About policies for enabling and disabling protection
The following policies are created for each tenant in the Multitenancy KSV LA → <tenant name> folder:
KSV 5.1 LA for Windows – enable tenant protection – Light Agent for Windows policy, which allows you to enable protection for all tenant virtual machines running Windows.
KSV 5.1 LA for Linux – enable tenant protection – Light Agent for Linux policy, which allows you to enable protection for all tenant virtual machines running Linux.
KSV 5.1 LA for Windows – disable tenant protection – Light Agent for Windows policy, which allows you to disable protection for all tenant virtual machines running Windows.
KSV 5.1 LA for Linux – disable tenant protection – Light Agent for Linux policy, which allows you to disable protection for all tenant virtual machines running Linux.
By default, the policies that disable protection are in the Active policy state, and the policies that enable protection are in the Inactive policy state. That is, tenant protection is disabled by default.
Enabling protection for the tenant virtual machines is performed by calling the Integration Server REST API method at the tenant activation step. Enabling tenant protection manually may lead to the application errors.
In the policies for enabling protection, the Light Agent settings are configured as follows:
Integration Server usage is enabled in order to discover SVMs available for connection. Other settings for connecting Light Agents to SVM are set to default valuesand locked (configuration of these settings is not allowed in the nested policies and in the local application settings). The tenant administrator cannot override the valuesof these settings.
The other policy settings are set to the default values. Configuration of these settings is allowed in the nested policies and in the local application settings ("locks" are open), that is, the tenant administrator is able to independently configure operation of the components.
In the policies for disabling protection, the Light Agent settings are configured as follows:
To find SVMs available for connection, the SVM list is used, and the address of the nonexistent SVM is specified in the list. This means that Light Agents are not able to connect to any SVM. Other settings for connecting Light Agents to SVM are set to default valuesand locked (configuration of these settings is not allowed in the nested policies and in the local application settings). The tenant administrator cannot override the valuesof these settings.
The other policy settings are set to the default values. Configuration of these settings is allowed in the nested policies and in the local application settings ("locks" are open).
It is not recommended to delete and rename policies enabling protection and policies disabling protection, or to create new Light Agent policies in the Multitenancy KSV LA → <tenant name> folder. Only one Light Agent for Windows policy and one Light Agent for Linux policy can be active in a folder or in an administration group at a time. Policies enabling protection or policies disabling protection can be active in the Multitenancy KSV LA → <tenant name> folder, depending on the tenant status.