It is no longer mandatory for administrators to manually perform tell traveler security delete to remove the device security administration data from IBM Traveler after a device has been deleted or reset. Starting with version 9.0.1.10, IBM Traveler will automatically quarantine deleted devices and move them into the deleted state. These deleted devices will not be seen in the "Devices" view, however they will continue to be seen in the "Devices Security" view for up to 30 days. IBM Traveler keeps deleted device security data for the 30 day period in order to
1.        Publish device security data to the IBM Traveler Web Administration Console so that Administrators can take further action on those deleted devices.
2.        Allow IBM Traveler Administration REST API consumers query for a list of all deleted devices.
3.        Allow sufficient time for any security actions taken against the device to complete.

If there is no device activity for 30 days, the corresponding device security data will be automatically removed. This means any security action previously completed or still pending against the device will be lost. However, if a deleted or reset device happens to connect and/or sync with IBM Traveler within the 30 day window, it will be moved to an active state and will resurface in the "Devices" view.

A notes.ini setting, NTS_ADMIN_CLEANUP_TIMEOUT, is available to customize the 30 day period for security data removal. If an administrator wants the security data to be immediately removed during device deletion, they can assign a value of 0 to this ini setting. This forces IBM Traveler to remove both the device and its security data when tell traveler delete or tell traveler reset is performed. Any previous security (such as approval, deny, or wipe) actions taken against the device will be immediately lost. In environments where NTS_ADMIN_CLEANUP_TIMEOUT = 0 has been set, we recommend not to delete a device immediately after a security action has been issued. Instead, wait for the server and/or device to complete the action before deleting the device. For example, if a device or application wipe has been issued and the device is deleted immediately following that wipe, even before the device acknowledges the wipe, the wipe action will be lost from IBM Traveler.

Note: There is still no explicit indication available on the IBM Traveler Administration UI to highlight devices in the deleted state. If a device is deleted, it will not appear in the "Devices" view.

Don, question about the wipe (last couple sentences of your quote) -

If the user has been deleted from the Address book (employment terminated) will the wipe still process? Or does the user still have to authenticate to the server for the wipe to process?

Here's the Issue  - user's employment terminated, we'd like to wipe the email off a user's device. If the requirement is that the user must authenticate to the server in order to process the wipe, then there's a window where the user is able to send mail (as an employee) - which could be a disaster just waiting to happen.

How is this handled in the most current version(s) of Traveler?

Thanks!

I wanted to confirm that nothing has changed - because I've been asked by upper management who were under the impression that we could always wipe a device.

My reply was that 1) the user has to connect back to the server, (of course), and 2) the user account cannot be locked out or deleted.

So, there's a window where we can issue the wipe and watch for the wipe to have been successful, but at some point we would have to delete the account (say, end of day) & leave the existing emails on the device.

Thanks!

Hi Don

many thanks for the information and reference

regards

Keith