3-57
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 3 Managing the Device Inventory
Working with Device Groups
Working with Device Groups
You can create device groups to help you organize your devices for more effective device management.
The following topics explain device groups and how to use them:
Understanding Device Grouping, page 3-57
Creating Device Group Types, page3-59
Creating Device Groups, page 3-60
Deleting Device Groups or Group Types, page3-60
Adding Devices to or Removing Them From Device Groups, page3-60

Understanding Device Grouping

Device groups are simple, arbitrary, organizational collections of devices that you create for more
effective network visualization. They are not policy-sharing entities. They are distinct from the various
policy object groups (for example AAA server group objects and user group objects). For information
on policy objects, see Chapter 6, “Managing Policy Objects”.
Tip If you have a large number of devices, grouping them can make it easier to select a subset of devices
when you deploy changes to them. For example, if there is a set of devices that you know you will want
to deploy changes to simultaneously, if you put them in a single device group, you just have to select the
group in the deployment job. For more information about policy deployment, see Chapter 8, “Managing
Deployment”.
Device grouping enables you to view a subset of devices in the inventory. The device group hierarchy
has two types of folders:
Device group types—Group types are the highest level in the hierarchy. A group type can contain
specific device groups, but it cannot contain devices, except for the All group type, which includes
all devices in the inventory. Security Manager comes with the group types Department and Location
predefined, but you do not need to use them, and you can delete them. You can create a maximum
of 10 group types.
Device groups—Device groups are subfolders within a group type folder. You can create multiple
levels of nested device groups. You can place devices within device groups. However, a device can
be in only one group within a group type. For example, in Figure 3-3 under the group type, Location,
you can assign routerx to San Jose, but you cannot assign routerx to San Jose and California.
Figure 3-3 shows an example of nested device groups with devices in some of the groups. Notice that an
individual device can reside in multiple groups. In this example, routerx is in the Finance group (under
the Department group type), and also in the Location > United States > California > San Jose n ested
group. If you select routerx in any of these places, you are configuring a single device (the configurations
are not tied to the grouping).