One or more rules can be configured to automatically assign Hosts reporting to the Gateway to one or more custom Gateway Groups. The rules can be configured using Active Directory, network address (IPv4 only), or the Extension tag in the Host. In addition, there is a global grouping policy that controls how the rules are applied.
Below is a description of each of the custom rule types:
-
Add Organization Unit Rule (note: was "Active Directory Rule" prior to v13.2): Select the domain name that should be searched for the computer machine name, and optionally enter a prefix string to pre-pend to the OU found. When this rule is evaluated, a group with name prefix (OU=) plus the name of the OU is created in the Gateway server. If the option, “OU found closest to the computer” is chosen, than the custom group name includes the OU name that the computer is a member of in Active Directory. If the option, “OU found closest to the root”is chosen, than the custom group name includes the OU that is closest to the root in the hierarchy of the OU that the computer is a member of in Active Directory.
Consider the following Active Directory structure as an example:
- Domain.com
+ Computers
+ Users
+ Region One
+ Sales
+ Marketing
+ Region Two
+ Corporate
+ Engineering
+ Professional Services
If the computer is a member of the Marketing OU than the first selection will assign computer to Gateway group with name OU=Marketing. For the second option, the computer will be assigned to OU=Region One.
-
Add Security Groups Rule [new in v13.2]: Select the domain name that should be searched for security groups that have Computer account entries representing how Computers (Hosts) should be grouped.
-
Add IPv4 Address Rule: Specify an IPv4 address and the number of sequential addresses that should be searched after that, and select the group(s) to which the Hosts should be assigned. In the example below, if any Host machines report to the Gateway with an IPv4 address between 192.168.1.1 and 192.169.1.50, the will automatically be assigned to the custom Gateway group named “est”
-
Add Tag Rule: Specify an extension tag name and value; if any Host has this extension tag defined (check the Host’s Extension tab in the Host Control Panel), and if the value of the tag in the Host matches the value specified above (anywhere, case insensitive), then the Host will be assigned to the custom group specified in the dropdown box. In the example below, if any Host that reports to the Gateway contains the custom extension tag “test_tag”, and if that Host value for that tag contains “test” anywhere, that Host will be assigned to the custom Gateway group “test”.
Host Grouping Policy
The rules (if any are defined) can be applied to Hosts in one of four different ways. In additional, there’s a global rule that can be applied to Hosts that do not match any other rules. The Host grouping policy is one of the following choices:
-
Additive: Host added to groups in matching rules; no group memberships removed.
Specify this option to have the Host added to groups named in rules that match, but to also leave that Host in any other groups it belongs to. Note that if the Host changes in ways that cause it to match different rules at different times, the group memberships will accumulate.
-
Named Groups: Host added to groups in matching rules and removed from groups named in non-matching rules; other group memberships unchanged.
Specify this option to have the Host added to groups named in rules that match, and also remove the Host from groups named in rules that don’ match this Host. Note that other group memberships (in groups not named in grouping rules) are unchanged. This policy is best if grouping rules define exclusive relationships (like what floor, or building, a Host machine is in), and still allows other group memberships to be manually managed if they are not used in any grouping rules.
-
Exclusive: Host added to groups in matching rules; removed from all other groups.
Specify this option to have the Host added to groups named in rules that match, and also removed from all other groups (except “ll Hosts”. This policy is functionally equivalent to the Host Grouping Rules functionality in v8.0 when Hosts that don’ match any rules are put in “ll Hosts”group only, or put into a specific, specified group.
-
Exclusive If Matched: if Host matches any rules, acts as Exclusive; otherwise group memberships unchanged.
Specify this option to have the Host added to groups named in rules that match, and also removed from all other groups (except “ll Hosts”, just like Exclusive, if one or more rules are matched. However, with this policy, Hosts that do not match any rules are not removed from the groups they belong to. This policy is functionally equivalent to the Host Grouping Rules functionality in v8.0 when Hosts that don’ match any rules have their group memberships left alone. Additionally, there is an optional global rule that can group Hosts that don’ match any rules:
-
In all cases, if the Host doesn’ match any rules, add it to the following group.
Check this option, and select an appropriate user-defined group, to add Hosts that do not match any rules into the specified group. This global rule applies in addition to (and is processed after) the policy choices above. This choice is provided to match the functionality in v8.0 when Hosts that don’ match any rules are put in a specified group. This choice can also be used to identify Hosts that don’ match any rules; this may be useful if the Host grouping rules are designed so that it’ expected that all Hosts will match at least one rule and get grouped.