Hello, in factory-default configurations BIG-IP software includes a local trust domain with one member, which is the local device.
You will always see this group in sync in a standalone scenario, but if you check "Device Management Overview" you'll notice that there is actually only one device (again, local) in the group.
Also, according to K16509:
starting from BIG-IP 11.6.0, the datasync-global-dg device group is automatically created on systems in any of the following scenarios:
- You provision the BIG-IP ASM system on a new BIG-IP 11.6.0 installation.
- You upgraded BIG-IP ASM systems from previous versions to BIG-IP ASM 11.6.0 (or later).
- You added a BIG-IP 11.6.0 (or later) system to a trust domain that has another device with the datasync-global-dg device group.
- You upgraded to BIG-IP 11.6.0 (or later), a BIG-IP system that belongs to a trust domain that has another device with the datasync-global-dg device group.
After the datasync-global-dg device group is created on the systems, the device group automatically adds all devices in the same trust domain to itself. This includes devices that are not provisioned with the BIG-IP ASM system. The main purpose of the datasync-global-dg device group is to synchronize the system client-side scripts as well as the system cryptographic keys across all of the devices in the same trust domain. Therefore, this device group is essential in order to maintain the consistency of the system scripts and keys across all devices in the trust domain, and must not be removed from the devices.