We have EPO Server in one network and Agent handler in another network. How Agent Handler will talk to EPO server and take Product update and patches. How SQL DB will configure in this methodology.
secondly Endpoints will communicate to Agent handler and it should take update,policies and deployment.
How to configure this and share me if any KB article or any document related to this?
First of all, the ePO server and another server that will install the Agent Handler, both need to communicate.
Because when you are installing the agent handler, It will ask to you information from your ePO.
Now that you know it.
check out this video on YouTube:
Antes de mais nada, o servidor ePO e o outro servidor que será instalado o Agent Handler, ambos precisam se comunicar.
Porque quando você for instalar o agent handler, ele ira pedir as informações do seu ePO.
Agora que voêc sabe disso.
veja esse video no youtube:
if you wanted to update your agents and also take care of communication install Super agents as agent handler will help only in communication.
Also make sure there is communication between ePO server and super agent
Agent Handlers require a very fast network connection, there are
some scenarios in which you should not use them, including:
• To replace distributed repositories. Distributed repositories are local file shares intended to keep
agent communication traffic local. While Agent Handlers do have repository functionality built in,
they require constant communication with your ePolicy Orchestrator database, and therefore
consume a significantly larger amount of bandwidth.
• To improve repository replication across a WAN connection. The constant communication back to
your database required by repository replication can saturate the WAN connection.
• To connect a disconnected network segment where there is limited or irregular connectivity to the
ePolicy Orchestrator database.
Rest Below are the ports required to be opened between Agent handler , ePO and SQL db
Your agent handler will talk to both ePO and SQL realtime so make sure they are in same network or atleast they have high bandwidth available as relatime sync happens between agent handler , sql and ePO
HOW TO SETUP A MCAFEE EPO AGENT HANDLER IN DMZ
These steps were done using the following:
Your machines designated to get the DMZ Agent Handler Assignment will begin getting their changes during the next couple of ASCI transactions. You can visually confirm by checking the following registry key on a test machine:
Key: HKEY_LOCAL_MACHINE\Software\Network Associates\ePolicy Orchestrator\Agent
String Value Name: ePOServerList
String Value Data: <public DNS name>|<public IP address>|443
Thanks for the update.
We have Agent Handler & 5000 Endpoints are in one network. But they are going to maintain EPO server in completely different network. but both network are in same location.
Is there any possible method to configure both EPO & AH. Or how we can proceed for this method.
Please give me whether our requirement will successfully work or not.
If your networks are routable then one ePO server will easily manage 5000 end points.
We currently manage 7000 end points with one ePO server with the database on a remote SQL cluster. We only use an AH in our DMZ to allow our 1000 mobile MacBooks to communicate with ePO while off our corporate LAN
I would suggest the AH's would not be suitable if all your 5000 end points can reach your ePO server due to the Low network Latency required for the AH to communicate with the SQL database.
Certified McAfee Product Specialist - ePO
McAfee Volunteer Moderator
We run over 15,000 off one ePO server with one Agent Handler without any issue.
What are you trying to accomplish? When you say "different networks in the same location", what do you mean? Are the two networks completely isolated from each other?
We have 2 company x & Y company. In X company we are going to install EPO & SQL server.
In Y company we are going to install agent handler. from Y company we have 5000 endpoints.
From both X & Y company IP segment will be different.
Currently our requirement will be how the product update & policies will replicate from X company EPO server to Y company Agent handler. After that only our endpoints will update the DAT signature and policies.
How we can configure in this scenario and is there any challenges regarding this method.
When you say that the two companies have different IP segments, do you mean that they are separated by firewalls, but you are able to allow bi-directional traffic between them? Is the traffic traversing a WAN link or Internet connection, or will you have a high-speed, low-latency connection between the Agent Handler in one company and the ePO server in another? Agent Handlers communicate directly with the ePO database, and therefore require extremely low latency to operate correctly.
Post #3 in this thread describes in some detail how to set up communication between the Agent Handler, the ePO server, and the DB server.