4 how it all works, 1 policies, How it all works – HP 3PAR Service Processors User Manual
Page 14: Policies
2.4
How It All Works
3PAR Secure Service Policy Manager User’s Guide
2.4 How It All Works
The Secure Service Collector Server communicates with the Secure Service Custodian by posting
requests for the Custodian and receiving its responses. These can be requests to perform
actions, including uploading files, running applications, restarting, executing packages, setting
data values on the Custodians, and so forth. These requests are discovered by the Custodian
Custodians upon subsequent pings. If a Custodian is managed by the Policy Manager, the
Custodian will first reference its policy to determine whether or not it can perform the action.
Each Custodian is also configured with its own actions. These actions may be configured to
execute based on an internal schedule set in the Custodian, or based on triggering events. If
Policy Manager is in use, some of the Custodian’s own actions will be defined in the related
policy.
2.4.1 Policies
When a Custodian connected to and managed by Policy Manager is presented with a request
to perform an action, it first refers to its policy, as defined by the Policy Manager. A policy is
comprised of a list of actions a Custodian can perform and permissions and rights to perform
each action. A Custodian’s policy determines how the Custodian will handle an action request
and, based on the defined policy, the Custodian will do one of three things:
■
Accept and perform the action.
■
Deny the action.
■
Ask the Policy Manager for permission to perform the action.
The Custodian enforces the policy as set in the Policy Manager and reports its policy-related
activities to the Policy Manager and the Collector Server for auditing reasons.
If a Custodian requests permission to perform an action, per its policy, the Policy Manager
sends an email notification to specified Policy Manager user(s). Based on the email
information, the recipients are informed of the requested action. They need to then accept or
deny the action within a defined timeout period.
■
If the action is accepted, the Policy Manager notifies the Custodian that the action is
accepted. If applicable, the Custodian notifies the Collector Server that the action as
approved, and then it performs the action as requested.
■
If the user denies the action, the Policy Manager sends the action back to the Custodian as
denied. The Custodian notifies the Collector Server that the action was denied.