The External Security Administration Manager (ESAM) is a security enhancement available in OpenEdge 12.6 and later versions. It is a version-independent manager of security-related services and is external to an OpenEdge installation. ESAM maintains key OpenEdge installation details, as well as other security-related information, configuration, and policies, in a safe place, ensuring that your applications run in a secure manner. A machine with one or more OpenEdge installations can only have one ESAM. 

After ESAM is installed on a machine, any new OpenEdge installations automatically update ESAM to match the latest OpenEdge release on that machine. Additionally, each OpenEdge installation registers itself with ESAM and applications running on that installation will comply with the defined ESAM security policies. A level of trust is maintained by limiting access to the designated administrators. 
Note: ESAM has no effect on applications that run on older versions of OpenEdge. 
ESAM provides OpenEdge installation details to ESAM-enabled applications, ensuring that only trusted OpenEdge resources and operations are utilized. By default, ESAM policies are always on and work seamlessly in every OpenEdge environment to:
  • Control operations that involve untrusted resources.
  • Stop occurrence of unreliable activities during runtime.

ESAM is accessible to two types of administrators—the System Administrator and the OpenEdge Administrator. The System Administrator maintains the core ESAM components and configuration. The OpenEdge Administrators have access to the configurable elements of the ESAM security mechanisms, such as ESAM policy controls and activity audits for running applications. These activity audits are tracked in select protected ESAM security logs.  

For details on ESAM, see the following chapters: