Configure the Project Policies

Updated

When configuring a project, you are prompted to select the project type (Standard or Deployment). The policies available under each project type will differ slightly. Select the checkbox for each policy you want to include in your project.

For a list of policies available under the different project types, see Policies available under Standard and Deployment projects.

Prerequisites

This is a series of articles. You will likely follow them in this order.

  1. Projects Overview
  2. Create a Project 
  3. Configure the Project Policies - You are here!
  4. Manage a Project
  5. Use the ZEDEDA CLI to Manage a Project

Edge Nodes Policy Configuration

You might create Projects and policies before, during, or after onboarding an edge node. While onboarding an edge node, you use tags to identify your edge nodes. You can use these tags to enforce a policy for enabling remote attestation.

To enforce an edge node attestation policy in your Project: 

  1. Enter the policy Name.
    This is unique across the enterprise and cannot be changed.
  2. Enter the edge nodes policy Title.
    This value is not used by the ZEDEDA Cloud system. It’s offered to give you more flexibility in organizing your enterprise. It can be changed after you create the object.
  3. Enter a key and value for the Tags.
    The policy will apply to all edge nodes that have tags matching the key-value pairs specified here. 
  4. Select the checkbox for Edge Node Attestation Policy (Enforce Edge Node Attestation) to enforce the policy for enabling remote attestation. This adds a layer of security by verifying your edge nodes using Trusted Platform Module (TPM). Recommended if your deployment demands strict compliance and security for your edge nodes. See TPM-based remote attestation for more information about attestation. 
  5. Click Next.
     

Network Instance Policy Configuration

For a full discussion of the network instances, see configure the network instance.

  1. Enter the Network Instance Name Prefix.
    This is unique across the enterprise and cannot be changed.
  2. Enter the Network Instance Title Prefix.
    This value is not used by the ZEDEDA Cloud system. It’s offered to give you more flexibility in organizing your enterprise. It can be changed after you create the object.
  3. Enter a value for the Target Tags.
    You or other admins can use this to understand the purpose of the edge nodes policy or any important details about it.
  4. Enter a value for the Policy Configuration Tags.
    These are key-value pairs that you can assign to this Network Instance Policy. These tags allow you to selectively apply this specific network configuration to edge applications or edge nodes that have matching tags. This provides a flexible way to manage and organize your network configurations across your edge deployments.
  5. Select the network instance Kind as Switch or Local. (For more information, see network instance single node example.)
    • If you used adapter labels to group ports together when you onboarded your edge node, you can select your adapter labels from the Port drop-down menu or you can select an individual port. Predefined labels in the Port drop-down menu include the following:
      • None for an air gapped NI.
      • Uplink groups together all management-type ports.
      • Freeuplink groups together all zero-cost management ports.
      • All groups together every network port.
    • Enable Default Edge Node Network Instance to save time by automatically assigning the network instance policy to any new edge app created on the target edge nodes in this policy.
    • If you selected Local for the Kind, you’ll need to configure the IP settings by selecting one of the following:
      • Auto: You can let ZEDEDA Cloud automatically assign IP addresses to devices within the NI, typically using DHCP (Dynamic Host Configuration Protocol). While auto configuration manages IP assignments dynamically, so you can leave the IP Address field blank, you can assign a user-friendly Host Name to help with identifying or connecting to the NI.
      • Manual: You can specify the IP addresses for each device if you have applications that require fixed IP addresses for security, compliance, or other reasons. (If you selected Manual, many new fields appear for the subnet and gateway. See configure the IP settings for field definitions.)
         

Volume Instance Policy Configuration

For a full discussion of the volume instances, see create a volume instance.

  1. Enter the volume instances policy Name.
    This is unique across the enterprise and cannot be changed.
  2. Enter the volume instances policy Title.
    This value is not used by the ZEDEDA Cloud system. It’s offered to give you more flexibility in organizing your enterprise. It can be changed after you create the object.
  3. Enter a value for the Target Tags.
    You or other admins can use this to understand the purpose of the volume instance or any important details about it.
  4. Select the volume instance policy Type (Block Storage or Content Tree):
  • If you selected Block Storage:
    • In the Access Mode select one of the following:
      • Read - Any application that mounts this volume can read from it, but can't make any changes or write data to it..
      • Read Write - Any application that mounts this volume can read from and write to the volume.
      • Multi-Read, Single Write - Any application that mounts this volume can read from and write to the volume.
    • Max Storage Size: Select the units from the dropdown (Bytes, KB, MB, GB, TB), and specify the maximum storage size for the volume instance to set an upper limit on how much storage space a volume instance can use on the edge device.
    • Label: Enter a label in the field. Labels are used for the tag field when defining a volume instance in the edge app in the marketplace.
    • Encrypted: Select Yes to encrypt data stored on the drive.
    • Click Add Another Policy if you want to do so.
  • If you selected Content Tree:
    • In the Access Mode, select Read - Any application that mounts this volume can read from it, but can't make any changes or write data to it.
    • Select your Image from the dropdown menu. This is the immutable application image to store in this volume.
    • Enter the Label from the dropdown menu. Labels are used for the tag field when defining a volume instance in the edge app in the marketplace.
  1. Click Next.
     

Edge Apps Policy Configuration

Configure the Edge Apps Policy to automatically deploy and manage specific edge apps across multiple targeted edge nodes within a project to save time and ensure consistent application deployment. For a full discussion of edge applications, see manage an edge application.

  1. Enter the Edge App Name Prefix.
    This is unique across the enterprise and cannot be changed.
  2. Enter the Edge App Title Prefix.
    This value is not used by the ZEDEDA Cloud system. It’s offered to give you more flexibility in organizing your enterprise. It can be changed after you create the object.
  3. Enter a value for the Target Tags.
    You or other admins can use this to understand the purpose of the edge app or any important details about it.
  4. Configure the following additional fields:
    • Edge App Name Prefix: Specify a common prefix for the internal names of the Edge Apps created by this policy.
    • Edge App Title Prefix: Define a common prefix for the user-friendly titles of the Edge Apps created by this policy.
    • Target Tags: Define tags that Edge Nodes must possess to automatically have the Edge Apps defined in this policy deployed to them.
    • Edge App: Select the specific Edge Application that this policy will deploy.
    • Edge App Instance Naming Pattern: Define a pattern for naming the individual instances of the selected Edge App deployed by this policy.
    • Project, Edge App & Edge Node: View the associated Project, selected Edge App, and targeted Edge Nodes for this policy.
    • Edge App Identifier: View the unique identifier of the selected Edge App.
    • Policy Configuration Tags: Define key-value pairs to further categorize and manage this Edge Apps Policy.
  5. Click Next.
     

Edge View Policy Configuration

The Edge View Policy is a set of rules that defines how, and under what conditions, remote users can gain limited access to edge nodes through an Edge View Session. For a full discussion of edge view policies, see edge view.

  1. Enter the edge view policy Name.
    This is unique across the enterprise and cannot be changed.
  2. Enter the edge view policy Title.
    This value is not used by the ZEDEDA Cloud system. It’s offered to give you more flexibility in organizing your enterprise. It can be changed after you create the object.
  3. Enter values for the Edge View Access Details:
    • Access EVE-OS: Allows users with an active Edge View session to access EVE-OS for the edge node.
    • Allow ZEDEDA Cloud Session only: Disables Edge View Docker client sessions.
    • Override access policies: Allows the local admin to override settings defined in this Edge View Policy at the edge node.
    • Access Edge App Instances: Allows users with an active Edge View session to interact with the edge app instances running on the edge node.
  4. Enter value for the Edge View Session Details:
    • Maximum time allowed for session: The absolute longest duration an individual Edge View session can last.
    • Maximum connections allowed for session: The maximum number of simultaneous connections permitted within a single Edge View session.
    • Default time allowed for session: The pre-set duration for a new Edge View session when it is initially established.
    • Default connections allowed for session: The number of simultaneous connections allowed when a new Edge View session is established.
    • Encrypt Session: Enables or disables encryption for communication within the Edge View session.
    • Dispatcher URL: Enter the network address of the ZEDEDA cloud. This is the service component responsible for managing Edge View connections.


 

Next Steps

This is a series of articles. You will likely follow them in this order.

  1. Projects Overview
  2. Create a Project 
  3. Configure the Project Policies - You are here!
  4. Manage a Project
  5. Use the ZEDEDA CLI to Manage a Project

After you’ve completed the series, you might be interested in the following articles:

  • If you’re adding a project while onboarding an edge node, then the next step might be to add edge apps from the Marketplace.
  • If you’re adding a project independent of the edge node onboarding workflow, then the next step might likely be to add an edge node.
Was this article helpful?
0 out of 0 found this helpful