6 Replies Latest reply on Nov 4, 2011 4:50 AM by JoeBidgood

    Distributed Repositories

      Hi all, this should be a simple question. I'm relatively new to EPO and am trying to get my head around a few new concepts.


      My organisation currently has one EPO server in our corporate network (Network 1), connected to the internet. I'm currently setting up another EPO server in another network (Network 2) which has higher security requirements, is not connected to the internet, and has restricted connectivity to the corporate network.


      I haven't found the McAfee documentation particularly clear on the relationships between servers/repositories so I was hoping someone with some experience could clarify the following for me.


      I would like to pull updates from the EPO server in Network 1 into the EPO server in Network 2 through a one-way firewall. My question is; is it possible to do this with a Distributed Repository?

        • 1. Re: Distributed Repositories



          Absolutely - this is exactly the correct method for achieving this   What you'll need to do is as follows:


          1) On Server 1, configure a distributed repo on a machine that will be accessible from Server 2.

          2) CRITICAL - configure this repo so that it will only contain updatable content, like DATs and engines. Whatever you do DO NOT allow this repo to contain any McAfee Agent packages.

          3) Export the master repository public key from Server 1 and import it into Server 2.

          4) Configure a new source site on Server 2, and point it to the newly-created repository.


          That's pretty much it


          HTH -



          • 2. Re: Distributed Repositories

            We have a similar situation where our Network 2 does not have access to the internet.  We don't actually have a second ePO server on Network 2, we just have a distributed repository on Network 2, and an ePO policy that points those clients on Network 2 to that repository.  We only open the ports required for ePO server to McAfee Agent communication, and the port(s) necessary to update the distributed repository.  And if the number of nodes on Network 2 is small, you may be able to have your Network 2 nodes update directly from the ePO server using only the ports necessary for server-to-agent communication, which would eliminate the need for a repository on Network 2.

            • 3. Re: Distributed Repositories

              Thanks Joe, that's exactly what I was after. Why should the repository not contain Agent packages? How do you recommend I replicate them to Server 2 instead?

              • 4. Re: Distributed Repositories

                Why should the repository not contain Agent packages?


                The agent package contains the information about the server that created it - so if the agent package from Server 1 gets pulled into Server 2, there's a chance that you'll end up with all of Server 2's clients trying to talk to Server 1. This is almost unanimously bad



                How do you recommend I replicate them to Server 2 instead?


                You don't - just let Server 2 control its own agent package(s). As and when a new agent version is available, you'll need to check it into Server 2 manually rather than pulling it in from Server 1.


                HTH -



                1 of 1 people found this helpful
                • 5. Re: Distributed Repositories

                  Thanks Joe, that makes perfect sense. Thanks for your help, you'll be pleased to know everything is up and running just as we had hoped.

                  • 6. Re: Distributed Repositories

                    No problems, glad it's working


                    Regards -