Many companies today are concerned not only with the operations and functions of different business processes, but also with how these processes are used, managed, and secured. In the formulation and design of the services, the technical team considers the functionality and the policies that govern the use of these services. Therefore, it takes a lot of time and effort to finish and implement these services, as both the functionality and the policies are hard-coded, and it doesn’t provide much flexibility in case some variable values need to change over time. To address this problem, as well as to shorten the time it takes to develop and deploy functionality and policies, TIBCO Policy Manager provides a solution to this problem by separating policy formulation from functionality, providing configurable policy templates and creating declarative rather than procedural policies, allowing dynamic businesses to easily adjust as circumstances demand. It also makes policy formulation very simple, even staff who do not have enough knowledge and experience in policy formulation, such as people from the administration or management department of a company, can define policies. This document introduces various questions related to Policy Manager, such as the definition of Policy Manager, how it is used, and its features and benefits.
1. What is Policy Manager?
Policy Manager is TIBCO software that monitors and directs policies to services deployed in TIBCO ActiveMatrix Service Grid software. It makes policy-based governance simpler, easier, and more manageable. Control over security and other aspects of Service Oriented Architecture can be easily controlled and changed; therefore, it is flexible. It also extends policy-based governance to services deployed outside of ActiveMatrix Service Grid environments, such as those deployed with TIBCO BusinessWorks. This can be done using the TIBCO ActiveMatrix Policy Agent.
2. What is meant by runtime governance?
Runtime governance is a feature of Policy Manager that separates the functionality of a service from the policies on how the service is used.
3. Differentiate the functionality of the policy.
Functionality refers to day-to-day activities within your business, such as debiting an account, clearing checks, and the like. Policies are declarative conditions, variable values, and key factors that modify the daily operations of functional units, affecting performance and security.
4. What are the advantages of declaring policies at run time over policies hard coded in functional components?
You can separate the creation of functionality by IT from the formulation and implementation of policies by management. Thus, you can save time, resources, and effort. You can maximize the use of declarative policies by reusing policy templates available in Policy Manager. You can concisely define declarative policies that combine policy templates with a small number of parameters that can be set and adjusted according to a specific business situation. Because policies are declarative rather than procedural, they are easier to understand and change as you need to keep up with dynamic business demands and requirements.
5. What are the examples of policies that you can use in Policy Manager?
Most of the policies that you can easily use in Policy Manager are related to security and logging. You can use a policy that adds a digital signature to outgoing messages sent to the provider and validates that digital signature on incoming messages received by the provider. There is also a policy that filters request messages by verifying that the requester has valid credentials and appropriate access permissions for the request. If the request passes the evaluation, the agent forwards it to the service. If it fails, the agent logs the rejected message and does not forward it to the service. A policy can also encrypt messages as they leave an endpoint and decrypt messages as they enter an endpoint. There’s also a policy that automatically attaches credentials to request messages before they hit messages. When an error occurs, a policy can record its details and this can be studied by the administrator.
6. What are the three conceptual components of TIBCO ActiveMatrix policy software?
The three conceptual components of TIBCO ActiveMatrix policy software are the Policy Manager Console, the core service, and Policy Agents. The Policy Manager console is a friendly graphical user interface that allows the appropriate users to define and manage policies and monitor them. You can have the console in two forms as a TIBCO ActiveMatrix Admin Plugin for Service Grid users or a TIBCO Admin Plugin for Policy Agent and BusinessWorks users. The core service is a set of network applications that provide the underlying infrastructure for Policy Manager, such as database repository, validation, and distribution. Policy agents enforce policies by intercepting and parsing messages to and from managed services and processing them according to applied policies. You can have a node agent or a proxy agent. A node agent enforces policies for services deployed on ActiveMatrix Service Grid nodes, while you use a proxy agent to enforce policies for non-ActiveMatrix services. When you deploy services in ActiveMatrix Service Grid, these services are automatically registered and managed in Policy Manager. Non-ActiveMatrix services must be explicitly registered and managed using proxy agents.
7. Give an example of policy application.
For example, the consumer sends a request message. The policy agent intercepts the message and encrypts the outgoing data. Before that message reaches the provider, another agent intercepts the message and applies policies that verify credentials and access permissions, decrypt incoming data, and log requests. The provider processes a request and returns a response message. Before that message returns to the consumer, an agent encrypts the message and attaches a digital signature and collects response time statistics. Before the message actually reaches the consumer, another agent intercepts it, decrypts the incoming data, and verifies the digital signatures. Finally, the consumer receives the response message.
8. Differentiate an endpoint from a managed endpoint.
An endpoint is an address to interact with services. Similarly, a managed endpoint is also an endpoint itself, but it is where an agent can apply policies.
9. What are the four phases involved in policy making and implementation?
The four phases involved in policy creation and enforcement are as follows: First, register your services. This means that the WSDL data about the service is extracted and registered in the database. Second, manage services. Managing means designating one or more endpoints as managed endpoints and instructing the agent to manage those endpoints or to intercept and inspect messages on all relevant endpoints belonging to that service. Third, you can now define policies. Select a policy template and provide values for the variables in the template based on a specific situation or your business needs. You can define, for example, the name of policies, endpoints, identity management systems, and connections. You must specify the criteria to select target policies for services. Fourth and last, you can now apply policies. After defining the policies, the policies assigned to the services are saved in the database. The target service is validated and the compliance details are sent to the appropriate policy agents.
10. Give examples of infrastructure resources and how they are used in Policy Manager.
Certain infrastructure resources are available in Policy Manager. All you need to do is register and define them. It has the Keystore suite, Identity Management System, Connections, and Universal Description Discovery and Integration (UDDI). Keystore sets contain certificates and key information for encryption, decryption, signing, and others for this purpose. Identity Management Systems (IMS) are directory systems similar to Domain Name Systems for the Internet. IMS provides identity-based access control to systems and resources. IMS supported in Policy Manager are Lightweight Directory Access Protocol (LDAP) servers and CA SiteMinder. The connection refers to the messaging service. The messaging service supported in Policy Manager is Java Message Service. Finally, we have the UDDI registry that maintains public information about available services, endpoints, policies, and related resources. Except for JMS, all of these infrastructure resources are automatically allocated to all agents. JMS is only automatically available to all proxy agents, but not to node agents, since ActiveMatrix services use the Service Grid messaging service.
Therefore, TIBCO Policy Manager is a powerful and dynamic software that is useful for all types of companies when it comes to providing security and control of use of services. If you want to gain influence in your business and make your security and service development faster, more reliable and more efficient, the best option is to use Policy Manager.