Working with configuration profiles

Configuration profiles allow you to define configuration and scheduling settings from a central manager and distribute those settings to managed unit groups without altering the configuration of the central manager itself.

Before you begin

Before creating and distributing configuration profiles, verify the following prerequisites:
  • Allow communication over port 8447 between the central manager and its managed units
  • The central manager and the managed units that will receive configurations must be at or above Guardium® V10.1

About this task

Configuration profiles contain two types of information: configuration type (one or more sets of configuration and scheduling settings), and a list of managed unit groups to be updated with the configuration and scheduling settings. Once defined, configuration profiles can be stored, modified, and reused to distribute specific sets of configuration and scheduling settings to specific groups of managed units.

The configuration types you can add to a configuration profile are:
  • Alerter
  • Audit process schedules
  • CyberArk upgrade configuration
  • Data archive
  • Data export
  • Data import schedule
  • Data streaming configuration
  • Database discover instances rules schedule
  • Flat log process
  • Ip-to-hostname aliasing
  • Kerberos
  • PIM data correlation
  • Policy installation schedule
  • Results archive (Audit)
  • Results export (Files)
  • Session Inference
  • System backup
  • Unit utilization schedule
  • Unit utilization thresholds

Configuration profiles are defined independently of the local settings on the central manager. This allows you to quickly define configuration settings and deploy those settings to managed unit groups without disrupting the configuration of your central manager or configuring each managed unit individually.

This task describes how to create, distribute, and save a configuration profile.

Procedure

  1. Navigate to Manage > Central Management > Distribute Configuration Profiles.
  2. Click New or select an existing profile to begin working with a configuration profile.
  3. From the Name and description panel, provide a name and optionally provide a description for the profile. Click Next to continue.
  4. Optionally, click Roles to specify security roles that can use the configuration profile.
  5. From the What to distribute panel, click New to define a new configuration, or select an existing configuration and click Edit to edit.
    1. From the Configuration type menu, select a configuration type to add to the profile.
    2. Specify configuration and scheduling details for the selected configuration type.
      Restriction: Distributing data export configuration settings to an aggregator do not distribute any purge settings. The existing purge settings on an aggregator are retained. On collectors, purge settings, including retention periods, are distributed to and replace existing purge settings.
    3. Click Save to finish editing the configuration profile.
    4. Optionally, add additional Configuration Types/schedules by clicking Edit, and repeating steps 5.a through 5.c.
    5. Click Next to continue.
  6. From the Where to distribute panel, select groups from the Managed unit groups table and use the Move right icon to add the groups to the Selected groups table. Click Next to continue.
    Note: Click New to create a new managed unit group or Edit to edit an existing group. Managed unit groups can also be defined and edited at Manage > Central Management > Managed Unit Groups.
  7. Optionally, from the Distribute configurations panel, click Run Now to distribute the configuration profile to the selected groups. When the status indicates that distribution is complete, click Next to continue.
  8. From the Review results panel, review a summary of the distribution process and its results.
    Optional: click Run Log to view a detailed log of the distribution process.
  9. Click Save to save the configuration profile for reuse.

What to do next

If you need to move configuration profiles between central managers, use Manage > Data Management > Definitions Export and Manage > Data Management > Definitions Import and select Configuration profile from the Type menu.