1 2 Previous Next 11 Replies Latest reply on Jan 18, 2010 4:23 AM by JoeBidgood

    Agent Handlers in 4.5?  What's the consensus so far...are they really worth it?

      Really ramping up right now to go from ePO 3.6.1 to ePO 4.5.  Considering 3 possible upgrade senarios:

       

      1.  Keep existing infrastructure (except for new ePO 4.5 server). We currently utilize 13 ghost servers in 13 remote locations as respective distributed repositories.

       

      2.  Stand up new ePO 4.5 server and new infrastructure.  Create a new distributed repository on a new piece of hardware at each remote location.

       

      3.  Stand up new ePO 4.5 server and new infrastructure.  Create a new Agent Handler on a new piece of hardware at each remote location.

       

      I really want to go with senario 3; however, I would like to know from those who have used HA's to date what their experience has been and are they truly worth using.

       

      Happy Holidays,

       

      J

       

      Currently running ePO 3.6.1 patch 4

      nodes running McAfee VSE 8.5i

      2000+ node tri-domain WAN

        • 1. Re: Agent Handlers in 4.5?  What's the consensus so far...are they really worth it?
          JoeBidgood

          It would really depend on how many machines are at each location, and the connections available back to the SQL server... my initial reaction would be that 13 agent handlers would be overkill unless you have a very, very large number of end nodes.  In the absence of more detail I honestly think options 1 or 2 would be more suitable.

           

          Regards -

           

          Joe

          1 of 1 people found this helpful
          • 2. Re: Agent Handlers in 4.5?  What's the consensus so far...are they really worth it?

            Joe,

             

            Thanks for the response.  Still learning here...:-)

             

            So to answer your questions, approximately 100 nodes in each of the 13 remote locations.  Another 800~ nodes in the local area.  I was thinking of install SQL Server 2005 on the same server that will be running ePO 4.5 (same current configuration of our ePO 3.6.1 server), which, obviously, will be here locally.  Those AH's would have a connection of > 5-10Mbps (Fractional T3) back to the ePO 4.5 server here.  Your question made me realize that the AH's don't have a SQL instance themselves and need to have a solid connection to the SQL DB with which they will be talking, correct?  Now I know size is currently small, 2100+ nodes; however, each remote location is expected to grow exponentially in very short order.  Talking in the realm of 40 - 50 K nodes divided equally among the remote locations.  All that said, would it be wise to use AH's in preparation for the inevitable growth?

             

            Thanks again,

             

            J

            • 3. Re: Agent Handlers in 4.5?  What's the consensus so far...are they really worth it?
              JoeBidgood

              jconaghan wrote:

               

              Joe,

               

              Thanks for the response.  Still learning here...:-)

               

              So to answer your questions, approximately 100 nodes in each of the 13 remote locations.  Another 800~ nodes in the local area.

               

              Okay, so based on these numbers, AHs at this point would definitely be overkill

               

              I was thinking of install SQL Server 2005 on the same server that will be running ePO 4.5 (same current configuration of our ePO 3.6.1 server), which, obviously, will be here locally.  Those AH's would have a connection of > 5-10Mbps (Fractional T3) back to the ePO 4.5 server here.  Your question made me realize that the AH's don't have a SQL instance themselves and need to have a solid connection to the SQL DB with which they will be talking, correct? 

               

              Correct - the AHs need to talk to the SQL db pretty much continually. This neatly brings us to another point: at the moment the numbers are fine for having SQL on the same machine as the server: however, as the node count is going to increase the way you describe, I would strongly recommend you think about a dedicated SQL server for the ePO db right from the outset.

              Now I know size is currently small, 2100+ nodes; however, each remote location is expected to grow exponentially in very short order.  Talking in the realm of 40 - 50 K nodes divided equally among the remote locations.  All that said, would it be wise to use AH's in preparation for the inevitable growth?

               

              At this point, my first instinct would be to go for a dedicated SQL server for ePO, and the "classic" central server / distributed repositories model. Later, when the node numbers start to increase, if you start seeing a performance bottleneck on the ePO server then you could think about deploying an AH to the maybe the larger sites.

               

              Regards -

               

              Joe

              • 4. Re: Agent Handlers in 4.5?  What's the consensus so far...are they really worth it?

                Excellent! So could I easily convert a server hosting a distributed repository to an AH "on the fly" so to speak?  In other words, would I need to have the agents in that particular subnet (the subnet in which I will be installing the AH) stop talking to their designated superagent server while I perform the conversion?

                 

                ---Joe

                • 5. Re: Agent Handlers in 4.5?  What's the consensus so far...are they really worth it?
                  JoeBidgood

                  Not necessarily... don't confuse AHs with superagents or distributed repositories: they're not the same thing. Remember that AHs are designed to take load off the ePO server itself. I think your best approach would be to keep the distributed repos where they are and deploy AHs if the load on the ePO server warrants it.

                   

                  Regards -

                   

                  Joe

                  • 6. Re: Agent Handlers in 4.5?  What's the consensus so far...are they really worth it?
                    runcmd

                    According to the manual, "Agent Handlers distribute network traffic, which is generated by an agent-to-server communication interval (ASCI), by assigning managed systems or groups of systems to report to a specific Agent Handler. Once assigned, a managed system performs regular agent-server communication to its Agent Handler instead of to the main ePO server."[1]

                     

                    My understanding of the information in the manual is that the AH is to policy what the SA is to updates.  I can understand how AHs can reduce load on the ePO when it comes to policy enforcement, but do they also handle the forwarding of client events?  I'd think that the forwarding of events would generate more network traffic than policy enforcement.  Even if AH act as a man-in-the middle for client events, how does that reduce load on the ePO (other than sheer number of clients communicating with it)?--I'd think that the actual amount of event traffic would remain the same.

                     

                    Joe Bidgood >> Correct - the AHs need to talk to the SQL db pretty much continually.

                     

                    Does the AH talk directly to the DB or does it talk to the DB through the ePO?  If your DB is hosted on a separate server (off of the ePO), would the AH really talk directly to the SQL server?  If it still talks to the ePO, how much of a reduction in traffic does the AH provide you?

                     

                    Thanks!

                     

                    ---
                    [1] McAfee ePolicy Orchestrator 4.5 Product Guide (McAfee, 2009) 52

                    • 7. Re: Agent Handlers in 4.5?  What's the consensus so far...are they really worth it?
                      JoeBidgood
                      I can understand how AHs can reduce load on the ePO when it comes to policy enforcement, but do they also handle the forwarding of client events?  I'd think that the forwarding of events would generate more network traffic than policy enforcement.  Even if AH act as a man-in-the middle for client events, how does that reduce load on the ePO (other than sheer number of clients communicating with it)?--I'd think that the actual amount of event traffic would remain the same.

                       

                      Joe Bidgood >> Correct - the AHs need to talk to the SQL db pretty much continually.

                       

                      Does the AH talk directly to the DB or does it talk to the DB through the ePO?  If your DB is hosted on a separate server (off of the ePO), would the AH really talk directly to the SQL server?  If it still talks to the ePO, how much of a reduction in traffic does the AH provide you?

                       

                      Thanks!


                       

                      Yes, AHs also handle events. They communicate directly with the SQL server, not via the ePO server: this is how they reduce the load on the ePO server - they bypass it. They don't provide any reduction in traffic, but rather reduce the traffic flowing through a single bottleneck.

                       

                      Regards -

                       

                      Joe

                      • 8. Re: Agent Handlers in 4.5?  What's the consensus so far...are they really worth it?
                        runcmd

                        Yes, AHs also handle events. They communicate directly with the SQL server, not via the ePO server: this is how they reduce the load on the ePO server - they bypass it. They don't provide any reduction in traffic, but rather reduce the traffic flowing through a single bottleneck.

                         

                        Wow!  That's pretty cool!  You learn something new every day!    Thanks for answering my question.

                        • 9. Re: Agent Handlers in 4.5?  What's the consensus so far...are they really worth it?

                          We are still using ePO 4.0

                          We use about 70.000 nodes spread over a few hundred WAN locations globally.

                          we have about 170 distributed repo's.

                          We are now in the early phase to migrate to 4.5 and I am considering to add maybe 3 AH.

                          The epo servers are located in NL (1 application and one DB server)

                          Later I want to add 1 AH in US, 1 AH in Hong Kong and 1 AH in the same location of the ePO servers.

                          You will ask me why I will place an AH beside the ePO server?

                          Because we have around 400 site administrators that can access the ePO console. The webserver part of the ePO server is one main cause of the high load on the ePO server.

                          1 2 Previous Next