Showing results for 
Search instead for 
Did you mean: 

Question regarding EPO in distributed environment


This should be a simple question.  I tried looking through the EPO docs, and maybe I just missed the answer.

We are running EPO 4 in our environment.  We have offices in 3 different geographic locations, and so when our consultant was here assisting us with our EPO deployment, we setup the mastor EPO server at our primary location and placed a superagent repository at each of the other two "satellite" offices.  Now I know that my clients will check into the superagents and download the latest scan engines, dats, and updates from them, but do the clients still have to communicate their status to the master server?  Our consultant told us that even though the clients will mainly communicate with their local repository, they still have to be able to talk to the master.  Is this correct, and if so is there any way around this if we wanted to stand up a superagent in a standalone segmented network and still manage the clients on that network via our master EPO server?  It would seem to make sense to me that a superagent would be able to not only handle distributing files to local clients but also collect status information and send it back to the master server.

Your insights please.


4 Replies
Level 12
Report Inappropriate Content
Message 2 of 5

Re: Question regarding EPO in distributed environment

In ePO 4 all the agents still need to perform their ASC (agent-to-server communication), with the ePO server itself, the distributed repositories are only for downloading of updates and point products. ePO 4.5 introduces the Agent Handler that allows agents to communication with something other than the ePO server, the agent handler will still need to communicate with the ePO server.

The agent handlers, though, are designed for redundancy, scalability (say 70,000 nodes or above), or for a DMZ. Other than this there is no reason to use an agent handler.

Re: Question regarding EPO in distributed environment


Thanks for your reply.  Sounds like we'd have to go to EPO 4.5 to get the agent handler capability if we wanted to manage machines on our isolated test network without having to open the firewall for them to communicate with the EPO server.  There are no other workaround options to do this with 4.0 correct?


Level 12
Report Inappropriate Content
Message 4 of 5

Re: Question regarding EPO in distributed environment


Remember, in ePO 4.5, the Agent Handler will still need to communicate with the ePO server over the Agent-to-Server port so you will need to make a rule in your firewall for that one machine.

Re: Question regarding EPO in distributed environment

Technically you do have one other option, but the EPO 4.5 option seems like a better one depending on the size of your enterprise. In your test environment you could stand up and another EPO server and connect it to your other EPO 4.0 server. That would limit the bidirectional commucations down to the two IP addresses.

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community