Managing the Product in a Single System Image Complex

A VM Single System Image (SSI) complex is a multisystem environment. An SSI enables you to manage separate VM systems as if they were a single computing resource. CA VM:Secure maintains a consistent view of system administration definitions across all members of an SSI complex.

The presentation of a consistent view of system administration across an SSI complex requires that CA VM:Secure support the following environment characteristics:

• The CP Object Directory is identical on every member system. A USER directory entry defines a user ID that can log in any member system (one at a time). The virtual machine definitions are identical. An IDENTITY directory entry defines a user ID that can log in multiple members simultaneously. The member-specific definitions in a SUBCONFIG directory entry can tailor each logon instance.
• The CA VM:Secure Rules Facility provides Resource access control, and the same authorizations for a virtual machine, wherever it is running in the complex.
• CA VM:Secure provides identical access to the directory management or resource access control administration interfaces from all members of the complex. You can enter product commands in the same way from any member system.

Change virtual machine definitions, configuration file statements, or access control rules simultaneously in every member system. This synchronization preserves the single system image. To accomplish this synchronization in real time, CA VM:Secure operates as a set of distributed servers, one on each member system. These servers communicate with each other. Each server runs in one of the following two modes:

A master server runs on one member node to perform the following functions of a non-SSI CA VM:Secure server:

• Processing commands 
• Updating and compiling Configuration files
• Updating and compiling CP Directory Entries
• Updating and Compiling RULE files
• Responding to External Security Manager Access Control Interface requests from CP

An agent server runs on every other member node to perform the following subset of the functions of the master CA VM:Secure server:

• Compiling Configuration files
• Compiling CP Directory Entries
• Compiling RULE files
• Responding to External Security Manager Access Control Interface requests from CP
• An agent server implements the following new functions:
  • Responding to synchronization requests from the master server
  • Converting itself to replace a master when the master server has an outage.