Distributed, Cross-Platform Policy Decision Point
Enterprise entitlements demand that policy be evaluated for many diverse applications, systems, and topologies. Applications run on servers, desktops, laptops, mobile devices - both online, offline, and on the Internet as software services. Entitlement solutions that only provide policy evaluation for connected server based applications do not have the required reach to meet enterprise demands.
The Policy Controller is a distributed, cross-platform policy decision point (PDP) that provides real-time policy evaluation on servers and endpoints. The Policy Controller provides critical services to policy enforcement points (PEP) for policy evaluation, security, and management. These services are available to application developers using the Policy Adapter SDK. The NextLabs Policy Controller is designed for high throughput across s a wide range of deployment scenarios, including offline devices, on multiple platforms.
Key Benefits
|
|
|
Real-Time Policy Evaluation with no perceptible performance degradation to end users.
|
|
|
Support for client and server based applications - even when offline.
|
|
|
Comprehensive services for policy evaluation and enforcement.
|
|
|
Scalability to thousands of systems and applications based on the unique distributed policy evaluation architecture.
|
Policy Controller Features
Central Management
|
Distributed Policy Controllers are centrally managed from Policy Server. Administrators can centrally register, configure, monitor status, and deploy policy.
|
Policy Evaluation Service
|
Policy Evaluation is the primary service provided by Policy Controller. When a PEP detects an information event, it queries the Policy Controller for policy evaluation to determine correct enforcement. Evaluation is a very fast operation, aided by the optimized deployment model.
|
Security Services
|
Policy Controller provides services to secure the Compliant Enterprise system. Each Policy Controller authenticates bi-directionally with Policy Server using digital certificates and SSL. Deployed policy is authenticated via digital signatures and secured using encryption.
|
Tamper Resistance
|
Policy Controller provides a number of tamper resistance features to prevent end users and unauthorized Administrators from disabling both the Policy Controller as well as endpoint Policy Adapters.
|
Optimized Policy Deployment
|
Policy is deployed to Policy Controllers using an optimized deployment technology, which creates highly optimized policy bundles for each policy controller. Optimized deployment ensures that each Policy Controller has the minimum set of relevant policies, and even pre-evaluates components of the policy in advance to speed up policy evaluation.
|
Obligation Manager
|
Obligation Manager provides workflow and user interaction by providing custom actions, called Obligations. Obligations are invoked based on policy evaluation and can be used to automate tasks or workflows based on policy events.
|
Logging and Notification Services
|
Policy events are logged, can trigger email notifications and can be reported on in Report Server. Policy Controller provides this out-of-the-box capability for logging events to the central Report Server and sending e-mail notifications in response to policy events.
|
|
