Build the Hierarchy for Your Organization
Start building your hierarchy or scope tree; this involves identifying and categorizing the assets, determining the scope, defining roles and responsibilities, developing policies and procedures to create a branch of the scope tree.
The wizard guides you through creating a branch of the scope tree. Enter IP addresses or subnets for each blue-outlined scope, the labels are automatically applied based on the scope tree.
Pre-requisites:
-
Gather IP Addresses or Subnets associated with your Pre-Production environment, your data centers, and your Internal network.
-
Gather as many IP addresses or subnets as you can, you can add the additional IP addresses or subnets later.
-
As you build your tree, you can add IP addresses or subnets for the other scopes in the tree (the gray blocks).
To create the scope tree, perform the following tasks:
Define the Internal Scope
The internal scope includes all IP addresses that define your organization's internal network, including public and private IP addresses.
The wizard walks you through adding IP addresses to each scope in the tree branch. As you add addresses, the wizard assigns labels to each address that defines the scope.
For example, on this Scope Setup window, the wizard assigns the label
Organization=Internal
to each IP address.
By default, the wizard adds the IP addresses in the private internet address space as defined in RFC 1918
|
All the IP addresses need not be entered at once, but you must include the IP addresses associated with your chosen application, you can add the rest of the IP addresses at a later time. |
Define the Data Center Scope
This scope includes the IP addresses that define your on-premises data centers. Enter the IP addresses/subnets that define your internal network
|
|
Scope names should be short and meaningful. |
On this window, enter the IP addresses that you have entered for the organization, these addresses must be a subset of the addresses for your internal network. If you have multiple data centers, include all of them in this scope so you can define a single set of policies.
|
|
You can always add more addresses at a later stage. For instance, the wizard assigns these labels to each of the IP addresses:
|
Define the Pre-Production Scope
This scope includes IP addresses of non-production applications and hosts, such as development, lab, test, or staging systems.
|
|
Ensure you do not include addresses of any applications that are used to conduct actual business, use them for the production scope that you define later. |
The IP addresses you enter on this window must be a subset of the addresses you entered for your data centers, include the addresses of your chosen application. Ideally, they should also include pre-production addresses that are not part of the chosen application.
|
|
You can always add more addresses at a later stage. |
Review Scope Tree, Scopes, and Labels
Before you start creating the scope tree, review the hierarchy that you can see on the left window. The root scope shows labels that were automatically created for all configured IP addresses and subnets. At a later stage in the process, applications are added to this scope tree.
You can expand and collapse branches and scroll down to choose a specific scope. Onthe right pane, you can see the IP addresses and labels assigned to the workloads for the specific scope. On this window, you can review, modify the scope tree before you add an application to this scope.
|
|
If you want to view this information after you exit the wizard, from the navigation menu, choose . |