5 Replies Latest reply on Aug 14, 2017 11:56 AM by andrep1

    ePO Centralized Management & Remote Sites


      I have a unique requirement. ePO at central location and several systems at multiple remote locations. From each remote locations only two systems can connect to ePO server which is based on our corporate policy. Now can I use these two systems to centrally manage ePO  for all the systems? I need to deploy/manage VSE and DLP (removable device control) from the central location and should be able to manage all the remote systems from this central ePO server.


      Is it possible?

        • 1. Re: ePO Centralized Management & Remote Sites

          Perhaps an Agent Handler, which distributes network traffic generated by an agent-to-server communication interval (ASCI), by assigning managed systems or groups of systems to report to a specific Agent Handler. Once assigned, a managed system performs regular agent-server communication to its Agent Handler instead of to the main ePO server. (Agent Handler = location to push/pull polices, tasks, updates from the central ePO server to systems)

          McAfee SNS Journal, ePO Edition (August 2014)


          Then maybe turn the Agent Handler into a SuperAgent, which will act as an intermediary between the McAfee ePO server and other Agents in the same network broadcast segment; commonly-used functionality is to serve as a distributed repository. (SuperAgent = repository of products to deploy)

          • 2. Re: ePO Centralized Management & Remote Sites

            If those two systems are the only two at that site that can talk to ePO, then ePO can't manage them.  As tao says, an Agent Handler would probably be your best bet.  Agent handlers can manage client communication on behalf of ePO, and serve as a distributed repository as well.  However, all the systems at the remote site would need to be able to talk to that Agent Handler, so it'd need to either be local, or if the other systems have Internet access, you can set one up in your DMZ to serve systems outside your network.

            • 3. Re: ePO Centralized Management & Remote Sites

              So when I use Agent Handlers, there is no need for the remote client to talk to ePO server directly even once. All the communication from the client will happen via Agent Handler.

              • 4. Re: ePO Centralized Management & Remote Sites

                But in the above case how can I deploy ePO agent with Agent Handler Policy on remote system?

                • 5. Re: ePO Centralized Management & Remote Sites



                  Agent handler need low latency connectivity to the sql database, and its best practice to keep the number of AH low (sub 10). You can convert an agent to a super agent, this will allow wake ups true that super agent. The super agent can also be configured as a repository so you repository can be replicated to those boxes.  This is the easiest to accomplish. Create a new agent policy just for the groups of two boxes and set them as super agent with repository.

                  The second aspect is completely eliminating communications to your epo servers from all other devices: in the policy you create above, add the agent relay functionality and it will do exactly that.


                  hope this helps