System Tree and Tags Flashcards
What is the System Tree?
A hierarchical structure that organizes the systems in your network into groups and subgroups
What are the ways to add systems to your System Tree?
- Manually add systems to an existing group
- Import systems from a text file
- Synchronize with your AD
What are the methods to organize your System Tree?
- Manual organization from the console(drag and drop)
- Automatic synchronization with your Active Directory or NT domain server
- Criteria-based sorting, used criteria applied to systems manually or automatically
What does the System Tree control?
- How policies for different products are inherited
- How your client tasks are inherited
- What groups your systems go into
If you are creating your system tree for the first time, what are the primary options available for organizing your systems dynamically?
- Using AD Synchronization
- Dynamically sorting systems
What are some of the different criteria that may influence the way your System Tree is structured?
- Administrator access (Access requirements of users who must manage the systems)
- Topological borders (NT domains or AD containers)
- Geographic borders(configuring policies differently for remote regions that use slower WAN or VPN connections)
- Political borders (Who accesses and manages the segments of the system tree affects how it’s structured)
- Functional borders (certain roles of the network may require special policies, such as a business group that runs specific software that requires special security policies)
- Subnets and IP addresses ranges
- Operating Systems/Software
What are the purposes of grouping systems?
- Allows you to put systems with similar characteristics in the same place
- Administrators or users can create and use them with the appropriate permissions
- Allows for the management of policies and client tasks for similar systems in one place, rather than having to manage them on each individual system
What is in the default system tree structure on a fresh install?>
- My Organization - The root of the system tree, can’t be renamed or deleted
- My Group - default group added during the Getting Started initial software installation
- Lost and Found - Catch all subgroup for any systems that have not been or could not be added to other groups in your system tree.
What are the characteristics of the top level lost and found group?
- Can’t be deleted
- can’t be renamed
- sorting criteria can’t be changed
- always appears last(doesn’t adhere to alphabetization)
- User must be granted permissions to the lost and found group to see its contents
What happens when a system is placed in the top level lost and found group?
It is placed in a subgroup of the lost and found group named for its domain. If no such group exists, one is created
How does inheritance work in the system tree?
Child groups in the system tree inherit the policies/client task assignments that are set at their parent groups.
Inheritance can be broken by applying a new policy at any location of the system tree
Inheritance can also be locked at any level to prevent systems below it from breaking inheritance for whatever reason
What are the factors that you should use to determine how to structure your system tree?
Policy Assignment - Do you have many custom product policies to assign to group based on chassis or function? Do certain business units require their own custom product policy?
Network Topology - Do you have sensitive WANs in your organization that a content update might easily saturate?(if you only have major locations, this isn’t a concern for your environment)
Client task assignment - When you create a client task, such as an on-demand scan, do you need to do it a group level, like a business unit, or system type, like a web server
Content distribution - do you have an agent policy that specifies that certain groups must get their content from a specific repository
Operational controls - Do you need specific rights delegated to your ePO administrators that allow them to administer specific locations in the tree
Queries - Do you need many options when filtering your queries to return results from a specific group in the system tree
What should you do prior to creating your system tree?
Create a few sample System Tree models and look at the pros and cons of each design to determine the most advantageous model for your environment
What are a few of the most commonly used System Tree designs?
Geographic Location -> Chassis - > Function
Network Location -> Chassis -> Function
Geographic Location -> Business Unit -> Function
What are some of the possible building blocks for groups in your system tree?
Geographic Location Network Location Business Unit Subbusiness unit Function of the system (web, SQL, app server) Chassis (server, workstation, laptop)
What can synchronizing with your Active Directory structure contribute to your System Tree?
You can:
-Import both the AD subcontainers and the systems within them into your System Tree, and maintain them by performing regular synchronizations
- Import systems from the AD container and its subcontainers as a flat list, ignoring the structure of the AD
- Control what to do with potential duplicate systems
- Tag newly imported or updated systems
- Use the system description, which is imported from AD with the systems
What steps should you take to integrate your AD systems structure with your system tree?
- Configure the synchronizations settings on each group that is a mapping point in the System Tree. At the same location, configure whether to:
- Deploy agents to discovered systems
- Delete systems from the System Tree when they are deleted from Active Directory
- Allow or disallow duplicate entries of systems that exist elsewhere in the System Tree - Use the Synchronize Now action to import Active Directory systems (and possibly structure) into the System Tree according to the synchronization settings
- Use an NT Domain/Active Directory synchronization server task to regularly synchronize the systems (and possibly the Active Directory structure) with the System Tree according to the synchronization settings
What are the two types of Active Directory synchronization?
Systems only
Systems and structure
What options can you configure with your Active Directory synchronization?
- Whether to automatically deploy agents to systems new to ePO (might not want to configure on initial synchronization if you are importing many systems and have limited bandwidth)
- Whether to delete systems from ePO (and remove their agents) when they are deleted from Active Directory
- Prevent adding systems to the group if they exist elsewhere in the System Tree, ensuring that you don’t have duplicate systems if you manually move or sort the system to another location
- Exclude certain Active Directory containers from the synchronization, ignoring them during synchronization
T/F: Like Active Directory Synchronization, NT domain synchronization syncs System Descriptions as well as System Names
False, NT domain synchronization only syncs the system names, the system description is not synchronized
T/F: Systems must match all criteria of a group’s sorting criteria to be placed into the group
False, they need to only match one Criterion
How does criteria based sorting in the system tree function?
Define either IP address information or Tags as sorting criteria for Subgroups. Systems must match at least one criterion of a group in order to be sorted into it
Where can you enable or disable System Tree Sorting?
You can configure System Tree Sorting both on individual systems and in the System Tree Sorting server setting.
The Server Setting controls the automated STS process, giving you the option to disable it, allow it to happen once (on the next ASC), or make it happen on every future ASC. So, if it is enabled, then ePO will attempt to dynamically sort each system(assuming they have System Tree Sorting enabled on an individual basis)
The System Tree Sorting on each individual system controls whether or not each individual system can be dynamically sorted. This applies to both the manual “Sort Now” feature, and the automated sorting that’s configured in the server setting
What is the purpose of configuring the group sorting order?
When multiple subgroups have matching criteria, the sorting order can control which group the system is matched against first, providing granular control over where your systems end up
