Persistent device list

Ivanti Standalone Sentry operates using a list of ActiveSync devices that it keeps in its memory. This list is sometimes called the device cache. The information includes each device’s state, such as allowed or blocked.

Ivanti Standalone Sentry also uses a persistent device list, sometimes known as a persistent cache. Ivanti Standalone Sentry persists on disk, which means stores on disk, its list of ActiveSync devices. When Ivanti Standalone Sentry initializes, if it cannot reach UEM due to, for example, network issues, it uses its persistent device list to begin its operations. In this way, Ivanti Standalone Sentry can begin with the last known state of each of its ActiveSync devices.

Ivanti Standalone Sentry updates the persistent device list as follows:

•At regular intervals. This update to disk is called the periodic disk update.

•Before shutting down.

•When requested by a CLI command.

Ivanti Standalone Sentry behavior when UEM is not reachable

Now, when Ivanti Standalone Sentry detects that it cannot reach Ivanti EPMM, it reacts depending on the following situations:

•Ivanti Standalone Sentry is initializing but cannot reach Ivanti EPMM to get the list of devices.

Normally, when it initializes, Ivanti Standalone Sentry retrieves from Ivanti EPMM all the registered ActiveSync devices that are allowed to access the ActiveSync server. If Ivanti EPMM is not reachable, Standalone Sentry reads into memory the persistent device list that it last stored on disk. Therefore, Ivanti Standalone Sentry continues operating using the last known state of each device.

To understand Standalone Sentry initialization behavior when it can reach Ivanti EPMM, see Ivanti EPMM, Ivanti Standalone Sentry, and device interaction.

•At some point after initialization is complete, Ivanti Standalone Sentry cannot reach Ivanti EPMM after trying for an internally specified time period.

In this situation, Ivanti Standalone Sentry continues operating using the last known state of the device as stored in its in-memory list.

•If Ivanti EPMM is unreachable, and a new device or device not in the Ivanti Standalone Sentry persistent device list, accesses the ActiveSync server or backend resource, the default Sentry behavior allows access to the server. In this case, for ActiveSync traffic, the ActiveSync server’s policy is applied to the new device.

Although Ivanti Standalone Sentry continues operating, being unable to reach Ivanti EPMM has the following impact:

•The Ivanti Standalone Sentry does not know when Ivanti EPMM changes the state of a device due to a security policy violation.

•It does not know when you change the state of the device using the ActiveSync Devices view of the Admin Portal.

•It does not know when you change the ActiveSync policy for a device using the Admin Portal.

•It cannot get guidance from Ivanti EPMM when a device that is not in its list attempts to access the ActiveSync server. This situation occurs, for example, when a new device has registered with Ivanti EPMM. Ivanti Standalone Sentry allows the device access to the ActiveSync server and pushes a default ActiveSync policy to the device.

Ivanti Standalone Sentry behavior when UEM is reachable again

Ivanti Standalone Sentry detects when Ivanti EPMM becomes reachable. The Standalone Sentry does the following:

•Retrieves all the registered ActiveSync devices from Ivanti EPMM that are allowed to access the ActiveSync server, and updates its in-memory device list with them.

•Resumes normal interactions with Ivanti EPMM as described in Ivanti EPMM, Ivanti Standalone Sentry, and device interaction.

Checking if Ivanti Standalone Sentry can reach UEM

You can check whether Ivanti Standalone Sentry can reach UEM by using the Ivanti Standalone Sentry System Manager. See Service Diagnosis.