Quest Privilege Manager for UNIX How To Manage Licenses License Options
Transcription
Quest Privilege Manager for UNIX How To Manage Licenses License Options
Quest Privilege Manager for UNIX How To Manage Licenses License Options Privilege Manager 5.6 has four available licensing options. By default, Privilege Manager 5.6 comes with a freeware (Community Edition) license, which enables Quest Privilege Manager for Sudo features for up to 10 hosts. There are also three commercial license options. Additional seats may be obtained for Quest Privilege Manager for Sudo features via the Sudo Policy and Sudo Keystroke licensing options. Quest Privilege Manager for UNIX features can be enabled by obtaining Quest Privilege Manager UNIX Agent licenses. The following table summarizes the features that are enabled with each licensing option. Table 1: Quest One Privilege Manager License Options and Features For Sudo Community Edition Sudo Policy Sudo compatible plugins* (qpm-plugin) Central Sudo policy (Sudoers) evaluation For UNIX Sudo Keystroke Privilege Manager for UNIX policy (pmpolicy) evaluation Keystroke logging UNIX Agents Privilege Manager for UNIX Agents (qpm-agent) Quest One Management Console for UNIX features: Privilege Manager Management Event and policy versioning reports Keystroke log search and playback * requires Sudo version 1.8.1 or later. Although licenses are allocated on a per-agent basis, the licensing is managed on the Privilege Manager policy servers. A newly installed Privilege Manager 5.6 server comes with a Community Edition license. Multiple Commercial licenses may be installed, but only one license of each type is allowed. The freeware Community Edition license may not be combined with the commercial licenses. Once installed, the commercial licenses override the Community Edition license. Quest Privilege Manager for UNIX How To Manage Licenses Installing your License Licenses are managed on the Privilege Manager policy servers. Once you have obtained the license, copy the xml license file to the policy server, and then run the pmlicense command as shown below to install the license: /opt/quest/sbin/pmlicense –l < license_file> This command will display your currently installed license and details of the new license to be installed before asking for confirmation to install the new license. Would you like to install the new license (Y/N) [Y]? Enter ‘y’ or just press return to install the license. If there are other policy servers configured in your policy server group, you will be asked if you would like to forward the license configuration to the other servers. In addition, when secondary policy servers are configured, they will attempt to import any licenses that are configured on the primary policy server. Agent Configuration Agents are configured using the pmjoin command for standard Unix agents (qpm-agent package), or by using the pmjoin_plugin command for sudo plugin agents (qpm-plugin package). The hostname of a policy server in the policy group must also be specified when configuring the agents as follows: pmjoin polsrv1.example.com or pmjoin_plugin polsrv1.example.com No special commands are required to register or license the agents with the policy servers. Hosts using the Privilege Manager agents are automatically granted a license once a request is received on the Privilege Manager policy server via the pmrun or sudo client programs. Displaying License Usage The pmlicense command can also be used to display how many agent licenses have been used on the policy server on which you run the command. Use pmlicense without any arguments to show an overall status summary, including the number of licenses configured and the total licenses in use for each license option. Page 2 Quest Privilege Manager for UNIX How To Manage Licenses # pmlicense *** Quest Privilege Manager for Unix *** *** QPM4U VERSION 5.6.0 (023) *** *** CHECKING LICENSE ON HOSTNAME:user123.example.com, IP ADDRESS:10.10.178.123 *** *** SUMMARY OF ALL LICENSES CURRENTLY INSTALLED *** * * * * * * * * * * License Type Commercial/Freeware License Expiration Date Max QPM4U Client Licenses Max Sudo Policy Plugin Licenses Max Sudo Keystroke Plugin Licenses Authorization Policy Type permitted Total QPM4U Client Licenses In Use Total Sudo Policy Plugins Licenses In Use Total Sudo Keystroke Plugins Licenses In Use PERMANENT COMMERCIAL NEVER 10 0 0 ALL 4 0 0 The above example shows that the current license allows 10 Unix agents (QPM4U Client Licenses) and that 4 licenses are currently in use. Use pmlicense with the –us option to show a summary usage report, or with the –uf option to show a full usage report including last use dates. # pmlicense -uf Detailed Licensed Hosts Report ---------------------------------------------------------------------------Number| Last Access Time |Hostname ---------------------------------------------------------------------------|QPM4U |SudoPolicy |SudoKeystroke | ---------------------------------------------------------------------------1 |2011/07/01 17:14| | |admin1.example.com 2 |2011/07/01 17:14| | |user101.example.com 3 |2011/07/01 16:28| | |user123.example.com 4 |2011/07/01 17:14| | |dev023.example.com The above output shows the full report, including the hostnames and dates of the Unix agents which have used the policy server. For a full list of options available for use with the pmlicense command, use pmlicense with the –h option to display the usage help. Also refer to the Privilege Manager 5.6 A to Z Reference Manual. Quest, Quest Software and the Quest Software logo are trademarks and registered trademarks of Quest Software, Inc. in the United States of America and other countries. Other trademarks and registered trademarks are property of their respective owners. Page 3