Overview of CRPs and RNS
Client Registration Profiles
Installation of Privilege Management for Unix and Linux (PMUL) has historically required manual steps, such as editing settings files or copying keys and settings from machine to machine. Client Registration Profiles (CRP) simplify PMUL deployments by allowing the user to configure some environmental settings during an installation.
A profile can be used to copy encryption keys from machine to machine to enable communication. It can also copy a settings file or join Registry Name Service (RNS) groups immediately.
Without using CRP, administrators need to manually provision files, keys, etc., on every host. CRP provides a centralized, customizable definition of what an installation looks like and handles that provisioning.
CRP can be used with or without RNS; however, in RNS environments, CRP is required.
Registry Name Service
Registry Name Service is an alternative installation mode for PMUL. Historically, there has been no formal way to provide an entire PMUL network topology (what clients are involved, what policies they are receiving, etc.) or synchronization of important elements.
RNS provides a host registry that allows the user to define service groups and to manage members of those groups.
- Primary: Responsible for handling policy writes and synchronization
- Secondaries: Maintain copies of policy and can be used for delivery
- Clients: Customers of this policy
RNS Registry Primary
The RNS Registry Primary server is the primary in the Registry group, of which there is only one per PMUL network. This server provides the Client Registration Profiles for subsequent installations and is the source of the network map for the deployment.