Previous: QuickStart home
Next: Install Halo agents
Task 1. Create groups of servers
Why are server groups important?
For Halo, the concept of server groups is fundamental. Halo uses group-based policy management, meaning that an individual security policy is designed to apply to a group of cloned servers used for the same function. There is no need to create an individual policy for each server. By applying policies in this manner, you can efficiently scale your protection to fleets of thousands of servers. And in the dynamic environment of the cloud, Halo instantly applies the proper policies to all new servers.
Server groups can also be organized hierarchically, which allows you to implement a group structure that parallels the structure of your organization. The top (root) group has the name and scope of your entire Halo account, immediate subgroups can reflect the high-level business divisions or geographies that your account emcompasses, with the deepest groups organizing servers along functional lines—leading to group hierarches such as "ACME > Sales > Sales NW > fileservers_RHEL". At each level, a group encompasses not only its own servers, but also the servers of all of its descendant groups.
Group hierarchy is the underpinning for policy inheritance, a Halo feature in which a group may inherit one or more policies from any of its ancestor groups. With this capability, your organization can, for example, define broad security policies at the highestest corporate levels and pass them on to all subgroups. Individual groups at lower levels can then add more detailed and division-specific or functionally specific policies as needed.
To come up with the best set of server groups for your organization, first set up a hierarchical group structure that reflects your entire organization. Then examine all of the servers you currently use, and categorize them in terms of platform, applications, and purpose, while trying to end up with the smallest possible number of groups. Then add the groups across the bottom of the hierarchy. The basic idea is that all the servers in any of these leaf groups usually need to be very similar (same OS and version, same applications, same firewall needs, same local user accounts), so that a single set of policies can protect all of them.
You'll need to put your Halo-protected servers into named groups, so that Halo can apply apply security policies to them. All servers in a given group use the same configuration, firewall, and other kinds of security policies.
Organize your groups by server function and possibly also align them to your organization's structure or geographies. Server groups are hierarchical, which allows for roll-up of server counts, issue counts, and so on from multiple lower-level groups into higher groups in the heirarchy. The hierachy also supports policy inheritance. The highest group is always the root group, representing all of your organization and containing all other groups.
- In the Halo portal, navigate to the group level so that the cloud icon of the root group is displayed. if you are not already at the group level, click the root group name in the context titlebar just below the Halo logo (or click the Halo logo itself).
The root group is the start of your group hierarchy. Every group's cloud icon displays the number of servers in the group; in the above exmple, the root group contains 24 servers, meaning that Halo agents have been installed on 24 servers so far.
- To add a subgroup beneath the root group, select Group from the New menu.
- On the Info tab of the Group Details view, name the server group and click Save. The group appears in the group tree, indented beneath the root group.
- Repeat this process to add as many other server groups as you wish. To implement deeper levels of group hierarchy, you can highlight an intended parent group before creating its child groups, or you can drag a newly created group to its intended parent. See Move a Group in the Halo Operations Guide.
The initial 6 groups created for this demo deployment look like the following. Note that one group is itself a parent of three child groups.
Now, add servers to your groups. The fastest way to do this is to create each new server (install each new Halo agent) within the context of its intended group. See the next task, Install Halo agents.
// <![CDATA[ var pdfTitle="Halo QuickStart and Tour"; var pdfURL="http://res.cloudinary.com/ljufltxil/image/upload/document_images/quickstart2/halo-quickstart-and-tour.pdf"; specifyPDF(pdfTitle, pdfURL); // ]]>