PolicyCenter Overview

What is the benefit of PolicyCenter?

Suppose a network manager installs a single Packeteer device on his company's network. He may spend one percent of his time updating the configuration of that single PacketShaper. This is not a large percentage of his work week, and so the addition of another four PacketShapers on the network (requiring an additional four percent of his time to configure and update) is not much more difficult for him to manage.

Now suppose that same network manager installs 95 more PacketShapers on the network. The effort that previously took just five percent of his time will now demand one hundred percent of his workday, leaving him time for little else except making every required change to a PacketShaper configuration 100 different times on 100 individual units.

What is needed is an economy of scale: a way to multiply the number of PacketShapers on a network without multiplying the amount of effort required to configure and maintain them. PolicyCenter is the solution, enabling network managers to manage many Packeteer units with the same amount of effort and time it takes manage just a few.

PolicyCenter is a software management system that maintains multiple PacketShaper configurations on a single Windows 2000 or Windows 2003 server. Because the configurations of all the units on the network are stored in a single place, they can be managed very efficiently.

Multiple PacketShapers can be assigned to a single PolicyCenter configuration, allowing those units to operate with nearly identical configurations. When you change a configuration, either through PolicyCenter or through the browser or command-line interface of an individual unit, the change immediately affects all units assigned to that configuration. It is this capability of PolicyCenter that truly provides the economy of scale: one single change to a PolicyCenter configuration can result in an instant configuration update on up to 1500 different Packeteer units.

PolicyCenter also allows you to:

• Deploy policies and partitions across multiple Packeteer units
• Distribute PacketWise software upgrades, plug-ins, customer portal files and adaptive response action files
• View a status summary of all managed Packeteer units
• Monitor and manage the status of your unit and network with the adaptive response feature

PolicyCenter Units Must be in Shared Mode

Individual Packeteer units can be configured in either local mode or shared mode.

A unit running in local mode functions independently from other units, and has its entire configuration stored directly on its flash disk. Units configured in shared mode are assigned to a PolicyCenter configuration, and apply settings from their PolicyCenter configuration.

When a unit is in shared mode, PolicyCenter continually and efficiently synchronizes the unit’s configuration on the PolicyCenter server with the configuration files on that unit’s flash disk; therefore, if you switch from shared mode back to local, (or the network connection to the PolicyCenter server is lost) the unit’s configuration in local mode will be the same as its last configuration in shared mode. Units in shared mode may be returned to local mode at any time.

Sharable and Non-sharable Attributes

A unit that has been added to PolicyCenter operates with an effective configuration are comprised of two kinds attributes: sharable attributes from its PolicyCenter configuration, and its non-sharable attributes, individually set and stored locally on that unit.

• A unit's Sharable attributes can have values in common with other Packeteer units. Traffic classes, policies, partitions and routers are all examples of sharable configuration attributes, because many different units can have the same traffic classes, or share the same router. When a unit is in shared mode, its PolicyCenter configuration determines all of its sharable attributes.

• Non-sharable are those parts of a unit’s effective configuration that are specific to that one unit only (such as IP address and DNS name). These are called non-sharable because no other Packeteer device will function correctly if configured with the same non-sharable values as another unit. A unit’s non-sharable attributes are always stored locally on that unit. Although these attributes can be changed through the unit’s browser or command-line interfaces, non-sharable attributes cannot be configured or managed through PolicyCenter.

View a complete list of all sharable and non-sharable attributes

PolicyCenter configurations

When you create and define a PolicyCenter configuration, any Packeteer units assigned to that configuration will immediately apply that configuration's sharable attributes. A change only needs to be made in one place, on the PolicyCenter configuration, and all units assigned to that configuration will be automatically updated with the change. Individual Packeteer units can be reassigned to a different configuration at any time.

When you first add a unit to PolicyCenter, the PolicyCenter software creates a new PolicyCenter configuration for the unit, then automatically assigns the unit to the new configuration. This does not mean that the unit’s previous configuration is lost, however.

If you have Packeteer units already configured on your network, you may want those units to retain their existing working configurations even after they have been added to PolicyCenter. You can do this by selecting the convert option as you change the unit from local mode to shared mode. With the convert option, the unit’s existing sharable attributes will be converted into a new PolicyCenter configuration with the same sharable attributes and values. Because the unit’s new PolicyCenter configuration is based upon its previous local configuration, the unit will continue to operate the same in PolicyCenter as it did in local mode. If you do not select the convert option, the unit’s sharable configuration is cleared, and its new PolicyCenter configuration will have default settings only.

Note that the convert option is not available when you initially configure a brand-new unit for network access, because a new unit has default settings only, and no configuration attributes or values that need to be retained.

Hierarchical Configurations

PolicyCenter 7.x organizes its configurations into hierarchies with parent and child configurations. The key to understanding PolicyCenter hierarchical configurations is to remember the two basic rules of PolicyCenter:

• Parent configurations pass their attributes and settings along to their child configurations unless the same attributes are also specified within the child configuration.
• If an attribute is specified in both a parent and child configuration, the child configuration will not inherit the setting from its parent, but will function with its own setting.

Note: There is a single exception to the above rule. A traffic class manually created and defined in a parent configuration will take precedence over a traffic class that was merely auto-discovered in the child configuration. If both parent and child configurations have auto-discovered traffic classes, the second rule still applies, and the child’s auto-discovered class takes precedence over the parent’s auto-discovered class.
Learn more about enabling the traffic discovery feature.

With hierarchical configuration groups, a parent configuration can have more than one child configuration, and a child configuration can have children of its own, creating a PolicyCenter configuration tree with several levels of depth  show screen. Packeteer units can be assigned to configurations in any level of the configuration tree, not just child configurations. The configurations tab in the browser interface lists all of the configurations, and also shows which units are assigned to each configuration.

A parent configuration at the very top level of the configuration tree will not inherit settings from any other configuration. Therefore, if you create a new configuration at the top of the configuration tree, it will have default settings only. When you add a unit running PacketWise version 7.x or later to PolicyCenter, its new PolicyCenter configuration is also placed at the top level of the configuration tree. Because the new configuration will not inherit any new settings or attributes, the unit will continue to function just as it did before it was added to PolicyCenter.

Parent configurations are also useful for quickly propagating changes to many child configurations at once. If you have a configuration tree with many levels of child configurations but only one parent, you can disseminate new traffic classes, plug-ins, and software images to all your units just by making the changes to the one top-level parent.

For additional information, see also:

PolicyCenter Configuration Management

PolicyCenter Configuration Inheritance

Sharing Configurations Between Packeteer Devices