, you can use the Deployment Wizard
to deploy Configuration Profiles to multiple processes. To deploy to one or more processes,
perform the following steps:
-
Click the Deployment Wizard button at the top of the
Process List on the left to display the Configuration
Profiles screen.
-
In the Type column, select one or more Configuration Profile types
that you wish to deploy (for example
Certificate Store , External
Connections , or Core Configuration ).
-
In the Profile column, select the Configuration Profile that you
wish to deploy from the list (for example
OracleEnterprise Gatewayversion) - Default Certificate Store ).
-
In the Revision column, select the Configuration Profile version
that you wish to deploy from the list (for example,
1 ).
-
Click Next to display the Process List dialog.
-
Select one or more processes to which to deploy the selected Configuration Profiles.
-
Click Next, and check the deployment details in the Deployment
Summary.
-
Click Finish.
|
Managing All Configuration Profiles
|
You can select Window -> Show View -> Profile Repository
from the main menu to manage all the Configuration Profile versions available to the currently logged
in User. The Profile Repository tab displays all Configuration Profiles managed by the
Policy Studio in a tree view. This includes a sub-node for each User's set of Configuration Profiles.
A User can only update the Configuration Profiles that they own (listed in My Configuration
Profiles). Super Users can modify all User Configuration Profiles as if they were the
owner. An update means internal configuration information (for example, a policy change) is updated,
added, or removed. Each Configuration Profile has only one owner. In addition, a User can copy
another User's Configuration Profile Version to create a new Configuration Profile that they can
then load into the Profile Editor for editing.
|
Managing My Configuration Profiles
|
The My Configuration Profiles node on the Profile Repository
tab shows the Configuration Profiles that the current user has ownership of. The following
configuration options are available when you right-click the My Configuration
Profiles node:
Create Baseline Configuration:
Creates a set of component store configurations using a default template.
Enter a Name prefix for the new Baseline Configuration Profile
(for example Test ), and select a currently deployed Process
from the drop-down list. Processes are listed in the following format:
MachineName:ProcessName (for example, cayote:Oracle
Enterprise Gateway). The new Baseline Configuration includes appropriately named
nodes for each component store configuration (for example, Test Core Configurations, Test
Users, Test Certificates, Test Listeners, and Test External Connections).
You can also enter an optional Comment and Description.
The new nodes are added under the My Configuration Profiles node, indicating
that the User that created the new set of Configuration Profiles is its owner.
Create Configuration Profile:
Creates a new component store configuration using a template. Enter a Name
for the new configuration store, and select a currently deployed Process and
Type from the drop-down lists. Processes are listed in the following format:
MachineName:ProcessName (for example, cayote:Oracle
Enterprise Gateway). Example Types include Core Configurations, Users, Certificates,
Listeners, and External Connections.
You can also enter an optional Comment and Description. A
new node is added under the My Configuration Profiles node, indicating that
the User that created the new component configuration store is its owner.
Create Configuration via Import:
Imports a full configuration store (for example, Core Configurations, Users, Certificates,
and so on). In addition to the fields specified in the Create Configuration
Profile dialog, you must also select a configuration file to import from.
A new node is added to the My Configuration Profiles node.
Change Owner:
If you select this option, you are presented with a list of all other Users.
When you select a new User, the ownership of the currently selected Configuration Profile
is changed to the new User.
Important Note:
The Super User can perform all options on any User's Configuration Profile node.
|
Managing a Component Store
|
A specific Configuration Profile node corresponds to an instance of a complete
component store configuration (for example, Default Certificate Store).
The set of Versions for that Configuration Profile that have been saved over time are
listed under the component store node. You can access the following configuration
options by right-clicking a component store node or its most recent Version node
in the tree:
Edit:
Opens this component store in the Profile Editor for editing so that
its policies, certificates, and so on, can be updated. The latest Version is opened
when this option is selected on the component store node. All updates applied
are saved to a local copy of the configuration file. This option is available
if more than one component store is selected in the tree (or table) with the result
that all selected component stores are simultaneously loaded into the Profile
Editor.
Commit Version:
This option is only enabled after the component store configuration is loaded in the
Profile Editor. When you commit a Configuration Profile, you are asked to
enter a Comment. When you commit your changes, the local Configuration Profile is returned
to the currently managed server (for example, Enterprise Gateway), and a new Version is created. A
new Version node is added under this configuration node. You can also use the Commit
Version menu option in the Profile Editor tab from the top-level
node for that Configuration Profile.
If you make local changes that are not committed, you are asked if you wish to load
your local version or the server version the next time you load the Configuration Profile.
This enables you to retrieve local changes if your session times out before you
commit the changes.
Create via Copy:
A copy of the latest Configuration Profile Version is taken and used to create a
new Configuration Profile. You must enter a name for the Configuration Profile. A new
Configuration Profile node is displayed under My Configuration Profiles.
Rename:
You can rename the Configuration Profile by specifying a new name in the Rename
Configuration Profile dialog.
Change Owner:
You can change the ownership of the Configuration Profile. When ownership changes, the
configuration node moves into the other User's My Configuration Profiles
node. This option is available if more than one Configuration Profile is selected in the
tree (or table).
Export:
You are asked to enter a filename to export to. The latest Version of the Configuration
Profile is exported to this file, which you can then import into a different
Enterprise Gateway configuration. For example, this is useful if you have configured the
Enterprise Gateway in a testing environment, and want to move this configuration to a live
production environment.
Archive:
Archives the Configuration Profile and all of its related Versions. The
configuration node is removed from the tree. This option is only
available if none of the Versions related to this Configuration Profile are
deployed. Note that you can not delete a Configuration Profile.
When the Policy Studio receives a request to archive a Configuration Profile, the
underlying files that hold the Configuration Profile and its Versions are moved
into the INSTALL_DIR/conf/archive directory on the Policy Studio
machine. The underlying configuration data used by the Policy Studio is deleted.
The system administrator must determine whether to remove these files from disk
and store them elsewhere for backup purposes. If there is a requirement to reload
an archived Configuration Profile or one of its Versions, the archived file must
be located manually and re-imported to create a new Configuration Profile. This
option is also available if more than one Configuration Profile is selected in
the tree (or table).
Refresh:
Retrieves the latest list of Versions for the Configuration Profile. This can
change if another User commits a version.
Compare:
If you select two Configuration Profiles, the Compare option
appears on the right-click context menu. The Configuration Profiles are loaded
into the Profile Editor tab if they are not already loaded.
A new Compare and Merge tab is opened that shows the
differences, if any, between the two selected Configuration Profiles. For more
details, see the Comparing and Merging
Configurations topic.
Configuration Profiles owned by another User
When a User selects a Configuration Profile node that they do not own, only the
Edit, Create via Copy, Export,
Refresh, and Compare options are enabled.
Important Note: A User can load another User's Configuration Profile,
but can not commit a new version of it. The User can make local changes to the
Configuration Profile, and then create a new Configuration Profile from the Profile
Editor tab that includes the local changes. You can do this using the Create
Configuration menu option on the top-level node. This is similar to the Create
via Copy option but differs in that it includes any local changes in the newly created
Configuration Profile.
Super User Access
The Super User can access all functionality on this node for all Users.
Both the Super User and the owner User can modify a Configuration Profile simultaneously
when they both make changes locally. However, the commits are synchronized so that
if a commit occurs after you load the Configuration Profile, you are warned when attempting
to commit a new Version. You can then choose to continue and overwrite the last
User's changes.
Alternatively, you can cancel the commit operation, create a new
Configuration Profile from your locally modified Configuration Profile, load the new
Version created by the other User, compare both Configuration Profiles, and then
merge the changes before committing a new Version. You can use the
Refresh menu option on the Configuration Profile
node to retrieve the latest list of Versions.
|
Managing a Configuration Version
|
A Configuration Version node relates to a committed Version of the
Configuration Profile that was saved at some point in time. After a Version
of a Configuration Profile is created, you can deploy this version of the
Configuration Profile to a server (for example, Enterprise Gateway) at any stage.
The Super User can access all functionality on this node for all Users.
You can access the following configuration options by right-clicking an
historical Version node in the tree:
Edit:
You can load an historical Version, but you can not make new Versions
(branching is not supported). You can make changes
locally and create a new Configuration Profile using the Create
Configuration menu option in the tree on the Profile
Editor tab.
Create via Copy:
A copy of the Configuration Version is taken and used to create a new
Configuration Profile. You must enter a name for the Configuration Profile.
A new Configuration Profile node appears under the My Configuration
Profiles node.
Export:
You are asked to enter a filename to export the Version to. The
Version of the Configuration Profile is exported to this file.
Compare:
If you select two Configuration Profiles, or two Versions, or one Configuration Profile
and one Version, the Compare menu option appears. For more details,
see Comparing and Merging Configurations.
Rollback:
The Rollback option is only available on historical Versions,
and is not available on the most recent Version. The Rollback
option sets the historical version to be the latest version. This enables you
to roll back to a selected point in the Version history, and potentially make
more changes. You are asked to enter a comment when rolling back to a previous
Version. Only the Configuration Profile owner or Super User can perform this
action.
Refresh:
Retrieves the latest list of Versions for the Configuration Profile. This can
change if another User commits a version.
Important Note:
You can not archive or delete Configuration Versions individually. If this was allowed,
the historical trail of updates to the Configuration Profile would not be maintained
correctly. If you wish to tidy up a Configuration Profile and remove old Versions from
drop-down lists, do the following:
-
Create a copy of the Configuration Profile. This results in a new
Configuration Profile with a single Version.
-
Redeploy any Processes that were using the old Configuration Profile
so that they are using the new Version of the Configuration Profile.
-
Archive the old Configuration Profile.
|
|