1 Reply Latest reply on Jul 30, 2015 11:17 AM by jhall2

    Drive Encryption user/policy synchronization

    seilemor

      Hello,

       

      I've one question regarding the usage of DE/EEPC:

       

      To update the user permissions with the ePO server (ALDU option enabled) or to update the DE policy it is necessary to synchronize the DE agent with the ePO server. The sync process is splitted in different steps which automatically be executed if the client perform a agent-server communication. To complete the synchronization within some minutes (without wait for the agent-server communication) it is possible to trigger the steps with the button "Check new policies" and "send events". All about it is not very user friendly.

       

      How you handle this topic?

       

      Example scenario:

      A new user need permission for DE login and has logged into Windows. The ALDU function will grant the permission to the user... but when will the sync started and how long need the sync???

       

      Regards

      Moritz

       

      PS: in the old SafeBoot v5 agent there was a "Synchronize" button available... :/

        • 1. Re: Drive Encryption user/policy synchronization
          jhall2

          With ALDU enabled, upon the next Agent to Server Communication (ASCI), the ALDU event will be generated and the user will be added to the system. By default, McAfee Agent will upload events every 5 minutes. Once the event is sent, generally it will take about a minute for ePO to respond via a special agent wakeup call that the ALDU process is complete. A get user information event is then generated and to request user updated user information including information for the user that was just assigned via ALDU. This again will be sent at a 5 minute interval and ePO will then respond to the client with the user data package.

           

          It is expected that from time of policy enforcement until the Drive Encryption Agent is finished it will take between 15 to 20 minutes. After the system boots, by default, if the machine has not connected to ePO in the past few hours, McAfee Agent will communicate to ePO within the first 10 minutes after booting the system. Assuming ePO has a network connection to the client machine and can perform an agent wakeup call, it will take around 30 minutes from boot up to the time the ALDU user is added.

           

          You are correct that you can speed this up if needed. By clicking Collect and Send Props and sending events when they are generated, the time can be reduced to just 2 or 3 minutes.