Skip to main content

Configuring target system operation locking

Some target systems do not allow multiple client connection attempts to occur simultaneously, so connectors write lock files to prevent this from happening. Locks are also created when other programs connect to a target system.

Some connector concurrency rules are pre-defined; for example:

  • NDS (and related target systems such as GroupWise) have a pre-defined lock:

    %LDIR%NWCLIENT.lock

    If an operation on the NDS target system nds1 triggers a lock, the following lock file is created:

    <Program Files path>\Bravura Security\Bravura Security Fabric\Locks \NWCLIENT.lock

    No other target systems that use this lock (groupwise1, nds2) can do anything until the lock is removed.

  • Windows server target systems have a pre-defined lock:

    %LDIR%NTCLIENT%HOST%.lock

    So if an operation on the Windows server target system nt1 triggers a lock, the following lock file is created:

    <Program Files path>\Bravura Security\Bravura Security Fabric\Locks \NTCLIENTNT1.lock

    No other operations can be performed on nt1, however operations can still be performed on other Windows server target systems.

When to add manual locks

Under normal circumstances, you do not need to set manual locks because there are already internal locks set; however, in some circumstances, manual locks are necessary. For example, when using a mainframe system and a Telnet connector with no inherent locks, your mainframe target system may limit the target system administrator to have only one login at a time. In this situation, you need to set a manual lock so you do not attempt to have two login sessions using the same administrator ID simultaneously.

Warning

The arbitrary use of manual locks may interfere with internal locking behavior.

Defining a lock file directory

The lock file directory is defined during the initial installation of each instance of Bravura Security Fabric . The location of the lock files directory is controlled by the PSLockDir setting. If this directory is not defined, lock files are created in the temporary directory specified by the PSTempDir setting.

By default, lock files are stored in the directory. However, you can select a different directory if required.

Warning

To prevent failures on target systems that require locking, the value for PSLockDir is recommended to remain constant for all Bravura Security Fabric instances.

To define a lock file directory using the Manage the system (PSA) module:

  1. Click Manage the system > Maintenance > Options .

  2. Type the directory path for the lock files location in the PSLockDir field.

  3. Click Update at the bottom of the form.

Setting lock file rules

Set lock file rules to define under what circumstances a system will be locked. The more circumstances you apply to a rule, the less restrictive it is. To set lock file rules:

  1. Click Manage the system > Maintenance > Connector concurrency rules.

  2. Select the target system, on which you want the lock to occur, from the Target system drop-down list.

  3. Select one of the following options from the Operation drop-down list:

    • ACHG – Any operation where target system administrator credentials are used.

    • VERI – A password verification operation.

    • AVER – An alternate login ID verification operation.

    • VRRE – A transparent password synchronization operation.

    The lock file is created when the operation selected from this drop-down list occurs on the selected target system.

  4. Select the appropriate Lock file items to determine the circumstances under which the lock file will be created (multiple selections make the lock file less restrictive):

    • Local – Sets a lock on the primary server rather than on a proxy.

    • Target system – Sets a lock for the target system so multiple client servers cannot communicate with the target system simultaneously.

    • Target system type – Sets a lock for the target system type so multiple client servers cannot communicate with the same target system type simultaneously.

    • PID – Sets a lock so the same process cannot access multiple target systems simultaneously.

    • User – Sets a lock so an individual user cannot access multiple target systems simultaneously. For example, if you are logged in as user1 on one target system, you cannot log in as user1 on any other target systems.

    • Admin – Sets a lock so that only one of the multiple target system administrator IDs for the target system can have access to the target system at a given time.

    • Operation – Sets a lock when the selected operation occurs on the target system.

    Checkbox values also determine the name of the lock file. For example, if you select Target and User , then when user bsmith verifies his password on system1, the resulting lock file is named system1 bsmith.lock. This means that bsmith will not be able to perform the same operation on system1 until the initial operation is complete. However, user jwhite can access system1 simultaneously, and generates a lock file named system1white.lock.

  5. Optional : Use the Replace with field to override the name of the lock file as defined by the checkbox values.

    You can use variables where the order of the variables is important, or use additional text. For example, you can define the lock file name as %ADMIN%%PID%mylock. The %LDIR% (lock file directory) variable and .lock suffix are appended automatically.

    The variables available are:

    Variable

    Lock file

    %LOCAL%

    Local

    %HOST%

    Target

    %PLATFORM%

    Platform

    %PID%

    PID

    %USER%

    User

    %ADMIN%

    Admin

    %OPER%

    Operation

  6. Click Update.

In this section: