5 Replies Latest reply on Jan 5, 2010 8:52 AM by JoeBidgood

    Managing EPO in low bandwidth network

      Hey,

      We are currently deploying Mcafee EPO in a very low bandwidth network.

      The network is based on two Data Centers.

      Each data center is connected to the two main offices through the lan.

      Each data center is also connected to approximatly 4-8 branch offices with 0.5mbps WAN.

      These lines are also heavily loaded by other applications such as: Exchange, Active Directory, Citrix and etc.

       

      Currently, we deployed EPO with distributed UNC Repositories(Shares), one share for every office.

      We configured a policy for every site that tells the agent to copy the data from the closest repository.(We tried to configured it by ping time and also by configuring a single repository for every site).

       

      EPO should manage: Viruscan and DLP for all the clients and servers in the network.(approx. 500 clients)

       

      While the repositories were trying to replicate, most of them failed after a few minutes and the wan line also crushed because of over bandwidth.

       

      We also tried to configure Mcafee with superagents, but most agents failed to replicate.

      A LAN sniffer(wireshark) shows that although we configured repositories for every sites, clients are still trying to connect to the EPO server all the time.

       

      Any idea how to solve this?

      Thanks,

      Bar Eitan.

        • 1. Re: Managing EPO in low bandwidth network
          JoeBidgood

          Hi...

           

          This is not going to be easy, since there is no getting around the fact that ePO requires a finite amount of bandwidth in order to do its job. All we can try and do is limit the amount being used. With that in mind, here are a few possibilities.

           

          Firstly - with regard to the clients communicating with the ePO server. They are always going to do this, as they need to check for new policies and tasks, and to upload their properties. About the only thing that you can do here is to increase the ASCI (agent-to-server communication interval) in the agent policy so that the clients do not "phone home" as frequently.

           

          With regard to replication, you can try the following:

           

          1) As long as you do not have any products that require the V1 DATs - effectively VSE 8.0 or below - then pull from the commonupdater2 source site, not commonupdater. This contains the V2 DATs only, which will halve the amount of data being replicated each day.

          2) Consider removing the repositories in the branch offices and allowing the clients to update from distributed repositories in the data centres. Assuming V2 DATs, as long as the client machines are not more than 35 DATs out of date, then the bandwidth hit of 500 machines pulling a <200KB incremental .GEM file will be much less - and will have a far greater chance of succeeding - than trying to replicate a minimum of 50MB to 8 repositories.

           

          Hopefully that gives you some ideas.

           

          Regards -

           

          Joe

          • 2. Re: Managing EPO in low bandwidth network

            Hi...

            Thanks for the quick answer, we are dealing with this issue for months.

            Do you suggest to setup a second EPO server in the second datacenter or to keep using only one EPO and one distributed repository(for the second datacenter?

            In case that we decide to go for the second option(Distributed repository) for the second data center. Is there a way to make all the clients in this site to check for new policies with this repository?

             

            What is the suggested ASCI for this kind of network?

             

            There are only 7 clients which must work with the older version of VSE(8.0)-because of a software that is based on the older VSE.

            How can I ensure that only these clients downloads the V1 DAT and all other clients will download the .gem files?

            Thank You.

            • 3. Re: Managing EPO in low bandwidth network
              JoeBidgood

              bar.eitan wrote:

               

              Hi...

              Thanks for the quick answer, we are dealing with this issue for months.

              Do you suggest to setup a second EPO server in the second datacenter or to keep using only one EPO and one distributed repository(for the second datacenter?

              I would keep one ePO server and just have a distributed repo - I see no need for two servers: it would be a lot more work for no real benefit...

               

              In case that we decide to go for the second option(Distributed repository) for the second data center. Is there a way to make all the clients in this site to check for new policies with this repository?

               

              Clients check with the ePO server for new policies, not with a repository - so the clients are always going to need to talk to the ePO server. If you want to make sure that the clients only update their DATs from the repository and not from the master repository on the ePO server, then this can be configured in the agent policy.

               

              What is the suggested ASCI for this kind of network?

               

              Unfortunately that's an impossible question to answer - it depends entirely on your environment. I would monitor the situation and if you find that the agent-to-server traffic is causing you problems, increase the ASCI. The default setting is for the clients to talk to the server every hour: you could try extending this to a two, three or maybe four hour interval.

               

              There are only 7 clients which must work with the older version of VSE(8.0)-because of a software that is based on the older VSE.

              How can I ensure that only these clients downloads the V1 DAT and all other clients will download the .gem files?

               

              The agent on the machine will determine the correct DAT files to download - you don't need to do anything else. Unfortunately this means that you will still need to pull the V1 DATs from McAfee, but at least you won't need to replicate them every day.

               

              Regards -

               

              Joe

              • 4. Re: Managing EPO in low bandwidth network

                Hi,

                One more question...

                For security reasons our network is isolated from the internet-the only way to transfer files to the network is by burning it on a cd.

                In order to update the DAT files we download the full SDAT from mcafee once a week and check it into EPO.

                How can we transfer to our repository the DAT V2 files?

                 

                thanks,

                Bar

                • 5. Re: Managing EPO in low bandwidth network
                  JoeBidgood

                  You can download and check in the ePO DAT package from the download site  here - ignore the fact that it says it is only for ePO 3. (You check in this package as though it were any other product - it contains the full set of files for both the V1 and V2 DATs.)

                   

                  Once a week is really not often enough, though - I would recommend most strongly that you do this once a day.

                   

                  Regards -

                   

                  Joe