Isolation mode, Security check item – H3C Technologies H3C Intelligent Management Center User Manual
Page 137

121
Isolation mode
EAD provides the following isolation modes, as shown in
.
Table 22 Isolation modes
Isolation mode
Method
Deploy ACLs to the
access device
•
Non-HP ProCurve devices—EAD deploys the ACL number or name to the access
device. The ACLs must already exist on the access device. For more information
about configuring ACLs, see the configuration guide for the access device.
•
HP ProCurve devices—This mode cannot be used for isolating smart devices.
Deploy ACLs to the
iNode client
This mode cannot be used for isolating smart devices.
Deploy VLANs to the
access device
EAD deploys the VLAN ID to the access device. The VLANs must already exist on the
access device.
For more information about configuring VLANs, see the configuration guide for the
access device.
Security check item
EAD provides only the MDM collaboration policy as the security check item for smart devices. The check
options in the policy vary by vendor, as shown in
Table 23 MDM vendors and security check options
MDM
Vendor
Security check options
MobileIron
•
Require endpoint registered—The smart device must have been registered with the MobileIron
server.
•
Require endpoint compliant—The smart device must comply with the rules configured on the
MobileIron server.
•
Enable GPS service—The GPS service must be enabled on the smart device.
•
Enable auto lock—Auto lock must be enabled on the smart device.
•
Disable Bluetooth—Bluetooth must be disabled on the smart device.
•
Require camera disabled—Cameras must be disabled on the smart device.
•
Prohibit jailbreaking or rooting—The smart device must not be jailbroken or rooted.
•
Require password locking enabled—Password locking must be enabled on the smart device.
•
Require storage encryption enabled—Storage encryption must be enabled on the smart
device.
Citrix
•
Require endpoint registered—The smart device must have been registered with the Citrix
server.
•
Require endpoint compliant—The smart device must comply with the rules configured on the
Citrix server.
•
Prohibit jailbreaking or rooting—The smart device must not be jailbroken or rooted.
•
Require storage encryption enabled—Storage encryption must be enabled on the smart
device.