fighting for truth, justice, and a kick-butt lotus notes experience.

 
alt

Detlev Poettgen

 

tell traveler security delete - no longer needed

 6 April 2016 17:16:04
 
It is no longer mandatory for administrators to manually perform tell traveler security delete to remove the device security administration data from IBM Traveler after a device has been deleted or reset.

Starting with version 9.0.1.10, IBM Traveler will automatically quarantine deleted devices and move them into the deleted state. These deleted devices will not be seen in the "Devices" view, however they will continue to be seen in the "Devices Security" view for up to 30 days. IBM Traveler keeps deleted device security data for the 30 day period in order to
  • Publish device security data to the IBM Traveler Web Administration Console so that Administrators can take further action on those deleted devices
  • Allow IBM Traveler Administration REST API consumers query for a list of all deleted devices.
  • Allow sufficient time for any security actions taken against the device to complete.

If there is no device activity for 30 days, the corresponding device security data will be automatically removed. This means any security action previously completed or still pending against the device will be lost. However, if a deleted or reset device happens to connect and/or sync with IBM Traveler within the 30 day window, it will be moved to an active state and will resurface in the "Devices" view.

A notes.ini setting, NTS_ADMIN_CLEANUP_TIMEOUT, is available to customize the 30 day period for security data removal.

If an administrator wants the security data to be immediately removed during device deletion, they can assign a value of 0 to this ini setting. This forces IBM Traveler to remove both the device and its security data when tell traveler delete or tell traveler reset is performed. Any previous security (such as approval, deny, or wipe) actions taken against the device will be immediately lost. In environments where NTS_ADMIN_CLEANUP_TIMEOUT = 0 has been set, we recommend not to delete a device immediately after a security action has been issued. Instead, wait for the server and/or device to complete the action before deleting the device. For example, if a device or application wipe has been issued and the device is deleted immediately following that wipe, even before the device acknowledges the wipe, the wipe action will be lost from IBM Traveler.

Note: There is still no explicit indication available on the IBM Traveler Administration UI to highlight devices in the deleted state. If a device is deleted, it will not appear in the "Devices" view.

Can be found here: http://www.ibm.com/support/knowledgecenter/?lang=en#!/SSYRPW_9.0.1/tellcommandreference.dita