I am doing in a same format as all servers are having naming convention so it is good to track in this format.
With naming conversion it is easy to do shorting with Tag.
You have a few options available to you.
- Utilize Active Directory or portions of AD that would help populate groups in your system tree.
- You can utilize IP sorting as an alternative for placing systems in a group.
- Depending on how many systems you plan to manage you could also do a free form design.
I have always found a hybrid approach seems to work best using AD to populate systems and getting them into ePO but using Sorting Criteria to handle the heavy lifting when it comes to placing them in the right group in the tree. This way you can leverage Tags, IPs and custom properties (if used as a tag criteria) right along with using known-good AD groups/containers. Let's face it, AD is rarely kept pristine or even cleaned up except once every few months at best (usually, YMMV) so it makes little to no sense to continually populate your ePO environment with deleted, duplicated, disabled and deactivated systems. Find out which CN/OUs are used for system builds and system removal - do not sync those groups - then add the main systems to your ePO as you see fit and need.
Your system tree design should be tailored to your organisations needs.
Valid points made about poorly maintained AD structures, but on the other hand if you have a well logically organised structure and well maintain retirement processes why not use it?
Policies and client tasks are assigned at the system tree group level, so if for example you have all your SQL servers in a given OU it would make sense to apply an SQL policy to that OU?
You can also leverage the Data Centre Connectors if you use MOVE AV to populate your system tree groups.
This all comes down to how you want to assign your policies and client task. Either used tree location or tags or in our case a combination of both.
I currently sync 7 AD domains into our tree, along with our VMWare DMZ synced using the vCentre Data Centre Connector. Some systems are also sorted manually.
Certified McAfee Product Specislist - ePO
What you've proposed should work just fine if you're running a small organization with decent bandwidth.
Many organizations will apply policies via the system tree, so if you plan to assign policies at the system tree level (as opposed to Policy Assignment Rules), then your design works really well for the most part.
If you're running a very large organization across geographically disparate locations, then you may want to reconsider this design.
For more information, take a look at our ePO 5.1 Best Practice Guide for more details (PD25519 - Section 4: What the System Tree Does).