Upload
ca-technologies
View
123
Download
12
Embed Size (px)
Citation preview
World®’16
ImplementingEEMwithCAWorkloadAutomationAEMikeWoods,CATechnologies,PrincipalEngineeringServicesArchitect
MFX21E
MAINFRAMEANDWORKLOADAUTOMATION
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.
Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInformationalPurposesOnlyTermsofthisPresentation
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
ThissessionwilldiscusssomeofthewaystoimproveperformanceofEmbeddedEntitlementsManager(EEM),andrecommendwaystostructureEEMpolicyforeaseofmaintenanceusinggroupmembership.
MichaelWoodsCATechnologiesPrincipalEngineeringServicesArchitect
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Agenda
DEFININGASECURITYMATRIX
LEVERAGEYOURNAMINGCONVENTION
INFRASTRUCTURE
DEFININGGROUPMEMBERSHIP
IMPLEMENTINGAPOLICYMETHODOLOGY
TESTINGYOURIMPLEMENTATION
1
2
3
4
5
6
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
DefiningaSecurityMatrix
§ Jobs
§ GlobalVariables
§ Calendars
§ Resources
§ Owners?
§ Machines?
Objectstobecontrolled
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
DefiningaSecurityMatrix
§ Who?– Whichgroups
§ What?– Typeofaccessrequired
§ Where?– Tiersaredifferent?
Sub-head
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
DEV as-appl as-calendar as-control as-cylce as-group as-gvar as-job as-joblog as-jobtype as-list as-machine as-owner
ACCESS x r,c,d,x,w x r,c,d,x,w x r,c,d,x,w r,c,d,x,w r r,c,d,x,w r r,c,d,x,w x
BINARY jilautocal_asc,j
il
stop_demon,
eplog,secadm autocal_asc jil
autorep,autostatu
s,sendeven
t,
autorep,autostatd,autostatus,job_depends
,monbro,jil,sendevent
autorep,job_depends
,jil
autorep,autostat,autostatus,job_depen
ds,monbro jil,
sendevent jil
resourceinstance.
appinstance.cale
ndarinstance.o
bjectinstance.cale
ndarinstance.gr
oupinstance.
varinstance.job
nameinstance.job
nameinstance.job
nameinstance.o
bjectinstance.ma
chinuser@hostn
ame
AutosysAdmins x-all r,c,d,x,w-all x-all all x-all
r,c,d,x,w-all r,c,d,x,w-all r-all all r-all r,c,d,x-all x-all
AutosysOperatio
nsx-all r-all none none x-all
r,c,d,x,w-all r,c,d,x,w-all r-all none r-all all x-all
Application
Developers
x-byapp r-all none none x-bygroupr,c,d,x,w-
all
r-all,cdxw-byjobname
r-all none r-allbyappname:all x-all
AutosysSchedule
rx-all r,c,d,x,w-all none all x-all
r,c,d,x,w-all r,c,d,x,w-all r-all all r-all r,c,d,x-all x-all
Prod as-appl as-calendar as-control as-cylce as-group as-gvar as-job as-joblog as-jobtype as-list as-machine as-owner
ACCESS x r,c,d,x,w x r,c,d,x,w x r,c,d,x,w r,c,d,x,w r r,c,d,x,w r r,c,d,x,w x
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
LeverageYourNamingConvention
§ Mostcommon– Application_More_Detailed_Name
§ IfNoneortoomanyused(toomanymergers)– Considerusinggroup/applicationfields
Sub-head
9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
DefineGroupMembership
Willdependonyouruserstore
§ InternaltoEEM– Namingisunderyourcontrol– Yourresponsibilitytomaintainandkeepaccurate
§ LDAP/CASiteMinder– Maybehardertoutilizedependingoncompanynamingstandards– Complianceiseasierasaccuracyshiftedtosecuritygroup
Sub-head
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ImplementPolicyMethodology
§ MostBasic– Defineapolicyperobjectperapplication
§ Eachpolicywillprotectapieceofanapplication§ as-job,as-global,as-calendar,…
– Resourcenamewillcontainidentifyingapplicationname§ ACE.abcapp*
– Identitieswillcontainaffectedgroups– Operations,Admins,applicationgroup
Sub-head
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ImplementPolicyMethodology
§ MoreAdvanced– Reducednumberofpolicies
§ Policypertypeofuser– Appliestoselectedinstances
§ PR1.*– OneforOperationsandAdmins– Onewithfilterscontrollingapplicationgroups
Sub-head
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ImplementPolicyMethodology
§ Implementsub-groupsofapplicationusers
§ Usesstringcalculations– Application+Rolebasedgroupnames– Maybeanytypeofgroup
Sub-head
13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ImplementPolicyMethodology
§ Combinedfilters
§ Leastnumberofpolicies§ Maybehardertoadjust
– Combinesapplicationuserswithothergroups
Sub-head
14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
DenyPolicies
§ BestMatchenabled– Thinkaboutthelistofpoliciesgathered
§ GrantMustbegiven– Accessisdeniedifnopolicygrantsaccess
Sub-head
15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
RecommendedSessions
SESSION# TITLE DATE/TIME
MFX37EYourVoiceCounts!CustomerDrivenRequirementsforCAWorkloadAutomation
11/15/2016at1:00pm
BanyanA/B
MFX14EMaximizingyourCAinvestmentbyintegrationCAWLAwithCAUnifiedInfrastructureManagement(UIM)
11/15/2016at11:00am
JasmineC
MFX142ELCAWorkloadAutomationAdvancedIntegrationsandAgents(Hands-on-Lab)
11/15/2016at3:00pm
SouthSeasD
MFX122S VisionandRoadmap:CAWorkloadAutomationAE11/16/2016at12:45pm
BanyanA/B
16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MustSeeDemos
AdvancedWorkloadAnalytics
CAWLAiDashMFandWorkloadAutomation
SeamlessApplicationAutomationAgents&AdvancedIntegrationsMFandWorkloadAutomation
CAConversionasaService
CAWorkloadAutomationMFandWorkloadAutomation
Innovations:CrossEnterpriseWorkloadAutomationCAWLAAE&DEMFandWorkloadAutomation
17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Questions?
18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Thankyou
Stayconnectedatcommunities.ca.com