Device Groups
The Device Groups page enables you to manage the device groups that segment the devices in your network for user access, reports, and alerts. You should outline your device groups to best suit your security and report requirements. If you plan your implementation strategy appropriately and create device groups and devices using logical naming conventions, auto-grouping rules enable you to automatically assign devices to device groups. You can manually pin (add) devices to groups from the Device Manager when you create or edit devices or you can pin devices to device groups from the Device Groups page.
To access the Device Groups page from the navigation bar, click the Devices menu and select Grouping, then Device Groups.
Device Group Hierarchy
The device group hierarchy appears on the left. First level device groups appear in alphabetical order under the parent All Device Groups. All devices are automatically added to the All Device Groups device group.
The Topology device group is unique. You cannot manage the Topology device group, the subordinate device groups, or membership of the devices in the Topology device groups.
- When you enable topology sources on the Cluster Manager > Cluster Settings tab, devices that topology discovers are automatically grouped in the Topology device group.
- Devices for which you enable the VMware Plugin are automatically grouped under the Topology device group.
- If you use the OpenStack xStats adapter, all OpenStack devices are automatically grouped under the Topology device group.
Perform the following steps to manage the device group hierarchy. Check boxes enable you to simultaneously manage the metadata values, drag and drop, and delete multiple device groups.
- Select the device group under which to add a new device group.
- Click Add Device Group to display the Add Device Group pop-up.
- In the Device Group Name field, enter the device group name.
- Click Save on the pop-up.
- - Click to edit the values for the metadata attributes you want to associate with the device group. Please refer to section Manage Metadata Values below.
- - Click to edit a device group name.
- Drag and drop device groups to different places in the hierarchy.
Note: If a Device Group is moved from one parent to another, the permissions found in the User Role Manager for that device group are changed to inherit the permissions from the new parent. - - Click to delete a device group. When you delete a device group that has associated
Policy Browser, a message appears to inform you that
associated policies will be deleted.
- On the message, click View Policies to display the Policy Association pop-up that lists the policies associated to the device group.
- Click Done to move the policies.
Manage Metadata Values
The in the device group hierarchy Actions column provides access to the Edit Metadata pop-up that enables you to manage the values for the metadata attributes you want to associate with the device group. The Metadata Schema page enables you to manage metadata attributes.
- Click in the Actions column to display the Edit Metadata pop-up.
- Click to make the Values field editable.
- In the Values field, enter the value for the attribute with the applicable attribute type
specific format.
- Date/Time: Must have a valid date and time format and can use natural language processing such as; 3 Thursdays ago at 5pm.
- Integer: Type: Value must be numeric.
- IP Address: Must use one of the following formats:
- IPv4: for example, 10.1.1.100 or 172.16.254.1
- IPv6: supports Zero Suppression format. For example, 2001:db8::1234::567:8:1 or 2601::0800:200c:417a
- Latitude and Longitude: Must have valid coordinates that are decimal values: -90.00 to 90.00 values for Latitude and -180.00 to 180.00 for Longitude
- MAC Address: Must use the following format: 0A:00:27:00:00:00
- Text (Validated): Supports up to 1024 UTF-16 characters including PCRE regex that uses preg-match (perform a regular expression match) to validate the regular expression you enter against the attribute definition from the Metadata Schema page.
- Text: Supports up to 65K UTF-16 varchar characters.
- URL: Complete the following fields:
- Link Display Text: Enter the text to display in reports as the link caption.
- URL: Enter the URL. Must have FQDN validation, supports username prefix, ports, protocol AND ?/& for HTTP GET variables, and optional additional PCRE regex for validation, and must be fewer than 255 characters.
- Click Update to save the value.
Device Group Membership Rules
The standard way to control device group membership is through rules. Membership rules enable you to automatically add devices to the device group. A device group can contain one or multiple rules that are used to identify devices to be associated with the group. The group contains all devices that are a match for at least one rule in the group. You could think of the rules in one group as being joined by a logical OR statement. You will need to apply newly added or edited rules manually. To do so, click the Apply Rules button after adding/editing rules. Otherwise, the group rules will not be applied and any previous members will remain valid. Whenever a device is discovered or re-discovered, the rules for the groups are applied for it and it is added to the correct groups. Those rules might simply be saved and not applied to the group itself.
A device is member of a device group when it matches at least one rule from this group and its a member of its parent group. This means that the device should be a match for at least one rule in this and all ancestor groups.When rules are applied at the parent group, the rules for all child groups are also re-applied. This could cause devices to be removed from or added to the child groups based on the new parent restrictions.
Click on a device group in the hierarchy to display the device group membership rules and the list of devices that are members of the device group on the right. Rules are case-sensitive, and you can use Perl regular expressions to create rules. For details, please refer to section Perl Regular Expressions in SevOne NMS System Administration Guide.
A user adding a rule to a parent device group will see a pop-up with the following warning message regarding its child groups dependent on the group's permissions:
Note that this change could affect the membership of one or more devices in the descendant groups.
or
The devices would be limited due to parent group restriction.
A user attempting to add a rule to a child group will see the following message when you select the Prompt option from Cluster Manager > Cluster Settings tab > Devices subtab, Propagate child rules up to the parent drop-down:
The devices would be limited due to parent group restriction. Would you like to add this rule to the parent group/s?
NOTE: To modify the settings for Device Group Membership Rules, go to Cluster Manager > Cluster Settings tab > Devices subtab.
From Administration > Cluster Manager > Cluster Settings tab > Devices subtab, field Propagate child rules up to the parent has the following options.
- Don't allow - Do not allow child rules to propagate up to the parent.
- Prompt - Will prompt you whether to allow child rules to propagate up to the parent.
- Automatically - Automatically propagate child rules up to the parent.
A few caveats when adding / modifying Device Group Rules:
- If field Propagate child rules up to the parent is set to Automatically or Prompt, the rule will be prompted to be copied or copied into the parent only if there is a device matching that rule.
- If such device is added into the system later, discovery will not add it the child group, unless the child rule is modified or SevOne-act devicetags migrate-rules is executed.
- If a child rule is modified to match a new subset of devices, a new rule will be added to the parent if there is a matching device in the system.
- If a child rule is deleted, the one in the parent will remain.
- If a propagated parent rule is deleted, it will remain in the child group.
- If there is a matching rule already in the parent with a different expression, the newly added child group rule will not get copied.
- Click Add Rule or to display the Add/Edit Device Group Membership Rule pop-up. Each rule requires only one
field. If you populate several fields per rule the criteria you enter in the row are cumulative.
Note: Example
Enter Remote in the Name field and enter ^192\.168 in the Mgt IP field in the same rule criteria row. The device must have both Remote in the name AND an IP address that starts with 192.168 to be added to the device group.- Device Name - The device name (wildcards are implied).
- Device Description - The device description.
- Management IP Address - The IP address of the device (^192\.168 adds all devices whose IP address starts with 192.168).
- sysDescr - The text you get when you SNMP walk the sysDescr OID. For details, please refer to section SNMP Walk in SevOne NMS System Administration Guide.
- sysContact – The text you get when you SNMP walk the sysContact OID.
- sysLocation - The text you get when you SNMP walk the sysLocation OID.
- sysName – The text you get when you SNMP walk the sysName OID.
- sysObjectID - The text you get when you SNMP walk the sysObjectID OID.
- Metadata Namespace - Allows you to choose the metadata namespace from the drop-down. Once
the namespace is selected, Metadata Attribute field becomes available. Choose the metadata
attribute from the drop-down. Upon selecting the Metadata Attribute, Metadata Value field
becomes available. Enter a value in the Metadata Value field.Note: The standard quantifiers in regular expressions (regex) are greedy, meaning they match as much as they can, only giving back as necessary to match the remainder of the regex. By using a lazy quantifier, the expression tries the minimal match first. You are advised to use lazy quantifier.
- Click Save to save the rule criteria.
- Repeat these steps to add additional rules to use the OR Boolean.
Note: Example
Enter Remote in the Name field in the first row in the rule table then click Create Rule. Enter ^192\.168 in the second row in the rule table. The device can have either Remote in the name OR an IP address that starts with 192.168 to be added to the device group. - Click Apply Rules to add the devices that meet the rule criteria to the device group.
Device Group Membership
The Membership section displays the devices that are members of the device group. When you pin a device to a device group, rules do not affect the device membership. You must manually unpin a pinned device to remove its membership. When a rule adds a device to a device group, if you change the rule, the devices that were added by the rule can automatically be removed from the device group.
When a device is pinned to a child group, SevOne NMS checks to see whether this device is pinned to the parent group. A device might be a member of the parent group due to matching rules; however, pinning it to the child would still require it to be pinned to the parent. If it is not pinned to the parent, SevOne NMS will try to automatically pin it to the full hierarchy. If the user does not have permissions to alter the parent group, the entire action will be rejected.
When a device is unpinned from the parent group, it is also removed from all children groups. On the other hand, when a device is unpinned from the child group, the parent group devices are not affected in any way.
- - Indicates the device is a member that was pinned to the device group at this level.
- - Indicates the device is a member that was added by a device group membership rule at this level.
Membership Management
The Pin Devices button enables you to manually add devices to the device group and enables you to pin or unpin devices that are members of the group.
- Click Pin Devices to display the Pin Devices pop-up. All devices to which you have edit
permission and are not already pinned to the device group, appear in the list.
- Select the check box for each device to pin to the device group.
- Click Pin to Group on the pop-up to pin the devices you select to the device group.
- In the Membership list, select the check box for each device to pin to the device group, click and select Pin Devices to pin the devices you select to the device group.
- Select the check box for each device to unpin from the device group, click , and select Unpin Devices to unpin the devices you select from the device group. If you pin a device that was added by a rule, when you unpin the device it is removed from the membership list. If you click Apply Rule, the device appears in the list again.
- - Click to view the values for the metadata attributes you want to associate with the device. See the Manage Metadata Values section above.