External Security Interface (ESI)
Originally, using the External Security Interface was an option and in my opinion, it was always folly to not take advantage of this software. Without going into a long lecture about security, suffice it to say that it is a key component of effective configuration management.
Security and Configuration Management have 2 components: physical security and functional security.
Endevor does not supply physical security. This is the security that specifies who can read/write to the different high-level indexes at a site and is handled at every site by whatever proprietary security software they have (i.e. RACF, ACF2, TOP-SECRET).
Functional security is the component that determines, once in Endevor, who is allowed to do what to which systems. Your choices are to either set up Endevor Native Security tables or interface with your current on-site security software. It makes sense to most shops to continue leveraging their current on-site security software; it provides a single point of administration and continues to leverage the investment they have already made in security at their site. If you use the Endevor Native Security tables, you must remember to reflect any general changes in system security there as well as in your “standard” shop software. Also, this means a component of your site’s software security requirement is NOT being managed by your site’s security software. This can be a favourite target for security auditor’s to hit.
This is the heart-and-soul of Endevor. Without Extended Processors, you can’t compile, generate, check, crossreference, or any of the other cool neat stuff Endevor can do for you. In essence, without Extended Processors, Endevor becomes nothing more than a source repository; a toothless tiger; a fancy version of Panvalet.
Automated Configuration Manager (ACM)
If Extended Processors are the heart-and-soul, then ACM is the brains. ACM is the piece that allows you to automatically monitor the input and output components of elements as they are being processed by an Extended Processor. ACM, then, allows effective impact analysis and ensures the integrity of your applications. The information ACM captures is what package processing uses to verify that a developer is not missing pieces when they create a promotion package for production.
2 thoughts on “An Opinion about Endevor “core” Pieces”
Another useful and interesting article, I don’t know if you are aware but Native Security is no longer available in Endevor since V18.0. Functional Security must be enforced using the ESI now.
Yes, I’m very aware CA eliminated Native Security… which in my mind raises an interesting question that I think Endevor administrators and all Endevor sites should raise with CA…. Now that I have NO CHOICE but to use the External Security Interface, shouldn’t it be provided WITH Endevor now? Why do I have to PAY for an option that is, frankly, required in order to deliver real CCM functionality?