Reference Guide
Security Management Server Virtual - AdminHelp v9.8
59
weeks.
Persistent endpoints
retain the
configurations that are
set for the VM, until
the VM clone pool is
removed and rebuilt.
Non
-persistent
endpoints revert to
baseline settings after a
user logs off.
A persistent endpoint
is dedicated to a single
user.
After reverting to
baseline settings,a non
-
persistent endpoint is
available for another
user.
Endpoint Groups Specification
To skip to instructions about how to add an endpoint, see Add Endpoint Groups.
At deployment time, all endpoints belong to a default endpoint group, which is generally sufficient for most
deployments. This feature is used to assign policy to a specific group of endpoints. For instance, you may
want to create an endpoint group based on the locale that the operating system sends up in inventory. Once
that endpoint group is established, you could then apply a specific policy set to just the endpoints in your
specified locale.
Conversely, creating an endpoint group based on a platform type would not be useful because policies are
already grouped by platform.
Endpoint groups are created using a group specification. This specification allows you to define the endpoint
characteristics used to add endpoints to a group. You cannot manually add endpoints to endpoint groups.
The system, based on the characteristics in the endpoint group specification, automatically manages
endpoints and endpoint group membership.
Endpoints can be members of many endpoint groups simultaneously, as there is no mutual exclusion
requirement for endpoints in groups. All endpoints are included in the default endpoint group in addition to
any defined endpoint groups that they may be a member of. This is similar to the way users are a member of
the domain they are a part of, in addition to any security groups. Like the user group mapping, the endpoint
group mapping creates a potential policy arbitration problem for endpoints. To resolve this problem, the
default endpoint group has the lowest possible precedence, and cannot be altered. The endpoint groups that
you create have medium precedence by default. For more information on group precedence, see
Modify
Group Precedence.
Endpoint Group Specification
The endpoint group specification is a domain specific language that allows you to define groups. The
endpoint group specification consists of a set of operators and a set of data fields that these operators can
be applied to. A group specification is a Boolean expression that is evaluated per endpoint to determine
whether or not a endpoint is a member of a group.
The information obtained to assign endpoints to endpoint groups happens when inventory is received, not at
activation time. If you set up endpoint groups, all endpoints will stay only in the default endpoint group until
inventory is received.
Group specifications are created using the following fields and expressions. Multiple fields and operators can
be used in a single group specification.