This documentation is for WSO2 IoT Server 3.2.0. View the documentation for the latest release.
Policy Management - IoT Server 3.2.0 - WSO2 Documentation
||
Skip to end of metadata
Go to start of metadata

Policies are a set of configurations. Policies trigger events based on the data gathered or inform the user when the device is not responding as expected. 

In this tutorial, you create a policy and see how it's applied on the device.

Before you begin

  1. To learn about user categories responsible for working with policies and how the policies are enforced on a device, see Policies.
  2. Start the WSO2 IoT Server core profile.

    cd <IoT_HOME>/bin sh iot-server.sh
  3. Sign in to the Device Management console.

     Click here for more information.

    Accessing the WSO2 IoT Server Consoles
    Follow the instructions below to sign in to the WSO2 IoT Server device management console:
    1. If you have not started the server previously, start the server.

    2. Access the device management console.

      • For access via HTTP: 
        http://<IOTS_HTTP_HOST>:9763/devicemgt/ 

        For example: http://localhost:9763/devicemgt/
      • For access via secured HTTP: 
        https://<IOTS_HTTPS_HOST>:9443/devicemgt/ 
        For example: https://localhost:9443/devicemgt/ 
    3. Enter the username and password, and sign in.

      • The system administrator is able to log in using admin for both the username and password. However, other users will have to first register with WSO2 IoT Server before being able to log into the IoTS device management console. For more information on creating a new account, see Registering with WSO2 IoT Server.

      • If you are signing in as a different tenant user, the username needs to be in the following format <USERNAME>@<TENANT_DOMAIN>.

    4. Click LOGIN. The respective device management console will change, based on the permissions assigned to the user.
      For example, the device management console for an administrator is as follows:

Compliance management: If the device user does not comply with the policy enforced on a device, WSO2 IoT Server forcefully enforces the policies back on the device.

Let's get started!


Add a policy

In this tutorial, you will be creating a policy for Android devices. You can follow the same steps to create policies for Windows and iOS devices.

  1. Click Add under POLICIES.

  2. Click the policy for Android.
  3. Create your policy. In this tutorial, let's create a passcode policy.
    After defining the settings, click CONTINUE.

    • A profile in the context of WSO2 IoT Server refers to a collection of policies.
      For example, in this use case you are only creating one policy that is the passcode policy. If you want to, you can add an encryption policy setting policy too. All these policies will be bundled as a profile and then pushed to the devices.
    • If you want to know more about each policy setting, hover your mouse pointer over the help tip.
      Example:
  4. Define the user groups that the passcode policy needs to be assigned to:
    Select the set user role/s or set user/s option and then select the users/roles from the item list.
    Let's select set user role/s and then select ANY.
  5. Click CONTINUE.
  6. Define the policy name and the description of the policy.
  7. Click PUBLISH to save and publish the configured profile as an active policy to the database.

    • If you SAVE the configured profile, it will be in the inactive state and will not be applied to any devices.
    • If you PUBLISH the configured profile of policies, it will be in the active state. The active policies will be enforced only on new devices that enroll with Device Cloud based on the policy enforcement criteria. It will not be applied to devices that are already enrolled with Device Cloud.
  8. To publish the policy to the existing devices, click APPLY CHANGES TO DEVICES from the policy management page.

To check if the policy is applied on your device, follow the steps to verify the policy enforced on a device.


Publish policies

When a policy is published it will be in the active state. The active policies for a given device type will be applied to devices that register with WSO2 IoT Server based on the Policy enforcement criteria.

Follow the steps given below to publish a policy:

  1. Click View under POLICIES to get the list of the available policies.

  2. Click Select to select the policy or policies that are not in the publish state and you wish to publish.

  3. Click Publish.

    Click YES to confirm that you want to publish the policy. Now your policy is published and is in the active/updated state. Therefore, the policy will only be applied on devices that enroll newly with WSO2 IoT Server and not on the already enrolled devices.

Optionally, click APPLY CHANGES to push any changes made to the policies on the existing devices.

Do not click APPLY CHANGES unless you have completed all the required changes.


Unpublish policies

When a policy is unpublished it will be in the non-active state. Such policies will not be considered when applying policies to the device that registers with WSO2 IoT Server.

Follow the steps given below to unpublish a policy:

  1. Click View under POLICIES to get the list of the available policies.

  2. Click Select to select the policy or policies you wish to unpublish.

  3. Click Unpublish.

  4. Click YES to confirm that you want to unpublish the policy. Now your policy is unpublished and is in the inactive/updated state. Therefore, the policy will not be applied on devices that enroll newly with WSO2 IoT Server.

Optionally, click  APPLY CHANGES to push the policy changes to the existing devices. If you unpublished a policy that is already enforced on a device and you clicked APPLY CHANGES, that policy will be removed from the device and another policy will be applied to the device based on the policy enforcement criteria.

Do not click APPLY CHANGES unless you have completed all the required changes.


Verify the policy enforced on a device

To see if the policy is applied on your device, go to the device management console:

  1. Click View under DEVICES.
  2. Click on your device to view the device details.
  3. Click Policy Compliance.
    You will see the policy that is currently applied to your device.

Manage the policy priority order

You can change the priority order of the policies and make sure the policy that you want is applied on devices that register with WSO2 IoT Server. 

For example: Let's say you have two passcode policies with different settings and based on the policy enforcement criteria either of these can be applied to a device. You can then set the priority order of the policies and make sure that the one with the highest priority is applied on devices.

Follow the steps given below:

  1. Click View under POLICIES to get the list of the available policies.
  2. Click POLICY PRIORITY.
  3. Manage the policy priority:
    • Drag and drop the policies to prioritize the policies accordingly.
    • Manage the policy priority order by defining the order using the edit box.

      If you change the policy order using the edit box the policy currently in that order will swap places with the one you edited.

      Example: If you want to change Passcode-Policy-1 as the highest priority (1), then Passcode-Policy-2 (currently in 1) will swap places with Passcode-Policy-1 (currently in 2).

  4. Click SAVE NEW PRIORITY ORDER to save the changes. The changes you made will only be applicable for new devices that enroll with WSO2 IoT Server.
    Click APPLY CHANGES to push the changes, to the existing devices. The changes you made will be pushed to the existing devices and also be applicable to new devices that enroll with WSO2 IoT Server.

    Do not click APPLY CHANGES unless you have completed all the required changes.


Updating a Policy

Follow the instructions below to edit a policy:

  1. Click View under POLICIES to get the list of the available policies.

  2. On the policy, you wish to edit, click on the  icon.
  3. Edit the policy:
    1. Edit current profile and click CONTINUE.
    2. Edit assignment groups and click CONTINUE.
    3. Optionally, edit the policy name and description.
  4. Click SAVE to save the configured profile or click SAVE & PUBLISH to save and publish the configured profile as an active policy to the database.

    If you SAVE the configured profile it will be in the non-active state. Therefore the policy will not be taken to account when the IoT server filters policies, to enforce a suitable policy on a device that registers with WSO2 IoTS.

    If you SAVE & PUBLISH the configured profile of policies it will be in the active state. The active policies will be enforced on new devices that enroll with WSO2 IoTS based on the Policy enforcement criteria.

    Do not click APPLY CHANGES unless you have completed all the changes required.

  • No labels