3 Replies Latest reply on May 17, 2012 8:59 AM by mrandolp

    do you use one install for desktops and servers?

    ehbeta

      Hi, I am just looking into the industry standard for deploying Antivirus to the enterprise of say 10,000 users or more.  Do you typically use one central install of antivirus such as McAfee to manage both your server environment and your desktop environment? OR is the standard to run seperate installations and manage the desktops and servers independent of each other ?

       

      I also have the same question when it comes to deploying Windows updates as well.  Are your servers and desktops managed together to manage seperately through seperate installations ?

       

      What is the standard or typical deployment?

       

      Thanks

        • 1. Re: do you use one install for desktops and servers?
          mmcgary

          McAfee ePolicy Orchestrator will manage all of your desktops and servers from one server or multiple servers. You may also add distrubuted repositories to balance the load in a large environment such as yours.

          • 2. Re: do you use one install for desktops and servers?
            pierce

            AS mmcgary says you can have all your machines in the same folder. under the system tree I have a 'Servers' folder and a 'workstation' folder and then manage them that way with two separate teams managing 2 separate policies etc...

             

            the installer is always the same so updates are handled the same way. just policies and tasks (when to run a full scan) that differ

            • 3. Re: do you use one install for desktops and servers?
              mrandolp

              Hi, ehbeta.  As stated above, I would recommend setting up a server group and a workstation group.  Under your server group, you can setup sub groups if needed.  If you have servers with apps that need exclusions,  you can either create a sub group for those servers and move the servers to the group, then you can go in add the exclusions only to that group. Once you added the exclusions and saved send an agent wakeup call.  This can also work for workstations.  ePO console is a great tool.  Some items to consider.

               

              1. Create a task to deploy the Agent.  Each workstation and server will need the Agent installed.  Reboot is not required.

              2. Create a task to install VSE 8.8. ePO is smart enough to know which devices are workstations and which ones are servers.

              3. Create an On Demand scan task.  (I would not recommend running the ODS on servers during the day.  (Schedule for a slow time.)

              4. Before doing any of the above, make sure you have downloaded all of the required packages, and check them in.

               

              Also I would recommend testing on a small group before deploying everywhere.

              Note:  When deploying VSE to servers or workstations, they will need to reboot.  VSE will still work, but it is recommended to reboot after installation.

               

              Hope this helps.

              Mike

               

              Message was edited by: mrandolp on 5/17/12 7:59:24 AM GMT-06:00