This section provides information and instructions for running an SSM without an SCM.
Overview
An SCM is responsible for storing and maintaining the configuration data for all SSMs running on a machine. An SSM receives its configuration data from the SCM at startup and whenever a configuration change is made and distributed from the Administration Server. The SCM receives and caches the updated information, and provides it to the SSM when it is restarted.
Tip:
The term ’configuration’ is used in its restrictive sense here and refers only to the SCM, SSM, and the SSM’s security providers. It does not refer to policy data.
An SSM can run without an SCM by obtaining its configuration information from data that is exported from the ALES database using the PolicyIX tool. This tool allows you to export configuration data to an XML file that is read by the SSM when it is restarted.
Notes:
The PolicyIX tool can extract both policy and configuration information from the database. In this context, it is used to extract configuration information only.
Information in this section does not apply to the WLS SSM, which uses configuration information maintained in the WebLogic 9.x/10.x Administration Console. It does not use either an SCM or configuration data exported from the ALES database.
Choosing How to Run the SSM
Use the following criteria when deciding whether to use an SCM or exported configuration data:
A running SCM provides the ability to centrally manage all SSM configurations on a machine. This is extremely useful when running multiple SSMs and configuration changes are common.
The SCM is an additional process that must be installed and maintained. This may be unneeded if configuration changes are relatively rare.
When using an XML file, a manual export must be performed whenever a configuration change is made in the database. This may prove cumbersome, particularly when frequent configuration changes are made.
Once an SSM is set up to obtain configuration data from an XML file, it cannot be switched to use an SCM. The SSM must be removed and then reinstalled.
An SCM configuration must be maintained in the database whether or not an SCM is used on the SSM machine. The SCM configuration is the collection point for the SSM’s configuration data that is exported from the database to the XML file.
Installing An SSM Without An SCM
During the SSM installation process, the Centralized Configuration of Security Providers window displays, as shown in Figure 9-1. When you clear the Allow centralized configuration... checkbox, the SSM will not use an SCM.
Figure 9-1 Disabling an SCM
Exporting Configuration Data
Perform the following steps to export an SSM’s configuration data using the PolicyIX tool:
Note:
Complete information about PolicyIX commands is provided in the PolicyIX section of the Administration Reference.
In the BEA_HOME/ales30-admin/bin directory, enter the following command:
