Policy Enforcement
TIBCO ActiveMatrix Policy Director Governance uses embedded agents and intermediary proxy applications to enforce policies by inspecting, rejecting, recording, transforming, and redirecting messages.
The Governance Agent enforces policies even if the TTIBCO ActiveMatrix Policy Director Governance Administrator services are not online. This is possible by maintaining a compiled version of the processed policies using its Policy Runtime Store component.
When the Governance Agent receives an instruction from TIBCO ActiveMatrix Policy Director Governance Administrator it can perform any of the following functions:
- Process a new Governance Control
- Update an existing Governance Control
- Delete an existing Governance Control
After processing the instructions, the Governance Agent updates its local cache to reflect the new state of policies to enforce a given PEP and Governed Object combination.
The Governance Agent completes all of these tasks without interrupting service availability. The actions to execute are dynamically updated when the Governance Agent successfully processes the Governance Control instructions from TIBCO ActiveMatrix Policy Director Governance Administrator. If there are any policy conflicts or other errors while processing Governance Controls, the Governance Agent leaves the existing cache of policies to enforce undisturbed policies and reports the status to TIBCO ActiveMatrix Policy Director Governance Distribution Engine.
Using the Governance Control templates that TIBCO ActiveMatrix Policy Director Governance provides, you can only specify a few required parameters to define a policy. However, behind the scenes, the compiled Governance Controls contain all of the information the Governance Agent needs to successfully process and enforce policies.