We are currently in the process of migrating from Ironmail/MEG 6.7.2 as a physical device to a Virtual Appliance running 7.5. I have just started configuring the device and reviewing the settings I will need to migrate from the existing server. One option the install presented to me was to activate the 'McAfee Email Protection (Hybrid) provisioning service'. What exactly is that? Is that related to the SaaS service in some capacity, pulling extra data from an online source in addition to local scanning? Is it similar to Trusted Source or something like that?
My goal is to set up multiple virtual appliances (one at our DR network and one in production) to help mitigate any outage issues or downtime tied to a single appliance.
Okay, if I understand this correctly: hybrid mode submits my messages to scanning in the cloud for inbound messages, then evaluates them against the policies on my device, while outbound are only scanned on the device. Which, if that is the case, I DO NOT want. So I'll have to see about removing hybrid mode or starting over and not selecting it, since that feature set is not what I want for our solution.
When you set up hybrid mode, you need to point your MX record to the McAfee SaaS cloud. The integration part on MEG is the bit that tells the cloud which MEG appliances are working for the specific domain (sets up the trust). Mail from the outside goes directly (via the MX) to the cloud rather than being sent there by your local MEG appliances.
So, no, it is not like Trusted Source at all. The actual messages are processed in the cloud prior to reaching your MEGs. The main advantage is the added scalabilty provided by the cloud service.
If all you want is to setup DR, hybrid is optional, and from your previous post it sounds like you don't want do use hybrid as it is.
Hope this helps.
Ditto... Can Hybrid Mode be switched off after the build? I also turned it on during the build without fully understanding what it was. It looks like it's a subscription service anyway. Can I just "not set it up" or do I need to specifically do something to disable it post-build?
The only reason we selected to engage hybrid mode was to replicate a service we had with Google Postini whereby mail would still be "delivered" to the cloud and queued if there were network issues. Right now we are forced to send mail through the cloud as well because our public IPs NAT'd to our mail hosts was somehow blacklisted; we are working to get that corrected.
Now back to hybrid mode; we despise it. A few reasons why:
So it's basically been a nightmare for us. Wish we could turn it off but the bosses are too concerned about network outage and email not getting in. The way I see it (and I've reiterated this in public forums at work) if you have a network outage, getting email working again during such time should be the least of your worries.