Overview

An administrator can import policies from an existing appliance and define configurations. Policies can be applied to all appliances or just a subset. An existing managed appliance configuration may be partially imported into the CMS to startup the CMS global configuration.

The first time the CMS synchronizes a policy with an appliance, it overwrites the policy on the appliance. This is equivalent to the appliance partially importing the CMS configuration. After the initial policy synchronization, further policy synchronizations replicate the CMS configuration onto the appliance.

The policy settings that are replicated during synchronization are:

• Security policy, including access control rules and EPC configuration
• Network resources
• Users and groups
• Realms

• Authentication servers

• WorkPlace shortcuts

• CA certificates

• Certificate revocation lists downloaded from a remote CDP (CRL distribution point)

• Agent configuration, including graphical terminal agents (Citrix and Windows Terminal Server) and Web browser profiles

• Local user accounts

• Single sign-on profiles

• NTP, SSH, SMTP, and SMS (optionally replicated)

The policy settings that are not replicated during synchronization are:

• Network settings, including IP addresses, routing information, name resolution settings (DNS and WINS), and the settings for the network services (SNMP)
• License files
• SSL certificates
• WorkPlace configuration data (customized templates)

• Administrator user accounts and role definitions