Difference between revisions of "Policy Manager"
(→Multi-Tenancy and Policy Trees) |
(→Multi-Tenancy and Policy Trees) |
||
| Line 35: | Line 35: | ||
== [http://training.gwava.com/index.php/Multi-Tenancy_and_Policy_Trees Multi-Tenancy and Policy Trees] == | == [http://training.gwava.com/index.php/Multi-Tenancy_and_Policy_Trees Multi-Tenancy and Policy Trees] == | ||
| − | When multiple domains or users require | + | When multiple domains or users require different scanning settings and message services, additional policies/sub-policies can be created for those domains or users. |
Latest revision as of 22:49, 7 March 2014
GWAVA introduced the ‘policy’ to the GWAVA interface. Polices are utilized mainly for multi-tenant systems; systems with multiple domains, interfaces, or both. GWAVA and the Policy Manager disassociate domain settings from the interface, allowing multiple managed domains under the same interface, or vice versa. If, for example, multiple domains are hosted on a large system with load balanced SMTP servers, the policy manager can implement several different scanning profiles through a single or multiple SMTP interfaces all controlled by the same GWAVA server. A policy may also be used to manage several completely separate domains hosted on the same SMTP server, through the same SMTP scanning interface, with different criteria for each domain.
By Default, the Policy Manager automatically creates and manages policies for interfaces. Unlocking the Policy Manager permanently disables automatic management. If the GWAVA system is setup to only utilize a single domain and interface, or the different domains managed are to have the same scanning policy, then the Policy Manager should be left to manage the policy automatically. Policies are required for scanning to be completed, as they are the framework for all mail flow and dictate what mail ‘qualifies’ for scanning.
The active policy can be viewed at any given time, but once the policy manager is unlocked, or opened in editing mode, the GWAVA system will no longer automatically manage the policy. This means that every time an additional interface is added to the system manual manipulation of policies is required. The simplest way to deal with the Policy Manager is to allow the Policy Manager to be automatically managed by the system.
Viewing policies in readonly mode displays all the pertinent information in a grayed-out text. Selecting the different parts of the existing policy tree will display the policy active on each section. Every automatically created and configured policy contains identifying notes, and will be tied to the interface that it was created with. All gray text and settings are locked and cannot be modified. Every automatically created and configured policy contains identifying notes, and will be tied to the interface that it was created with.
One of the most useful ways to use the read-only Policy Manager is to check active direction scanning settings. If mail is unintentionally being caught on outbound scanning, it can become a difficult situation to detect or understand. The Policy Manager can quickly display which scanning directions qualify for scanning with the system in question simply by selecting the desired policy and checking the scanning direction settings. With a policy, a selected option restricts the filters, limiting only mail qualifying with the selected options to be scanned.
The different settings are as follows: Match message direction – restricts direction scanning Inbound – Scans inbound messages Outbound –Scans outbound messages Internal – Messages with destinations within the system. Collected – Scans messages which are being stored in the system Composed – Scans “draft” messages which have been created, but not sent
If the message direction option is left unchecked, then all directions will be scanned according to the rest of the policy.
Any automatically created policies with previously created scanners will be displayed as root-level policies with their own scanning configurations. If multiple interfaces are configured on creation to share a policy, only the one policy will be shown, but it will be connected to both interfaces.
[edit] Policy Tree Editor
When unlocked, the policy tree has an additional drop-down menu to enable editing of the tree, called ‘Policy tree editor’.
[edit] Qualification
Mail flowing through the GWAVA system must ‘qualify’ for specified criteria before it can be scanned by the policy. Any mail that does not qualify for the policies defined will simply pass through the system untouched and unmodified.
[edit] Multi-Tenancy and Policy Trees
When multiple domains or users require different scanning settings and message services, additional policies/sub-policies can be created for those domains or users.
