Endpoint Administration Guide for UNIX › Managing Policy Models › Automatic Rule-based Policy Updates › How Automatic Rule-based Policy Updates Work
How Automatic Rule-based Policy Updates Work
When you configure your environment for automatic rule-based policy updates, each rule you define in the central database is automatically propagated to all of its subscribers in the following way:
- A rule is defined for any PMDB with at least one subscriber.
- The PMDB sends the command to all subscriber databases.
- The subscriber database applies the propagated command.
- If the subscriber database does not respond, the PMDB sends the command at a regular interval (by default, every 30 minutes) until the subscriber database has been updated.
Alternatively, you can update subscriber databases as soon as they become available, by setting the pull_option token to yes in the [pmd] section of the seos.ini file on the subscriber computer.
- If a subscriber database is responding, but refuses to apply the command, the PMDB places the command in the Policy Model error log.
- If the subscriber database is a parent to other subscribers, it then sends the command to its subscribers.
Example: Removing a user from all computers in a hierarchy
If a user is deleted from a PMDB using the rmusr command, the same rmusr command is sent to all the subscriber databases. In this way, a single rmusr command can remove a user from many databases on a variety of computers.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|