Chat Transcript: Office Hours for CA Single Sign-On [AUGUST 2016]

Document created by kristen.palazzolo Employee on Aug 25, 2016Last modified by kristen.palazzolo Employee on Dec 17, 2016
Version 3Show Document
  • View in full screen mode

from Jeff Limpert to Everyone:
Good morning.
from Kristen Palazzolo (CA) to Everyone:
Hi Jeff!
from Kristen Palazzolo (CA) to Everyone:
Welcome to Office Hours for CA Single Sign-On!
from Kristen Palazzolo (CA) to Everyone:
Product experts are standing by to answer your questions in real-time.
from Kristen Palazzolo (CA) to Everyone:
There is no audio, All conversation happens right here in the chat window.
from Kristen Palazzolo (CA) to Everyone:
So, ask a question! Who's got one>
from Kevin (Johns Hopkins) to Everyone:
In a very large environment, it is easy to have sites come and go frequently. Is there a way audit whether an agent or ACO is still in use? It would be nice to do a yearly clean-up of unused objects.
from Shahn Soomro (CA) to Everyone:
@kevin, there are a couple a ways. What version of CA SSO are you on. Have you looked at the "Agent Discovery" feature of CA SSO. It shows all the agents that communicate or have communicated with Policy Server. So you can see which agents are domant/unused for long time. You may also use your "System Management" tool to parse agent processes running in your environment.
from Christopher E to Everyone:
can i ask a non "single sign-on" question?
from Shahn Soomro (CA) to Everyone:
@chris...non CA SSO questions cost extra $5 per question
from Sid Mautte (CA) to Everyone:
@Chris, sure... ask away.
from Herb Mehlhorn to Everyone:
@ Kevin...in really large env. the agent discovery feature creates lots of updates and perfrorms better with policy store in db
from Herb Mehlhorn to Everyone:
@Kevin, for ACO part of your question...there is no way the team here can think about how to do that with current out of the box functionality...good ideat to add to Community ..
from Tony Pham to Everyone:
"Agent Discovery", nice, is there a good tech doc out there for this specific function, that would included various how-to as well as requisite, setup, results etc ...
from Christopher E to Everyone:
@Shahn mainframe product CA CMDB CONNECTOR (aka itpam, etc.). Need mainframe resource (or point me in the right direction) I'm not looking for distributed cmdb.
from Kevin (Johns Hopkins) to Everyone:
@Shahn - We are using 12.52 SP1
from Sam Dikeman to Everyone:
Just wondering how the testing/shake-out is going for 12.6?
from Kristen Palazzolo (CA) to Everyone:
@Christopher - There is a category for this product in the CA Mainframe Community: https://communities.ca.com/community/ca-mainframe-community
from Kristen Palazzolo (CA) to Everyone:
@Christopher If you post your question there and select the corresponding category, someone will get back to you. But, I will notify Lenn Thompson of your question and he can point you in the right direction.
from Shahn Soomro (CA) to Everyone:
@Kevin...Agent discovery is available in 12.52.x version. Here is the link to information on agent discovery in CA SSO integrated docs: Policy Server Guides › Policy Server Configuration Guide › Agents and Agent Groups › Agent Discovery Introduced

from Herb Mehlhorn to Everyone:
@SAM...12.6 is imminent...basically we are down to 1 issue that needs to be wrapped up...then gold testing cycle...code to escrow, test download site and GA. Week of Sept. 6th.
from Tony Pham to Everyone:
@Herb, on your response to Kevin ".... better with policy store in db", is interesting .... without full context, it's hard for me to digest this response. hence my ask for a tech doc should be a valid ask.
from Shahn Soomro (CA) to Everyone:
@Tony: the link to detailed information on agent discovery is in CA SSO integrated docs, plz start at this location: Policy Server Guides › Policy Server Configuration Guide › Agents and Agent Groups › Agent Discovery Introduced
from Tony Pham to Everyone:
@Shahn, i consider that is a "typical". i'm more interest for a specific write up. back in Nete time, there were good tech docs. is that practice not encourage any more?
from Shahn Soomro (CA) to Everyone:
@Tony: No not at all, technotes are still being written as needed, but now we have many other venueus of commincation. Best being CA Communities, where both CA and customer exchange notes and tips/trick etc.
from Herb Mehlhorn to Everyone:
@Tony...tech docs still done...i think for two reasons... one was that the core tech info could not be cycled very quickly and tech docs were way to publish asynchronously and the other reason was for more technical detail that was not in the tech info.....that second reason is still valid so we do tech docs, but we are trying to do less of that where we can incorporate info directly into the tech info which is now being refreshed roughly monthly...
from Tony Pham to Everyone:
@Herb, got it. will look at what Shahn point out. however, i can bet you lunch that i won't find any reference on why "... updates and perfroms better with policy store in db"
from Tony Pham to Everyone:
@Shahn, i know CA is pushing for its customer to go to community. knowledge exchange is one of many reason. however, the response is hit and miss. for example, a question on SM version support on RHEL 7 went unanswer for some time
from Herb Mehlhorn to Everyone:
@Tony...dbs are typically going to be better under heavy write load...so when kevin mentioned very large environment that is where my thinking turned toward db.
from Tony Pham to Everyone:
and if you search for this office hours archived, you will see the ask was also there
from Herb Mehlhorn to Everyone:
@Tony there is not a specfiic doc on this available today, but something we can consider...especially as we will be doing some more work in this space after 12.6 GA's...as part of the next (12.7) program
from Tony Pham to Everyone:
@Herb, ok, so your response was base on experience where historically db is good for something and ldap is good for other
from Herb Mehlhorn to Everyone:
@Tony. yes.
from Sam Dikeman to Everyone:
@Herb - having sat in meetings with the CA Directory folks, they might have something to say about this.
from Herb Mehlhorn to Everyone:
@Tony....were you able to do any testing with 12.6 pre-ga kit...
from Tony Pham to Everyone:
@Herb, ok, but you have a very good LDAP product, don't under estimate that
from Herb Mehlhorn to Everyone:
@Sam...yes...CA Directory has really stellar performance...I was thinking LDAP...CA Directory is special x.500 ..thanks for the correction!
from Tony Pham to Everyone:
@Herb, i'm preparing my lab. need my SA to put in RHEL 7 in few machines .... things are slow over here due to priority
from Herb Mehlhorn to Everyone:
@Tony...you may not see the exact same as our observations...but we are seeign that 12.6 is significantly faster than earlier versions of SSO.
from Tony Pham to Everyone:
@Herb, well, i expect that for 64 bits product
from Herb Mehlhorn to Everyone:
@Tony....that is part of the source...yes.
from Herb Mehlhorn to Everyone:
@Tony...being more clear ....for all that are on the chat...the significant performance improvement is really on RH...the performance improvement on Windows is not very noticeable.
from Tony Pham to Everyone:
@Herb, i just noted you mentioned 12.7
from Tony Pham to Everyone:
is tehre a road map ?
from Herb Mehlhorn to Everyone:
@Tony....we run an agile shop...so we ahve a backlog and we have a rough projection of time lines...but the two cant' really be put together until we get some way into the sprints that will make up the 12.7 relea.se
from Tony Pham to Everyone:
it's my understanding that from one minor (6) to another minor (7) would be 2 yrs avg.
from Tony Pham to Everyone:
i hope you don't do what you did to your customers when you have 12.5 and 12.51
from Herb Mehlhorn to Everyone:
@Tony....we are moving to 6 month release cycles for enhancement versions....I put the 12.7 in parentheses ....we may not call it 12.7, but basically what you can expect is ...enhancemnt releases on ~6 month increments.
from Tony Pham to Everyone:
@Herb, ok, that's sound better (in parentheses) as i would hate to re-live the decision 12.5 vs 12.51 where we had spent a good amount of times to evaluate the two and decided to go with 12.51
from Herb Mehlhorn to Everyone:
@Tony....there is a roadmap that we can provide to your org...it will clarify feature threads we expect to start on after 12.6 and you can also tune in to the CA SSO program on Validate.ca.com to see how features move forward.
from Herb Mehlhorn to Everyone:
@Tony...expect 6 month cadence...so ...if you are thinking about 12.6...be aware there will be a 12.6+6month releease and a 12.6+12 month release ,etc....
from Herb Mehlhorn to Everyone:
@Tony...does your org use Agile as dev mgmt. fwk?
from Tony Pham to Everyone:
for the org that i'm in, yes we do, our app dev people practice that
from Herb Mehlhorn to Everyone:
@Tony...thx. So with the swtich to agile here...we start dev. on backlog items...when release date comes...we ship waht is ready to go...and anything that is not ready is then pushed to next train...goal is to keep trains running on time and chew through backlog in priority order....
from Herb Mehlhorn to Everyone:
@Tony...doesn't always work as written in the agile manifesto,..
from Tony Pham to Everyone:
@Herb, good to know, and the method(s)/process(es) to determine minor release vs critical release should stay .... version number should not be taken lightly for your customers (or at least me) that has known and has been using your product for number of years.
from Herb Mehlhorn to Everyone:
@Tony...typically we hear customers talk about minor vs. major release, which in some ways starts to go away under Agile....what is difference in minor release vs. critical release in your org?
from Kristen Palazzolo (CA) to Everyone:
4 minutes left!
from Kristen Palazzolo (CA) to Everyone:
Get your final questions in now
from Tony Pham to Everyone:
i can't answer that, as i'm not part of the app dev team
from Herb Mehlhorn to Everyone:
@Tony. OK
from Kristen Palazzolo (CA) to Everyone:
Thanks for joining this month's Office Hours session! See you again next month!
from Herb Mehlhorn to Everyone:
Thanks Kristen.
from Kristen Palazzolo (CA) to Everyone:
I'll post the chat transcript from today's chat to the CA Security Community!
from Kristen Palazzolo (CA) to Everyone:
https://communities.ca.com/community/ca-security

Attachments

    Outcomes