Overview
The Policy Agent can act in any of several roles, depending
on configuration options:
- The Policy Agent can act as the Policy Decision Point (PDP) on a single system, installing policies in one or more z/OS® Communications Server stacks.
- The Policy Agent can act as a centralized policy server, providing PDP services for one or more remote policy clients.
- The Policy Agent can act as a policy client, retrieving remote policies from the policy server. Each stack in a Common INET (CINET) environment that is configured to the Policy Agent acts as a separate policy client.
- A single Policy Agent can act as a policy client or a policy server, but not both.
Policy Agent reads policies defined in local or remote
configuration files, or reads by way of the Lightweight Directory
Access Protocol (LDAP) from an LDAP server. These policies are then
installed in one or more TCP/IP stacks. Policy Agent can be configured
to install identical policies to multiple (or all) stacks, or can
install different sets of policies to each stack individually. Policy
Agent can also monitor its configuration files and the LDAP server
periodically for changed policies, and install new or changed policies
as changes occur. The basic types of policies are:
- Quality of Service (QoS)
- Intrusion Detection Services (IDS)
See Diagnosing intrusion detection problems for more information about diagnosing IDS policies.
- IPSec
See Diagnosing IP security and defensive filter problems for more information about diagnosing IPSec policies.
- Application Transparent Transport Layer Security (AT-TLS)
See Diagnosing Application Transparent Transport Layer Security (AT-TLS) for more information about diagnosing AT-TLS policies.
- Policy-based routing (Routing)
See Steps for diagnosing problems with IP routing to a destination when using policy-based routing for more information about diagnosing routing policies.