EdgeView Policies
The EdgeView policies are set by the SysAdmin on the controller. EdgeView can be allowed or not-allowed for the project where the devices belong to.
When the EdgeView is allowed for the project and the device, there is 3 areas of control for the access policies:
device access
application access
Each of the policies has allow/disallow settings.
Device Access
All the EdgeView commands (except for TCP commands) are belong to Device Access. If the TCP channel endpoints is part of the Dom0 services, it is considered as Device Access. For instance, access the device meta-data service for the internal bridge.
Application Access
When setting up TCP channel over EdgeView to access the remote-end, if the remote-endpoint belongs to the applications on the EVE device, then the access is Application Access. It can be the VNC port access to the application console, or it can be the SSH or HTTP into the application VM.
In the current implementation of EdgeView, besides the policy allow/disallow for applications on device, it also checks if the application 'Remote Console' access is enabled or not. If the application's 'Remote Console' access is not enabled, even if the EdgeView Application Access is allowed, the TCP access into this particular application will be denied.