3 Replies Latest reply on Nov 10, 2011 1:26 PM by DC-SG

    Agent Handler (AH) Configuration/Architecture Best Practice


      Hello All,

      Hope you all are well.  I would like to ask you some advice.


      I plan to build a new ePO 4.5 MR3 on a 2008 OS/SQL to consolidate all assets from 5 different ePO servers.   Since each current ePO server serves its own domain with different numbers of assets (or managed systems), I would like to use AH in the new ePO server.  All current ePO servers are in 2 very large buildings, not too far from each other,  or similar to campus. Below are estimate assets in each current ePO server.


      1) ePO1:  ePO 4.5 MR2 with  7,000 assets

      2) ePO2:  ePO 4.5 MR2 with  4,000 assets

      3) ePO3:  ePO 4.5 MR2 with  2,000 assets

      4) ePO4:  ePO 4.5 MR2 with  2,500 assets

      5) ePO5:  ePO 4.5 MR2 with  3,000 assets


      I would appreciate if you could provide advice to build and/or configure the AH in my new ePO.


      Best Regards,




        • 1. Re: Agent Handler (AH) Configuration/Architecture Best Practice

          The question to ask yourself is why you need agent handlers in this scenario. at all ?

          Any agent handler needs a very good link to the ePO and Sql server as there is a lot of heavy data exchange going on.

          Agent handlers should not be considered the same a Distributed Repositories for example. They are not.


          Also, if building from scratch ePO 4.5 Patch3 is rather old. If you really need to be on ePO 4.5 instead of ePO 4.6 please consider ramping it up to ePO 4.5 patch 5.

          Significant improvements exist between patch 3 and patch 5, especially in respect to products heavy on the datachannel, such as endpoint encryption (eepc), data loss prevention (dlp) and policy auditor (pa).


          In the McAfee Knowledge Base, search for:

          PD22508 - ePolicy Orchestrator 4.5 Agent Handler White Paper




          This will break out some appropriate scenarios for AH use.





          1 of 1 people found this helpful
          • 2. Re: Agent Handler (AH) Configuration/Architecture Best Practice

            I would just build the new ePO server and leave it at that, no need for the AH. We manage many 10s of thousands of machines all over the world straight off an ePO 4.5 server with no issues. If you have slow WAN links anywhere then nominate some machines in each of those remote locations as SuperAgent repositories.



            1 of 1 people found this helpful
            • 3. Re: Agent Handler (AH) Configuration/Architecture Best Practice

              Hello All,


              I have been busy planning for the new ePO server that I forgot my question about AH.

              So the consensus is to use SADR and stay away from AH.


              Joe: Your observation about  old ePO4.5 MR3 and why not MR 5 or ePO 4.6  is right.  The problem is that I have to comply to my client's requirements.


              Appreciate your advices and have great weekend.