Managing Configuration Profiles

• Overview
• Managing Deployed Configuration Profiles
• Deploying Configuration Profiles to Multiple Processes
• Managing All Configuration Profiles
• Managing My Configuration Profiles
• Managing a Component Store
• Managing a Configuration Version

Overview

A Configuration Profile is a store of configuration information required to run a server (Enterprise Gateway, Service Monitor, or Policy Center). For example, a specific Enterprise Gateway Configuration Profile can store certificates, users, core policies and services, external connections, or listeners.

When you load a Configuration Profile to edit it, a copy is loaded into a Policy Studio workspace (for example, when you edit policies, the changes are saved locally). When you commit your updates, the local Configuration Profile is committed to the server, and a new Version of the Configuration Profile is created and labeled with the comment specified when committing.

A Configuration Profile can have a number of Versions, one per user commit. A newly created Configuration Profile has one Version. A Version is read-only in the Policy Studio. When you load a Configuration Profile to edit to it, the latest Version is returned to the Policy Studio. Committed updates to the Configuration Profile are saved in a new Version.

Managing Deployed Configuration Profiles

The Deployment Details tab on the Oracle Enterprise Gateway Dashboard enables you to manage the currently deployed Configuration Profiles on a selected server process (Enterprise Gateway, Service Monitor, or Policy Center). For example, these include the component configuration stores for core policies and services, external connections, users, and certificates.

You can select a process to view the versions of the component configuration stores that are currently running on that process. You can also change the currently deployed Configuration Profile versions, and deploy updates to a server process. You can specify and deploy Configuration Profile versions on the selected process, on a different process, or on multiple processes.

Deploying Configuration Profile Versions
To change a currently deployed Configuration Profile or Version on the currently selected process, perform the following steps:

1. Select a component configuration store from the table (for example, Certificate Store, or External Connections). The available Profiles and Versions for this configuration store are displayed in the panel at the bottom of the screen (for example, Type: Certificate Store).
2. Select the Profile that you wish to deploy in the drop-down list (for example, Oracle Enterprise Gateway(version) - Default Certificate Store). This enables you to deploy Configuration Profile versions currently deployed on other processes. The list of Versions available for this Profile is displayed in the table below. The configuration store to be updated is highlighted and marked with an asterisk in the table above.
3. Select the Active checkbox for the Revision or version that you wish to deploy (for example, 1).
4. Click the Deploy button at the bottom right. Alternatively, to cancel at any time before deploying, right-click, and select Refresh.

Deploying Configuration Profiles to Multiple Processes

When connected to a Policy Center server, you can use the Deployment Wizard to deploy Configuration Profiles to multiple processes. To deploy to one or more processes, perform the following steps:

1. Click the Deployment Wizard button at the top of the Process List on the left to display the Configuration Profiles screen.
2. In the Type column, select one or more Configuration Profile types that you wish to deploy (for example Certificate Store, External Connections, or Core Configuration).
3. In the Profile column, select the Configuration Profile that you wish to deploy from the list (for example OracleEnterprise Gatewayversion) - Default Certificate Store).
4. In the Revision column, select the Configuration Profile version that you wish to deploy from the list (for example, 1).
5. Click Next to display the Process List dialog.
6. Select one or more processes to which to deploy the selected Configuration Profiles.
7. Click Next, and check the deployment details in the Deployment Summary.
8. Click Finish.

Managing All Configuration Profiles

You can select Window -> Show View -> Profile Repository from the main menu to manage all the Configuration Profile versions available to the currently logged in User. The Profile Repository tab displays all Configuration Profiles managed by the Policy Studio in a tree view. This includes a sub-node for each User's set of Configuration Profiles.

A User can only update the Configuration Profiles that they own (listed in My Configuration Profiles). Super Users can modify all User Configuration Profiles as if they were the owner. An update means internal configuration information (for example, a policy change) is updated, added, or removed. Each Configuration Profile has only one owner. In addition, a User can copy another User's Configuration Profile Version to create a new Configuration Profile that they can then load into the Profile Editor for editing.

Managing My Configuration Profiles

The My Configuration Profiles node on the Profile Repository tab shows the Configuration Profiles that the current user has ownership of. The following configuration options are available when you right-click the My Configuration Profiles node:

Create Baseline Configuration:
Creates a set of component store configurations using a default template. Enter a Name prefix for the new Baseline Configuration Profile (for example Test), and select a currently deployed Process from the drop-down list. Processes are listed in the following format: MachineName:ProcessName (for example, cayote:Oracle Enterprise Gateway). The new Baseline Configuration includes appropriately named nodes for each component store configuration (for example, Test Core Configurations, Test Users, Test Certificates, Test Listeners, and Test External Connections).

You can also enter an optional Comment and Description. The new nodes are added under the My Configuration Profiles node, indicating that the User that created the new set of Configuration Profiles is its owner.

Create Configuration Profile:
Creates a new component store configuration using a template. Enter a Name for the new configuration store, and select a currently deployed Process and Type from the drop-down lists. Processes are listed in the following format: MachineName:ProcessName (for example, cayote:Oracle Enterprise Gateway). Example Types include Core Configurations, Users, Certificates, Listeners, and External Connections.

You can also enter an optional Comment and Description. A new node is added under the My Configuration Profiles node, indicating that the User that created the new component configuration store is its owner.

Create Configuration via Import:
Imports a full configuration store (for example, Core Configurations, Users, Certificates, and so on). In addition to the fields specified in the Create Configuration Profile dialog, you must also select a configuration file to import from. A new node is added to the My Configuration Profiles node.

Change Owner:
If you select this option, you are presented with a list of all other Users. When you select a new User, the ownership of the currently selected Configuration Profile is changed to the new User.

Important Note: The Super User can perform all options on any User's Configuration Profile node.

Managing a Component Store

A specific Configuration Profile node corresponds to an instance of a complete component store configuration (for example, Default Certificate Store). The set of Versions for that Configuration Profile that have been saved over time are listed under the component store node. You can access the following configuration options by right-clicking a component store node or its most recent Version node in the tree:

Edit:
Opens this component store in the Profile Editor for editing so that its policies, certificates, and so on, can be updated. The latest Version is opened when this option is selected on the component store node. All updates applied are saved to a local copy of the configuration file. This option is available if more than one component store is selected in the tree (or table) with the result that all selected component stores are simultaneously loaded into the Profile Editor.

Commit Version:
This option is only enabled after the component store configuration is loaded in the Profile Editor. When you commit a Configuration Profile, you are asked to enter a Comment. When you commit your changes, the local Configuration Profile is returned to the currently managed server (for example, Enterprise Gateway), and a new Version is created. A new Version node is added under this configuration node. You can also use the Commit Version menu option in the Profile Editor tab from the top-level node for that Configuration Profile.

If you make local changes that are not committed, you are asked if you wish to load your local version or the server version the next time you load the Configuration Profile. This enables you to retrieve local changes if your session times out before you commit the changes.

Create via Copy:
A copy of the latest Configuration Profile Version is taken and used to create a new Configuration Profile. You must enter a name for the Configuration Profile. A new Configuration Profile node is displayed under My Configuration Profiles.

Rename:
You can rename the Configuration Profile by specifying a new name in the Rename Configuration Profile dialog.

Change Owner:
You can change the ownership of the Configuration Profile. When ownership changes, the configuration node moves into the other User's My Configuration Profiles node. This option is available if more than one Configuration Profile is selected in the tree (or table).

Export:
You are asked to enter a filename to export to. The latest Version of the Configuration Profile is exported to this file, which you can then import into a different Enterprise Gateway configuration. For example, this is useful if you have configured the Enterprise Gateway in a testing environment, and want to move this configuration to a live production environment.

Archive:
Archives the Configuration Profile and all of its related Versions. The configuration node is removed from the tree. This option is only available if none of the Versions related to this Configuration Profile are deployed. Note that you can not delete a Configuration Profile.

When the Policy Studio receives a request to archive a Configuration Profile, the underlying files that hold the Configuration Profile and its Versions are moved into the INSTALL_DIR/conf/archive directory on the Policy Studio machine. The underlying configuration data used by the Policy Studio is deleted. The system administrator must determine whether to remove these files from disk and store them elsewhere for backup purposes. If there is a requirement to reload an archived Configuration Profile or one of its Versions, the archived file must be located manually and re-imported to create a new Configuration Profile. This option is also available if more than one Configuration Profile is selected in the tree (or table).

Refresh:
Retrieves the latest list of Versions for the Configuration Profile. This can change if another User commits a version.

Compare:
If you select two Configuration Profiles, the Compare option appears on the right-click context menu. The Configuration Profiles are loaded into the Profile Editor tab if they are not already loaded. A new Compare and Merge tab is opened that shows the differences, if any, between the two selected Configuration Profiles. For more details, see the Comparing and Merging Configurations topic.

Configuration Profiles owned by another User
When a User selects a Configuration Profile node that they do not own, only the Edit, Create via Copy, Export, Refresh, and Compare options are enabled.

Important Note: A User can load another User's Configuration Profile, but can not commit a new version of it. The User can make local changes to the Configuration Profile, and then create a new Configuration Profile from the Profile Editor tab that includes the local changes. You can do this using the Create Configuration menu option on the top-level node. This is similar to the Create via Copy option but differs in that it includes any local changes in the newly created Configuration Profile.

Super User Access
The Super User can access all functionality on this node for all Users. Both the Super User and the owner User can modify a Configuration Profile simultaneously when they both make changes locally. However, the commits are synchronized so that if a commit occurs after you load the Configuration Profile, you are warned when attempting to commit a new Version. You can then choose to continue and overwrite the last User's changes.

Alternatively, you can cancel the commit operation, create a new Configuration Profile from your locally modified Configuration Profile, load the new Version created by the other User, compare both Configuration Profiles, and then merge the changes before committing a new Version. You can use the Refresh menu option on the Configuration Profile node to retrieve the latest list of Versions.

Managing a Configuration Version

A Configuration Version node relates to a committed Version of the Configuration Profile that was saved at some point in time. After a Version of a Configuration Profile is created, you can deploy this version of the Configuration Profile to a server (for example, Enterprise Gateway) at any stage. The Super User can access all functionality on this node for all Users.

You can access the following configuration options by right-clicking an historical Version node in the tree:

Edit:
You can load an historical Version, but you can not make new Versions (branching is not supported). You can make changes locally and create a new Configuration Profile using the Create Configuration menu option in the tree on the Profile Editor tab.

Create via Copy:
A copy of the Configuration Version is taken and used to create a new Configuration Profile. You must enter a name for the Configuration Profile. A new Configuration Profile node appears under the My Configuration Profiles node.

Export:
You are asked to enter a filename to export the Version to. The Version of the Configuration Profile is exported to this file.

Compare:
If you select two Configuration Profiles, or two Versions, or one Configuration Profile and one Version, the Compare menu option appears. For more details, see Comparing and Merging Configurations.

Rollback:
The Rollback option is only available on historical Versions, and is not available on the most recent Version. The Rollback option sets the historical version to be the latest version. This enables you to roll back to a selected point in the Version history, and potentially make more changes. You are asked to enter a comment when rolling back to a previous Version. Only the Configuration Profile owner or Super User can perform this action.

Refresh:
Retrieves the latest list of Versions for the Configuration Profile. This can change if another User commits a version.

Important Note:
You can not archive or delete Configuration Versions individually. If this was allowed, the historical trail of updates to the Configuration Profile would not be maintained correctly. If you wish to tidy up a Configuration Profile and remove old Versions from drop-down lists, do the following:

1. Create a copy of the Configuration Profile. This results in a new Configuration Profile with a single Version.
2. Redeploy any Processes that were using the old Configuration Profile so that they are using the new Version of the Configuration Profile.
3. Archive the old Configuration Profile.