Overview of CRPs and RNS

Client Registration Profiles

Installation of Privilege Management for Unix and Linux (PMUL) has historically required manual steps, such as editing settings files or copying keys and settings from machine to machine. Client Registration Profiles (CRP) simplify PMUL deployments by allowing the user to configure some environmental settings during an installation.

A profile can be used to copy encryption keys from machine to machine to enable communication. It can also copy a settings file or join Registry Name Service (RNS) groups immediately.

Without using CRP, administrators need to manually provision files, keys, etc., on every host. CRP provides a centralized, customizable definition of what an installation looks like and handles that provisioning.

CRP can be used with or without RNS; however, in RNS environments, CRP is required.

Registry Name Service

Registry Name Service is an alternative installation mode for PMUL. Historically, there has been no formal way to provide an entire PMUL network topology (what clients are involved, what policies they are receiving, etc.) or synchronization of important elements.

RNS provides a host registry that allows the user to define service groups and to manage members of those groups.

The administrator may create a custom_policy group that is in the category policy. This group, which is responsible for managing and delivering policy, is assigned members of three possible Roles:
  • Primary: Responsible for handling policy writes and synchronization
  • Secondaries: Maintain copies of policy and can be used for delivery
  • Clients: Customers of this policy

RNS Registry Primary

The RNS Registry Primary server is the primary in the Registry group, of which there is only one per PMUL network. This server provides the Client Registration Profiles for subsequent installations and is the source of the network map for the deployment.