Quest Privilege Manager for UNIX How To Manage Licenses License Options

Transcription

Quest Privilege Manager for UNIX How To Manage Licenses License Options
Quest Privilege Manager for UNIX How To
Manage Licenses
License Options
Privilege Manager 5.6 has four available licensing options. By default, Privilege Manager 5.6 comes
with a freeware (Community Edition) license, which enables Quest Privilege Manager for Sudo
features for up to 10 hosts.
There are also three commercial license options. Additional seats may be obtained for Quest
Privilege Manager for Sudo features via the Sudo Policy and Sudo Keystroke licensing options.
Quest Privilege Manager for UNIX features can be enabled by obtaining Quest Privilege Manager
UNIX Agent licenses.
The following table summarizes the features that are enabled with each licensing option.
Table 1: Quest One Privilege Manager License Options and Features
For Sudo
Community
Edition
Sudo
Policy
Sudo compatible plugins* (qpm-plugin)


Central Sudo policy (Sudoers) evaluation


For UNIX
Sudo
Keystroke
Privilege Manager for UNIX policy
(pmpolicy) evaluation
Keystroke logging
UNIX
Agents





Privilege Manager for UNIX Agents (qpm-agent)
Quest One Management Console for UNIX features:
Privilege Manager Management



Event and policy versioning reports



Keystroke log search and playback



* requires Sudo version 1.8.1 or later.
Although licenses are allocated on a per-agent basis, the licensing is managed on the Privilege
Manager policy servers. A newly installed Privilege Manager 5.6 server comes with a Community
Edition license. Multiple Commercial licenses may be installed, but only one license of each type is
allowed.
The freeware Community Edition license may not be combined with the commercial licenses.
Once installed, the commercial licenses override the Community Edition license.
Quest Privilege Manager for UNIX How To Manage Licenses
Installing your License
Licenses are managed on the Privilege Manager policy servers. Once you have obtained the
license, copy the xml license file to the policy server, and then run the pmlicense command as
shown below to install the license:
/opt/quest/sbin/pmlicense –l < license_file>
This command will display your currently installed license and details of the new license to be
installed before asking for confirmation to install the new license.
Would you like to install the new license (Y/N) [Y]?
Enter ‘y’ or just press return to install the license.
If there are other policy servers configured in your policy server group, you will be asked if you
would like to forward the license configuration to the other servers.
In addition, when secondary policy servers are configured, they will attempt to import any licenses
that are configured on the primary policy server.
Agent Configuration
Agents are configured using the pmjoin command for standard Unix agents (qpm-agent package),
or by using the pmjoin_plugin command for sudo plugin agents (qpm-plugin package). The
hostname of a policy server in the policy group must also be specified when configuring the agents
as follows:
pmjoin polsrv1.example.com
or
pmjoin_plugin polsrv1.example.com
No special commands are required to register or license the agents with the policy servers. Hosts
using the Privilege Manager agents are automatically granted a license once a request is received
on the Privilege Manager policy server via the pmrun or sudo client programs.
Displaying License Usage
The pmlicense command can also be used to display how many agent licenses have been used on
the policy server on which you run the command.
Use pmlicense without any arguments to show an overall status summary, including the number
of licenses configured and the total licenses in use for each license option.
Page 2
Quest Privilege Manager for UNIX How To Manage Licenses
# pmlicense
*** Quest Privilege Manager for Unix ***
*** QPM4U VERSION 5.6.0 (023) ***
*** CHECKING LICENSE ON HOSTNAME:user123.example.com, IP
ADDRESS:10.10.178.123 ***
*** SUMMARY OF ALL LICENSES CURRENTLY INSTALLED ***
*
*
*
*
*
*
*
*
*
*
License Type
Commercial/Freeware License
Expiration Date
Max QPM4U Client Licenses
Max Sudo Policy Plugin Licenses
Max Sudo Keystroke Plugin Licenses
Authorization Policy Type permitted
Total QPM4U Client Licenses In Use
Total Sudo Policy Plugins Licenses In Use
Total Sudo Keystroke Plugins Licenses In Use
PERMANENT
COMMERCIAL
NEVER
10
0
0
ALL
4
0
0
The above example shows that the current license allows 10 Unix agents (QPM4U Client Licenses)
and that 4 licenses are currently in use.
Use pmlicense with the –us option to show a summary usage report, or with the –uf option to
show a full usage report including last use dates.
# pmlicense -uf
Detailed Licensed Hosts Report
---------------------------------------------------------------------------Number|
Last Access Time
|Hostname
---------------------------------------------------------------------------|QPM4U
|SudoPolicy
|SudoKeystroke
|
---------------------------------------------------------------------------1
|2011/07/01 17:14|
|
|admin1.example.com
2
|2011/07/01 17:14|
|
|user101.example.com
3
|2011/07/01 16:28|
|
|user123.example.com
4
|2011/07/01 17:14|
|
|dev023.example.com
The above output shows the full report, including the hostnames and dates of the Unix agents
which have used the policy server.
For a full list of options available for use with the pmlicense command, use pmlicense with the
–h option to display the usage help. Also refer to the Privilege Manager 5.6 A to Z Reference
Manual.
Quest, Quest Software and the Quest Software logo are trademarks and registered trademarks of Quest
Software, Inc. in the United States of America and other countries. Other trademarks and registered
trademarks are property of their respective owners.
Page 3