We're using ePO 4.6.3 to manage ~50 Windows PCs (VSE 8.8) and one MOVE server (serving ~30 virtual servers).
We would like to cover our branch office as well. They are connected via IPSec tunnel with 300ms delay and about 20 PCs to manage. The Internet connection is an issue, so the idea is to have one server downloading AV updates on a regular basis and distributing it to 20 PCs. If feasible, we would also like to manage those 20 PCs via ePO installed in the main office (like policy, scheduled scans and VSE deployment).
What would be the recommended way (product wise) to achieve that? Do we need additional ePO instance installed in the branch office?
Thank you in advance.
When it comes to DAT and software updates, the easiest way to complete this would be to utilize the SuperAgent feature.
What you need to do is set up a new (or duplicate the one you typically use) McAfee Agent General policy and under the Super Agent tab, check the box for 'Convert agents to SuperAgents', 'Use systems running SuperAgents as distributed repositories' (specify a drive and directory for the data to sit in - suggest doing this on a drive volume which does not have host the OS), 'Enable LazyCaching' (300 minutes). After doing that, apply this policy to a server sitting in the remote location.
You will then need to set up a distributed repository replication task by going to Menu > Software > Distributed Repositories --- Actions > Schedule Replication --- Set up your config as desired. If you want to force a replcation now, you can do that too in the same part of the console (you can then verify that the repository has pulled all the proper data by clicking on the newly created repository's 'View Packages' link)
Last, but not least, you need to set up a new McAfee Agent Repository policy, select the option to 'use order in repository list' and set your new repository as the highest repository available (you may want to keep your ePO enabled as an avail, just in case) and then assign that repository policy to your desired endpoints / container.
You should be good to go once the endpoints have the new repo policy and you can test it by forcing one to pull updates and then check its agent log to see where it pulled them from.
When it comes to having the endpoints get their policy updates, task updates, etc., you really shouldn't be all too concerned with that (even with the slow network) because this traffic is extremely minimal.
Even with that being the case, though, you could set up an Agent Handler on a server in that remote location (since you have such a small number of endpoints, I think using the same server you're using as a SuperAgent should be fine as an Agent Handler as well, but larger deployments would probably require a server dedicated to this), but there may be complications - more below.
An Agent Handler is exactly that: software which handles McAfee agents. Technically speaking, ePO is just an Agent Handler with a UI console... so the Agent Handlers are essentially children ePO to your main ePO, but without a viewing console. They also speak directly with the database, so this is where things could get bad, based on your latency and bandwidth restrictions. Best practices would have all Agent Handlers on a robust network with quick access to the database, which you could still do, but it really defeats the purpose of what you're trying to achieve.
It has been a while since I've setup an Agent Handler, so I apologize for not having more details on it, but if I remember correctly it's like a 5-10 minute download, install and config.
tl;dr: if you are concerned about the agent-to-server communcation, your best option would be to set up a whole new ePO in the remote location and you may be able to do a rollup ePO (though I've only heard about these and honestly have no idea how they work).
Just to chime in here - if you have Lazy Caching enabled, you don't need to run a replication to the superagent repository. Lazy caching and replication are mutually exclusive - the whole point of lazy caching is to remove the need for replication