cancel
Showing results for 
Search instead for 
Did you mean: 
D-ave
Level 7
Report Inappropriate Content
Message 1 of 9

MEE Quickstart manual - interpreting a NOTE

          I posted this yeaterday- it is no longer here???

Again please..

I'll try to not write this so technically, as last time- maybe that was the problem?

Hows this-

hey guys I have um epp and like in the book thing it tells me I cant encrypt the machine that i have the manager installed

ok nevermind- that's not going to work is it.

Here

In the EPP (Version 5.1.8.0) Quick Start Guide, page 14 where it describes CREATING AN EE Server Object, there is a NOTE near the bottom of the page that reads:

"NOTE: If you are using multiple machines for testing, leave all the Endpoint Encryption Server settings at their defaults.  If you are testing Endpoint Encryption Manager and the Endpoint Encryption for PC client on one machine, YOU MUST CHANGE THE IP ADDRESS TO 127.0.0.1"

With that in mind, here is my testing configuration:  I have 2 PCs. I want to encrypt the drives on BOTH. One must have the managment software on it. These are the ONLY 2 PC's in the entire system. They BOTH require encrypted drives and no other PCs exist.  If I read the note, it is an EITHER-OR sentance. I know if I use (localhost ip) and try to create an install set, it won't work for the remote machine... and I can guess that the client software isn't smart enough to realize that it is also the server and it should not try to communicate with it's own IP, but insted automatically drop back to (localhost). Probably a security issue. 

The best I can come up with, makes little sense to me.  That I must create TWO separate servers within the managment software, whereas one will serve the remote PC and the other will serve "itself" -? .. then create install EXEs for EACH. That defeats all the cool central managment features so that can't be true.

Further,

On page 17 (SETUP MACHINE CONFIGURATION", it states:

"CAUTION: Do not select any encryption if you intend to install the client software on the same machine as the administration system!"

Is this intended to convey that you can NEVER encrype the drive that the managment server software is on, or does it mean that you must change the attribute AFTER the client installation, rather than as part of it?

-signed- stuck on page 14.

Labels (1)
8 Replies

Re: MEE Quickstart manual - interpreting a NOTE

That is right. Do never encrypt machine that EEM is on it?

How would you recover if it gets a problem?

(there might be some workarounds but it will be soooooo..... non-standard)

D-ave
Level 7
Report Inappropriate Content
Message 3 of 9

Re: MEE Quickstart manual - interpreting a NOTE

You are saying to NEVER encrypt the drive that the administrative software is installed?

Then why would Mcafee write in their manual, the option to "test on one PC with both administrative tool and client"? Do they mean you can not test the encryption capabilities?  Why bother?

It seems to me that problems should not occur, but if they did, installing the managment software on another PC would get you out of trouble, using correct password or backup, and a safetech boot disk?

Re: MEE Quickstart manual - interpreting a NOTE

Arificial test environment can be built using McAfee suggestion, but most do not care if test environment survive or not.

It is definetely not recommended for production systems.

Re: MEE Quickstart manual - interpreting a NOTE

You could have EEM on multiple machines in your environment.  Endpoint Encryption Manager (EEM) is also the management console tool, and is best practice to leave a working machine with EEM un-encrypted...as Peter points out.  But not necessarily a concern to have EEM console installed on encrypted client machines.  Some of the acronyms and naming gets confusing with this product...  I believe the renaming of IP is to simplify your networking settings in a simple test environment where you are looking to encrypt the SAME machine (as well) that is hosting the database… this is certainly not best practice in production.

Re: MEE Quickstart manual - interpreting a NOTE

I'm sure that OP meant EEM as machine with EE Management AND Database itself.

So if your database is not accessible, then EEM is useless anyways.

Highlighted
mwilke
Level 7
Report Inappropriate Content
Message 7 of 9

Re: MEE Quickstart manual - interpreting a NOTE

I would suggest you download the free copy of VMWare Server and install on one of the machines.  Create a new virtual machine (XP or Windows 2003 server) and install the managment software and database on that VMWare Machine.

Then you can encrypt both computers and have a third Virtual machine running your database.

Only downside to this is that the Virtual Machine must be up and running in order to sync and things like that.

But after all, its just a test environment right?

Re: MEE Quickstart manual - interpreting a NOTE

Are you talking about MY test environment ? 

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 9 of 9

Re: MEE Quickstart manual - interpreting a NOTE

its pointing out that, in your test environment, if you install EEM and EEPC on the same machine, and then you forget the password, how are you going to recover?

either install EEM on one, and EEPC on the other, or take the risk if you encrypt both.

In a production environment NO ONE encrypts their server with EEPC - it's just too risky, plus EEPC is not officially supported on server OSs

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community