5 Manage Rule Sets

This topic explains the purpose of deployment rule sets, and describes how to create, update, and delete rule sets using Advanced Management Console.

This topic includes the following sections:

Deployment Rule Sets Overview

The Deployment Rule Set feature is a deployment feature for enterprises that manage their Java desktop environment directly. A deployment rule set enables enterprises to continue using legacy business applications in an environment of ever-tightening application security policies, and control the version of the JRE that is used for specific applications. See Deployment Rule Set in the Java Platform, Standard Edition Deployment Guide for information about rule sets.

The Rules view of the AMC UI shows the rule sets that are defined. To view the existing rule sets and add new rule sets, start the AMC UI. See Start and Stop the AMC UI.

From the Home view, click either Rules or View and manage rules and rule sets to show the Rules view. Table 5-1 describes the information that is shown in the Rule Sets table for each rule set.

Table 5-1 Information for Deployment Rule Sets

Data Description

Rule Set

Name of the rule set. This name is not part of the exported rule set. Use the triangle symbol or double-click the rule set name to show and hide the names of the rules that are in the rule set.

Rules

Number of rules in the rule set.

You can define as many rule sets as you want, however, only one rule set can be active on a user's system. That rule set must be a signed JAR file named DeploymentRuleSet.jar. The Export feature of Advanced Management Console enables you to create this file for distribution to your users.

Add a Rule Set

Rule sets can be added to Advanced Management Console using the following methods:

Import an Existing Rule Set

If you have an existing rule set, you can import it into Advanced Management Console and use the AMC UI to manage the rule set.

To import a rule set, follow these steps: 

  1. In the AMC UI, click Rules to go to the Rules view.

  2. Click the Import Rule Set icon above the Rule Sets table.

  3. Enter or browse to the location of the file that you want to import.

    You can import a DeploymentRuleSet.jar file or ruleset.xml file.

  4. Enter a name for the rule set.

    This name is used by Advanced Management Console to manage the rule set. The name is not included when a rule set is exported.

  5. Click Import to import the rule set.

    The rule set is added to the Rule Sets table, and the rules included in the rule set are added to the Rules table. Expand the rule set to see the rules that were imported. The names for the rules default to the name of the rule set followed by a rule number. To change the name of a rule, edit the rule. See Edit a Rule.

Create a Rule Set

Only one rule set can be active on a user's system, however, you can have more than one rule set in Advanced Management Console. You might create rule sets for different purposes, such as providing a customized rule set for each department in your enterprise. Working with multiple rule sets also enables you to try out different combinations of rules.

To create a rule set, follow these steps: 

  1. In the AMC UI, click Rules to go to the Rules view.

  2. In the Rules table, select the rules that you want to include in the rule set.

    If no rules are selected, an empty rule set is created.

  3. Click the New Rule Set icon above the Rule Sets table.

    The New Rule Set window is shown.

  4. Enter a name for the rule set.

  5. Select Add Selected Rules from the Rules Table, to populate the rule set with the selected rules.

    If this option is not selected, an empty rule set is created.

  6. Click Create to create the rule set.

    The rule set is added to the Rule Sets table. If you added rules when you created the rule set, you can expand the rule set to see the rules.

Edit a Rule Set

After a rule set is created, you can add more rules, and delete rules that are not needed. You can also reorder the rules. The order of the rules in the rule set is important, because the action taken for an application is determined by the first rule that the application matches.

Add Rules to a Rule Set

To add rules to a rule set, follow these steps: 

  1. In the AMC UI, click Rules to go to the Rules view.

  2. Select one or more rules in the Rules table.

  3. Use one of the following methods to add the selected rules to a rule set:

    • Use the mouse to drag the selected rules from the Rules table to the target rule set in the Rule Sets table.

    • Click the Add Selected Rules to Rule Set icon above the Rule Sets table. In the Add Rules to Rule Set window, select one or more target rule sets, and click Add.

    • In the Rule Sets table, select a rule in a rule set. Use the mouse to drag the rule to a different rule set. The rule is added to the target rule set and also remains in the source rule set.

Reorder Rules in a Rule Set

The order of the rules in a rule set matters. The first rule to match an application is used to determine the action for that application. For best results, place rules with the most restrictive matching criteria ahead of rules with less restrictive matching criteria.

To reorder rules in a rule set, follow these steps: 

  1. In the AMC UI, click Rules to go to the Rules view.

  2. Expand the rule set in which you want to reorder the rules.

  3. Use the mouse to drag each rule to the desired position in the rule set.

Remove Rules from a Rule Set

To remove rules from a rule set, follow these steps: 

  1. In the AMC UI, click Rules to go to the Rules view.

  2. Expand the rule sets from which you want to delete the rules.

    Rules can be removed from more than one rule set.

  3. Select the rules that you want to remove.

  4. Click the Delete Selected Items icon above the Rule Sets table.

    The Remove Rules from Rule Set window is shown.

  5. Verify that only the rules that you want to remove are shown.

  6. Click Delete to remove the rules.

The selected rules are removed from the rule set, but remain in the Rules table for future use. To remove a rule from all of the rule sets in which it appears, see Delete a Rule.

Analyze Application-to-Rule-Set Relationships

The AMC UI enables you to analyze rule sets to determine which applications are matched and the action taken for each matched application. Information from the AMC Collector is used to determine the relationships. The relationships between a rule set and applications that are not in the Apps table cannot be determined by Advanced Management Console.

Two methods are available for viewing application-to-rule-set relationships:

View Relationships from the Apps View

From the Apps view, you can identify the rule sets that contain rules that match a specific application. Viewing relationships from the Apps view enables you to check if your rule set provides the desired action for an application.

To view the relationships for a specific application, follow these steps: 

  1. In the AMC UI, click Apps to go to the Apps view.

  2. Select an application from the Apps table.

  3. Click Relationships.

    The Application Relationships window is shown. The right panel shows the application and its JAR files and extensions. The left panel shows the rule sets that contain rules that match the application, if any. Rule sets that allow the application to run are highlighted in green. Rule sets that block the application from running are highlighted in red. Rule sets that use default processing to determine if the application is allowed to run are highlighted in yellow.

  4. Expand a rule set to see the specific rule that the application matches.

    The rule that matches the application is highlighted in the same color used for the rule set.

  5. Click Close when you are done.

View Relationships from the Rules View

From the Rules view, you can identify the applications that match the rules in a specific rule set. Viewing relationships from the Rules view enables you to check your rule set against known applications to ensure that the desired actions are taken.

To view the relationships for a specific rule set, follow these steps: 

  1. In the AMC UI, click Rules to go to the Rules view.

  2. In the Rule Sets table, select a rule set.

  3. Click the Rule Set Relationships icon above the Rule Sets table.

    The Rule Set Relationships window is shown. The right panel shows the rule set and its rules. The left panel shows the applications that the rule set matches. The applications are highlighted to show what action is taken for the application. The Action column also indicates the action that is taken.

    Applications that are allowed to run are highlighted in green, and the Action column contains a check mark (Check mark, indicates run). A check mark underlined with a dashed line (Check mark with dashed underline, indicates force-run) indicates that the application runs with the JRE that is specified by the rule. Applications that are blocked are highlighted in red, and the Action column contains a circle with a line through the middle (Circle with a line through the middle, indicates blocked). Applications that use default processing are highlighted in yellow, and the Action column contains a down arrow (Down arrow, indicates standard processing).

  4. Select a rule in the rule set to see which applications match the rule.

    Only the applications that are highlighted match the rule. If no applications are highlighted, then no applications are matched by that rule.

  5. Click Close when you are done.

Delete a Rule Set

To delete a rule set, follow these steps: 

  1. In the AMC UI, click Rules to go to the Rules view.

  2. In the Rule Sets table, select one or more rule sets that you want to delete.

  3. Click the Delete Selected Items icon above the Rule Sets table.

    The Delete Rule Set window is shown.

  4. Verify that the table shows only the rule sets that you want to delete.

  5. Click Delete to remove the rule sets.

Export a Rule Set

When you have a rule set ready for production, export that rule set to create the file that is installed for users.

To export a rule set, follow these steps: 

  1. In the AMC UI, click Rules to go to the Rules view.

  2. In the Rule Sets table, select a rule set to export.

  3. Click the Export Rule Set icon above the Rule Sets table.

    The Export Rule Set window is shown.

  4. Provide the following information:

    • Output Directory - Enter or browse to the location where you want to put the exported file.

    • DRS Version - Select the DRS version for the rule set. Rules might contain information that is not supported in earlier versions of DRS. Choose Auto to have the version set automatically based on the rules in the rule set.

    • Sign Rule Set - Select this option to sign the rule set as part of the export process. If selected, provide the Keystore Password and PrivateKey Password for the certificate that you want to use to sign the rule set. This option is enabled only if JAR signing is configured. See Configure JAR Signing for information

      Tip:

      If you have a corporate code signing group or service that signs artifacts for you, do not select this option.

  5. Click Export to export the rule set.

    If you chose to sign the rule set and the signing process completed successfully, the DeploymentRuleSet.jar file is created in the output directory specified. This file is ready to be distributed to your users.

    If you did not choose to sign the rule set, or signing failed, the ruleset.xml file is created in the output directory specified. You must create and sign the DeploymentRuleSet.jar file manually, or create the JAR file and have your corporate code signing group or service sign it.