I wouls suggest reviewing the epo_460_product_guide_en-us.pdf (PD22975), pg. 91, Using local distributed repositories that are not managed. This provides a method of creating a repository which is not one of the managed types - FTP, HTTP Server, or UNC share. Hope this helps!
Secure ftp is not supported.
Content is secured and validated using other means by the products themselves during update.
The details of how that is achieved is not a subject for public discussion, as i'm sure you can understand
The one not mentioned is the SuperAgent repository which use the Agent communication channel over SSL (port 443 by default).
That would be the most secure as the channel is secured as well as the validation by the product which will still take place.
If you are still concerned about the security of site content please reach out to McAfee Labs.
Thanks for the Reply.
Would this type of repository be best suited for access from the Internet? Would it need to go in the DMZ?
I bet you get these types of questions alot, I have read a few of these posts but have not come across one yet that stipulates exactly how to setup an external facing repository.
Many Thanks in Advance
In that scenario personally I think placing an Agent Handler in the DMZ would be more suitable so you can actually manage these machines as well as update although it's hard to be certain because we would need to know more detail on your exact requirements to be sure.
For example if you only want them to get content updates, you might want to just leave them defaulted to get that from the McAfee sites directly, as it'll be much simpler.
For Agent handlers, please review support white paper: PD22508 - ePolicy Orchestrator 4.5 Agent Handler White Paper.
This can be accessed via the McAfee knowledge base.
An SA repository is not really best suited for external use.
Providing internally it can reach the Agent handler in the DMZ, yes.
It's perhaps more likely that internally a machine would reach out the ePO server first rather than a machine in the DMZ, but still that's all user-defined by Agent policy as you need.
At this point it might be worth calling into McAfee support to have a 1:1 discussion with our tech guys on how to configure ePO to your best advantage. I suspect it'll be more benefical