Showing results for 
Search instead for 
Did you mean: 
Level 9
Report Inappropriate Content
Message 1 of 4

Agent Handler (AH) Configuration/Architecture Best Practice

Hello All,

Hope you all are well.  I would like to ask you some advice.

I plan to build a new ePO 4.5 MR3 on a 2008 OS/SQL to consolidate all assets from 5 different ePO servers.   Since each current ePO server serves its own domain with different numbers of assets (or managed systems), I would like to use AH in the new ePO server.  All current ePO servers are in 2 very large buildings, not too far from each other,  or similar to campus. Below are estimate assets in each current ePO server.

1) ePO1:  ePO 4.5 MR2 with  7,000 assets

2) ePO2:  ePO 4.5 MR2 with  4,000 assets

3) ePO3:  ePO 4.5 MR2 with  2,000 assets

4) ePO4:  ePO 4.5 MR2 with  2,500 assets

5) ePO5:  ePO 4.5 MR2 with  3,000 assets

I would appreciate if you could provide advice to build and/or configure the AH in my new ePO.

Best Regards,


3 Replies

Re: Agent Handler (AH) Configuration/Architecture Best Practice

The question to ask yourself is why you need agent handlers in this scenario. at all ?

Any agent handler needs a very good link to the ePO and Sql server as there is a lot of heavy data exchange going on.

Agent handlers should not be considered the same a Distributed Repositories for example. They are not.

Also, if building from scratch ePO 4.5 Patch3 is rather old. If you really need to be on ePO 4.5 instead of ePO 4.6 please consider ramping it up to ePO 4.5 patch 5.

Significant improvements exist between patch 3 and patch 5, especially in respect to products heavy on the datachannel, such as endpoint encryption (eepc), data loss prevention (dlp) and policy auditor (pa).

In the McAfee Knowledge Base, search for:

PD22508 - ePolicy Orchestrator 4.5 Agent Handler White Paper

This will break out some appropriate scenarios for AH use.



Level 10
Report Inappropriate Content
Message 3 of 4

Re: Agent Handler (AH) Configuration/Architecture Best Practice

I would just build the new ePO server and leave it at that, no need for the AH. We manage many 10s of thousands of machines all over the world straight off an ePO 4.5 server with no issues. If you have slow WAN links anywhere then nominate some machines in each of those remote locations as SuperAgent repositories.


Level 9
Report Inappropriate Content
Message 4 of 4

Re: Agent Handler (AH) Configuration/Architecture Best Practice

Hello All,

I have been busy planning for the new ePO server that I forgot my question about AH.

So the consensus is to use SADR and stay away from AH.

Joe: Your observation about  old ePO4.5 MR3 and why not MR 5 or ePO 4.6  is right.  The problem is that I have to comply to my client's requirements.

Appreciate your advices and have great weekend.