Absolutely - this is exactly the correct method for achieving this What you'll need to do is as follows:
1) On Server 1, configure a distributed repo on a machine that will be accessible from Server 2.
2) CRITICAL - configure this repo so that it will only contain updatable content, like DATs and engines. Whatever you do DO NOT allow this repo to contain any McAfee Agent packages.
3) Export the master repository public key from Server 1 and import it into Server 2.
4) Configure a new source site on Server 2, and point it to the newly-created repository.
That's pretty much it
We have a similar situation where our Network 2 does not have access to the internet. We don't actually have a second ePO server on Network 2, we just have a distributed repository on Network 2, and an ePO policy that points those clients on Network 2 to that repository. We only open the ports required for ePO server to McAfee Agent communication, and the port(s) necessary to update the distributed repository. And if the number of nodes on Network 2 is small, you may be able to have your Network 2 nodes update directly from the ePO server using only the ports necessary for server-to-agent communication, which would eliminate the need for a repository on Network 2.
Thanks Joe, that's exactly what I was after. Why should the repository not contain Agent packages? How do you recommend I replicate them to Server 2 instead?
1 of 1 people found this helpful
Why should the repository not contain Agent packages?
The agent package contains the information about the server that created it - so if the agent package from Server 1 gets pulled into Server 2, there's a chance that you'll end up with all of Server 2's clients trying to talk to Server 1. This is almost unanimously bad
How do you recommend I replicate them to Server 2 instead?
You don't - just let Server 2 control its own agent package(s). As and when a new agent version is available, you'll need to check it into Server 2 manually rather than pulling it in from Server 1.
Thanks Joe, that makes perfect sense. Thanks for your help, you'll be pleased to know everything is up and running just as we had hoped.
No problems, glad it's working