cancel
Showing results for 
Search instead for 
Did you mean: 
p0grit0
Level 7

ePO Reporting Capabilities

Jump to solution

Hello experts,

We are planning to setup a new ePO to the plant we are building, now the client is asking whether their existing ePO can see the reports or run queries on the new ePO. FYI, the existing ePO is behind a firewall (Outside Interface) and the new ePO will be located on the safer zone of the firewall (Inside Interface).

Thanks so much and more power to all of you.

0 Kudos
1 Solution

Accepted Solutions
andrep1
Level 14

Re: ePO Reporting Capabilities

Jump to solution

You can't real time monitor from one ePO to the other one. Best bet is one ePO server behind the firewall and ensure all your agents can talk to you ePO . An ePO server, properly sized, can handle hundreds of thousands of clients.

McAfee KnowledgeBase - Ports needed by ePolicy Orchestrator for communication through a firewall

Alternatives is to procure a SIEM tool to integrate events from your ePO server, firewall, etc... (Like HP Arcsight, McAfee Nitro, IBM Qradar, etc)

To me a few firewall changes and a single ePO is the easiest and less costly.

0 Kudos
6 Replies
andrep1
Level 14

Re: ePO Reporting Capabilities

Jump to solution

it all depends on the firewall rules you'd be willing to put in.

They could have direct access to log on or you could us roll up reporting to copy flattened data table from the new to the old. For this to work, the old ePO need to be able to talk to the new db server.

0 Kudos
p0grit0
Level 7

Re: ePO Reporting Capabilities

Jump to solution

Thanks Andre, although do you have sample configuration for this?

0 Kudos
andrep1
Level 14

Re: ePO Reporting Capabilities

Jump to solution

For the roll up reporting, the roll up server (existing) needs access to the new sql server on tcp 1433, unless using an instance then you need to use the instance's port

Understand that roll up is just flat files:when you click on a system, it is the only thing you can see. You can't drill down to events. Same thing the other way around. So a little bit like export to a csv.

Simplest is to have firewall rules allowing all clients to connect to the new ePO. Managing two ePO is more work than one. Some might suggest an agent handler, but that requires opening up the firewall for ePO and SQL.

It really depends on requirements and constraints

0 Kudos
p0grit0
Level 7

Re: ePO Reporting Capabilities

Jump to solution

Hi again Andre,

This is basically the architecture, there's an existing Corporate ePO and we are adding 2 more servers for the new plant we are building.

1. DMZ ePO will get update files from Corporate ePO.

2. Office ePO will get update files from DMZ ePO, install agents to clients, monitor and manage clients and enforce policies.

Now we want to know how the Corporate ePO will be able to monitor events on the Office ePO.

0 Kudos
andrep1
Level 14

Re: ePO Reporting Capabilities

Jump to solution

You can't real time monitor from one ePO to the other one. Best bet is one ePO server behind the firewall and ensure all your agents can talk to you ePO . An ePO server, properly sized, can handle hundreds of thousands of clients.

McAfee KnowledgeBase - Ports needed by ePolicy Orchestrator for communication through a firewall

Alternatives is to procure a SIEM tool to integrate events from your ePO server, firewall, etc... (Like HP Arcsight, McAfee Nitro, IBM Qradar, etc)

To me a few firewall changes and a single ePO is the easiest and less costly.

0 Kudos
p0grit0
Level 7

Re: ePO Reporting Capabilities

Jump to solution

Well I guess the best bet I have is the roll-up reporting.

Anyway, thanks again Andre! You've been really helpful.

0 Kudos