Groups and group membership are ideal for managing access for all endpoints in the SD-WAN Client solution.

When creating groups, consider the needs of the members. Access requirements should drive group membership. You can further subdivide groups and assign nodes to multiple groups. Try to balance making the group functional yet prescriptive when assigning to a network.

1. The first group is called "All ATMs." As its description states, all ATMs should be placed in this group. The reasoning here is that this group will be referenced in the first and second networks. The assumption is that all ATMs will need to be managed, and all ATMs will need access to the banking application.
2. "Banking Applications" represents all the server nodes that host the application services the ATMs need to access to function correctly. Membership to this group should be exclusive to those servers.
3. The last group, "MS Config Manager," is for servers running Microsoft's Configuration Manager and managing and updating ATM endpoints. Again, restrict membership to servers that perform this function for the ATMs.