HP 3PAR StoreServ 7200 2-node HP 3PAR Policy Server Installation and Setup Gui - Page 7

How HP 3PAR Policy Server Works, HP 3PAR Policy Server con d to manage policies

Get HP 3PAR StoreServ 7200 2-node PDF manuals and user guides View all HP 3PAR StoreServ 7200 2-node manuals
Add to My Manuals
Save this manual to your list of manuals

Page 7 highlights

Figure 1 HP 3PAR Policy Server configured to manage policies How HP 3PAR Policy Server Works The HP 3PAR Enterprise Server can send commands to Agent gateways and Policy Agents and receive responses to those commands. A command is typically a request to perform an action, such as uploading a file, setting the value of a data item, restarting the Agent, or executing a package. If a particular asset is not managed by HP 3PAR Policy Server, the Agent performs the requested action automatically. If an asset is managed by HP 3PAR Policy Server, the Agent first references its policy to determine whether it can perform the action. In addition to actions initiated by the HP 3PAR Enterprise Server, an Agent can be configured to perform actions based on triggering events. The association of a triggering event and an action is referred to as a "logic schema." The Agent executes the actions configured in logic schemas when the associated triggers fire. For example, if the triggering event is a particular temperature, the Agent might be configured to send an alarm to the Enterprise Server. An Agent can also upload data or alarms to the Enterprise Server based on a triggering event. The association of a triggering event with an upload of data or alarms is referred to as a "logger" ("data loggers" can upload data, and "alarm loggers" can upload alarms). As with Enterprise Server-initiated actions, an Agent managed by Policy Server consults its policy before performing any Agent-initiated action. A policy is comprised of a list of actions that the Agent is capable of performing and the permissions to perform each action. The permissions have at least an access right and can also have time windows and expressions that define who can request the action and from which Enterprise Server the action can be requested. The policy determines how the Agent handles a request for an action. Based on the policy, the Agent responds in one of three ways to the request: • Accept and perform the action • Deny the action • Ask a Policy Server user to approve or deny the action The Agent enforces the policy as set in Policy Server and reports its policy-related activities to the Policy Server and the Enterprise Server for auditing purposes. For example, suppose a user requests a remote session. If the permission in the policy for remote session is Ask for Approval, the Agent Security 7

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
Figure 1 HP 3PAR Policy Server configured to manage policies
How HP 3PAR Policy Server Works
The HP 3PAR Enterprise Server can send commands to Agent gateways and Policy Agents and
receive responses to those commands. A command is typically a request to perform an action,
such as uploading a file, setting the value of a data item, restarting the Agent, or executing a
package. If a particular asset is not managed by HP 3PAR Policy Server, the Agent performs the
requested action automatically. If an asset is managed by HP 3PAR Policy Server, the Agent first
references its
policy
to determine whether it can perform the action.
In addition to actions initiated by the HP 3PAR Enterprise Server, an Agent can be configured to
perform actions based on triggering events. The association of a triggering event and an action
is referred to as a "logic schema." The Agent executes the actions configured in logic schemas
when the associated triggers fire. For example, if the triggering event is a particular temperature,
the Agent might be configured to send an alarm to the Enterprise Server.
An Agent can also upload data or alarms to the Enterprise Server based on a triggering event.
The association of a triggering event with an upload of data or alarms is referred to as a "logger"
("data loggers" can upload data, and "alarm loggers" can upload alarms). As with Enterprise
Server-initiated actions, an Agent managed by Policy Server consults its policy before performing
any Agent-initiated action.
A
policy
is comprised of a list of actions that the Agent is capable of performing and the permissions
to perform each action. The permissions have at least an access right and can also have time
windows and expressions that define who can request the action and from which Enterprise Server
the action can be requested. The policy determines how the Agent handles a request for an action.
Based on the policy, the Agent responds in one of three ways to the request:
Accept and perform the action
Deny the action
Ask a Policy Server user to approve or deny the action
The Agent enforces the policy as set in Policy Server and reports its policy-related activities to the
Policy Server and the Enterprise Server for auditing purposes. For example, suppose a user requests
a remote session. If the permission in the policy for remote session is Ask for Approval, the Agent
Security
7