Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
942 Views 5 Replies Latest reply: May 3, 2013 2:04 PM by pierce RSS
gdavid Newcomer 10 posts since
Jul 13, 2012
Currently Being Moderated

Apr 25, 2013 9:21 PM

Agent Handler Connection to SQL

I see that most of the folks are installing a agent handler in the DMZ that then talks back to an internal EPO App/DB.

 

Based on the following doc.

   https://kc.mcafee.com/corporate/index?page=content&id=KB66797

it requires direct access from DMZ -> SQL?

 

i'm amazed that mcafee configured their agent handlers to work this way instead of being proxied via the EPO application server.

 

i will probably install a secondary EPO server in the DMZ and use

roll up reporting to be able to see everything in one place. hopefully this includes most of the data that i need.

   https://community.mcafee.com/people/petersimmons/blog/2012/09/19/connecting-two- epo-servers

 

is anyone doing anything differently? is there a better way?

  • pierce Champion 401 posts since
    Feb 22, 2011
    Currently Being Moderated
    1. Apr 26, 2013 2:52 AM (in response to gdavid)
    Re: Agent Handler Connection to SQL

    We have just the agent handler in the DMZ, better to have just a service running talking to agents via the secure connection than having a full blown ePO application running there with a web GUI?

     

    You could always install HIPS IPS module on the SQL servers to protect against common database attackes to limit your exposure.

     

    Message was edited by: pierce - added SQL to the server for IPS on 4/26/13 2:52:47 AM CDT
  • JoeBidgood McAfee SME 2,860 posts since
    Sep 11, 2009
    Currently Being Moderated
    2. Apr 26, 2013 9:34 AM (in response to gdavid)
    Re: Agent Handler Connection to SQL
    i'm amazed that mcafee configured their agent handlers to work this way instead of being proxied via the EPO application server.

     

    This is because the primary roles of agent handlers is to scale horizontally in large environments and reduce the load on the "primary" ePO server, and to provide a degree of redundancy if the primary server is not available, both of which require the AH to talk directly to SQL.

     

    HTH -

     

    Joe




    (Please post questions to the forum, as I am unable to respond to private messages. Thanks!)



  • JoeBidgood McAfee SME 2,860 posts since
    Sep 11, 2009
    Currently Being Moderated
    4. May 3, 2013 2:03 PM (in response to gdavid)
    Re: Agent Handler Connection to SQL

    If you have ePO 5 / MA 4.8, then you can make use of the new Relay Server function, which I think will fit your needs.

     

    HTH -

     

    Joe




    (Please post questions to the forum, as I am unable to respond to private messages. Thanks!)



  • pierce Champion 401 posts since
    Feb 22, 2011
    Currently Being Moderated
    5. May 3, 2013 2:04 PM (in response to gdavid)
    Re: Agent Handler Connection to SQL

    I currently have some mcafee consultants in and they recommended installing a sub ePO in the DMZ if there is a risk of getting into the full network.

     

    Also just announced are issues with the agent handler if your running an old one! Might be best talking to the experts on this one to be safe!

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points