Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 2

Multiple ePO in a domain


I am used to having one ePO for each windows domain or having multiple domains managed by a single ePO. But I now have a domain that extends across multiple datacenters and there is an ePO server at each datacenter. What is the best way to have the ePO server cooperate?

Should all the ePO sync with the AD and then have an agent policy that forwards the computer of the other datacenters to their own ePO. Basically I am looking at a distributed scenario for something that was designed to be centralized. And no, I cannot convert the ePO servers into local repositories in the other datacenters. Any reading material or articles regarding scenarios like these are helpful.


1 Reply

Re: Multiple ePO in a domain

Hi D0x,

I think that your main issue is the administrative effort required having multiples ePO servers instead of only one plus distributted repositories and/or using agent handlers.

There are a couple of resources that should help you (on ePO 4.5) like Policy Sharing and E88vents Data roll-up, however, you will need to have a database maintenance per SQL Server in order to keep the database in a good state in all of your servers.

If your Active Directory you have OUs for each datacenter, like Datacenter01, Datacenter02, etc and each datacenter OU has only the systems for that datacenter, I think you could try to create a sync task based on OUs in each ePO server. So you will guarantee that each ePO server will only synch systems for that specific datacenter.

If your active directory are not organized by OUs for each datacenter, I cannot see a way to use the sync domain task. However, on this case, I think that RSD (rogue system detection) can be an option. Basically on each epo server you will have to deploy sensors to the subnets that you want to monitor for Rogue Systems. Then if someone add a machine to your network without the McAfee Agent, this sensor should be able to detect it and then take the action that is configurable. Or sending automatically the McAfee Agent to these systems or Moving them to a specific group on your ePO console

Hope this helps.


You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community