cancel
Showing results for 
Search instead for 
Did you mean: 

SFTP Repository

Hi All

Is it possible to use SFTP as a repository? All there seems to be available are HTTP + FTP + UNC... All these seem quite unsecure...

How is access from the Internet achieved?

Not a great deal of info on this in the manual... Im going to read some posts to see if I can work out how to do it....

Happy New Year

Bruce

0 Kudos
6 Replies
robrow
Level 7

Re: SFTP Repository

I wouls suggest reviewing the epo_460_product_guide_en-us.pdf (PD22975), pg. 91, Using local distributed repositories that are not managed. This provides a method of creating a repository which is not one of the managed types -  FTP, HTTP Server, or UNC share. Hope this helps!

Message was edited by: robrow on 12/27/12 12:27:13 PM CST
0 Kudos
rackroyd
Level 16

Re: SFTP Repository

Secure ftp is not supported.

Content is secured and validated using other means by the products themselves during update.

The details of how that is achieved is not a subject for public discussion, as i'm sure you can understand

The one not mentioned is the SuperAgent repository which use the Agent communication channel over SSL (port 443 by default).

That would be the most secure as the channel is secured as well as the validation by the product which will still take place.

If you are still concerned about the security of site content please reach out to McAfee Labs.

Rob.

0 Kudos

Re: SFTP Repository

Hi Rob

Thanks for the Reply.

Would this type of repository be best suited for access from the Internet? Would it need to go in the DMZ?

I bet you get these types of questions alot, I have read a few of these posts but have not come across one yet that stipulates exactly how to setup an external facing repository.

Many Thanks in Advance

Bruce.

0 Kudos
rackroyd
Level 16

Re: SFTP Repository

Hi,

In that scenario personally I think  placing an Agent Handler in the DMZ would be more suitable so you can actually manage these machines as well as update although it's hard to be certain because we would need to know more detail on your exact requirements to be sure.

For example if you only want them to get content updates, you might want to just leave them defaulted to get that from the McAfee sites directly, as it'll be much simpler.

For Agent handlers, please review support white paper: PD22508 - ePolicy Orchestrator 4.5 Agent Handler White Paper.

This can be accessed via the McAfee knowledge base.

An SA repository is not really best suited for external use.

Rgds,

Rob

0 Kudos

Re: SFTP Repository

Hi Rob

This proposed Agent Handler would be not only supporting external sites but also laptops that can also come internal as well as external.

That would be fine?

Regards

Bruce

0 Kudos
rackroyd
Level 16

Re: SFTP Repository

Hi,

Providing internally it can reach the Agent handler in the DMZ, yes.

It's perhaps more likely that internally a machine would reach out the ePO server first rather than a machine in the DMZ, but still that's all user-defined by Agent policy as you need.

At this point it might be worth calling into McAfee support to have a 1:1 discussion with our tech guys on how to configure ePO to your best advantage. I suspect it'll be more benefical

Kind Regards,

Rob.

0 Kudos