Skip to content

KB007: Configure Device Cleanup Policies

Article ID: KB007

Last Updated: June 21, 2025

Applies To: HySecure Gateway 7.1 and above

Category: Administrative & Management

Overview

This guide explains how to configure automated cleanup of unused access devices. This feature automatically removes access devices that haven't been used for a specified number of days, improving device management and security by maintaining only active devices.

Prerequisites

  • HySecure Gateway 7.1 or higher
  • Security Officer or Administrator access to the HySecure Management Console

Benefits

  • Simplified Device Management: Automatically remove inactive devices.
  • Enhanced Security: Keep only active devices registered.
  • Improved Performance: Reduce database overhead from stale device records.
  • Flexible Scheduling: Configure cleanup frequency based on organizational needs.

How Device Cleanup Works

Tracking Mechanism

Last Login Time:

  • Initially set when the service pack is first applied.
  • Updates when the user logs in with the device.
  • Used to calculate the device inactivity period.

Cleanup Criteria:

  • Devices not used for a specified number of days.
  • Automatic deletion during scheduled cleanup.
  • Blocked devices remain unaffected.

Protected Devices

Devices NOT Removed:

  • Currently blocked devices.
  • Devices used within the configured retention period.

Procedure

Step 1: Access Cleanup Policies

  1. Log in to Management Console

    • Log in to the HySecure Management Console as a Security Officer or Administrator.

  2. Navigate to Cleanup Policies

    • Go to Diagnose > Cleanup Policies.

Step 2: Enable Access Device Cleanup

  1. Enable Cleanup Feature

    • Select the checkbox to enable Access Device cleanup.

  2. Configure Retention Period

    • Set the Device not used since last value.

    • Specify the number of days after which the unused device will be deleted.

    • Example: Setting to 30 days will delete devices not used for 30+ days.

Step 3: Configure Cleanup Schedule

Choose one of the following scheduling options:

Option A: Daily Cleanup

  1. Select Daily Schedule

    • Choose the Daily option.

  2. Configure Time

    • Set a specific time for daily cleanup.

    • Example: 02:00 AM for off-hours processing.

Option B: Weekly Cleanup

  1. Select Weekly Schedule

    • Choose the Weekly option.

  2. Configure Days and Time

    • Select specific days of the week.

    • Set a time for cleanup execution.

    • Example: Wednesday and Friday at 12:05 AM.

Option C: Monthly Cleanup

  1. Select Monthly Schedule

    • Choose the Monthly option.

  2. Configure Date and Time

    • Select a specific date of each month.

    • Set a time for cleanup execution.

    • Example: 20th of every month at a specified time.

Step 4: Save Configuration

  1. Apply Settings

    • Review all configuration settings.

    • Click Save or Submit to apply changes.

  2. Verify Configuration

    • Confirm the cleanup policy is enabled.

    • Verify schedule settings are correct.

Schedule Configuration Examples

Example 1: Daily Cleanup at Night

Schedule Type: Daily

Time: 02:00 AM

Retention Period: 90 days

Use Case: Organizations with high device turnover.

Example 2: Weekly Cleanup During Low Usage

Schedule Type: Weekly

Days: Wednesday, Friday

Time: 12:05 AM

Retention Period: 60 days

Use Case: Balanced cleanup frequency for medium-sized organizations.

Example 3: Monthly Cleanup for Large Organizations

Schedule Type: Monthly

Date: 20th of each month

Time: 03:00 AM

Retention Period: 180 days

Use Case: Large organizations with a stable device base.

Configuration Considerations

Retention Period Planning

Factors to Consider:

  • User travel patterns and remote work.
  • Device replacement cycles.
  • Compliance and audit requirements.
  • Business continuity needs.

Schedule Planning

Time Selection:

  • Choose low-usage periods for cleanup.
  • Consider time zones for global organizations.

Frequency Selection:

  • Daily: High device turnover, tight security requirements.
  • Weekly: Balanced approach for most organizations.
  • Monthly: Conservative approach, stable device base.

Monitoring and Verification

Cleanup Execution Logs

Log Information:

  • Cleanup execution time and date.
  • Number of devices processed.
  • Number of devices removed.
  • Any errors or issues encountered?

Post-Cleanup Verification

Regular Monitoring:

  • Review cleanup execution logs.
  • Analyze device registration trends.

Important Notes

Initial Implementation

First-Time Setup:

  • The last login time is initially set at the service pack installation.
  • Existing devices get a baseline timestamp.
  • Cleanup begins after the first scheduled execution.

User Impact:

  • Users may need to re-register removed devices.
  • Provide clear communication about the device lifecycle.
  • Ensure the device registration process is streamlined.

Database Impact

Performance Benefits:

  • Reduced device table size.
  • Improved query performance.
  • Lower storage requirements.

Backup Considerations:

  • Device information is permanently deleted.
  • Ensure backup strategies account for cleanup.
  • Consider audit trail requirements.

Troubleshooting

Common Issues:

Cleanup Not Executing:

  • Verify cleanup policy is enabled.
  • Check the schedule configuration accuracy.
  • Review system time and time zone settings.

Too Many Devices Removed:

  • Review the retention period setting.
  • Check if users are logging in regularly.
  • Verify device usage patterns match expectations.
  • Consider adjusting the retention period.