Is it possible to integrate a single ATD appliance across 2 separate TIE fabrics managed by 2 different ePO servers?
If yes. What is the impact on event data back to each ePO Server?
this worked in my lab. I have two virtual companies with several DCs, EPOs and so on. I installed several TIE servers and DXL brokers.
The TIE Servers are sending the File to ATD using HTTP. The result Comes back to TIE and is stored in the TIE database.
Samples sent from TIEserver1 are not visible on TIEserver2.
At the Moment i do not know if there is any change with TIE 1.1.1 and ATD 3.4.8. I have not tested this with this versions.
Just so that I am on the right page. You have 2 TIE Master servers sending samples to a single ATD appliance? Each TIE Master server services a different company which in turn have their own ePO server?
my actual point of information is the following: Only one TIE Master is supported on one DXL Fabric. I saw a drawing from McAfee where two TIE Masters are available. In my LAB the whole DXL fabric is not working probably any more if there is more than one TIE Master connected. There may be a solution for this, but at the moment i don´t have a solution. So i always use one TIE Master at all.
In my last test in my LAB is saw the following behavior with TIE Reputations and two TIE Masters: The TIE reputation info always switched between the servers,
Working with one TIE Master/Slave and several DXL Brokers works really fine. As you can see in the Screenshot. There are 4 EPO Servers using one DXL fabric. Also Active Response with Cloud Bridge is enabled on Broker malbroker1.mal.ware. Also ATD and MWG are connected to this DXL fabric.
But finally only one TIE Master.
Hope this helps,