Deploying Policy Manager using Multiple Containers

Learn how to deploy Policy Manager using multiple containers for enhanced scalability.

Using the Admin Console Managing Containers

Supported Platforms: 7.x, 8.0

Table of Contents

  1. Introduction
  2. Configuration Overview
  3. Step 1: Container (PM1) - Install and Configure Managed Services and Policy Manager Console Features
  4. Step 2: Container (PM2) - Install and Configure Security Services Feature
  5. Step 3: Container (PM3) - Install and Configure Scheduled Jobs Feature
  6. Step 4: Launch Policy Manager Management Console

Introduction

To provide support for enhanced performance and scalability, the Policy Manager Services feature has been divided into three separate features which can be installed separately into three separate containers.

  • Managed Services - Installs the Policy Manager system services. After installation, these services are located in the Policy Manager > Services folder of the Policy Manager Management Console.
  • Security Services - Installs Policy Manager security-related services. After installation, these services are located in the Policy Manager > Services folder of the Policy Manager Management Console.
  • Scheduled Jobs - Installs a series of system background jobs that are executed by the Policy Manager job scheduler.

back to top

Configuration Overview

The general configuration process is summarized below. Each feature is assigned a container name (i.e., PM1, PM2, and PM3). These container names are referenced in the configuration tasks.

Container Installation
  • Managed Services (PM1), Security Services (PM2), and Scheduled Jobs (PM3) features must be installed into separate containers.
  • The Policy Manager Console feature can be installed in the same container as the Managed Services feature or in its own container.
Admin Console Login Credentials
  • As part of the Managed Services (PM1) container configuration, you must defined Administration Console Credentials. You can use the default credentials that you defined via the Configure Container Instance Wizard (or silent configuration), or you can assign a different set of credentials.
  • You can log into the Administration Console for each container (PM1, PM2, or PM3) using the login credentials you specified in the Configure Container Instance Wizard, or by using credentials defined in the Change Administrator Details screen (Configuration > Configuration Actions > Manage Admin Console Administrator).
Database Configuration
  • When configuring the Managed Services (PM1) feature, you must initially create a new database and add the Policy Manager schema. During subsequent Security Services (PM2), and Scheduled Jobs (PM3) container configuration, you just select the Use existing database option and reference the database specified in the Managed Services (PM1) container configuration.
  • In PM2 and PM3 container configurations, the Manage Schemas screen will display, but the schemas will already be added because you selected the Use existing database option.
Container Identity (Key Assignments)
  • You must configure the container identity for each container by assigning keys using the Manage PKI Keys Wizard.
Metadata Exchange Service
  • The URL of the Metadata Exchange Service specified on the WS-MetaDataExchange Options screen should include the port specified on the PM1 container (e.g., http://localhost:9900/wsmex).

back to top

Step 1: Container (PM1) - Install and Configure Managed Services and Policy Manager Console Features

  1. Launch the Configure Container Instance Wizard. Navigate to the Platform release directory c:\<release directory>\bin and enter:

    - startup.bat configurator (Windows)
    - startup.sh configurator (UNIX)
  2. Define the container (PM1).
  3. For Policy Manager 7.2 and below, use the Standalone deployment option. The Standalone option is the default for Policy Manager 8.0. For this example we will use port 9900.
  4. In the Administration Console, select Available Features > Features filter, and install the Managed Services and Policy Manager Console features (select both checkboxes).
  5. On the Select Key Management Options screen, select a Key Management Option and click Next to continue. The Generate PKI Keys & X.509 Certificate option is the most commonly used default option. Refer to Managing Keys for information about available options.
  6. After completing the key configuration, click Finish and Go To Next Task.
  7. On the Select Database Option screen, select Create new database, define the database, click Finish and Go To Next Task.
  8. On the Define Policy Manager Administrator Credentials screen, update the username/password or accept the defaults (as defined in the Configure Container Instance Wizard (or silent configuration), click Finish and Go To Next Task.
  9. On the Install Schemas screen, select the Policy Manager schema and click Finish and OK to restart the container.

back to top

Step 2: Container (PM2) - Install and Configure Security Services Feature

  1. Launch the Configure Container Instance Wizard. Navigate to the Platform release directory c:\<release directory>\bin and enter:

    - startup.bat configurator (Windows)
    - startup.sh configurator (UNIX)
  2. Define the container (PM2).
  3. For Policy Manager 7.2 and below, use the Standalone deployment option. The Standalone option is the default for Policy Manager 8.0. For this example we will use port 9901.
  4. In the Administration Console, select Available Features > Features filter, and install the Security Services features.
  5. On the Select Key Management Options screen, select a Key Management Option and click Next to continue. The Generate PKI Keys & X.509 Certificate option is the most commonly used default option. Refer to Managing Keys for information about available options.
  6. After completing the key configuration, click Finish and Go To Next Task.
  7. On the Select Database Option screen, select Use existing database, specify the database used in the PM1 configuration, click Finish and Go To Next Task.
  8. On the Install Schemas screen, the schema is already added because you used an existing database.
  9. Policy Manager 8.0 only. On the Provisioning screen, click Finish to initialize resources associated with the current feature set being installed.
  10. Click OK to restart the container.

back to top

Step 3: Container (PM3) - Install and Configure Scheduled Jobs Feature

  1. Launch the Configure Container Instance Wizard. Navigate to the Platform release directory c:\<release directory>\bin and enter:

    - startup.bat configurator (Windows)
    - startup.sh configurator (UNIX)
  2. Define the container (PM3).
  3. For Policy Manager 7.2 and below, use the Standalone deployment option. The Standalone option is the default for Policy Manager 8.0. For this example we will use port 9902.
  4. In the Administration Console, select Available Features > Features filter, and install the Security Services features.
  5. On the Select Key Management Options screen, select a Key Management Option and click Next to continue. The Generate PKI Keys & X.509 Certificate option is the most commonly used default option. Refer to Managing Keys for information about available options.
  6. After completing the key configuration, click Finish and Go To Next Task.
  7. On the Select Database Option screen, select Use existing database, specify the database used in the PM1 configuration, click Finish and Go To Next Task.
  8. On the Install Schemas screen, the schema is already added because you used an existing database. Click Finish and OK to restart the container.

back to top

Step 4: Launch Policy Manager Management Console

  1. After all of the containers are configured, launch the Policy Manager Management Console and begin service management activities.

    -http://<host>:<port>/ms/index.do

back to top