I'm throwing this out to the masses. We are in the process of re-architecturing our EEPC infrastructure, and I'm trying to figure out how to best organize our machines in the Admin Console. We have about 16,000 machine objects in the database. Most of our encrypted machines start with the letters "L" or "T", which stands for Laptop or Tablet. We are currently using Autodomain to move machines into machine groups based on the first 3 digits of the local machine name. This creates 33,696 possible machine group names (26x36x36). We have found that this creates a lot of groups with only 1 or 2 machines, which makes it a pain to update these machines. We have considered moving to machine groups based on the the first 2 digits of the local machine names. That would cut the possible number of groups to 936 (26x36) groups, which would still be a lot of machine groups to manage. What we want to avoid is having too many machines in any one group.
My question is:
For Current Admins -- How many machines on average do you have in your machine groups?
For McAfee people -- Is there any type of hard limit to how many machines can be in a group? Is there a recommended limit?
What about user groups? Can you follow that group pattern?
3000 machines in one group is still OK, 5000 being barely acceptable. But it depends a lot on our server storage performance and database tuning (index/cache is a must).
As Peter says, there is no hard limit - well, 2^32 I guess it you want me to quote the design spec, but as the size of a group gets bigger, you run a higher and higher risk of hitting a transaction timeout, just because things take longer. The default transaction timeout is 30 seconds, after which it gets aborted, so as long as any group operation takes less time than that (or you increase the limit), nothing much will go wrong.
When a group operation times out though, normally it either gets zeroed, or significantly truncated, that's where orphans come from - they are the result of a succesful remove from one group, and a failed add on another.
So, get a chunky server and 3-5K is no problem, slow server, 500 may be an issue with the default timeouts. You can always change them though.