Novell Doc: Novell Privileged User Manager 2.2.2 Administration guide

1.1 Introduction to the Framework

Novell Privileged User Manager uses a Framework as the base layer to provide an easy-to-use enterprise architecture into which Privileged User Manager modules are added to create the necessary problem-solving functionality. The Framework has several key features:

It provides the core functionality needed to implement secure, enterprise-wide services.
It provides services such as secure and authenticated communication among the components.
It provides integrated databases and logging.
It allows the deployment of Privileged User Manager modules to Framework hosts to implement new functionality.
With each module that is installed, an additional console is added to the main Framework Manager console to allow access to new administration functionality.

The Framework is made up of three primary components:

1.1.1 System Requirements

Recommended system requirements specify the minimum prerequisites to run Framework Agent and Framework Manager.

Framework Agent Requirements

The minimum requirements for the Framework Agent is as below:

300 MHz (RISC), 1 GHz (CISC) processor
50 MB additional RAM space
100 MB additional hard disk space

Framework Manager Requirements

The minimum requirements for the Framework Manager is as below:

1 GHz or more (RISC), 2 GHz or more (CISC) processor
250 MB additional RAM space
150 MB additional hard disk space
Hard disk space for Audit Storage

NOTE:Approximate additional space calculation for Audit Storage = (250 KB) X (number of users) X (average sessions per day, which is usually 8).

1.1.2 Framework Manager

The Framework Manager is the server component of the Framework. It provides a centralized registry, enabling services and administration of the entire Framework from any single point on the enterprise network.

The Framework Manager is administered through the Framework Manager console, using a suitable Web browser with the Adobe Flash Player.

The manager modules are installed on the Framework Manager by default. The modules can also be distributed to other Framework hosts to provide load balancing and failover for the Framework. If there are multiple occurrences of the same type of manager installed on the Framework, they operate in primary and backup roles. Updates to the data controlled by each group of like managers are only updated at the primary manager.

The default manager modules are:

Administration Manager (admin): Provides the functionality for the Web-based user interface. Framework consoles can be installed on the Administration Agent and used to control product features.
Access Manager (auth): Maintains a list of Framework user accounts and provides authentication services for the Framework. It needs to be installed with a local Registry Manager in order to create a secure user authentication token.
Audit Manager (audit): Maintains the repository for all auditing information collected by the Framework.
Command Control Manager (cmdctrl): Maintains the rule configurations and is responsible for validating user command requests.
Compliance Auditor (secaudit): Collects samples of all audit data for compliance regulations.
Messaging Component (msgagnt): Provides the transport mechanism and interacts with e-mail servers to provide reporting functionality.
Package Manager (pkgman): Manages a repository for Framework packages.
Registry Manager (registry): Maintains a database of all Framework hosts and modules. Provides certificate-based registration features for the hosts.
Syslog Emitter (syslogemit): Provides logging of audit information to a syslog server.

1.1.3 Framework Manager Console

The Framework Manager console is the default user interface for the Framework. It allows configuration and management of the Framework through a graphical user interface.

For a description of this console, see Section 1.2, The Workspace Layout.

1.1.4 Framework Agent

The Framework Agent is the client component of the Framework. It is responsible for receiving and carrying out instructions from the Framework Manager on all hosts. The following Framework Agent packages are installed on all Framework hosts:

Registry Agent (regclnt): Provides a local cached lookup for module locations. The Registry Agent queries the Registry Manager when local cached information is not available or isn’t fresh.
Distribution Agent (distrib): Provides the interface to control the installation and removal of the packages in the Framework. It has methods to install and remove and to list available and updatable packages. The Distribution Agent retrieves packages from the local Package Managers.
Store and Forward Agent (strfwd): Provides a store and forward mechanism for guaranteed delivery of messages. It is used for various core features such as replication of the manager databases.
Command Control Agent (rexec): Enables the Framework to control and audit user commands.