Integrating with AquaLogic Enterprise Repository

This section describes how to integrate AquaLogic Enterprise Security with AquaLogic Enterprise Repository. It includes the following topics:

Introduction

AquaLogic Enterprise Repository (ALER) manages the metadata for any type of software asset, from business processes and Web services to patterns, frameworks, applications, and components. You can use AquaLogic Enterprise Repository to manage AquaLogic Enterprise Security policy data as ALER software assets. By integrating ALER with ALES, you can:

More easily share ALES policy information between implementers and designers.
Use the ALER workflow to manage approval of changes made to ALES assets.
Maintain versioning of ALES policy. An ALES asset can have its version number updated in ALER when a change occurs in the policy definition contained within the asset.
Use ALER's advanced categorization, reports and querying of ALES assets.

Setting Up ALER to Manage ALES Assets

Install and configure ALER and ALES. For information about installing ALER, see the ALER Installation Guide. For information about installing ALES, see Installing the Administration Server.
Configure ALER to enable import and export, as described in Setting ALER System Properties for Import and Export.
Import the ALES Policy Asset Type into ALER, as described in Importing the ALES Policy Asset Type into ALER.

Setting ALER System Properties for Import and Export

In order to use the ALES policyIX utility to import and export ALES assets to ALER, set to true the following system properties in ALER:

cmee.importexport.enabled (enables the REX Open API on the ALER server)
cmee.extframework.enabled (enables exporting assets to and importing assets from ALER)

In the ALER console, open the Admin tab.
Select System Settings from the left column.
Under Import / Export and Introspection > Import / Export, set Import/Export Client cmee.importexport.enabled to True.
Under Open API > Common, set Open API Enabled cmee.extframework.enabled to True.
Click Save.

Importing the ALES Policy Asset Type into ALER

In the ALER console, open the Admin tab.
Select Import Export > Import/Export Client to launch the ALER Import/Export Client.

Figure 13-1 Starting the ALER Import/Export Client

Starting the ALER Import/Export Client

In the Select file to import field of the Import tab, locate the ALES Policy Asset Type definition. It can be found at ALES_ADMIN_HOME/lib/alesAssetSchemaObjects.jar. Click Next twice.
Close the ALER Import/Export Client.

In the ALER console, open the Assets tab and click Edit/Manage Assets. The Asset Editor opens.
In the Asset Editor, select Actions > Manage Types. The ALES Policy asset should appear in the Type Manager.

Figure 13-2 ALER Type Manager

ALER Type Manager

Using ALER to Manage ALES Assets

Once you have set up the ALES Policy Asset Type in ALER, you can use ALER to manage workflow, policy approval, and policy versioning. The ALER console also gives you the ability to directly modify data in an ALES Policy Asset. This is not recommended, however. Instead, changes to ALES Policy Asset data should be made in ALES and imported into ALER. See Importing and Exporting with policyIX.

ALES Policy Asset Type

In ALER, the term asset is used to describe an object that contains metadata. Before an asset can be created, there must be an asset type by which to categorize the asset. An asset type contains the structure of the asset. The ALER asset type named ALES Policy is a defined asset type in ALER that contains ALES metadata, such as privileges, policy, resources, and resource attributes. An ALES Policy Asset can be considered a container of ALES policy information.

Viewing ALES Policy Assets in the ALER Console

The ALER Asset Editor displays ALES Policy Assets in the following tabs (see Figure 13-3):

Overview - General information such as asset name and location, and notification e-mail (the e-mail address of the user to be notified if the asset changes).
Resources - Data for resources and resource attributes. The Resources tab displays columns for each of the following:

Resource Name - The name of the resource
Resource Type - The type of the resource (a dropdown menu containing only valid resource types)
Description - Description of the resource
Virtual Resource - Indicates whether the resource is a virtual resource
Distribution Point- Indicates whether the resource is a Distribution Point
Attributes - The resource attributes that are associated with the resource. This column contains a table of attributes that belong to the resource.

Authorization Policies - Allows you to add, edit, or delete Authorization policies, Privileges and Privilege Groups.
Role Mapping Policies - Allows you to add, edit, or delete role mapping policies.
Bindings - The SCM name, SSM name, and Binding Resources of the asset.
Entitlements Data - Information related to Identities, Identity Schema, Groups, Group attributes and Group memberships that are created by the Entitlements UI and RBAC API.
Administration - ALER administration information, with information about the creation, submission, acceptance, assignment, notification, and registration of the asset.

Figure 13-3 ALES Policy Asset Editor Tabs

ALES Policy Asset Editor Tabs

Versioning ALES Assets

ALER maintains version information for its assets. ALES Policy Assets use version numbers in the format N.N (1.0, for example). When you import ALES Policy Assets into ALER for the first time, the version number is set to 1.0. When you subsequently import the same assets, the version number is incremented by 1. You can also modify the version number of an asset within ALER.

Importing and Exporting with policyIX

AquaLogic Enterprise Security includes a utility named policyIX that you can use to import and export policy data from ALER. You can use policyIX to import or export directly between ALES and ALER, or you can import or export from a policy file. Importing or exporting from a file does not require you to be able to connect to a running ALES Administration Server.

Exporting to ALER from ALES

To export policy assets to ALER from ALES, run policyIX with the -exportToALER option:

To export policy data from a policy file to ALER, run policyIX with the -exportToALER option and specify a destination file:

Importing to ALES from ALER

To import policy data to ALES from ALER, run policyIX with the -importFromALER option:

To import policy data from ALER to a policy file, run policyIX with the -importFromALER option and specify a destination file:

You can subsequently import the policy data from the policy file into ALES with a command like:

Configuration File for ALER Importing and Exporting

The policyIX utility uses a configuration file, the location of which is specified as an argument. A sample policyIX configuration file can be found at ALES_ADMIN_HOME/config/policyIX_config.xml. See PolicyIX: config.xml in the ALES Adminstration Reference or the comments in the sample policyIX_config.xml file for information about the values to include in your configuration file. In your configuration file, specify the following ALER-related elements:

aler_configuration

aler_property

server_url - ALER connection URL
username - user name to use to connect to ALER
userPassword - user password to connect to ALER
assetDescription - a description of the asset
assetName - name of the asset to export or import
importAssetVersion - Asset version to import; valid only if the -importFromALER policyIX option is used.

<aler_configuration>
    <!-- ALER Connection URL -->
  <aler_property name="server_url"
        value=http://localhost:7101/aler/services/FlashlineRegistry/>
  <!-- User name and password to user to connect to ALER-->
  <aler_property name="userName" value="admin"/>
  <aler_property name="userPassword" value="admin"/>
  <!-- Name of the ALER asset to export/import -->
  <aler_property name="assetName" value="MyALESPolicy"/>
  <aler_property name="assetDescription" 
                 value="This is an ALES Policy asset"/>
        
<!-- Asset version to import, only valid if the -importFromAler switch is used -->
  <aler_property name="importAssetVersion" value="2"/>
</aler_configuration>

Integrating ALES with Application Environments