5 Replies Latest reply: May 3, 2013 2:04 PM by pierce RSS

    Agent Handler Connection to SQL

    gdavid

      I see that most of the folks are installing a agent handler in the DMZ that then talks back to an internal EPO App/DB.

       

      Based on the following doc.

         https://kc.mcafee.com/corporate/index?page=content&id=KB66797

      it requires direct access from DMZ -> SQL?

       

      i'm amazed that mcafee configured their agent handlers to work this way instead of being proxied via the EPO application server.

       

      i will probably install a secondary EPO server in the DMZ and use

      roll up reporting to be able to see everything in one place. hopefully this includes most of the data that i need.

         https://community.mcafee.com/people/petersimmons/blog/2012/09/19/connecting-two- epo-servers

       

      is anyone doing anything differently? is there a better way?

        • 1. Re: Agent Handler Connection to SQL
          pierce

          We have just the agent handler in the DMZ, better to have just a service running talking to agents via the secure connection than having a full blown ePO application running there with a web GUI?

           

          You could always install HIPS IPS module on the SQL servers to protect against common database attackes to limit your exposure.

           

          Message was edited by: pierce - added SQL to the server for IPS on 4/26/13 2:52:47 AM CDT
          • 2. Re: Agent Handler Connection to SQL
            JoeBidgood
            i'm amazed that mcafee configured their agent handlers to work this way instead of being proxied via the EPO application server.

             

            This is because the primary roles of agent handlers is to scale horizontally in large environments and reduce the load on the "primary" ePO server, and to provide a degree of redundancy if the primary server is not available, both of which require the AH to talk directly to SQL.

             

            HTH -

             

            Joe

            • 3. Re: Agent Handler Connection to SQL
              gdavid

              @pierce, you make a good point about having a lighter weight installation in the DMZ.

               

              since the machines i'm trying to keep track of are all in the same DMZ, i'm thinking about just installing a node as a superagent to manage that communication.

              • 4. Re: Agent Handler Connection to SQL
                JoeBidgood

                If you have ePO 5 / MA 4.8, then you can make use of the new Relay Server function, which I think will fit your needs.

                 

                HTH -

                 

                Joe

                • 5. Re: Agent Handler Connection to SQL
                  pierce

                  I currently have some mcafee consultants in and they recommended installing a sub ePO in the DMZ if there is a risk of getting into the full network.

                   

                  Also just announced are issues with the agent handler if your running an old one! Might be best talking to the experts on this one to be safe!