Secure Mobile Access 12.4 CMS Administration Guide

Overview

An administrator can import policies from an existing appliance and define configurations. Policies can be applied to all appliances or just a subset. An existing managed appliance configuration may be partially imported into the CMS to startup the CMS global configuration.

Services do not need to be restarted after this configuration.

The first time the CMS synchronizes a policy with an appliance, it overwrites the policy on the appliance. This is equivalent to the appliance partially importing the CMS configuration. After the initial policy synchronization, further policy synchronizations replicate the CMS configuration onto the appliance.

Also, after the initial policy synchronization, the administrator can manually modify the address pools of the appliance and the authentication servers. The administrator changes are not overwritten during subsequent CMS policy synchronizations.

The policy settings that are replicated during synchronization are:

  • Security policy, including access control rules and EPC configuration
  • Network resources
  • Users and groups
  • Realms
  • Authentication servers (the authentication server names should match those on the sending node, even if the IP addresses do not).

    When you define a collection of appliances, you have the option of either overwriting authentication server settings (which would be typical in a deployment where there is a shared, central server), or excluding server settings from being overwritten during replication.

  • WorkPlace shortcuts
  • CA certificates

  • Certificate revocation lists downloaded from a remote CDP (CRL distribution point)

  • Agent configuration, including graphical terminal agents (Citrix and Windows Terminal Server) and Web browser profiles

  • Local user accounts
  • Single sign-on profiles

The policy settings that are not replicated during synchronization are:

  • Network settings, including IP addresses, routing information, name resolution settings (DNS and WINS), and the settings for the network services (NTP, SSH and SNMP)
  • License files
  • SSL certificates
  • WorkPlace configuration data (customized templates)
  • Administrator user accounts and role definitions

    You can optionally exclude authentication server settings from being overwritten during replication, which is typical for a deployment where each appliance has its own authentication server.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.