CSA 5.2 - Assigning Groups

Answered Question
Mar 24th, 2008

When adding hosts to a group, for example, does a SQL Server get both SQL Server Group and Servers - All Types assigned or is the SQL Server Group good enough? Also, is it best to use the default group or clone the group/s?


Thanks,

Adam

Correct Answer by tsteger1 about 8 years 11 months ago

Adam,


That's pretty much how I do it. The exceptions are when it makes more sense to exclude an application class from certain rules rather than create an exception.


This way it it only has to process it once.


I still have to go through the rules, modules and policies after every upgrade to make sure the exceptions still apply.


Fortunately that happens only a couple of times a year and it's usually immediately apparent if the exceptions aren't working.


Tom

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
tsteger1 Mon, 03/24/2008 - 10:17

For #1 I use both groups since they have different policies. That way they have common Windows server and SQL specific protections.


#2 depends on your preferences.


I leave them in the default groups and make changes to exception rule modules and policies.


Makes upgrades and patching easier.


Tom

kerraj2004 Mon, 03/24/2008 - 10:38

exactly, i'm just looking to make upgrades easy. You will create new policies and rules under the Default Groups, correct?


Thanks,

Adam

tsteger1 Mon, 03/24/2008 - 11:12

I create them for the default groups but put them in a separate policy. This keeps the groups clean for upgrade simplicity (usually).


Tom

kerraj2004 Mon, 03/24/2008 - 11:30

So, just so i understand what you are doing. You use the default groups and then create NEW rules that get attached to the NEW Policy. Once the all created the new policy gets attached to the default group, correct? Im just trying to simplify the upgrade/hotfix process.


Thanks and sorry for it being so wordy.


Adam

Correct Answer
tsteger1 Mon, 03/24/2008 - 14:38

Adam,


That's pretty much how I do it. The exceptions are when it makes more sense to exclude an application class from certain rules rather than create an exception.


This way it it only has to process it once.


I still have to go through the rules, modules and policies after every upgrade to make sure the exceptions still apply.


Fortunately that happens only a couple of times a year and it's usually immediately apparent if the exceptions aren't working.


Tom

Actions

This Discussion