SSH Tectia Manager enables the administrator to create SSH Tectia Client, ConnectSecure, and Server configuration sets using the administration interface and to save them centrally on the Management Server. The configurations can then be distrubuted to the host groups to enforce a consistent security policy throughout the environment. Hosts can be set to use the configuration created for their host groups (configurations can be inherited from higher levels in the host hierarchy), or a host-specific configuration can be assigned.
SSH Tectia Client application tunneling policy rules and the SSH Tectia ConnectSecure configurations are dynamically assigned on the basis of the application tunneling policy rules created by the administrator. The Management Server validates the contents of the configurations (for example, checks that the set parameters are applicable to the SSH Tectia software versions running on the hosts to which the configurations are allocated) and then pushes the configuration to the hosts through the management connection.
If a host is offline when configuration deployment is initiated, the configuration update will be performed the next time the host is online and connects to the Management Server.
If an unauthorized configuration change is performed locally, a notification is shown in the administration interface on the Management Server and centralized configuration deployment for the host in question can be disabled (for example, because of a local emergency update). Failed configuration updates create a log entry and trigger a local roll-back into the previous configuration.