1.2 Understanding the Universal Policy Administrator Architecture

Universal Policy administrator extends the Active Directory (AD) capabilities by enabling domain controllers to add Linux and Mac servers along with Cloud resources to the AD environment, which can interface with identity services, Universal policies, and domains.

1.2.1 Universal Policy Administrator Components

Universal Policy Administrator Components	Description
Universal Policy Administrator Agents	Windows, Linux or Mac based software that enforce universal policies and audit logs; the Windows agent manages a non-domain joined Windows computer.
Universal Policy Administrator On Premises Gateway	A Windows server that is used to push policies from Active Directory to the Universal Policy Administrator Cloud Gateway.
Universal Policy Administrator Cloud Gateway	A component that provides the ability to bridge VMs in the cloud with the Universal Policy Administrator On Premises Gateway to apply universal policies to cloud VMs.
Web Console	A browser-based console that Interfaces dashboards and management consoles for universal policies, associated roles, domains, OUs, users, groups, agent versions, environments, view session and event details and so on.

1.2.2 Understanding the Workflow

Universal Policy Administrator has multiple components depicted in the architecture diagram below:

A high‑level Universal Policy Administrator change management workflow includes the following steps:

Create a new Universal Policy in the Web Console or import GPOs from your production Active Directory environment into the Web Console of the Universal Policy Administrator and save as a Universal Policy.
Check out a Universal Policy, locking it from changes by other users.
Edit the Universal Policy as needed.
Check in the updated Universal Policy, unlock the Universal Policy and update its version number.
Analyze the Universal Policy to verify your changes (for example, RSoP analysis), and then approve the policy.
Export to Active Directory.