3.1 Managing Domains

Privileged User Manager provides load balancing and failover capabilities, based on the hierarchical structure of your hosts. Before organizing your hosts into domains and subdomains, refer to Section 8.0, Load Balancing and Failover for information on how these features work.

3.1.1 Creating a Domain

When you install Privileged User Manager, a top-level domain called Hosts is automatically created for you. To rename this domain, see Section 3.1.2, Modifying a Domain. Under this top-level domain, you can create subdomains.

  1. Click Hosts on the home page of the console.

  2. To add a new subdomain to an existing domain, select the existing domain.

  3. Click Add Domain in the task pane.

  4. Specify a domain name.

  5. Click Finish.

  6. Select from the following tasks:

3.1.2 Modifying a Domain

Use this page to modify the domain name and to modify encryption options. The encryption settings apply to all hosts within the domain, unless you modify the host encryption settings. Host settings overwrite domain settings.

  1. Click Hosts on the home page of the console.

  2. In the navigation pane, select the domain you want to modify.

  3. In the task pane, click Modify Domain.

  4. Configure the following options:

    Domain name: Specify a new domain name.

    Key configuration: Select this option to enable configuration of the encryption key and encryption of the databases stored on the hosts in this domain.

    Host Key rollover (days): Specify how many days the host key can be used before generating a new key for the hosts in this domain.

    DB Key rollover (days): Specify how many days the database key can be used before generating a new key for the hosts in this domain.

    Encrypt: Select the databases you want to encrypt for the hosts in this domain.

    Use care in selecting the databases you enable for encryption. Encrypting the data can affect performance. NovellĀ® recommends the following:

    • auth.db because it contain usernames

    • registry.db because it contains the hosts.

    • cmdctrl.db because it contains command control rules with usernames and hosts.

    For a brief description of databases, see Section 3.2.7, Privileged User Manager Databases.

    The encryption of auditing data should be enabled from the Reporting console. See Section 6.1, Audit Settings.

  5. Click Finish.

3.1.3 Deleting a Domain from the Framework

You cannot delete a domain if it contains any hosts. You must delete or move the hosts first. See Section 3.2.4, Moving a Host.

IMPORTANT:This action cannot be undone.

  1. Click Hosts on the home page of the console.

    The navigation pane displays the current hierarchy for your Framework.

  2. In the navigation pane, select the domain you want to delete.

  3. In the task pane, click Delete Domain.

  4. Click Finish.