Showing results for 
Search instead for 
Did you mean: 

Agent Handler question

We are looking into deploying agent handlers onto a network on a non-routable segment.  Now my question is, we will be doing 3 of these in different locations, but the issue is each site has the same ip address and same names.  Would that cause issues on the ePO server?  Would it work it deploy 3 different ePO servers?

2 Replies

Re: Agent Handler question

Agent handlers require a good permanent connection to the ePO DB.

The question to ask first is really 'how will these Agent Handlers cope with the networking requirements ?'

If you have not already taken a look, please consider the ePO 4.6.0 Product Guide Chapter 2

When to use multiple remote Agent Handlers

Multiple remote Agent Handlers can help you manage large deployments without adding additional ePolicy Orchestrator servers to your environment.

The Agent Handler is the component of your server responsible for managing agent requests. Each McAfee ePO server installation includes an Agent Handler by default.

Some scenarios in which you might want to use multiple remote Agent Handlers include:

• You want to allow agents to choose between multiple physical devices, so they can continue to call in and receive policy, task, and product updates; even if the application server is unavailable, and you don't want to cluster your ePolicy Orchestrator server.

• Your existing ePolicy Orchestrator infrastructure needs to be expanded to handle more agents, more products, or a higher load due to more frequent agent-server communication intervals (ASCI).

• You want to use your ePolicy Orchestrator server to manage disconnected network segments, such as systems that use Network Address Translation (NAT) or in an external network.

This is functional as long as the Agent Handler has a high bandwidth connection to your ePolicy Orchestrator database.

Multiple Agent Handlers can provide added scalability and lowered complexity in managing large deployments. However, because Agent Handlers require a very fast network connection, there are some scenarios in which you should not use them, including:

• To replace distributed repositories. Distributed repositories are local file shares intended to keep agent communication traffic local. While Agent Handlers do have repository functionality built in, they require constant communication with your ePolicy Orchestrator database, and therefore consume a significantly larger amount of bandwidth.

• To improve repository replication across a WAN connection. The constant communication back your database required by repository replication can saturate the WAN connection.

• To connect a disconnected network segment where there is limited or irregular connectivity to the ePolicy Orchestrator database.

Three separate ePO deployments sound like it would work from your description.

Re: Agent Handler question

Let me do a little better explaining.  We have the ePO server/DB in site A, we have a OC-3 wan connection to Site B.  Now we have a non-routable (192.168.x.x) site, which we will call site B1 inside site B.  We are deploying VSE into site B1 and the connection between Site B and Site B1 is a buffer server with two nics.  One nic to one network, and one nic to the non-routable network. 

Also want to add, the non-routable network has no internet connectivity.  Now we have another site, called Site C setup the same way, with a non-routeable network called site C1.  Now the machines in Site B1 and C1 are same named, same ip addresses.  Would that cause issues with the Agent handlers, if I put them on the buffer server and obviously connect them to the ePO server in site A.  Both site B1 and C1 only have about 100 nodes each site, so not very large networks.

Message was edited by: awsomaha on 10/19/12 6:20:55 AM CDT
More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community