The policies window displays each policy on the KeyServer, as well as a summary of current configuration and usage.
Policies are defined by administrators, in order to configure what happens with usage of programs within a product. A policy can have an action of Manage, Observe, or Deny. It is important to note that if there is no Policy for a Product, no usage tracking will occur. Inventory is always tracked, but to have detailed usage reports for software you must at least have an Observe policy in place that includes the given Product. A Manage Policy can impose usage limits and access restrictions on a product (which is comprised of a program or group of programs). Most importantly, a policy can enforce a Purchased number of entitlements. However, policies can also restrict who uses products, when, and for how long. Lastly, a policy can Deny launch of a program entirely if you want to prevent use of certain applications.
Note: Only Observe policies are available in the LabSight tier of the Sassafras Server product. Conversely, Observe policies are available but not very useful in the KeySight tier as they will cause you to fill your license usage quickly. Only the AllSight tier fully unlocks the power of policy management.
See also our Short Burst Training Video on this topic.
A default policy (KeyVerify Policy) is created at installation. All other items in this window are defined and maintained strictly through KeyConfigure. Unlike the Computers, Programs, and Connected Clients Windows, items are never automatically added to the Policies window, regardless of user activity.
In many cases, a product will be associated with a single policy. Conversely, this policy will only apply to that one product. However, a product can be associated with multiple policies, and similarly, a policy can apply to multiple products. The most common reason to have two policies for a single product is to Manage the product for computers within a certain scope while Observing or Denying it on other computers. For more about Scope, see the Policy Details Window documentation.
In short, a policy can be thought of as a particular set of access and usage rules being applied to one or more items in the Products Window. When a user attempts to run a program which is part of a product, each policy which is associated with the product is used to determine whether the program launch will succeed.
The Display column on the left of the Policies window is used to restrict the policy list on the right to a selected subset. It is divided into four panels. Each one classifies the policy records on the right according to various attributes. Multiple check marks within the same panel increase the selection set - the conditions are OR'd together. Check marks in separate panels decrease the selection set - the conditions are AND'd together. Clicking on the double-check icon that appears between the Display column (left) and the Policy list column (right) will toggle between the current selection and all selected.
The columns in the right hand side of the Policies Window give you a simple overview of all policies. They show the most basic configuration options, as well as a summary of the current usage. Additional columns can be added to the Policies window by right-clicking a column header and selecting “Arrange Columns”. Of the default columns, only Name applies to all Policies with all Actions. The rest are only used for Manage Policies.
One way to create a new policy is to drag a product from the Products Window into the Policies Window. You can also right-click in the Policies Window and select Create New Policy. Either way, you will be taken to the Policy Wizard, which will walk you through creation and configuration of a new policy. Alternatively, if you have entered information for the purchase of the product before adding a Policy to manage the policy, you can use the purchase record to create a new Policy according to the Rights & Conditions defined in the purchase record.
In 7.6 we added Automatic policies which pops up a wizard listing all detected Products you currently have no policies for. You will be asked if you want to create observe policies for these products, and it is separated into two batches. The first is products we find "interesting", which is to say they are likely paid products. The second will be things like web browsers and other free applications, which will default to not creating a policy. For each item in the wizard, you can select to Observe, Ignore, or Decide Later. Observe policies created this way can easily be changed to Managed policies later if needed. These policies are based on product Families so they are "future proof" as new versions come out and our Product Recognition Service updates.
Most policy parameters are modified from the Policy Details Window (double click on a particular policy) but some drag actions are also supported.
Additional products can be associated with an existing policy simply by dragging an item from the Products window onto a particular policy item in the Policies window the policy will immediately apply to the product without a confirming save dialog. Use this procedure to easily aggregate several products under the influence of a single policy. Note however that it will be more common to aggregate several programs into a single "suite" product, and then create a policy which still applies to a single product.
Some vendors work directly with KeyServer as their license management solution. These vendors will provide you with a Product license file to add to the KeyServer Data Folder, along with the relevant instructions and information. Once added, you will see a Policy with a green Icon for the Product. You can view the policy details of this by double clicking just like any other Policy. However because the license is vendor created certain fields will not be editable (like the metric and number of seats) for obvious reasons. Questions about the license in general should be directed first to the vendor.
Right-clicking on a Policy in the Policies window allows you to Reconcile or Edit ACL. Additionally, you will see a list of reports that can be run on that policy.
Right-clicking anywhere else in the policies window allows you to create a New Policy....
Policies in the Policies Window can be Dragged and Dropped into the policies list in the Policies pane of a product details window. This associates the product with the policy.