New England Security User Group

I was wondering how many people are using 7.1 in a hierarchy environment with more than 1 child NS present.

Looking to see if it's worthwhile to put together some of the documentation I have for setting up child NS's in a hierarchy and adding in the capabiltirs to manage them as if they were stand-alone NS's for scheduling tasks & filter updates etc.

Among other things we have a customer that uses an pyramid infrastructure.
1 Parent (no clients), 2 children + 40 and Site Servers distributed on each.

The main reason is to maintain the control worldwide, creating what must be on the Parent and "imposing" it down. The info relayed from the bottom to the Top allow us to have a complete reporting point.

(10K clients)

..was to gauge how many customer were using this feature in a multi-tiered environment especially with multiple child NS's. I have worked with Development & Engineering to provide a method for breaking inheritance for child NS's on certain features so that each child NS has some autonomous opertion when it comes to internal schedules. This allows for unique schedules at each child to help alleviate concurrent processing of policies, membership updates etc. if you are using a shared SQL environment. This could cause slow or poor performance in your cluster and my process helps alleviate much of this.

Has anyone implemented it for this sort of situation? We really want to lock down our lab and test domains. Ideally we want the production NS for production systems only but I worried how difficult this will become. We are not a very large shop. Only 1k computers.

We haven't used hierarchy since 7.0.  It wasn't a good experience, but neither was 7.0 in general.  Things could have changed since then, but to me - its not worth the additional overhead and complexity.  I'd use hierarchy as a last resort, for anything.