cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
eg211
eg211
Level 10
Report Inappropriate Content
Message 1 of 7
‎11-21-2019 02:58 AM

QQ about designing a TIE/DXL architecture

Jump to solution

Hi There,

We are on a pre-sales EDR project next and currently i'm looking for some suggestions about the design of TIE/DXL architecture/topology.

 

Customer Environment:

About 1000 nodes will have ENSTP/ATP/MAR client installed; have a mini office in another city with less than 100 clients. both of the TIE/MAR/DXL Brokers are going to be installed on virtual machines (VMware ESX).

I'm going to implement two TIE servers for HA, and enable MAR Server on the Secondary TIE server. currently my major concern is should i enable DXL brokers when installing TIE Servers on both Primary TIE and Secondary TIE or is it best to prepare 2 separate server machines to install DXL Brokers?

I have gone through TIE sizing guide/DXL architecture guide/MAR server sizing guide etc... but still not sure the best practice suggestions when installing DXL Brokers under this scenario.

 

Thanks in advance.

 

0 Kudos
Reply
1 Solution

Accepted Solutions
LKS
LKS McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7
‎11-21-2019 03:09 AM

Re: QQ about designing a TIE/DXL architecture

Jump to solution

Good question. One single DXL broker is capable of handling 50k nodes. Since TIE 2.3 comes as a combo box, you can enable DXL broker on same box. We McAfee recommend to have two DXL broker incase if Primary goes down, secondary would take care your environment.

In conclusion, enable one broker on Primary TIE server and another one on Secondary TIE. No need to have separate appliance for broker.

View solution in original post

Reply
6 Replies
LKS
LKS McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7
‎11-21-2019 03:09 AM

Re: QQ about designing a TIE/DXL architecture

Jump to solution

Good question. One single DXL broker is capable of handling 50k nodes. Since TIE 2.3 comes as a combo box, you can enable DXL broker on same box. We McAfee recommend to have two DXL broker incase if Primary goes down, secondary would take care your environment.

In conclusion, enable one broker on Primary TIE server and another one on Secondary TIE. No need to have separate appliance for broker.

View solution in original post

Reply
eg211
eg211
Level 10
Report Inappropriate Content
Message 3 of 7
‎11-21-2019 11:46 PM

Re: QQ about designing a TIE/DXL architecture

Jump to solution

Thanks @LKS , btw does McAfee MAR Server has high availability features? Seems i was unable to find any information on MAR Server HA..

0 Kudos
Reply
LKS
LKS McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 7
‎11-22-2019 12:20 AM

Re: QQ about designing a TIE/DXL architecture

Jump to solution

No there is no such concept in MAR nor TIE. 

0 Kudos
Reply
eg211
eg211
Level 10
Report Inappropriate Content
Message 5 of 7
‎11-22-2019 04:26 AM

Re: QQ about designing a TIE/DXL architecture

Jump to solution

So if the MAR Server is down or broken, we have to re-image the appliance?

0 Kudos
Reply
Highlighted
LKS
LKS McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 7
‎11-22-2019 06:37 AM

Re: QQ about designing a TIE/DXL architecture

Jump to solution

The Active Response Threat Workspace, installed as a mcafee ePO extension directly retrieves the data stored in the cloud and enables visualization of threats that are seen across the endpoints. All the data's are stored in cloud, so you won't loose any data in general. PostgreSQL to save capabilities, collectors, traps, responses/reactions, search expressions and all related objects of MAR's data model.

In worst case scenario if you are going to rebuild your MAR server, then from ePO just export all custom collectors/triggers and any customization. 

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!

Reply
eg211
eg211
Level 10
Report Inappropriate Content
Message 7 of 7
‎11-24-2019 12:07 AM

Re: QQ about designing a TIE/DXL architecture

Jump to solution

Thanks @LKS , appreciated for your information.

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC