sends a message to Policy Server requesting approval and a message to the Enterprise Server
saying that it is requesting approval.
When an Agent requests permission to perform an action, Policy Server sends an e-mail notification
to the specified Policy Server user(s). Once the Policy Server users are informed of a requested
action; they need to accept or deny the action within a defined timeout period. If a Policy Server
user accepts the action, Policy Server sends that action back to the Agent as “Accepted.” If
applicable, the Agent notifies the Enterprise Server that the action was approved and then performs
the action. If the Policy Server user denies the action, Policy Server sends the action back to the
Agent as “Denied.” The Agent does not perform the action and, if applicable, notifies the Enterprise
Server that the action was denied.
The following figure shows the Audit Log module of an Asset dashboard (HP3PAR Service
application). The messages shown in this module provide an example of the communication between
the Agent and the Enterprise Server about the Agent's request for permission to change the ping
rate (which specifies how often the Agent contacts the Enterprise Server).
All communications between Policy Server and its managed assets are initiated by the Agents.
When an Agent first registers with Policy Server, it sends a list of supported actions. Policy Server
responds by sending the policy to the Agent. After registration, the Agent contacts Policy Server
regularly, based on a defined rate. If an updated policy is available, Policy Server sends it. If the
Agent has requests for actions that require approval, the Agent sends those requests as part of its
regular contact message.
NOTE:
If you delete a device through the user interface of Policy Server, you must restart the
Agent on that device (or restart its managing Gateway) for the device to be able to communicate
with Policy Server again.
The following figure shows an example of three assets that are managed by Policy Server. All three
assets in this example upload log files when requested because the policy for uploading log files
is set to Always Allow. All three assets also send an audit message to Policy Server once they
perform the requested action. Device1 also performs any requested actions in PackageZ because
that Policy is also Always Allow. Device2 and Device3 do not run ScriptA when requested because
that Policy is Never Allow; these assets send audit messages to both Policy Server and the Enterprise
Server about the denial of the requests. Finally, before Device2 and Device3 can run ScriptB, they
must request approval from the Policy Server. Once the request is approved, they can run ScriptB.
If it is not approved, they do not run ScriptB, and they send a message to the Enterprise Server
about the denial.
8
HP 3PAR Policy Server and the HSQL Database