Web Gateway Cloud Service: Introduction -- What does it mean for me?

Version 23

     

    Introduction

    Over the past couple months you might have seen notifications going out about the Web Gateway Cloud Service and wonder what it means for you. I'll attempt to cover this succinctly below.

     

    tl;dr: Added global infrastructure, new management platform in ePO Cloud, see FAQ's for migration.

     

     

    Video Walkthrough

    A quick three minute walkthrough of the changes, what it means for you, how to sign up, and a tour of the new UI within ePO Cloud.

     

     

    If you have problems viewing the video, you can download it here.

     

     

    Two Major Changes

    The Web Gateway Cloud Service (formerly SaaS Web Protection) represents two major changes.

     

    Global Infrastructure

    New data centers and points of presence have been added, as well as supporting infrastructure. The end result is faster speeds, expanded global footprint, geo-localized content, and better global routing. Check out  https://trust.mcafee.com/ for details about our footprint.

     

    Managed from ePO Cloud

    New user interface is hosted in ePO Cloud. This is the first iteration of a new and improved user experience for managing web policy in the cloud. Hosted at https://manage.mcafee.com/.

     

     

    How do I migrate to the new Global Infrastructure?

    Change your proxy settings to some form of cXXXXXX.saasprotection.com (where XXXXXX is your customer ID). Using the new DNS name ensures proper routing of traffic.

     

    IMPORTANT: Using hard-coded IPs (208.65.150.192) does not ensure proper routing and can lead to problems. If you wish to route traffic to a specific country, please read up on our country/region specific prefixes (i.e. us-east.cXXXXXX.saasprotection.com): How to configure Web Gateway Cloud Service country-specific and region-specific prefixes.

     

    Find your Customer ID in the Control Console

    To find your current customer ID in the Control Console, login to the Control Console under Web Protection > Policies > McAfee Client Proxy Policies. The customer ID should be listed on this screen.

     

     

    Find your Customer ID in ePO

    To find your customer ID in ePO, navigate to Policy Catalog > Select McAfee Client Proxy from the Product drop-down, open your MCP policy and click Client Configuration. The customer ID should be listed on this screen.

     

     

     

    Update your proxies

    Once you have your customer ID, update your proxy settings to reflect it (i.e. cXXXXXX.saasprotection.com).

     

     

     

     

    What is ePO Cloud and how do I migrate to it?

    ePolicy Orchestrator (ePO) is a software management platform and ePO Cloud is hosted in the cloud, allowing us (McAfee) to manage the platform, and you (the customer) to manage the software. More and more products are being brought into ePO Cloud, Web Gateway is one of the first non-endpoint solutions to be brought in with more coming.

     

    To migrate, sign up for a trial account or contact your account team to get a permanent account created. A trial account will remain a trial account until a subscription is purchased, OR your account team converts it to a permanent account (to match your existing entitlement). As of today (Dec 12th, 2016) there is no automatic migration from Control Console to ePO Cloud.

     

    IMPORTANT: The legacy web policy (Control Console) account will co-exist with the ePO Cloud web policy. Allowing you to build and test the new policy in ePO Cloud without impacting users on the legacy policy.

     

    ePO Cloud vs Control Console (for Policy Management)

    With ePO Cloud, web policy can now be managed from our newly redesigned UI. The new UI is intended to put everything into view to reduce the extra clicks it takes to customize rules. If you manage a hybrid deployment in combination with ePO Cloud, the Web Protection Policy Management will be disabled.

     

     

     

    ePO Cloud vs Control Console (for MCP Policy)

    ePO Cloud allows customers to manage their endpoint software just like you may be doing with ePO on-premise. If MCP is the only reason you're using ePO on-premise, then ePO Cloud would be perfect for managing it. Otherwise ePO Cloud can also managed ENS 10.

     

    ePO Cloud vs Control Console (for Reporting)

    ePO Cloud offers integrated reporting for Web Gateway Cloud Service traffic. Dashboards and drill down reports are available for understanding your current traffic patterns.

     

     

    Considerations

    There are a couple considerations to take into account before and after the migration. I'll cover them below and add any if they arise later.

     

    Customer ID in ePO Cloud

    To find your Customer ID in ePO Cloud, open the top level menu and click Getting Started under the Web Protection heading.

     

     

     

    Web Hybrid Sync

    For web hybrid customers, management of the policy is done from the on-premise Web Gateway. The Web Gateway is provisioned an account in ePO Cloud for which the sync tasks will be done with. In Web Gateway this account is defined under Configuration > Web Hybrid.

     

    In order to create and activate an account in ePO Cloud, the email address must be valid.

     

    When you initiate the web hybrid sync to the Web Gateway Cloud Service, web policy management will no longer be available in ePO Cloud (see "Policy Unavailable" message below).

     

     

     

    On-Premise Reporting

    If you're using Content Security Reporter or Web Reporter to pull logs from the Web Gateway Cloud Service, they too will require an account from ePO Cloud. This account will be used to pull the logs from the cloud to your on-premise reporting solution.

     

    In order to create and activate an account in ePO Cloud, the email address must be valid.

     

    In Content Security Reporter, the account is defined in the Log Sources under Report Server Settings > Log Sources. Then add a new Log Source look for any using the McAfee SaaS Web Protection Service Format.

     

     

    In Web Reporter, the account is defined in the Log Sources under Administration > Log Sources. Add a new log source for the Web Gateway Cloud Service.

     

     

    FAQ

    Depending on your current situation, a couple of FAQ's have been written. An FAQ for web hybrid customers and the other for SaaS only customers.