Installing and Logging in to RLM

Before Installation

• Confirm that you have either a Google Chrome or Mozilla Firefox internet browser.

• If you are deploying RLM on a non-Tufin OS, adjust the settings as follows (click for procedure):

  1. Using any text editing tool, open /etc/sudoers.

  2. Locate the Defaults > secure_path setting.

     

  3. Copy the following string and add it to the end of the secure_path:

  :/usr/local/bin

  

• Users and workflows for RLM.

• Create workflows in SecureChange. It is strongly recommended that these workflows be unique for RLM, as unique workflows may be needed for compliance/audit requirements and can be used in future reporting. For more information, see TOS Admin: Creating Users and Workflows.

Install RLM

You may need to install a new version of RLM in these cases:

• You are installing RLM on a new environment.

• You uninstalled RLM.

• You need to upgrade to a TOS Aurora version that requires a new installation.

Follow these steps to install RLM:

1. Using SSH, log into the TOS Aurora server.

2. Create a directory called /opt/extensions.

3. Copy the installer run file (already downloaded) to /opt/extensions.

4. Go to /opt/extensions.

5. Go to the folder and run the installer file:

   # sh rlm-v<VERSION>.k3s.run

RLM is installed in the TOS Aurora cluster on the data node.

A license is required if you are running TOS Aurora R23-1 or earlier, or you have a legacy (non-tiered) TOS license - see Installing a License.

During installation, RLM creates a Rule Recertification workflow called RLM Rule Recertification Workflow (if no workflow by that name already exists). This workflow includes three steps with the rule recertification field defined in each step. The user, with permissions to modify workflows, must login to SecureChange to complete the setup by adding an assignee for each step. The end user does not need to use this workflow.

Log into RLM

Rule Lifecycle Management App (RLM) is located in the SecureChange server. To log in to RLM, use your SecureChange user credentials provided by your App Administrator or TOS Administrator.

Your user credentials determine your level of access to RLM. App Administrators can configure RLM, change settings, and map Rule Owners and network devices. Rule Owners can view rules for which they are responsible and mark rules for certification or decertification. See Create Users in SecureChange for a detailed list of permissions for each user type.

Access RLM from SecureChange

From R23-1, use the app launcher icon () and select Rule Lifecycle Management.

Log in to RLM Directly

Without SSO Enabled

1. In your browser, enter the following URL:

https://<SecureChange_Host>/apps/public/rlm

The RLM login page appears.



2. Enter your user credentials and click Login.

With SSO Enabled

1. In your browser, enter the following URL:

https://<SecureChange_Host>/apps/rlm

The TOS login page appears.



2. Enter your user credentials and click Login. The RLM extension opens automatically.