We recently purchased a second EG-5500 with the intention of clustering it with the appliance we already have. We are using our existing IronMail to process both inbound and outbound mail and are utilizing the encrypted email component. Our current environment is v6.7.2 and the new appliance has v7.0 preinstalled. It is my intention to cluster the two appliances at two separate physical locations. My preference would be to upgrade our previously existing appliance to v7.0 rather than downgrade the new appliance to v6.7.2. I have encountered a few problems while thinking this process through...
1.) We have many custom content filter dictionaries with many entries. One dictionary has over 2,000 entries. We also have a rather large administrative whitelist. It is my understanding that there is no upgrade path from v6.7.2 to v7.0 and that the dictionaries would need to be rebuilt by hand (or a custom script would need to be created to somehow convert the text files of 6.7.2 to the XLM format of 7.0). The support representative I spoke with indicated that McAfee is working on a tool to convert dictionaries but it is not yet publicly available. Has anyone else converted their environment to v7.0 and, if so, how did you handle the migration of your dictionaries and the administrative whitelist?
2.) My support representative indicated that the encrypted email component is only supported in a clustered configuration with v7.0 on patch 1 and only in a push configuration. Patch 2 is supposed to support push and/or pull in a clustered environment but there is currently no official release date for Patch 2. We utilize both push and pull. Is anyone else utilizing encrypted email in a clustered configuration? If so, how did you implement it?
3.) An alternative is to run the two appliances independently; however, this poses its own set of problems: (a) Multiple quarantine release notifications would be generated--at least one from each appliance daily. This would cause confusion for end users. (b) Separate encrypted email profiles on separate appliances, with the possibility of unique user passwords on each. This would confuse recipients of encrypted emails.
Any thoughts or comments would be greatly appreciated. Thank you.