SecureCloud evaluates an instance based on:
-
Policy matching
-
Integrity checking
Policy Matching
During
policy matching:
-
If the instance meets the criteria
of the device policy rules, then SecureCloud permits the instance
to access the device.
-
If the instance fails to meet the criteria specified by the
device policy rules, then SecureCloud denies device access to the
requesting instance.
In both of these cases, SecureCloud
evaluates the instance only once during its session. If the instance
is later in compliance with the device policy rules, it will not
have another opportunity to request the device key.
 |
Note
It is another case when scheduled integrity
check is in effect. If the key is already delivered, and the instance
is later non-compliant with the policy, the key could be revoked.
In addition, a key could also be re-issued if the instance is in compliant
with the policy within the setting of Period for Key
Request Attempts. Please refer to additional information
about Integrity Checking below.
|
Integrity Checking
With
scheduled integrity check enabled in a device policy, SecureCloud
works with the Integrity Check Module (ICM) of the Runtime Agent
to evaluate an instance multiple times during the entire instance
session. Therefore, if SecureCloud revokes an encryption key, you
have an opportunity to make the instance compliant with the policy
rules and receive the encryption key back. But even before SecureCloud
revokes the encryption key of an offending instance, the application
can provide a grace period where the key is not revoked for a time and
you are warned that the instance is in violation of the device policy
rules.
Check the following topics for details.
