System Tree and Tags Flashcards
What is the System Tree?
A hierarchical structure that organizes the systems in your network into groups and subgroups
What are the ways to add systems to your System Tree?
- Manually add systems to an existing group
- Import systems from a text file
- Synchronize with your AD
What are the methods to organize your System Tree?
- Manual organization from the console(drag and drop)
- Automatic synchronization with your Active Directory or NT domain server
- Criteria-based sorting, used criteria applied to systems manually or automatically
What does the System Tree control?
- How policies for different products are inherited
- How your client tasks are inherited
- What groups your systems go into
If you are creating your system tree for the first time, what are the primary options available for organizing your systems dynamically?
- Using AD Synchronization
- Dynamically sorting systems
What are some of the different criteria that may influence the way your System Tree is structured?
- Administrator access (Access requirements of users who must manage the systems)
- Topological borders (NT domains or AD containers)
- Geographic borders(configuring policies differently for remote regions that use slower WAN or VPN connections)
- Political borders (Who accesses and manages the segments of the system tree affects how it’s structured)
- Functional borders (certain roles of the network may require special policies, such as a business group that runs specific software that requires special security policies)
- Subnets and IP addresses ranges
- Operating Systems/Software
What are the purposes of grouping systems?
- Allows you to put systems with similar characteristics in the same place
- Administrators or users can create and use them with the appropriate permissions
- Allows for the management of policies and client tasks for similar systems in one place, rather than having to manage them on each individual system
What is in the default system tree structure on a fresh install?>
- My Organization - The root of the system tree, can’t be renamed or deleted
- My Group - default group added during the Getting Started initial software installation
- Lost and Found - Catch all subgroup for any systems that have not been or could not be added to other groups in your system tree.
What are the characteristics of the top level lost and found group?
- Can’t be deleted
- can’t be renamed
- sorting criteria can’t be changed
- always appears last(doesn’t adhere to alphabetization)
- User must be granted permissions to the lost and found group to see its contents
What happens when a system is placed in the top level lost and found group?
It is placed in a subgroup of the lost and found group named for its domain. If no such group exists, one is created
How does inheritance work in the system tree?
Child groups in the system tree inherit the policies/client task assignments that are set at their parent groups.
Inheritance can be broken by applying a new policy at any location of the system tree
Inheritance can also be locked at any level to prevent systems below it from breaking inheritance for whatever reason
What are the factors that you should use to determine how to structure your system tree?
Policy Assignment - Do you have many custom product policies to assign to group based on chassis or function? Do certain business units require their own custom product policy?
Network Topology - Do you have sensitive WANs in your organization that a content update might easily saturate?(if you only have major locations, this isn’t a concern for your environment)
Client task assignment - When you create a client task, such as an on-demand scan, do you need to do it a group level, like a business unit, or system type, like a web server
Content distribution - do you have an agent policy that specifies that certain groups must get their content from a specific repository
Operational controls - Do you need specific rights delegated to your ePO administrators that allow them to administer specific locations in the tree
Queries - Do you need many options when filtering your queries to return results from a specific group in the system tree
What should you do prior to creating your system tree?
Create a few sample System Tree models and look at the pros and cons of each design to determine the most advantageous model for your environment
What are a few of the most commonly used System Tree designs?
Geographic Location -> Chassis - > Function
Network Location -> Chassis -> Function
Geographic Location -> Business Unit -> Function
What are some of the possible building blocks for groups in your system tree?
Geographic Location Network Location Business Unit Subbusiness unit Function of the system (web, SQL, app server) Chassis (server, workstation, laptop)