Arellia Resource Replication Rules

Owned by Anonymous
Last updated: Sept 13, 2012 by AnonymousVersion comment
3 min read

The following document outlines the different replication rules available in Arellia Endpoint Remediation Suite and explains when they should be enabled.

Essentially there are 3 general use cases for when replication might be required. They are not mutually exclusive and can be combined in any desired combination.

Use Case 1 - Resource Discovery with multiple client facing SMP servers

In the scenario where the SMP hierarchy contains multiple child Notification Servers that perform resource discovery, the following replication rules should be considered:

  • COM+/DCOM - Relocate Up
  • COM+/DCOM - Replicate Down
  • Digital Certificate - Relocate Up
  • Digital Certificate - Replicate Down
  • Directories - Relocate Up
  • Directories - Replicate Down
  • Domain User Group - Relocate Up
  • Domain User Group - Replicate Down
  • File - Relocate Up
  • File - Replicate Down
  • File Extension - Relocate Up
  • File Extension - Replicate Down
  • File System Folder - Relocate Up
  • File System Folder - Replicate Down
  • Security Descriptor - Relocate Up
  • Security Descriptor - Replicate Down
  • Shared Folder - Relocate Up
  • Shared Folder - Replicate Down
  • Windows Domain - Relocate Up
  • Windows Domain - Replicate Down
  • Windows Service - Relocate Up
  • Windows Service - Replicate Down

Relocate Up rules "move" the owner of the resource being replicated from the child NS to the parent NS. This is useful when there may be duplicate resources existing within the hierarchy due to multiple child NS discovering the same resource. Once the parent NS becomes the owner of the resource it will resolve the duplicates by performing a resource merge.

The winner of the merge is then transmitted to the child NS by using the Replicate Down rule. Not enabling both directions for these rules will result in duplicates.

Only enable rules if you are using policies that reference these resource types.

Use Case 2 - Centralized Reporting

When setting up centralized reporting on the parent NS the following data classes and event classes should be considered for Replicating Up from your child NS:

Site specific resources

Local Users and Groups - Replicate Up

Enabling this rule will transmit all local users and group used by Local Security Solution reporting.

Events

  • Application Events - Replicate Up
  • Password Change Event - Replicate Up
  • Password Disclosure Event - Replicate Up

Data Classes

Computer Data Classes - Application Control

Replicates the COM Component Download data class for all Computer resources

Computer Data Classes - File Inventory

Replicates the following data classes for the Computer resource type:

  • File Location
  • File Report
  • Installed Msi Product

Computer Data Classes - Local Security

Replicates the following data classes for the Computer resource type:

  • COM Application Settings
  • COM Settings
  • DCOM Application Settings
  • Global Account Details
  • Global Domain Details
  • Local Account Settings
  • Privilege Membership
  • Shared Folder Settings
  • Windows Service Settings

Computer Data Classes - Security Analysis

Replicates the following data classes for the Computer resource type:

  • Oval Definition Result
  • Oval Test Result
  • Remediation Approval
  • Xccdf Profile Score

Only enable rules to Replicate Up to the parent NS if you wish to report on the data centrally.

Use Case 3 - Centralized Management

When a parent NS is used for centralized management the following data classes should be considered for replication as they encapsulate management items used by Arellia solutions:

Package Data Classes - Replicate Down

Replicates the Package Contents data class for the Package resource type.

Provisioned Resources - Replicate Down

Replicates the following resource types:

  • Provisioned User
  • Provisioned User Group

Scap Data Sources - Replicate Down

Replicates the Scap Content and Scap Data Source resource types.

Scap Entities - Replicate Down

Replicates all Scap Entity resources.

Security Descriptor User Defined - Replicate Down

Replicates the following data classes for the Security Descriptor User Defined resource type:

  • Security Descriptor DACL
  • Security Descriptor Header
  • Security Descriptor SACL
  • User Defined Security Descriptor

User Credentials - Replicate Down

Replicates the following data classes for the User Credentials resource type:

  • Global Account Details
  • User Account Password
  • User Credentials

When integrating with Active Directory only the parent NS in a hierarchy should perform resource discovery. The directory data can then be replicated down the hierarchy using:

Directory Data Classes - Replicate Down

Replicates the Directory Object Details data class for the following resource types:

  • Computer
  • Domain User Group
  • User

Management items like policies, filters and item security are replicated using the core SMP replication rules. These need to be configured using the Hierarchy Management UI in the Altiris console.

Arellia Agent Policies currently do not support replication. You will need to manually configure these throughout your hierarchy.