1 Reply Latest reply on Aug 19, 2010 4:29 AM by JoeBidgood

    Agent Handlers and McAfee Agent 'Repositories' tab

      I have an single ePO 4.5 P3 server managing 1000 servers in various locations around the US.  Each site is filtered by a firewall; all 1000 servers must pass through a firewall to upload props and events and download updates (SPIPE - 8083-tcp).  Since upgrading to 4.5 P3 from 4.0 P4 I have deployed an agent handler to a new location with much success.

       

      Here is my question:

       

      I have four new sites coming online all connected by 100Mb MPLS to my datacenter, where my ePO server is, and to each other.  I am placing 1 Agent Handler at each location, and all of them in a AH group together.

       

      If I configure my "McAfee Agent, General" policy to "Select repository by: Ping time", will these apply to Agent Handlers, even though I cannot configure Agent Handlers in the "Repository list" in the policy itself?

       

      The effect I want is: when an Agent Handler goes down, the agents at that site will ping the other 3 Agent Handlers to select who they will communicate to instead.

       

      Please help -- this stumped McAfee Gold Support and they told me to call back only if it it didn't work.

       

      Thanks in advance,

       

      Charles

        • 1. Re: Agent Handlers and McAfee Agent 'Repositories' tab
          JoeBidgood
          If I configure my "McAfee Agent, General" policy to "Select repository by: Ping time", will these apply to Agent Handlers, even though I cannot configure Agent Handlers in the "Repository list" in the policy itself?

           

           

          No, it won't - as you're doubtless aware AHs are not distributed repositories: instead they're able to mimic the master repository (so any machine talking to an AH that is trying to update from the master will in fact be getting its files from the AH.) Because of this the agents can't choose between AHs because as far as they're concerned they are all the same

           

          The only way you could get round this would be to put a true distributed repository on the AH machines and use those instead of configuring the clients to update from the master. That way the clients will see multiple repositories and will be able to choose between them.

           

          HTH -

           

          Joe