McAfee EPOCDE-AA-BA Product Guide - Page 124
Environmental borders and their impact on system organization, Subnets and IP address ranges
View all McAfee EPOCDE-AA-BA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 124 highlights
12 124 Organizing the System Tree Considerations when planning your System Tree Environmental borders and their impact on system organization How you organize the systems for management depends on the borders that exist in your network. These borders influence the organization of the System Tree differently than the organization of your network topology. McAfee recommends evaluating these borders in your network and organization, and whether they must be considered when defining the organization of your System Tree. Topological borders Your network is already defined by NT domains or Active Directory containers. The better organized your network environment, the easier it is to create and maintain the System Tree with the synchronization features. Geographic borders Managing security is a constant balance between protection and performance. Organize your System Tree to make the best use of limited network bandwidth. Consider how the server connects to all parts of your network, especially remote locations that are often connected by slower WAN or VPN connections, instead of faster LAN connections. You may want to configure updating and agent-server communication policies differently for remote sites to minimize network traffic over slower connections. Grouping systems first by geography provides several advantages for configuring policies: • You can configure update policies for the group so that all systems update from one or more distributed software repositories located nearby. • You can schedule client tasks to run at times better suited to the site's location. Political borders Many large networks are divided by individuals or groups responsible for managing different portions of the network. Sometimes these borders do not coincide with topological or geographic borders. Who accesses and manages the segments of the System Tree affects how you structure it. Functional borders Some networks are divided by the roles of those using the network; for example, Sales and Engineering. Even if the network is not divided by functional borders, you may need to organize segments of the System Tree by functionality if different groups require different policies. A business group may run specific software that requires special security policies. For example, arranging your email Exchange Servers into a group and setting specific exclusions for VirusScan Enterprise on-access scanning. Subnets and IP address ranges In many cases, organizational units of a network use specific subnets or IP ranges, so you can create a group for a geographic location and set IP filters for it. Also, if your network isn't spread out geographically, you can use network location, such as IP address, as the primary grouping criterion. If possible, consider using sorting criteria based on IP address information to automate System Tree creation and maintenance. Set IP subnet masks or IP address range criteria for applicable groups within the System Tree. These filters automatically populate locations with the appropriate systems. Tags and systems with similar characteristics You can use tags for automated sorting into groups. Tags identify systems with similar characteristics. If you can organize your groups by characteristics, you can create and assign tags based on that McAfee® ePolicy Orchestrator® 4.6.0 Software Product Guide