Managing Configuration Profiles

Contents

Overview

A Configuration Profile is a store of configuration information required to run a server (Enterprise Gateway, Service Monitor, or Policy Center). For example, a specific Enterprise Gateway Configuration Profile can store certificates, users, core policies and services, external connections, or listeners.

When you load a Configuration Profile to edit it, a copy is loaded into a Policy Studio workspace (for example, when you edit policies, the changes are saved locally). When you commit your updates, the local Configuration Profile is committed to the server, and a new Version of the Configuration Profile is created and labeled with the comment specified when committing.

A Configuration Profile can have a number of Versions, one per user commit. A newly created Configuration Profile has one Version. A Version is read-only in the Policy Studio. When you load a Configuration Profile to edit to it, the latest Version is returned to the Policy Studio. Committed updates to the Configuration Profile are saved in a new Version.

Managing Deployed Configuration Profiles

The Advanced tab on the Oracle Enterprise Gateway Dashboard enables you to manage the currently deployed Configuration Profiles on a selected server process (Enterprise Gateway, Service Monitor, or Policy Center). These include the Configuration Profiles for its Certificate Store, User Store, Core Configuration, External Connections and Listeners.

You can select a process to view the versions of the Configuration Profiles that are currently running on that process. You can also change the currently deployed versions, and deploy updates to a server process. You can specify and deploy profile versions on the selected process, on a different process, or on multiple processes.

Deploying Configuration Profile Versions
To change a currently deployed Configuration Profile or Version on the currently selected process, perform the following steps:

  1. Select a Configuration Profile from the table (for example, Certificate Store, or External Connections). The Profiles and Versions are displayed in the panel at the bottom of the screen (for example, Type: Certificate Store).
  2. Select the Profile that you wish to deploy in the drop-down list (for example, Oracle Enterprise Gateway(version) - Default Certificate Store). This enables you to deploy Configuration Profile versions currently deployed on other processes. The list of Versions available for this Profile is displayed in the table below. The Configuration Profile to be updated is highlighted and marked with an asterisk in the table above.
  3. Select the Active checkbox for the Revision or version that you wish to deploy (for example, 1).
  4. Click the Deploy button at the bottom right. Alternatively, to cancel at any time before deploying, right-click, and select Refresh.

Managing All Configuration Profiles

You can select Window -> Show View -> Tag/Profile Manager from the main menu to manage all the Configuration Profile versions available to the currently logged in User. The Tag/Profile Manager tab displays all Configuration Profiles managed by the Policy Studio in a tree view. This includes a sub-node for each User's set of Configuration Profiles.

A User can only update the Configuration Profiles that they own (listed in My Configuration Profiles). Super Users can modify all User Configuration Profiles as if they were the owner. An update means internal configuration information (for example, a policy change) is updated, added, or removed. Each Configuration Profile has only one owner. In addition, a User can copy another User's Configuration Profile Version to create a new Configuration Profile that they can then load into the Profile Editor for editing.

Managing My Configuration Profiles

The My Configuration Profiles node on the Tag/Profile Manager tab shows the Configuration Profiles that the current user has ownership of. The following configuration options are available when you right-click the My Configuration Profiles node:

Create Baseline Configuration:
Creates a set of Configuration Profiles using a default template. Enter a Name prefix for the new Baseline Configuration Profile (for example Test), and select a currently deployed Process from the drop-down list. Processes are listed in the following format: MachineName:ProcessName (for example, cayote:Oracle Enterprise Gateway). The new Baseline Configuration includes appropriately named nodes for each Configuration Profile (for example, Test Core Configurations, Test Users, Test Certificates, Test Listeners, and Test External Connections).

You can also enter an optional Comment and Description. The new nodes are added under the My Configuration Profiles node, indicating that the User that created the new set of Configuration Profiles is its owner.

Create Configuration Profile:
Creates a new Configuration Profile using a template. Enter a Name for the new Configuration Profile, and select a currently deployed Process and Type from the drop-down lists. Processes are listed in the following format: MachineName:ProcessName (for example, cayote:Oracle Enterprise Gateway). Example Types include Core Configurations, Users, Certificates, Listeners, and External Connections.

You can also enter an optional Comment and Description. A new node is added under the My Configuration Profiles node, indicating that the User that created the new Configuration Profile is its owner.

Create Configuration via Import:
Imports a full set of Configuration Profiles (for example, Core Configurations, Users, Certificates, and so on). In addition to the fields specified in the Create Configuration Profile dialog, you must also select a configuration file to import from. A new node is added to the My Configuration Profiles node.

Change Owner:
If you select this option, you are presented with a list of all other Users. When you select a new User, the ownership of the currently selected Configuration Profile is changed to the new User.

Important Note: The Super User can perform all options on any User's Configuration Profile node.

Managing a Configuration Profile

A specific Configuration Profile node corresponds to an instance of a complete component store configuration (for example, Default Certificate Store). The set of Versions for that Configuration Profile that have been saved over time are listed under the Configuration Profile node. You can access the following configuration options by right-clicking a Configuration Profile node or its most recent Version node in the tree:

Edit:
Opens this Configuration Profile in the Profile Editor for editing so that its policies, certificates, and so on, can be updated. The latest Version is opened when this option is selected on the Configuration Profile node. All updates applied are saved to a local copy of the configuration file. This option is available if more than one Configuration Profile is selected in the tree (or table) with the result that all selected Configuration Profile are simultaneously loaded into the Profile Editor.

Commit Version:
This option is only enabled after the Configuration Profile is loaded in the Profile Editor. When you commit a Configuration Profile, you are asked to enter a Comment. When you commit your changes, the local Configuration Profile is returned to the currently managed server (for example, Enterprise Gateway), and a new Version is created. A new Version node is added under this configuration node. You can also use the Commit Version menu option in the Profile Editor tab from the top-level node for that Configuration Profile.

If you make local changes that are not committed, you are asked if you wish to load your local version or the server version the next time you load the Configuration Profile. This enables you to retrieve local changes if your session times out before you commit the changes.

Create via Copy:
A copy of the latest Configuration Profile Version is taken and used to create a new Configuration Profile. You must enter a name for the Configuration Profile. A new Configuration Profile node is displayed under My Configuration Profiles.

Rename:
You can rename the Configuration Profile by specifying a new name in the Rename Configuration Profile dialog.

Change Owner:
You can change the ownership of the Configuration Profile. When ownership changes, the configuration node moves into the other User's My Configuration Profiles node. This option is available if more than one Configuration Profile is selected in the tree (or table).

Export:
You are asked to enter a filename to export to. The latest Version of the Configuration Profile is exported to this file, which you can then import into a different Enterprise Gateway configuration. For example, this is useful if you have configured the Enterprise Gateway in a testing environment, and want to move this configuration to a live production environment.

Archive:
Archives the Configuration Profile and all of its related Versions. The configuration node is removed from the tree. This option is only available if none of the Versions related to this Configuration Profile are deployed. Note that you can not delete a Configuration Profile.

When the Policy Studio receives a request to archive a Configuration Profile, the underlying files that hold the Configuration Profile and its Versions are moved into the INSTALL_DIR/conf/archive directory on the Policy Studio machine. The underlying configuration data used by the Policy Studio is deleted. The system administrator must determine whether to remove these files from disk and store them elsewhere for backup purposes. If there is a requirement to reload an archived Configuration Profile or one of its Versions, the archived file must be located manually and re-imported to create a new Configuration Profile. This option is also available if more than one Configuration Profile is selected in the tree (or table).

Refresh:
Retrieves the latest list of Versions for the Configuration Profile. This can change if another User commits a version.

Compare:
If you select two Configuration Profiles, the Compare option appears on the right-click context menu. The Configuration Profiles are loaded into the Profile Editor tab if they are not already loaded. A new Compare and Merge tab is opened that shows the differences, if any, between the two selected Configuration Profiles. For more details, see the Comparing and Merging Configurations topic.

Configuration Profiles owned by another User
When a User selects a Configuration Profile node that they do not own, only the Edit, Create via Copy, Export, Refresh, and Compare options are enabled.

Important Note: A User can load another User's Configuration Profile, but can not commit a new version of it. The User can make local changes to the Configuration Profile, and then create a new Configuration Profile from the Profile Editor tab that includes the local changes. You can do this using the Create Configuration menu option on the top-level node. This is similar to the Create via Copy option but differs in that it includes any local changes in the newly created Configuration Profile.

Super User Access
The Super User can access all functionality on this node for all Users. Both the Super User and the owner User can modify a Configuration Profile simultaneously when they both make changes locally. However, the commits are synchronized so that if a commit occurs after you load the Configuration Profile, you are warned when attempting to commit a new Version. You can then choose to continue and overwrite the last User's changes.

Alternatively, you can cancel the commit operation, create a new Configuration Profile from your locally modified Configuration Profile, load the new Version created by the other User, compare both Configuration Profiles, and then merge the changes before committing a new Version. You can use the Refresh menu option on the Configuration Profile node to retrieve the latest list of Versions.

Managing a Configuration Version

A Configuration Version node relates to a committed Version of the Configuration Profile that was saved at some point in time. After a Version of a Configuration Profile is created, you can deploy this version of the Configuration Profile to a server (for example, Enterprise Gateway) at any stage. The Super User can access all functionality on this node for all Users.

You can access the following configuration options by right-clicking an historical Version node in the tree:

Edit:
You can load an historical Version, but you can not make new Versions (branching is not supported). You can make changes locally and create a new Configuration Profile using the Create Configuration menu option in the tree on the Profile Editor tab.

Create via Copy:
A copy of the Configuration Version is taken and used to create a new Configuration Profile. You must enter a name for the Configuration Profile. A new Configuration Profile node appears under the My Configuration Profiles node.

Export:
You are asked to enter a filename to export the Version to. The Version of the Configuration Profile is exported to this file.

Compare:
If you select two Configuration Profiles, or two Versions, or one Configuration Profile and one Version, the Compare menu option appears. For more details, see Comparing and Merging Configurations.

Rollback:
The Rollback option is only available on historical Versions, and is not available on the most recent Version. The Rollback option sets the historical version to be the latest version. This enables you to roll back to a selected point in the Version history, and potentially make more changes. You are asked to enter a comment when rolling back to a previous Version. Only the Configuration Profile owner or Super User can perform this action.

Refresh:
Retrieves the latest list of Versions for the Configuration Profile. This can change if another User commits a version.

Important Note:
You can not archive or delete Configuration Versions individually. If this was allowed, the historical trail of updates to the Configuration Profile would not be maintained correctly. If you wish to tidy up a Configuration Profile and remove old Versions from drop-down lists, do the following:

  1. Create a copy of the Configuration Profile. This results in a new Configuration Profile with a single Version.
  2. Redeploy any Processes that were using the old Configuration Profile so that they are using the new Version of the Configuration Profile.
  3. Archive the old Configuration Profile.

Managing Configuration Tags

A configuration tag is a label that specifies a collection of Configuration Profile versions. Such a collection of configuration versions is also known as a configuration assembly. Tagging an assembly associates a logical name with the corresponding configuration versions in that assembly. For example, the DEFAULT_CONFIGURATION tag is associated with the configuration assembly in a default installation. Tagging an assembly also enables you to edit configuration offline, and deploy later on a specified process.

To manage configuration tags, select Window -> Show View -> Tag/Profile Manager in the Policy Studio main menu. Alternatively, you can right-click a Configuration Profile on the Advanced tab in the Oracle Enterprise Gateway Dashboard, and select View in Tag/Profile Manager.

In the Filter Options toolbar, you can click the Filter by Tag button to filter by an existing tag (for example, DEFAULT_CONFIGURATION). You can also click the Filter by Row Count button to select the number of rows displayed in the table (for example, Show Latest Only, Last 3, and so on). The Show Latest Only filter is applied by default.

Creating Configuration Tags
To create a configuration tag, perform the following steps:

  1. Click the Add a Tag button in the Tags toolbar on the left.
  2. In the Add a Tag dialog, enter a Tag Name (for example, SAMPLE_CONFIGURATION), and a Tag Description (for example, Sample policies configuration).
  3. In the tree on the left, click a Configuration Profile version node (for example, 2), or Ctrl-click to select multiple version nodes.
  4. Click the >> arrow button to move the select node(s) to the Configuration to Tag list on the right.
  5. Click OK.

Alternatively, you can Ctrl-click to select a Configuration Profile of each type in the table, right-click, and select Tag. You can then enter the Tag Name and Tag Description in the dialog, and click OK.

Note:
When selecting Configuration Profiles to tag, you must select a profile of each type. You are prompted if there are any empty slots in the Configuration to Tag list because the tag configuration is not complete.

Deleting Configuration Tags
To delete a configuration tag, select the tag in the Tags list on the left, and click the Delete Tag button in the toolbar.

Comparing Configuration Tags
To compare two configuration tags, Ctrl-click to select both tags in the Tags list on the left, right-click, and select Compare. Differences between both tags are displayed in tab below. For more details, see Comparing and Merging Configurations.

Deploying Configuration Tags
For details on using the Deployment Wizard to deploy configuration tags on a process or on a specific configuration profile, see Deploying Configuration Tags.