Jake -

Thanks for the quick reply.  We're using ADAM for LDAP, I don't think auto-discovery is not an option when using ADAM.

As for Patch Manager, yes, we'd be using Patch Manager (shared between both consoles) to patch.

As for ACL's, didn't really think about it too much, as I'm not sure it solves our issue.  Here is our issue:

In our current console (which manages all ADAM objects - users, workstations, servers), we have policies set against users as well as machines.  We have seen in testing that packages designed to run only on workstations will install on servers, if logged in with an ID which has packages assiciated to it.  We want to completely eliminate the possibility of any workstation packages from running on our servers, for obvious reasons, which is what drove us to look at creating a seperate console.

Here is what the environment looks like, both current and proposed:

Current:

• Single ADAM instance (replication between Active Directory and ADAM - users, workstations and servers)
• Single CMS Console
• Single Inventory DB

Proposed:

• Two ADAM instances
  • One for users, workstations and specific workstations groups
  • One for servers ONLY
• Two CMS Consoles
  • One for users, workstations and specific workstations groups
  • One for servers ONLY
• Single Inventory DB

We also have a single master transmitter environment (multiple mirrors) behind a load balancer, which also would not change.

Thanks for your input, Jake!

Vincent