I am used to having one ePO for each windows domain or having multiple domains managed by a single ePO. But I now have a domain that extends across multiple datacenters and there is an ePO server at each datacenter. What is the best way to have the ePO server cooperate?
Should all the ePO sync with the AD and then have an agent policy that forwards the computer of the other datacenters to their own ePO. Basically I am looking at a distributed scenario for something that was designed to be centralized. And no, I cannot convert the ePO servers into local repositories in the other datacenters. Any reading material or articles regarding scenarios like these are helpful.
I think that your main issue is the administrative effort required having multiples ePO servers instead of only one plus distributted repositories and/or using agent handlers.
There are a couple of resources that should help you (on ePO 4.5) like Policy Sharing and E88vents Data roll-up, however, you will need to have a database maintenance per SQL Server in order to keep the database in a good state in all of your servers.
If your Active Directory you have OUs for each datacenter, like Datacenter01, Datacenter02, etc and each datacenter OU has only the systems for that datacenter, I think you could try to create a sync task based on OUs in each ePO server. So you will guarantee that each ePO server will only synch systems for that specific datacenter.
If your active directory are not organized by OUs for each datacenter, I cannot see a way to use the sync domain task. However, on this case, I think that RSD (rogue system detection) can be an option. Basically on each epo server you will have to deploy sensors to the subnets that you want to monitor for Rogue Systems. Then if someone add a machine to your network without the McAfee Agent, this sensor should be able to detect it and then take the action that is configurable. Or sending automatically the McAfee Agent to these systems or Moving them to a specific group on your ePO console