Manualshelf

HP 3PAR Policy Server Administrator's Guide (QR483-96003, December 2012)

ManualsBrandsHP ManualsSoftwareHP 3PAR Operating System Software
41424344454647484950
HP 3PAR Policy Server 5-2
Finding and Removing Missing Assets
An asset is missing if the Agent running on the asset is not communicating with the Policy Server. This
situation might be due to network connections going down, the Agent being stopped, or the power being
disconnected from the asset. Unlike the HP 3PAR Enterprise Server, the concept of "Missing Asset" in
Policy Server does not take into consideration that a managed asset might be offline to its managing Agent
gateway. For this reason, a managed asset that is offline from its managing Agent gateway does not show as
"missing" unless its managing Agent gateway is not communicating with Policy Server (for example, the
gateway asset is physically removed from the network or the Agent gateway is shut down).
If not connected to the Policy Server, an Agent may be enforcing an outdated policy. In this situation, the
Agent may be permitting actions that it should be denying (or at least requesting permission to perform), or
the Agent may be denying actions that it should be performing. To determine if an asset is missing from the
Policy Server, use the Missing view in the Assets tab. Any assets shown in this page have missed their last
three contacts (pings) with the Policy Server and are now considered "missing". You can access this page by
clicking the Missing icon in the View selection bar of the Assets tab.
If you see an asset listed in this page that actually needs to be removed from Policy Server control, you can
remove it. Refer to the online help for this page for more information.
Monitoring Pending Requests
When under the control of Policy Server, an Agent running on an asset handles a request to perform an
action by first checking its policy. From the policy, it can determine what to do about the action. If the
policy says "Always Allow," the Agent performs the action. If the policy says, "Ask for Approval," the
Agent does not perform the action. Instead, it requests approval from the Policy Server. If the HP 3PAR
Enterprise Server requested the asset to perform the action, the Agent also sends a message to the HP 3PAR
Enterprise Server that it is waiting for approval. The Agent then waits for the response from Policy Server.
The requests sent to Policy Server for approval appear in the Pending Requests tab of the application.
When it receives a request for approval, Policy Server sends an e-mail notification to the user(s) defined for
the asset group to which the asset belongs, and then queues the request for approval. If the action is not
accepted within the timeout period specified in its configuration file, Policy Server removes the action from
the Pending Request queue and posts an entry to its audit log. The Agent receives a “denied request due to
timeout” message when it next contacts Policy Server. If the action is accepted, the Agent performs the
action. If the action is denied, the Agent does not perform it and, if the request came from the HP 3PAR
Enterprise Server, sends a message to the Enterprise Server that the action was denied by Policy Server.
Note: For information on how pending request responses are handled in a redundant gateways
environment, refer to the next section, Using Redundant Agent gateways with Policy Server.