3 Replies Latest reply on Jun 28, 2011 8:47 AM by dylan_s

    SuperAgent Repository Q

      We have a 4-site network with 3 remote sites connected to a central data center, where the ePO server is located. 

       

      2 of the 3 remote sites only have a handfull of users.

       

      1 site is aproximately 120 PCs & 5 servers.  This site is experiencing general low WAN bandwidth issues.  While examining the traffic traversing the WAN links, I noticed that a recent McAfee deployment from the ePO server resulted in almost 1GB of traffic between the client and the server for 4.5 agent & 8.8 VSE installs.

       

      Sounds like a case where a SuperAgent repository might come in handy.  Reading the blog post on distributed repositories, it sounds like it won't save bandwidth for DAT updates (fine, they are not a top traffic item anyway).  

       

      1) If the distributed repository is configured to hold the agent, VSE and VSE patches, will new client deployements on the subnet containing the SuperAgent repository pull from that location or will they still pull from the ePO server?

       

      2) When you create the SuperAgent and repository, does ePO immediately replicate everything to the repository or do you have to configure the repository contents before replication begins?  ....IOW, I don't want to create the repository during the day and wind up crushing the WAN with replication.

        • 1. Re: SuperAgent Repository Q
          Arjen

          The superagent repository can contain also the definition updates. So it can also save bandwith for those updates as well. The only thing that a superagent repository won't do is collect client properties and provide policies to the clients.

           

          Clients are pointed to s uperagent repository based on the settings in the agent policy that you assign to thhe clietn.

          If you use multiple repositories, agents can determine the nearest repository based on either ping time or subnet value, or you can assign a list to the clients.

           

          Replication to the repositories will be done by a scheduled server task that you can run at any time you want. Keep in mind that if you have global updating enabled, the replication will also occur if a new product or update is added to the master repository.

          1 of 1 people found this helpful
          • 2. Re: SuperAgent Repository Q

            My concern about the DATs and bandwidth is based on this blog:

             

            "Conclusions

            Some ePolicy Orchestrator users put a repository at geographic sites that have only a few dozen nodes. If your site does not have at least 200 to 300 nodes it cannot benefit from the bandwidth saved using a repository. If there is no local repository, the agents will go to the next nearest repository for their updates. This repository might be across a WAN link but it will still use less bandwidth since you don’t have to replicate the entire repository across the WAN."

             

             

            https://community.mcafee.com/community/business/epo/blog/2011/04/06/using-epo-di stributed-repositories-to-keep-your-security-software-up-to-date

            • 3. Re: SuperAgent Repository Q

              Just to follow up:

               

              I created a superagent repository a week or so ago on this subnet and specified a replication task  for the agent, products and DATs for 5am, before work hours. DAT replication looks to be around 115 MB daily.

               

              To keep agents outside of the subnet from using the repository, I created 1 agent policy to ignore that repository, using only the data center repository w/ http fallback.  Agents in that subnet have a second agent policy to use that repository 1st, the data center repository 2nd then the http fallback.

               

               

              So far so good