Deployment of Rules, Rule Sets, and PASDefs

Regardless of the level of registry sharing in an AOPlex, you can deploy Rules, Rule Sets, and PASDefs to remote registries as needed and activate the object(s) in the remote PASes.


This means that several PASes can share a single registry image and, at the same time, the registry image can also be used to store Rules, Rule Sets, or PASDefs for other  PASes that do not share the registry image. 

Related topic

Administrative-tasks

This is the concept of a central repository for your Rules, Rule Sets and PASDefs. All the Rules, Rule Sets, and PASDefs reside in the central repository from which you can deploy them to remote registries for the  PASes to use.

You can deploy based on levels: Rules, Rule Sets, and PASDefs. During deployment, you must set the following two options:

  • Replace (YES | NO) objects in the target PAS
  • Activate (YES | NO) objects in the target PAS.
  • You can choose to deploy without activating (ACTIVATE=NO) and wait for the next cold start of the PAS or use some other manual means to activate the Rules or Rule Sets. If you choose ACTIVATE=YES, the object(s) and all lower level object(s) are deployed and activated at one time.

To determine what deployment level is needed (Rule, Rule Set, or PASDef) you need know the highest level that was changed. The PASDef is at the highest level and the Rule is at the lowest level.

For example, if you create a new Rule and add it to an existing Rule Set, the highest level that was changed was the Rule Set level. Therefore you must deploy and activate the Rule Set. If, however, a new Rule Set was also created for the new Rule and you added the Rule Set to an existing PASDef, then you must deploy and activate the PASDef.


This section contains the following topics:

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*