Welcome to the Sun Java[TM] Desktop System Configuration Manager Help pages. To get help for a specific part of the Java Desktop System Configuration Manager, click on one of the links on the left.
The help starts by describing the Configuration Manager general product background and concepts - Background & Concepts. Some general layout and behavioral aspects of the Configuration Manager can be found in Layout and Behavior.
After the general pages more specific help is available for the Masthead, the Navigation pane and the Content pane. There are also pages that cover the Login and the Reporting feature.
The Configuration Manager enables the centralized management of configuration settings. It is possible to view, define, and enforce configuration settings on different levels of an organization's hierarchy. Configuration settings that are semantically coherent are referred to as "configuration policies" in the rest of this document.
The Configuration Manager deals with three different hierarchical structures, also known as trees. To understand the Configuration Manager user interface, it is important to distinguish between the two trees:
One tree is formed by the configuration policies, and is thus called the configuration policy tree (see blue parts of figure 1 - "Trees"). A hierarchical organization of configuration settings is already familiar to users from many programs that have a more sophisticated configuration, like Mozilla. A typical configuration policy can be referred to with "/Mozilla/Navigator", a configuration setting with "/Mozilla/Navigator/HomeUrl".
Configuration policy trees are incorporated into the second type of tree, the organization tree (see gray parts of figure 1 - "Trees"). The organization tree represents relationships between organizational units. The result is an "organization tree containing configuration policy trees". The organization tree is represented using an LDAP server.
The third type of tree is the domain tree. The domain tree represents relationships between hardware units. Configuration policy trees are incorporated into the domain tree, resulting in a domain tree containing configuration policy trees. The domain tree is represented using an LDAP server.
The concepts for working with the organization tree and the domain tree are the same. The main difference between the two is that the organization tree maintains users and the domain tree maintains hosts. Having users and hosts in two separate trees enables the Configuration Manager to provide user-based and host-based configuration. Due to the similarities between the two trees, this section focuses on the organization tree and only mentions the domain tree when differences exist between the organization tree and the domain tree.
LDAP servers are commonly used in large enterprises to map organizational data in a hierarchical way. Each location within the organization tree in LDAP is called an entity.
This "tree of trees" facilitates hierarchical security and data management. This is accomplished by initially inserting the whole configuration policy tree once at the root of the organization tree. Entity-specific changes to the configuration settings of that initial configuration policy tree are stored at the corresponding entity. For simplicity, figure 1 only illustrates the configuration policy trees associated with the organizational entities that are called "marketing" and "jclarke".
The configuration settings for an entity are gotten by merging. All configuration settings, which are associated with an entity in the organization or domain tree, are called layers. The merging begins with the root layer and follows the tree until the desired entity is reached. A change in a configuration setting, in a layer associated with an entity, is inherited by the layers that are associated with entities farther down in the tree hierarchy (see figure 2 - "Layer Merging"). The inherited values can be overwritten if a particular layer defines its own settings.
This inheritance holds true for configuration settings, and also holds true for
security characteristics: specifying the security attribute "protected" for one
configuration setting in the layer attached to "o=marketing" will make this configuration
setting in all subsequent layers of the tree read-only (see figure 3 -
"Protection"). Configuration policy trees are bound to the entities
of an organization tree in two different ways:
Policy groups are containers for configuration policies, they each have a (unique) name associated with them. They are also containers for a configuration policy tree, because configuration policies store their configuration settings in a configuration policy tree (see figure 1 – "Trees"). Policy groups are stored in a policy repository and can be used by all types of entities by creating link(s) to policy group(s). This allows more flexibility, independent of the backend used. Another advantage of the policy groups is that they can be imported and exported which eases maintenance.
The administrator can create collections of configuration policies for separate semantic ranges, for instance an "Experts" and a "Novice" policy group stored in the policy repository. The configuration policies can then be used throughout the organization tree.
The layout for the Configuration Manager consists of three areas: a Masthead, a Navigation pane, and a Content pane. The masthead is located on the top section of the page. The area on the lower left side contains the Navigation pane. The area on the lower right is the Content pane. This type of layout is also referred to as Left-Right pane set. Separate browser windows are opened for displaying additional dialogs and displaying help content.
To use the Configuration Manager, you must login to the Sun Web Console. The Sun Web Console is the location for management applications, all of which have a consistent user interface. An advantage of the Console is that an administrator can log in once and use any application inside the console. For this purpose the Sun Web Console provides a standard login page.
On the standard login page, the server that you are going to log into is displayed above the text fields for the user name and password.
After you have logged into the Web Console successfully, you arrive at the Web Console application launch page. From there, you can select the "Configuration Manager" application, which launches the Configuration Manager.
The Masthead has the full product name (Sun Java[TM] Desktop System Configuration Manager) across it. The Masthead also provides a number of general links:
The Navigation pane allows you to browse the organization tree, which contains organizations, users and roles, and to browse the domain tree, which contains domains and hosts. It also allows you to manage policy groups in the corresponding users and hosts policy repositories.
There are two top-level tabs in the Navigation pane: Users and Hosts.
Two sub-tabs, Organization Tree and Policy Repository, are provided. Browse the organization tree using the Organization Tree tab.
At the top of the Organization Tree tab is the parentage path, which is a control that visualizes the path to the current entity. Every path particle is a link that represents an entity, except for the last link, which is displayed as normal text and denotes the current entity. To navigate using the parentage path, click on a link. This will:
The navigation table is located below the parentage path, and lists the sub-entities of the current entity. The "Name" column contains the names of all sub-entities of the current entity. The "Type" column displays the type of the entity. The "Action" column contains a View link for every row.
To navigate to an entity click on a listed name, this will:
To view a listed entity's details click on the View link. This will:
The action bar of the navigation table contains the Filter drop-down menu and and the Advanced Filter icon. When the table contains more than ten entries, the Page/Scroll Through All Data icon appears, which allows you to change the view of the table entries.
TheFilter drop-down menu allows you to choose which type of entity to display in the navigation table. It contains the following items:
Click the Advanced Filter icon in the navigation table to open the Advanced Filter dialog.
In the Type section, mark the type of entity that you want to filter. For a more specific filter, enter the name that you want to perform the filter on in the Name text field. Then click the Filter button at the bottom of the dialog to run the filter.
To open the Search window click the Search button above the navigation table. The Search window contains a masthead, a parameter area on the left, and a result area on the right. The Search window can be used to recursively search through the organization tree for certain entity types and entity names. If the Search button in the Navigation pane of the main window is clicked while the Search window is open in the background, the Search window becomes the topmost window. The current entity of the Search window, which is displayed by the parentage path in the parameter area of the Search window, is refreshed. All other parameters and the content of the result area are unchanged.
The parameter area displays the parentage path at the top, and it visualizes the path to the current entity. The use of the parameter area is described in the Parentage Path section.
To search for a particular entity type, select that type from the drop-down list underneath the parentage path. The six selections are "Search All", "Search Organizations", "Search Users", "Search Roles", "Search Domains", and "Search Hosts".
To further narrow the search, you can use the text box that is located next to the drop-down list. This allows you to search for entity names that match the search string that you entered in this field. The starting point to search from in the tree can be specified selecting one of the Starting Point radio buttons. The choices are to search from the current location or to search from the top of the tree. The default value is to search from the current location. The locations are r epresented by their names. Clicking on any path particle in the parentage path will change the current location for the search to the selected entity but will not change the scope of the navigator's view.
Select the number of results to be displayed from the "Results displayed per page" drop-down list.
All search fields in the search pane accept the asterisk "*" as a wildcard at any position in a search string. The asterisk represents an arbitrary number of arbitrary characters. If multiple search criteria are specified, all search criteria must be fulfilled for an entity to be added to the result table. The search is not case-sensitive.
To perform the search, click on the Search button, which refreshes the result area with a table containing the search results.
To reset the page values click on the Reset button, which refreshes the parameter area with the default values. All text boxes are emptied, and the first value is selected in all drop-down lists and radio button groups.
The result area contains a blank page when the Search window is created. After performing a search, a result table is displayed. The result table contains three columns: "Name", "Type" and "Path".
To view a result, click on the corresponding name under the "Name" column. This will:
The "Type" column displays the type of the entity. An entity can be either of type "Organization", "User"or "Role".
The "Path" column contains the path to the entity. The path is relative to the starting point of the search.
If the type searched for is "User", the parameter area displays different text boxes to accommodate the characteristics of a user: "User ID", "First Name", and "Last Name". In the result area, an additional "User ID" column appears to the right to the "Name" column, containing the user IDs. If the "User ID" text box in the parameter area contains at least one character, the primary sort column is the "User ID" column. If not, the primary sort column is the "Name" column.
The Hosts tab contains two sub-tabs that are called Domain Tree and Policy Repository, respectively.
The Domain Tree displays the configuration settings for the hardware that the user is working on.
Navigation through the Domain Tree works in the same way as navigation through the Organization Tree, see the Users Tab section for more details.
The Filter drop down menu in the navigation table contains four items:
The Advanced Filter for the Domain Tree works in the same way as the Advanced Filter for the Organization Tree (see the previous Advanced Filter section). The Advanced Filter for the Domain tree provides "Domain" and "Host" entity types to filter from.
When you click on the Search button in the Domain Tree tab, the Domain Search appears. The Domain Search operates in the same way as the search in the Organization Tree (see above), but the Staring Point field is set to "Hardware".
A Policy Repository tab exists under both the Users tab and under the Hosts tab.
A policy repository is a container for either user policy groups or host policy groups. The policy groups are organized in an ordered list. The sequence is defined by priorities.
The policy group table is located at the top of the page and lists the policy groups. The table contains three columns: a selection column, "Name", and "Priority".
The selection column is used to mark the rows to which the actions listed in the Policy Group Action drop-down menu are applied.
To navigate to a Policy Group, click on its name. This will:
The "Priority" column contains the priority of the policy group. The priority is used to define the merge order of the policy groups if an administrator has associated more than one policy group to an entity.
A row with blue background marks the policy group whose data is currently viewed in the Content pane, the viewed policy group.
The Policy Group Actions drop-down menu contains the following actions, displayed from top to bottom:
Name |
Action |
---|---|
New |
A dialog window opens, where the user enters the (unique) name of the policy group. After clicking OK, the policy group is added. The Navigation pane is refreshed to reflect the changes. |
Delete |
A pop-up window opens, with a warning message to confirm deletion of the policy group(s). If the user clicks OK, the policy group(s) are deleted. The Navigation pane is refreshed to reflect the changes. |
Rename |
A dialog window opens, the user enters the new (unique) name for the policy group, the policy group is renamed and the Navigation pane is refreshed to reflect the changes. |
Edit Priorities |
A dialog window opens, which contains a list box for changing the priorities. |
Export |
A dialog window opens. The user enters the destination path where the selected policy group(s) are exported to. |
Import |
A dialog window opens. The user selects the policy group(s) to be imported. After clicking OK, the policy group is added and the Navigation pane is refreshed to reflect the changes. |
The concept of policy group priorities allows the administrator to define the order in which the layers are merged. The policy group priorities are used during merging if an entity has more than one policy group assigned. In this case, the hierarchy of entities is not sufficient to determine the sequence in which the policy groups are merged. This is solved by assigning priorities to policy groups.
To open the policy group priorities dialog select Edit Priorities from the Policy Group Actions drop down menu. To increase or decrease the priority of a policy group:
The Content pane displays the data associated with the selected entity or policy group in the Navigation pane. The data is grouped in tabs. The selections made in the Navigation pane determine the number and type of tabs displayed in the Content pane. The Policies tab is the default active tab. The currently active tab stays active if selections are changed in the Navigation pane, as long as the selection made offers that tab. If not, the Policies tab becomes the active tab. The internal state of a tab (parentage path, sort order) is recalled when the tab becomes active again.
Use the Policies tab to navigate the configuration policy tree displaying subgroups, configuration settings or both.
Every Policies page has two buttons:
Every root entry in the configuration policy tree denotes an application, for instance, "StarOffice 7". The tree below the application organizes the configuration policies that belong to that application. Configuration policies can be located anywhere in the configuration policy tree. If a configuration policy is not a leaf of the configuration policy tree, the policy table as well as the configuration policy need to be displayed for one current location in the configuration policy tree.
The parentage path is displayed at the top of the page underneath the tabs. It visualizes the current location in the configuration policy tree. It functions in the same way as the parentage path in the Navigation pane (see previousParentage Path section).
The Subgroups table is located below the parentage path. The table lists the subgroups of the current location in the configuration policy tree. It contains two columns: "Name" and "Comment".
The "Name" column contains the names of all subgroups of the current location in the configuration policy tree. The name is displayed as a link. To navigate through the configuration policy tree click on a name link. This will:
This kind of navigation is referred to as "drill down" type navigation.
The Comment column contains a short description of the subgroup.
If valid configuration policy data is available for the combination of the current entity and the current configuration policy, the "Policies" tab in the Content pane displays that data.
The data is presented in tables. The tables have four columns. A selection column that contains selection icons, a "Status" column, a "Name" column and a "Value" column. The action bar on the table has a drop down actions menu
To select an element check the checkbox in front it. An action from the drop down actions menu in the action bar can now be performed on the selected element. The following table describes all actions:
Action |
Operation |
Protect |
Set the selected element to be protected. |
Unprotect |
Removes the protection for the selected element. |
Apply Default |
Uses the hard-coded default data from the policy template. |
Clear |
Deletes the data that is stored in the element. |
To the left of an element name, two icons show the status of that element. The following table summarizes the icons and their function:
Icon |
Meaning |
Operation |
|
This icon illustrates that the value of the element was set at this level of the organization tree. |
- |
|
This icon, which is also a link, illustrates that the value of the element was set at a higher level of the organization (or domain) tree. The value that the user sees is the result of the merging of layers, or entity levels, within the organization. |
When you click on the icon, it navigates you to where the value was set. |
|
This icon illustrates that the protection of the element was set at this level of the organization (or domain) tree. Protection is inherited through both the organization and configuration policy trees. |
- |
|
This icon, which is also a link, illustrates that the protection of the element was set at a higher level of the organization (or domain) tree. The protection of this element or item is as a result of merging of layers, or entity levels, within the organization. |
Clicking on this icon navigates the user to where the protection was set. |
Data values can be changed by changing the values in the "Value" column. Value changes as well as status changes must be saved. Saving is done by clicking on the Save button.
Sets are dynamic collections of properties. You can add and remove elements from the set.
To add an element to a set:
To delete elements from a set, select the element and click the Delete button.
Note that sets can contain sets and they are represented as links. Clicking on the link will navigate you to the set and the set can be edited from there
This Policy Group page allows you to add and remove policy groups to the selected entity.
To add a policy group listed in the Available list on the left side:
If a policy group is selected in the Policy Repository of the Navigation pane, the Content pane contains the Assignees tab page. The Assignees page lists all entities that the selected policy group is assigned to.
Actions that can be performed on the Assignees Tab page are:
If an entity of type "User" is selected in the Navigation pane, and that user is a member of at least one role, the Content pane contains the Roles tab page. The Roles page lists all the roles that the selected user is a member of.
This page has two columns "Name" and "Path". "Name" contains the names of the roles and "Path" contains the absolute path to the Role.
A report is a read-only view of all configuration settings that contain data. A report is triggered by clicking a Report button. The Configure Report dialog then appears.
The "Configure Report" dialog allows you to customise:
Once customised clicking on the report will open a read only view of the selected data.