with ePO 4.5 you an "move" machines from one server to another, but this must be done at the ePO console. Utilmately, only one ePO server can manage a client at a time.
I know you can configure an Agent to talk to multiple servers by ping time, hops, etc....
Is there a way to configure an Agent to talk to multiple servers maybe in alternate fashion? Like talk to server1 this sync, then talk to server 2 the next sync? Or a way to take two servers and randomize which one it talks too?
I know, i am grasping at straws here. We have a serious issue if we cant make an agent play nicely with two servers. =)
I may have misunderstood. Are you talking about just having agents update from repositories managed by other ePO servers? I think this can be done. You essentially have to share the repository keys between all the servers and have them all use the same servers. You will also have to be careful with the replication to make sure that they don't happen at the same time and both servers replicate the same things.
I have heard of people doing this but I haven't tried it myself.
How would you setup the key sharing between servers? I assume that you would export and import the Agent-Server keys between ePO servers under Server Settings>Security Keys, correct? I notice that there can be only one Master Repository key per server and this is probably due to the architecture.
I see that only one Agent-Server key is assigned to multiple agents (systems). When I import a key from another server I cannot assign it to those systems. I can make the key master though which still does not change the assignment. Does this have to be done manually on the client agent via the sitelist.xml?
You would make it so that all the ePO servers use the same master repository key, then they could all manage the same repositories. As for communication with the ePO server (policies and tasks) you can only have an agent talk to one server at a time. You can move an agent from one server to another, but that's not a dynamic process.
When you make an agent-to-server key master, you have to wait for the agent to update (same process as a DAT update) for it to use the new master key.
Hope that helps.
That helps, thanks.
Back to mwilke's question about two agents contacting two repositories. So in the Repository list, under the McAfee Agent policy, is there a way to have the agent contact one repository and right after that contact the other repository? I have it set already to contact the repository list by order. I have a master repository and a distributed repository in the Repository list and I want the agent to contact both in the same wakeup call. This is strictly for testing purposes only.
Assuming I'm understanding everything correctly - always a dangerous assumption - then no, this isn't possible. The agent will only move on to the next repo in the list if the previous repo fails - so, for example, if it logs in to the first repo successfully and finds that it's up to date, then it won't try the next one.