5 configuring the security check for smart devices, Security policy contents, Security level – H3C Technologies H3C Intelligent Management Center User Manual

120

5 Configuring the security check for smart
devices

EAD implements the security check on smart devices by working with a third-party MDM solution of the

C/S structure.

•

The MDM client runs on smart devices to register with the MDM server.

•

The MDM server provides management functions such as application pushing and security control.

•

The MDM server provides a Web-based API interface, through which EAD cooperates with the
MDM server to implement the security check on smart devices.

EAD supports the following MDM vendors: MobileIron and Citrix. For more information about deploying

and using MDM solutions, see the documentation provided by the vendors.
Similar to the PC security check, EAD implements the security check on smart devices based on security

policies.

Security policy contents

A security policy for smart devices consists of a security level, an isolation mode, and an MDM
collaboration policy as the security check item. The MDM collaboration policy contains check options

that vary by MDM vendor. For more information about configuring MDM vendor settings, see

"

Managing MDM vendors

."

Security level

A security level defines what actions to take when security vulnerabilities are detected. EAD provides

several system-defined security levels and associated default actions to be performed when vulnerability
is discovered, as shown in

Table 21

.

EAD generates security logs of violations for all security levels. The VIP mode and Monitor mode perform

the same default action on smart devices, but they perform different default actions on PCs. The same

rules apply to the Guest mode and the Kick out mode. For more information about configuring security
levels for PCs, see "

3 Configuring the security check for PCs

." For more information about configuring

security levels for smart devices, see "

Managing security levels

."

Table 21 System-defined security levels

Security level

Default action in response to the security vulnerability on smart devices

VIP mode

Informs the user of the security vulnerability and remediation methods.

Guest mode

Logs off the user.

Isolate mode

Isolates the user.

Monitor mode

Informs the user of the security vulnerability and remediation methods.

Kick out mode

Logs off the user.