Email Protection Deployment options

Version 2

     

    Introduction

     

    This document describes the different deployment options for McAfee Email Protection. Whether you are looking at Office 365 (Microsoft Exchange Online) protection or a traditional deployment, whether you are looking at a SaaS solution, an on premise solution or a hybrid of both, this document will show you all the options and combinations available.

    Traditional Deployments

     

    McAfee Email Gateway (MEG) on premise

     

    Outbound: The end users email client (MS Outlook or other) is pointing to a local Exchange server (or any other mail server). The Exchange server uses McAfee Email Gateway (appliances or virtual images) as the "next hop". MEG uses global DNS to determine the next hop for the delivery of the email.

     

    Inbound: The company DNS MX records are pointing to the MEG. MEG uses the local Exchange server as the "next hop" and end users retrieve emails from the Exchange server.

    01-MEG-deployment.png

    McAfee SaaS Email Protection in the cloud

     

    Outbound: The end users email client (MS Outlook or other) is pointing to a local Exchange server (or any other mail server). The Exchange server uses McAfee SaaS Email Protection in the cloud as the "next hop". Email SaaS uses global DNS to determine the next hop for the delivery of the email.

     

    Inbound: The company DNS MX records are pointing at the McAfee SaaS Email Protection. Email SaaS uses the on premise Exchange server as the "next hop" and end users retrieve emails from the Exchange server.

    Email SaaS includes the "Email Continuity" service to allow web based email access in case of an outage on the Exchange server.

    02-SaaS-Deployment.png

    Email Hybrid (SaaS and on premise)

     

    Outbound: The end users email client (MS Outlook or other) is pointing to a local Exchange server (or any other mail server). The Exchange server uses McAfee Email Gateway (appliances or virtual images) as the "next hop". MEG uses global DNS to determine the next hop for the delivery of the email.

     

    Inbound: The company DNS MX records are pointing at the McAfee SaaS Email Protection. Email SaaS uses the on premise MEG as the "next hop", the MEG uses the Exchange server as the "next hop" and end users retrieve emails from the Exchange server.

     

    Hybrid Advantages:

         - Inbound Spam and Malware is scanned and filtered by Email SaaS

         - Outbound DLP and encryption is handled on premise by MEG

         - Better scalability and reduced load on MEG

         - Both Email SaaS and MEG are managed in one interface

         - Centralized on-premise quarantine and message reporting

     

    03-Hybrid-deployment.png

     

     

    Office 365 (Exchange Online) deployments

     

    McAfee Email Protection very easily protects Office 365 (Exchange online) deployments. There are no restrictions in the features you can use in Office 365 or the McAfee Email Protection and the overall deployment is very similar to any traditional deployment methods mentioned above.

     

    McAfee Email Gateway (MEG) on premise

     

    Outbound: The end users email client (MS Outlook or web access) is pointing to the Office 365 Exchange online server. Office 365 is configured to use McAfee Email Gateway (appliances or virtual images) as the "next hop". MEG uses global DNS to determine the next hop for the delivery of the email.

     

    04-o365-outbound.png

    Inbound: The company DNS MX records are pointing to the MEG. MEG uses the Office 365 Exchange online server as the "next hop" and end users retrieve emails from Office 365.

    05-o365-inbound.png

    McAfee SaaS Email Protection in the cloud

     

    Outbound: The end users email client (MS Outlook or web access) is pointing to the Office 365 Exchange online server. Office 365 is configured to use McAfee SaaS Email Protection in the cloud as the "next hop". Email SaaS uses global DNS to determine the next hop for the delivery of the email.

     

    Inbound: The company DNS MX records are pointing at the McAfee SaaS Email Protection. Email SaaS uses the Office 365 Exchange online server as the "next hop" and end users retrieve emails from Office 365.

    Email SaaS includes the "Email Continuity" service to allow web based email access in case of an outage on the Office 365 side.

     

    SaaS Advantages:

         - Very easy to configure and deploy. Instant protection of Office 365 mailboxes

         - No on premise infrastructure to manage and no additional load on perimeter protections

         - Scalable to your needs

     

    06-o365-SaaS.png

    Email Hybrid (SaaS and on premise)

     

    Outbound: The end users email client (MS Outlook or web access) is pointing to the Office 365 Exchange online server. Office 365 is configured to use McAfee Email Gateway (appliances or virtual images) as the "next hop". MEG uses global DNS to determine the next hop for the delivery of the email (same as on premise deployment above).

     

    Inbound: The company DNS MX records are pointing at the McAfee SaaS Email Protection. Email SaaS uses the on premise MEG as the "next hop", the MEG uses the Office 365 Exchange online server as the "next hop" and end users retrieve emails from Office 365.

    07-o365-hybrid.png