13 configuring service parameters, User security policy service parameters, User security policy – H3C Technologies H3C Intelligent Management Center User Manual
Page 322: Service parameters
306
13 Configuring service parameters
You can configure the following service parameters:
•
User Security Policy service parameters—Globally effective on the User Security Policy service.
•
DAM service parameters—Globally effective on the DAM service.
This following information describes how to configure and tune these service parameters, as well as how
to manually validate new service parameters. For more information about configuring MDM vendors,
see "
5 Configuring the security check for smart devices
."
User security policy service parameters
Unless otherwise stated, the EAD service refers to the User Security Policy service throughout the following
information.
EAD service has the following parameters:
•
Patch Check Interval—Enter a number of days to wait between checks for patches. When the Patch
Check Interval is set to 0, EAD checks patches for the user in every security check. Otherwise, after
an access user passes a patch check, EAD excludes patch check items from security checks for that
user for the number of days indicated by the Patch Check Interval. The default setting is 7 days.
•
Reauthentication Interval—Enter the maximum online time for users, in hours. EAD forcibly
reauthenticates users whose online time exceeds this interval. The default setting is 24 hours. Set this
parameter so that EAD can regularly check security items that do not support real-time monitoring.
•
Real-Time Monitor Interval—Enter the interval, in seconds, at which EAD performs security checks
in real time for online users, except for users who are isolated. The default setting is 60 seconds. You
should consider the performance of the EAD server and endpoint users when you set this parameter.
A shorter interval requires higher performance. For more information, see "
•
EAD Service Group—Select this option to enable the EAD service group function. This parameter is
available only when the UAM service group function is enabled. Options are:
{
Enable—Enables the EAD service group function.
{
Disable—Disables the EAD service group function.
{
Center Control—Enables administrators to centrally manage the EAD service, and allows
maintainers and viewers to view the EAD service only.
•
Alarm Server IP—Enter the IP address of the server to which EAD sends SNMP alarms. SNMP
alarms are generated when traffic on the user endpoint exceeds the traffic thresholds defined in the
traffic control policy.
•
Listening Port of Alarm Server—Enter the number of the port that the alarm server uses to listen to
SNMP alarms from EAD. The default value is 162.
•
Send Security Syslog—Specify whether to enable EAD to send syslogs. When you select Enable,
EAD checks for new security logs every hour, encapsulates them in syslogs, and sends them to the
specified syslog server. The IP address of the syslog server is configured in UAM service parameters.
For more information, see H3C IMC User Access Manager Administrator Guide.