We have approximately 1000 nodes in our environment with one virtualized ePO server with a SQL Express database on the same host as ePO. We currenty have VSE, Site Advisor, and EEFF. In the future we may implement HDLP as well. I understand that perhaps adding 1 or 2 agent handlers in a load balanced situation would not necessarily improve performance, but in terms of availability of user based encryption policies, would the agent handlers continue communicating with the agents in the event that the ePO is offline, and generally speaking does this make any sense? We would move the database off to a separate dedicated SQL server. The last time our ePO had issues, users were not getting the policies and could not access encrypted files. What would be some advisable things to do to ensure encryption policies are delivered during an ePO "outage" and also possibly to boost performance? Thanks.
In ePo outage if DB on same server, AH would not be helpful to update your clients.
In ePo outage if DB server is on different machine, AH will be helpful to push policies to your clients.It will increase scalbility, Failover and reliability and no doubt Saving alot of your bandwidth.
If your SQL express is on same server and you want failover for it,Creating Repository to another machine and directing your half clients there would be great, in this case if your ePo is DC, your clients will be getting updates from Repository.
AH typical actions include agent wake-ups, deployments, and data channel messages. This is one of the reasons that each agent handler needs a relativelyhigh speed, low latency connection to the database.
So in your case if you have a plan to setup a seprate SQl, One agent handler would be smart enough, to share many requests from clients.
For 1000 nodes, I think you must have an AH.
You may also assign a machine a SA and make a Repository there as well, if in case epo goes down your SA will be updating your clients as well.Message was edited by: alexn on 2/8/13 3:01:50 PM CST
It's been almost a year now, but we have migrated the SQL database off of the ePO. So if we add an additional agent handler into the same AH group as the ePO, would this load balance?
A laptop is sufficient to manage 1000 nodes. No one needs an Agent Handler for scalability reasons until at least 25K nodes and I typically don't start suggesting them until 50K nodes. If you add one below this you are just adding complexity without actually improving performance.
A single ePO server should definitely handle about 1000 nodes. But at the same time we plan to add more managed products that may have more frequent agent to server communications and above all, we want to have some degree of high availability without clustering. As long as clients can retrieve existing policies while the ePO is down.
The sizing guide for ePO scalability state about one managed product - VSE, which is one of the lightest in term of ePO workload. Some products (like EEPC, DLPe) ma double on even triple this workload. Nevertheless assuming server class hardware (virtual or not) configuration with saparated DB and one ePO 4.6.x (4GB RAM and 4x2GHz) should manage VSE,SA,EEFF,DLPe, and EEPC on 1000 machines without any problems.
This is good to hear. So our additional agent handler will mostly be there in case the ePO goes down. And we may also use it to handle remote laptops if we put it in the DMZ. Thanks for all the input.Message was edited by: eeffuser on 1/17/14 7:25:03 AM CST