cancel
Showing results for 
Search instead for 
Did you mean: 
gdavid
Level 7

Agent Handler Connection to SQL

I see that most of the folks are installing a agent handler in the DMZ that then talks back to an internal EPO App/DB.

Based on the following doc.

   https://kc.mcafee.com/corporate/index?page=content&id=KB66797

it requires direct access from DMZ -> SQL?

i'm amazed that mcafee configured their agent handlers to work this way instead of being proxied via the EPO application server.

i will probably install a secondary EPO server in the DMZ and use

roll up reporting to be able to see everything in one place. hopefully this includes most of the data that i need.

   https://community.mcafee.com/people/petersimmons/blog/2012/09/19/connecting-two-epo-servers

is anyone doing anything differently? is there a better way?

0 Kudos
5 Replies
pierce
Level 13

Re: Agent Handler Connection to SQL

We have just the agent handler in the DMZ, better to have just a service running talking to agents via the secure connection than having a full blown ePO application running there with a web GUI?

You could always install HIPS IPS module on the SQL servers to protect against common database attackes to limit your exposure.

Message was edited by: pierce - added SQL to the server for IPS on 4/26/13 2:52:47 AM CDT
0 Kudos
McAfee Employee

Re: Agent Handler Connection to SQL

i'm amazed that mcafee configured their agent handlers to work this way instead of being proxied via the EPO application server.

This is because the primary roles of agent handlers is to scale horizontally in large environments and reduce the load on the "primary" ePO server, and to provide a degree of redundancy if the primary server is not available, both of which require the AH to talk directly to SQL.

HTH -

Joe

gdavid
Level 7

Re: Agent Handler Connection to SQL

@pierce, you make a good point about having a lighter weight installation in the DMZ.

since the machines i'm trying to keep track of are all in the same DMZ, i'm thinking about just installing a node as a superagent to manage that communication.

0 Kudos
McAfee Employee

Re: Agent Handler Connection to SQL

If you have ePO 5 / MA 4.8, then you can make use of the new Relay Server function, which I think will fit your needs.

HTH -

Joe

0 Kudos
pierce
Level 13

Re: Agent Handler Connection to SQL

I currently have some mcafee consultants in and they recommended installing a sub ePO in the DMZ if there is a risk of getting into the full network.

Also just announced are issues with the agent handler if your running an old one! Might be best talking to the experts on this one to be safe!

0 Kudos