cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DXL Broker in a "TIE-less" / "END ATP-less" environment

What are the advantages / disadvantages to having or not having DXL Brokers in an environment that does not have a local TIE serve or ENS ATP deployed?
5 Replies
aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: DXL Broker in a "TIE-less" / "END ATP-less" environment

If TIE wont be use nor TIE providers then the only benefit with that scenario will be the ability to send wake up calls via the DXL Broker, this might come handy when you place a broker with a public IP and you want to wake up your clients over the internet, more info on 

https://kc.mcafee.com/corporate/index?page=content&id=KB92610

Server to Agent communication (wake-ups):

  • Similar to ASCI, if a direct route is not available between the internal Agent Handlers and clients, an Agent wake-up fails. For example, when working from home without VPN.
  • It is possible to configure an externally available Data Exchange Layer (DXL) broker to facilitate wake-ups in this scenario. Both an externally available DXL broker and a remote Agent Handler must be present and configured. This feature is described and diagrammed in the DXL 5.0 and later product guides.

    For McAfee product documents, go to the Enterprise Product Documentation portal at https://docs.mcafee.com.

Re: DXL Broker in a "TIE-less" / "END ATP-less" environment

Is there an advantage in "threat detection" communication between agents?

If an external AH is in use, what is the advantage of having a DXL Broker externally available also?  Just to have another avenue of communications available?  

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: DXL Broker in a "TIE-less" / "END ATP-less" environment

Mcafee Agent is the bridge between the ePO server/Agent Handler and the point products installed on the end nodes, it doesnt have any threat detection capabilities, is not designed to do that, for example ANS and ATP will have those capabilities.

 

Having a DXL broker available externally allows you to manage those nodes that wont have any means of communicating to your internal network indeed 

Re: DXL Broker in a "TIE-less" / "END ATP-less" environment

DXL has no threat capability's, understood...but would DXL communications have an advantage with threat detection communications between nodes?

SO, in this scenario, the External DXL Broker and External AH would have the same functionality, right?

 

My purpose with this post is to try to justify DXL Brokers/DXL Communications in our environment.  Is there any?

bbarnes
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: DXL Broker in a "TIE-less" / "END ATP-less" environment

Hello User38911914 ,

 

For mainly ePO use, DXL can offer a near real time messaging framework that ePO can leverage to perform wakeup calls and run client task now operations. DXL is also required for MAR/EDR integration if you have any plans for that and is used by Mvision ePO in the cloud to perform local operations like AD sync. 

 

Thanks

Brian

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community