Optimized Run Mode Processing

  • Version 3.5 and earlier: Optimized run mode not available.
  • Version 4.0 and later: Optimized run mode available.

In optimized run mode, after pbmasterd has accepted a request, the specified task runs directly on the submit host, without invoking pblocald. This feature enables the administrator to use pbmasterd to validate a command, log the commands that were started in the event log, and log the I/O streams for the secured task. The optimized run mode also reconfirms the password, performs time-out processing, and logs the status.

The following figure illustrates the processing when EPM-UL is running in the optimized run mode:

A diagram of how Endpoint Privilege Management for Unix and Linux works

Optimized Run Mode Availability

Optimized run mode is enabled when all of the following conditions are met:

  • The policy server host is configured to use a log server.
  • The values of the submithost and runhost variables must be equal.
  • pbrun is invoked without the --disable_optimized_runmode command line option.
  • pbmasterd is invoked without the --disable_optimized_runmode command line option.
  • The settings file on the submit host has the clientdisableoptimizedrunmode setting set to no.
  • The settings file on the policy server host has the masterdisableoptimizedrunmode setting set to no.
  • The policy sets the runoptimizedrunmode variable to true.