Step 3: Configure Policy Agent as a policy client

You can use the Policy Agent as a policy client.

Procedure

If you want to use the Policy Agent as a policy client, perform the following steps:

  1. Define the parameters needed to connect to the policy server using the ServerConnection statement in the main configuration file:
    • Specify the host name (or IP address) and port of a primary and an optional backup server.
    • If you want to use a secure connection to the policy server, specify parameters for a secure SSL connection. For details, see Add SSL to Policy Agent connections.
    Requirement: Connectivity to the policy server is required for all images on the policy client that need to connect to the policy server.
  2. Define the policy server parameters to be used for each image on the PolicyServer statement in the image configuration files:
    • When the policy client connects to the policy server, the policy client needs to supply a user ID and authentication information (password or PassTicket). Specify these parameters on the PolicyServer statement. The user ID must be defined on the policy server system. For information about the PTKTDATA class profiles that are needed when a PassTicket is specified on the PolicyServer statement, see step 5 in Step 2: Configure Policy Agent as a policy server.
    • The policy server determines what configuration files to load based on a matching DynamicConfigPolicyLoad statement in its configuration. Specify the client name that the policy server is to use for matching. If this parameter is not specified, the default value is the policy client's system name concatenated to the image name with an intervening underscore character (_). For example, if the client's system name is SYS42 and the image name for this policy client is TCPIP2, the default client name presented to the policy server is SYS42_TCPIP2.
    • Specify the types of policies to be retrieved from the policy server. You can specify one or more policy types. You can also specify parameters for each policy type (FLUSH, NOFLUSH, PURGE, or NOPURGE). These parameters have the same meaning as the corresponding parameters on the TcpImage or PEPInstance statement.

      For each policy type specified, the corresponding xxxConfig statement for that type is ignored in the local configuration. For example, if PolicyType IPSec is specified on the PolicyServer statement, the IPSecConfig statement is ignored. This is true even if the primary and backup policy servers cannot be reached. You can use local or remote policy for each policy type, but not both.

Parent topic: Steps for configuring the Policy Agent