When you design your Organization Tree to support a tiered implementation, you should attempt to group machines together in a way that will require the minimum number of policies. Here are some examples of commonly optimized groupings of CA TM nodes:
|
Tier or Group Type |
Policy Grouping Reason |
Sticky Branch Option* |
|---|---|---|
|
Tier 1 (CA TM Server) and Tier 2 (Redistribution Servers) |
Forward alerts to the CA TM Server |
Checked |
|
Tier 3 (High Risk and/or Mail Servers) |
Retrieve Content Updates from, and send alerts to Tier 2 Servers |
Checked |
|
Tier 4 (Regional Office / Division Servers) |
Retrieve Content Updates from, and send alerts to Tier 2 Servers. |
Checked |
|
Regional Office / Division Subnets |
Retrieve Content Updates from, and send alerts to Tier 4 Servers. |
Unchecked (roaming user support) |
|
Application Servers |
Realtime exclusions to maximize performance while still limiting risk |
Checked |
|
File Servers |
Scheduled Scans are often used to check shared volumes that have been excluded from Realtime scanning |
Checked |
*Sticky Branch refers to the "Discovery shall not remove machines from this branch" option in the the Add New Branch dialog.
Recommendation: Create branches in your Organization using one or both of following methods:
In general each branch of the Organization Tree should contain approximately 200 to 250 nodes (for example a Class C subnet). You should assign Policy Proxy Servers to Branches in a way that balances potential timeout over-head. A branch may be larger if the Policy Proxies are assigned to static nodes that are always on.