Architecture Dependency

When deploying , consider the hierarchy of your environment. At many sites, the network includes various architectures. Some policy rules, such as the list of trusted programs, are architecture-dependent. On the other hand, most rules are independent of the system architecture.
capamsc141
When deploying
Privileged Access Manager
, consider the hierarchy of your environment. At many sites, the network includes various architectures. Some policy rules, such as the list of trusted programs, are architecture-dependent. On the other hand, most rules are independent of the system architecture.
You can cover both kinds of rules by using a hierarchy. Define a global database for architecture-independent rules, and give it subscriber PMDBs that define architecture-dependent rules.
 The root PMDB and all its subscribers can reside on the same computer or on separate computers, depending on the physical needs of your environment. 
Example: A Two-tiered Deployment Hierarchy
The following UNIX example also applies to a Windows architecture with small modifications.
In the example, the site consists of IBM AIX and Sun Solaris systems. Since the list of trusted programs on IBM AIX differs from the one on Sun Solaris, the PMDBs need to consider architecture dependency.
To set up a multiple-architecture PMDB, set up your PMDBs as follows:
  1. Define a PMDB named whole_world, to contain the users, groups, and all other architecture independent policies.
  2. Define a PMDB named pm_aix, to contain all the IBM AIX specific rules.
  3. Define the PMDB pm_sol, to contain all the Sun Solaris specific rules.
The PMDBs pm_aix and pm_solaris are subscribers of the PMDB whole_world. All IBM AIX computers at the site are subscribers of pm_aix. All Sun Solaris computers at the site are subscribers of pm_sol. The concept is illustrated in the following chart.
 4
Architecture dependency
Architecture dependency
    4. When you enter platform-independent commands in whole_world, such as adding a user or setting a SURROGATE rule, all databases at the site are automatically updated.
    5. When you add a trusted program to pm_aix, only IBM AIX computers are updated, without affecting the Sun Solaris systems.