The following document outlines the different replication rules available in Arellia Endpoint Remediation Suite and explains when they should be enabled.
Essentially there are 3 general use cases for when replication might be required. They are not mutually exclusive and can be combined in any desired combination.
Use Case 1 - Resource Discovery with multiple client facing SMP servers
In the scenario where the SMP hierarchy contains multiple child Notification Servers that perform resource discovery, the following replication rules should be considered:
- COM+/DCOM - Relocate Up
- COM+/DCOM - Replicate Down
- Digital Certificate - Relocate Up
- Digital Certificate - Replicate Down
- Directories - Relocate Up
- Directories - Replicate Down
- Domain User Group - Relocate Up
- Domain User Group - Replicate Down
- File - Relocate Up
- File - Replicate Down
- File Extension - Relocate Up
- File Extension - Replicate Down
- File System Folder - Relocate Up
- File System Folder - Replicate Down
- Security Descriptor - Relocate Up
- Security Descriptor - Replicate Down
- Shared Folder - Relocate Up
- Shared Folder - Replicate Down
- Windows Domain - Relocate Up
- Windows Domain - Replicate Down
- Windows Service - Relocate Up
- Windows Service - Replicate Down
Relocate Up rules "move" the owner of the resource being replicated from the child NS to the parent NS. This is useful when there may be duplicate resources existing within the hierarchy due to multiple child NS discovering the same resource. Once the parent NS becomes the owner of the resource it will resolve the duplicates by performing a resource merge.
The winner of the merge is then transmitted to the child NS by using the Replicate Down rule. Not enabling both directions for these rules will result in duplicates.
Only enable rules if you are using policies that reference these resource types.
Use Case 2 - Centralized Reporting
When setting up centralized reporting on the parent NS the following data classes and event classes should be considered for Replicating Up from your child NS:
Site specific resources
Local Users and Groups - Replicate Up
Enabling this rule will transmit all local users and group used by Local Security Solution reporting.
Events
- Application Events - Replicate Up
- Password Change Event - Replicate Up
- Password Disclosure Event - Replicate Up
Data Classes
Computer Data Classes - Application Control
Replicates the COM Component Download data class for all Computer resources
Computer Data Classes - File Inventory
Replicates the following data classes for the Computer resource type:
- File Location
- File Report
- Installed Msi Product
Computer Data Classes - Local Security
Replicates the following data classes for the Computer resource type:
- COM Application Settings
- COM Settings
- DCOM Application Settings
- Global Account Details
- Global Domain Details
- Local Account Settings
- Privilege Membership
- Shared Folder Settings
- Windows Service Settings
Computer Data Classes - Security Analysis
Replicates the following data classes for the Computer resource type:
- Oval Definition Result
- Oval Test Result
- Remediation Approval
- Xccdf Profile Score
Only enable rules to Replicate Up to the parent NS if you wish to report on the data centrally.
Use Case 3 - Centralized Management
When a parent NS is used for centralized management the following data classes should be considered for replication as they encapsulate management items used by Arellia solutions:
Package Data Classes - Replicate Down
Replicates the Package Contents data class for the Package resource type.
Provisioned Resources - Replicate Down
Replicates the following resource types:
- Provisioned User
- Provisioned User Group
Scap Data Sources - Replicate Down
Replicates the Scap Content and Scap Data Source resource types.
Scap Entities - Replicate Down
Replicates all Scap Entity resources.
Security Descriptor User Defined - Replicate Down
Replicates the following data classes for the Security Descriptor User Defined resource type:
- Security Descriptor DACL
- Security Descriptor Header
- Security Descriptor SACL
- User Defined Security Descriptor
User Credentials - Replicate Down
Replicates the following data classes for the User Credentials resource type:
- Global Account Details
- User Account Password
- User Credentials
When integrating with Active Directory only the parent NS in a hierarchy should perform resource discovery. The directory data can then be replicated down the hierarchy using:
Directory Data Classes - Replicate Down
Replicates the Directory Object Details data class for the following resource types:
- Computer
- Domain User Group
- User
Management items like policies, filters and item security are replicated using the core SMP replication rules. These need to be configured using the Hierarchy Management UI in the Altiris console.
Arellia Agent Policies currently do not support replication. You will need to manually configure these throughout your hierarchy.