EV Reach Server - Global Policy Distribution

Last modified on 2023/08/08 12:18

Note: The recommended method to globally configure EV Reach is via the Global Policy Services of the EV Reach Server. The GPO is an alternative in case a EV Reach Server cannot be implemented, or in addition to a EV Reach Server in the event, the server is unavailable.

The Global Policy feature allows you to granularly control the behavior and settings of the EV Reach services (both client and operator sides) across your network. For example, a policy such as a User Acceptance prompt that displays before a remote control session starts or a policy to disable remote control services on a particular set of servers. Both can be pushed using the Global Policy feature.

Distribution of the Global Policies

Once the EV Reach Server is implemented, the EV Reach software will use it to retrieve policies. Policies are queried when the software starts, and then updated on a periodic basis during the life span of the process.

The frequency at which the process checks for the policy updates is controlled by a system policy named Global Policy Refresh Interval. The default is every 30 minutes (1800 seconds). This frequency directly affects policy application speed against network traffic.

Note: It is advisable to reduce this refresh interval initially (increase the refresh frequency) while working on finalizing the global policies. Once the policy set is fully configured, raise the refresh interval to reduce network traffic to the server.

See Find out more.

Pushing Policies

The Global Policy view of the EV Reach Server includes three primary sections:

  1. The controls and information panel (located in ribbon bar)
  2. The available Global Policy objects (located on the right of the main view)
  3. The currently configured Policy view

image6-6.png

To push a policy, drag it from the Global Policy List (2) and drop it in the desired Policy Scope Object in the main view (3).

Upon initial configuration, only one policy scope object is configured: All Users & Devices. This Policy Scope defines the entire infrastructure and should be used to define policies that apply to all machines. See Find out more.

Once a policy object is bound to a policy scope, its configuration window opens as shown below:

image7-9.png

A global policy can either be - not configured, not enforced, or enforced.

Note: At the root policy scope level (All Users & Devices), the not enforced option is identical to not configured. It is not necessary to configure such a policy here. These options will come into play later on.

Configure the values to be applied to the policy and click on OK.

This policy is now configured. However, it is not yet active as it hasn’t been published. Once a policy has been configured or changed, the following options will be displayed in the control area:

image8-6.png

Test ConfigurationClick on this option to temporarily activate the policy changes without publishing them.

While in Test Mode, the currently configured policy set is exposed as if it had been published. Proper policy distribution can then be tested on specific endpoints.

Click this option again to deactivate Test Mode.

Publish ChangesClick to Publish the Global Policies as configured. Publishing the policies makes them active on your network and their distribution will start immediately.

 

Cancel ChangesClick on this option to cancel any policy changes made and revert to the last published policy set.

 

Reload Prior ConfigurationThis option is available once a policy set is published once.

Activate it to reload the last known published policy set. Once a prior configuration has been reloaded, publish it to make it active again.

Viewing and Modifying Configured Policies

To view the configured policies of a scope object, click on the Policies button located to the right of it.

image9-8.png

  • To modify the values of a policy, click on the Edit button of the policy entry.
  • To delete a policy, click the Close button of the policy entry twice.

System vs User Policies

The EV Reach Server has a set of system policies that are distributed via the Global Policies Services. For instance, the EV Reach Server Global Policy Refresh Interval setting is published as a system policy.

System policies are located at the Root of All Users & Devices scope. Some system policies are modifiable and some are read only. System policies cannot be deleted from the root policy scope.

Navigating the Policy Graph

Use the following interface options to navigate large Policy Graphs:

  • Scale to Fit – If the graph is larger than the viewing area, click on this button to scale it down to fit.
  • Un-Scale View – Click on this button to scale-down the graph to its original resolution.
  • Branch Collapsing / Expanding – A branch node with children can be collapsed or expanded by clicking on the delete or add button below it. Also, the entire graph can be collapsed by clicking on the Collapse All button or the entire graph can be expanded by clicking on the Expand All button.
Tags:
Powered by XWiki © EasyVista 2024