Leveraging Policy Management for Device Compliance

Policy Management

Kaseya Professional Services Consultant, one of the most common questions I hear is “What are the best practices for agent machine configuration with respect to device/machine monitoring, Microsoft patch management, access and security and many other areas?” Within Kaseya Virtual System Administrator (VSA) end-point device management is achieved via a software “agent” that is installed on each managed device. My usual answer to the agent configuration question is to ask what policies are in place in these areas and what software and versions must be deployed? During these conversations we come to realize that agreeing on a best practice is a task in itself!

In the process of managing end-point devices there are numerous configuration steps and modifications that span multiple modules within VSA – for example, patch management, security, performance monitoring and so on. Making and adjusting configurations manually, via each of these modules, can be time consuming, and manual configuration is definitely error prone. Consequently, after changes are made, it’s important to run reports on all devices to locate any deficiencies. Before troubleshooting and remediating any subsequent issues we need to ensure we have a level playing field. That is, uniformity of configuration and compliance with organization policies across all devices. Running reports can be time consuming especially when you support a number of organizations or departments. In larger organizations this becomes a monumental task.

What’s needed is a tool that can configure settings all in one place. In Kaseya VSA the IT Policy Management module plays this role and can be a vital capability when creating an efficient working environment. The VSA Policy Management module greatly simplifies the task of managing user desktops for compliance to a set of policies. Compliance policies can include which software is allowed to run on the machine, which version, which software configurations, who has authorized access – to name just a few.

The VSA Policy Management module controls all agent configuration settings under a single pane of glass. The VSA Policy Management can be used to create:

  1. A uniform set of agent configurations across the infrastructure
  2. Policies that target specific functions of agent configuration, i.e. Monitoring, Patch Management, Maintenance, Software Deployment, etc…
  3. Policies for different operating systems and applications
  4. Policies for different organizations and group of machines

Policy Management Module: Policies are applied hierarchically.

Policies Applied

Once policy rules are defined, the next step is to apply them to the associated devices via the installed agents. Policies can be applied:

  1. Manually, using the Apply Policy functions under “Policies” – used when policies are stable and not constantly modified.
  2. Automatically, by setting the deployment interval under “Settings” – remember to set the deployment interval to 30 minutes or higher to ensure settings are fully deployed before the next deployment interval is started.

Leveraging policy management in this way is very powerful. It not only provides a single location to manage your configuration compliance, it also greatly assists automation processes and saves time and effort when you need to check configurations.

If you’d like to learn more please review the Kaseya VSA documentation on Policy Assignment Rules.

(http://help.kaseya.com/WebHelp/EN/KPM/1010000/index.asp#8140.htm)

Author: Wilki Budiwarman

Leave a Reply

Your email address will not be published. Required fields are marked *