Overview of CRPs and RNS

Client Registration Profiles

Installation of Endpoint Privilege Management for Unix and Linux (EPM-UL) has historically required manual steps, such as editing settings files or copying keys and settings from machine to machine. Client Registration Profiles (CRP) simplify EPM-UL deployments by allowing the user to configure some environmental settings during an installation.

A profile can be used to copy encryption keys from machine to machine to enable communication. It can also copy a settings file or join Registry Name Service (RNS) groups immediately.

Without using CRP, administrators need to manually provision files, keys, etc., on every host. CRP provides a centralized, customizable definition of what an installation looks like and handles that provisioning.

CRP can be used with or without RNS; however, in RNS environments, CRP is required.

Registry Name Service

Registry Name Service is an alternative installation mode for EPM-UL. Historically, there has been no formal way to provide an entire EPM-UL network topology (what clients are involved, what policies they are receiving, etc.) or synchronization of important elements.

RNS provides a host registry that allows the user to define service groups and to manage members of those groups.

The administrator may create a custom_policy group that is in the category policy. This group, which is responsible for managing and delivering policy, is assigned members of three possible roles:

Primary: Responsible for handling policy writes and synchronization
Secondaries: Maintain copies of policy and can be used for delivery
Clients: Customers of this policy

RNS Registry Primary

The RNS Registry Primary server is the primary in the Registry group, of which there is only one per EPM-UL network. This server provides the Client Registration Profiles for subsequent installations and is the source of the network map for the deployment.