cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Share EPO ASCI Keys

I am setting up a new EPO installation.  I will have a Production EPO server and a Test EPO server.  I am interested in being able to move clients between these two servers.  Many of the clients I am moving will have Disk Encryption installed and therefore I need to be careful with the ASCI keys and use the Clinet Migration tool to move clients between the servers.

I am wondering, since I am starting from scratch, if I cant make ASCI keys on one of the servers and then just make the second server use the same two keys exclusively.

So I have Server A and Server B.  Neither server have any clients currently.  I will make 2 new ASCI keys on server A.  Export them from Server A and import them into Server B.  Then I will delete the default (original) keys from Server B. and set the keys from Server A ask the master keys on Server B.  Both Server A and Server B will share the same 2 master ASCI keys.

Is that legal or do I need to keep all 4 keys -- 2 from Server A and 2 from Server B?

3 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Share EPO ASCI Keys

Please refer to PD25905, PD26656 for transfer guides regarding encryption.  KB79283 is for moving systems from one server to another and discusses what to do with keys.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Share EPO ASCI Keys

I'm aware of the KB articles which tipped me off to the need to share keys among the servers.

The articles assume that I have two populated EPO servers.

My question is, is there a need for the two servers that I will be moving client between to have their own ASCI keys or can a single set of keys be generated and then used on both servers.  The articles mention needing to keep the number of ASCI keys on the servers small.

Is there any reason, when setting up two new servers with no existing clients, why I would not want to use the same ASCI keys on both servers so that in the future I can move the clients between the two servers without needing 4 keys (two from each server)?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Share EPO ASCI Keys

If on one of the servers, you have no systems yet that are using any keys, you can import the keys from the server that has clients and then delete the original keys on the server without clients.  You do not want to remove keys if agents are using them, otherwise you have to reinstall agents.  Be sure to back up any and all keys first before doing anything.  4 keys are not excessive.  KB82022 doesn't really specify how many is too many, but from experience, 4 - 6 can be quite normal in large environments.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community