You can use the Policy Agent as a policy client.
Procedure
If you want to use the Policy Agent as a policy client,
perform the following steps:
- Define the parameters needed to connect to the policy server
using the ServerConnection statement in the main configuration file:
- Specify the host name (or IP address) and port of a primary and
an optional backup server.
- If you want to use a secure connection to the policy server, specify
parameters for a secure SSL connection. For details, see Add SSL to Policy Agent connections.
Requirement: Connectivity to the
policy server is required for all images on the policy client that
need to connect to the policy server.
- Define the policy server parameters to be used for each
image on the PolicyServer statement in the image configuration files:
- When the policy client connects to the policy server, the policy
client needs to supply a user ID and authentication information (password
or PassTicket). Specify these parameters on the PolicyServer statement.
The user ID must be defined on the policy server system. For information
about the PTKTDATA class profiles that are needed when a PassTicket
is specified on the PolicyServer statement, see step 5 in Step 2: Configure Policy Agent as a policy server.
- The policy server determines what configuration files to load
based on a matching DynamicConfigPolicyLoad statement in its configuration.
Specify the client name that the policy server is to use for matching.
If this parameter is not specified, the default value is the policy
client's system name concatenated to the image name with an intervening
underscore character (_). For example, if the client's system name
is SYS42 and the image name for this policy client is TCPIP2, the
default client name presented to the policy server is SYS42_TCPIP2.
- Specify the types of policies to be retrieved from the policy
server. You can specify one or more policy types. You can also specify
parameters for each policy type (FLUSH, NOFLUSH, PURGE, or NOPURGE).
These parameters have the same meaning as the corresponding parameters
on the TcpImage or PEPInstance statement.
For each policy type
specified, the corresponding xxxConfig statement
for that type is ignored in the local configuration. For example,
if PolicyType IPSec is specified on the PolicyServer statement, the
IPSecConfig statement is ignored. This is true even if the primary
and backup policy servers cannot be reached. You can use local or
remote policy for each policy type, but not both.