Use case: This model is intended for cases where a common deployment object is desired, but only some ITSOs expect to deploy it, or different ITSOs need to take differing additional steps to complete the deployment within their subscriptions.

EPM Responsibilities: Maintain the deployment object at a supported version; document the intended resulting state of the deployment; ensure the deployment item is fit for use.

ITSO Responsibilities: Maintain the deployment object at a supported version; document the intended resulting state of the deployment; ensure the deployment item is fit for use.

Deployment Object: Located in EPM Space. The deployment object is created by EPM within their own management space.

Enforcement Requirement: Opt-In. Since the deployment mechanism is created and applied by the ITSO the ITSO has full capability within its subscription to enforce the deployment (if at all) only to the systems it chooses.

Scope: Determined by ITSO. Since the deployment mechanism is created and applied by the ITSO the resulting scope of computers to be targeted by the deployment is also thereby defined by the ITSO as it chooses.

Inclusion Collection: Entirely created and managed within ITSO Subscriptions. Since the deployment mechanism is created and applied by the ITSO within its subscription, the collections included in deployment must also exist within ITSO Subscriptions.

Inclusion Sub-collection: N/A. This model does not define any inclusion subcollections to be managed in a particular way, since deployment is under the full control of ITSOs. An ITSO may choose to make use of subcollections in its own plans outside the scope of this model’s governance.

Exclusion Collection: N/A. This model does not define any exclusion collections since deployment is managed on an opt-in basis instead.

Deployment Initiation: Initiated by ITSOs against the Inclusion Collections they manage with their own subscriptions.

Use case: This model is intended for cases where a common deployment object is desired, most ITSOs will want to deploy it in most where it is applicable, but they want granular control over the scope and timing of the deployment.

EPM Responsibilities: Maintain the deployment object at a supported version; document the intended resulting state of the deployment; ensure the deployment item is fit for use; initiate deployment to an Inclusion Collection it manages; create Inclusion Subcollections for ITSOs to manage (or reuse existing such subcollections as appropriate).

ITSO Responsibilities: Review EPM documentation; manage membership of the Inclusion Subcollection; ensure the scope of inclusion is fit for purpose.

Deployment Object: Located in EPM Space. The deployment object is created by EPM within their own management space.

Enforcement Requirement: Opt-In

Scope: Determined by ITSO. Since the membership of the Inclusion Subcollection is managed by the ITSO the resulting scope of computers targeted by the deployment is also thereby defined by the ITSO as it chooses.

Inclusion Collection: Entirely created and managed by EPM within its own space.

Inclusion Sub-collection: Created by EPM within ITSO’s subscriptions, but membership is left to ITSOs to manage.

Exclusion Collection: N/A. This model does not define any exclusion collections since deployment is managed on an opt-in basis instead.

Deployment Initiation: Initiated by EPM against the Inclusion Collection it manages within EPM space.

Use case: This model is intended for cases where a common deployment object is desired, and deployment needs to be centrally controlled, such as in cases where security or licensing concerns constrain the scope of deployment.

EPM responsibilities: Maintain the deployment object at a supported version; document the intended resulting state of the deployment; ensure the deployment item is fit for use; initiate deployment to an Inclusion Collection it manages; establish a mechanism to add approved clients to the Inclusion Collection; participate further in the approval process as called for by governance.

ITSO Responsibilities: Review EPM documentation; request membership updates for the Inclusion Collection; ensure the scope of requested inclusion is fit for purpose.

Deployment Object: Located in EPM Space. The deployment object is created by EPM within their own management space.

Enforcement Requirement: Opt-In

Scope: Determined by Governance: Since the membership of the Inclusion Collection is managed by EPM the resulting scope of computers targeted by the deployment is also managed by EPM. EPM will define the inclusion membership to be those clients that meet the eligibility requirements determined by Governance and that are specifically requested by ITSOs. The eligibility requirements may extend to all clients, only to clients of a certain type, or simply to any client that successfully completes an inclusion approval process.

Inclusion Collection: Entirely created and managed by EPM within its own space.

Inclusion Sub-collection: N/A. This model does not define any inclusion subcollections to be managed in a particular way, since inclusion rules are under the full control of EPM and may be directly implemented in the Inclusion Collection. EPM may choose to make use of subcollections in its own plans outside the scope of this model’s governance.

Exclusion Collection: N/A. This model does not define any exclusion collections since deployment is managed on an opt-in basis instead.

Deployment Initiation: Initiated by EPM against the Inclusion Collection it manages within EPM space.

Use case: This model is intended for cases where a common deployment object is desired, most ITSOs will want it automatically deployed it in most where it is applicable, but they want granular control over exclusions.

EPM Responsibilities: Review EPM documentation; manage membership of the Exclusion Collection; ensure the resulting scope of inclusion is fit for purpose.

ITSO Responsibilities: Review EPM documentation; manage membership of the Exclusion Collection; ensure the resulting scope of inclusion is fit for purpose.

Deployment Object: Located in EPM Space. The deployment object is created by EPM within their own management space.

Enforcement Requirement: Opt-Out

Scope: Determined by Governance: Since the membership of the Inclusion Collection is managed by EPM the resulting scope of computers targeted by the deployment is also managed by EPM. EPM will define the inclusion membership to be those clients that meet eligibility requirements determined by Governance to the exclusion of clients in ITSO-managed Exclusion Collections. The eligibility requirements may extend to all clients or only to clients of a certain type.

Inclusion Collection: Entirely created and managed by EPM within its own space.

Inclusion Sub-collection: N/A. This model does not define any inclusion subcollections to be managed in a particular way, since inclusion rules are under the full control of EPM and may be directly implemented in the Inclusion Collection. EPM may choose to make use of subcollections in its own plans outside the scope of this model’s governance.

Exclusion Collection: Created by EPM within ITSO’s subscriptions, but membership is left to ITSOs to manage.

Deployment Initiation: Initiated by EPM against the Inclusion Collection it manages within EPM space.

Use case: This model is intended for cases where a common deployment object is required, and deployment is mandated by campus leadership or a higher authority.

EPM Responsibilities: Maintain the deployment object at a supported version; document the intended resulting state of the deployment; ensure the deployment item is fit for use; initiate deployment to an Inclusion Collection it manages; create an Exclusion Collection it manages; establish a mechanism to add approved clients to the Exclusion Collection; participate further in the approval process as called for by governance; ensure the resulting scope of inclusion is fit for purpose.

ITSO Responsibilities: Review EPM documentation; request membership updates for the Exclusion Collection.

Deployment Object: Located in EPM Space. The deployment object is created by EPM within their own management space.

Enforcement Requirement: Opt-Out

Scope: Since the membership of the Inclusion Collection is managed by EPM the resulting scope of computers targeted by the deployment is also managed by EPM. EPM will define the inclusion membership to be those clients that meet eligibility requirements determined by Governance to the exclusion of clients in an EPM-managed Exclusion Collections. The eligibility requirements for inclusion may extend to all clients or only to clients of a certain type. The eligibility requirements for exclusion to clients of a certain type or simply to any client that successfully completes an exclusion approval process.

Inclusion Collection: Entirely created and managed within ITSO Subscriptions.

Inclusion Sub-collection: N/A. This model does not define any inclusion subcollections to be managed in a particular way, since inclusion rules are under the full control of EPM and may be directly implemented in the Inclusion Collection. EPM may choose to make use of subcollections in its own plans outside the scope of this model’s governance.

Exclusion Collection: Entirely created and managed by EPM within EPM Space.
Special note on mandatory deployments: Governance may effectively define a deployment as mandatory by requiring a EPM-Managed Opt-Out deployment that simply allows no members in the EPM-managed Exclusion Collection.

Deployment Initiation: Initiated by EPM against the Inclusion Collection it manages within EPM space.