cancel
Showing results for 
Search instead for 
Did you mean: 

Two ePO servers (Master/Slave)

Jump to solution

Hello everyone!

We have 2 production plants in different cities, one with several computers and the other one with not so many, conected by a WAN. Both of them are managed with an ePO server in the "big" plant. So this server sends updates, policies, DAT to the "small" plant over the WAN.

We are thinking in creating a second ePO server in this "small" plant, that updates DAT and Products, but the policy and deployment task managed by the "master" ePO server.

is this possible?

1 Solution

Accepted Solutions
Highlighted
McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 3 of 5

Re: Two ePO servers (Master/Slave)

Jump to solution

Actually this sounds more like a scenario for two ePO servers sharing policies and rolling up data - but again, that may be overkill.

How many clients are at the small plant, and what is your primary concern? Are you worried about the amount of data going over the WAN?  If so, then an agent handler is *not* a good idea, as it will generate much more traffic.

An alternative approach might be to make one of the machines in the small plant into a superagent repository, and let the clients still talk to the ePO server over the WAN. That way only a small amount of data - policies, events and so on - would go over the WAN: the big stuff, like DAT updates, would only be copied over the WAN link once to the superagent, and then the local machines would update from there. That's probably the most efficient model, assuming I'm understanding your environment correctly.

Regards -

Joe

4 Replies
McAfee Employee moekhass
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Two ePO servers (Master/Slave)

Jump to solution

​, welcome to McAfee community.

Yes, it is certainly possible with something called Agent-Handler. Please kindly see chapter on this topic.

ePO 5.9 product guide.

ePO 5.3 product guide

Highlighted
McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 3 of 5

Re: Two ePO servers (Master/Slave)

Jump to solution

Actually this sounds more like a scenario for two ePO servers sharing policies and rolling up data - but again, that may be overkill.

How many clients are at the small plant, and what is your primary concern? Are you worried about the amount of data going over the WAN?  If so, then an agent handler is *not* a good idea, as it will generate much more traffic.

An alternative approach might be to make one of the machines in the small plant into a superagent repository, and let the clients still talk to the ePO server over the WAN. That way only a small amount of data - policies, events and so on - would go over the WAN: the big stuff, like DAT updates, would only be copied over the WAN link once to the superagent, and then the local machines would update from there. That's probably the most efficient model, assuming I'm understanding your environment correctly.

Regards -

Joe

Re: Two ePO servers (Master/Slave)

Jump to solution

Precisely our main concern is the traffic,as our WAN link isnt fast. There are about 200 nodes in the "big" plant and about 30 in the "small" plant. We were thinking in installing an ePO server in the small plant and register it in the "main" ePO server in the big plant, and sharing policies. If I modify a policy in the main server, it replicates in the small plant server? Product deployment task will be send from the small plant server or can be sent from the main?

I wasnt aware of the Superagent option. I will research in that.

Re: Two ePO servers (Master/Slave)

Jump to solution

I would not suggest to configure anything in this setup. But if you still need it then configure Super Agent Distributed Repository with Lazy Caching enabled

Reason:

  • A maximum of 35 .GEM files are available for download. If the .DATs are out of date, the complete set of .DATs are downloaded in the dat-xxxx.zip file.

During Daily update, client machine downloads only 1 gem file which is approximately 200 - 500 KB

The complete package which has 35 gem files is of size 120 - 140 MB, Please check below site

McAfee LLC - Downloads - Virus Protection - DAT Files

If you install Super Agent then there are two options

I. Full Replication: Super Agent Distributed Repository will replicate the complete DAT package from ePO on a daily basis which is 134 MB daily.

If the client machine connects to ePO server directly to get the updates then the total download size is 30 * 500 KB = ~4.3 MB

If the client machine is not updated for 35 days thats when it will download the complete package of ~134 MB, else only few KB's

It doesnt make sense to have a Super Agent Repository that will download ~134 MB daily where all you need is ~4.3 MB

II. Lazy Caching: In this, client machine connects to SADR (Super Agent Distributed Repository) and ask for a DAT Package, if SADR has it in its repository then it will give it to the client else will contact ePO on the run time to get the requirement DAT (gem) file only on run time and will supply it to the client machine. It will download only those files which is requirement and not all the pacakges.

Second option is suitable in your case. Let me know if you have any queries on this.

Regards,

Ajaykant Jha


More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center