Hi and welcome.
This is a big environment so start out with!
So just to understand the two servers are still up and agents still reporting to old ?
You have AD sync with the previous server ? Do you automatically push the agent with the sync or is the agent in the image/install with gpo/manually/sccm ?
If syncing, those are the options that can affect your results:
Did you know you can use ePO to transfer systems from one to the other? I find that a bit more elegant.
To test the agent, find your 8 devices in the system tree, select them, select actions, agent, deploy agent and select the option to overwrite the existing install.
With the transfer agent option, they'll just show up in the system tree on the new server. You just need to cross-register the servers in epo (export agent-server keys from new server, import in new server, on old server create a registered of type ePO and provide database servers details of new SQL server so old server can talk to new server sql database and copy agent information.
In regards to traffic, do you know agent 5.0 supports p2p ? On large subnets you can flood you subnets with broadcast traffic so don't make all you agent peer servers but you could make all you servers "peer servers", it is just a setting in the agent policy then use that.
You can also randomize you start time for your tasks: the agent push is not too big, but vse with the full dat file is over 100MB
First of all thank you for the response it is much appreciated.
Both servers old and new are up at the moment, the old server has 'auto push enabled at the moment' and on the new server I have not enabled this to be sure. I'm guess when I decide it is time to roll out this agent from the new server I untick auto push from the old server and tick it on the new server. In regards to our AD sync we have set it up to sync to individual ad group such as 'managed servers' and 'managed computers' so we do not pull down all irrelevant folder names. This allows us to push out agents on one folder then do the other separately.
I've now done all of the transfer of policies, tasks, queries, etc etc... which I think is all in place.
I've rolled out the agent ticking 'Force Installation over existing version' to 10 machines, 3 test servers and 7 of our workstations I can see them as managed which is great, all seems to have worked. I've also done a Run client task now > mcafee agent > product update > dat update and VSE product update to the latest version manually on these machines which appears to work. With the newer EPO we have a slightly newer version of VSE, in our system tree there is only tasks to install the current brand of VSE to new machines, so I'm guessing once we have all the agents out from the new server we will need to setup some tasks to do the upgrade of VSE.
In regards to traffic, you mentioned agent 5.0, I've been told by our reseller that this agent can cause blue screen problems, so I've stayed with 188.8.131.528. What is the best way to push out the VSE update? is there a way of doing as an automated task? Is there a way of staggering this? or would you just recommend creating the task on individual subfolders so this runs one folder at a time, once completed create a task for the update on a new folder and so on?
Do you think in regards to the agents I can just roll them all out at the same time? or is this also worth staggering? If so how would I do this baring in mind that I have two synced folders with AD with the push option will it not just roll out all the agents at the same time?
Correct in regards to VSE, the deployment agent client task will only install VSE on devices that do not have it. You need an agent update task that updates the product to latest patch and hotfix.
In regards to agent 5.0, there are already multiple version of the product. I invite you to read the release notes and manage you risk accordingly. 5.0.3 should be out very soon as it is already in RTS stage, it should be release to world I hope in the start of the new year.
In regards to staggering the agent push, it is a bit more complicated as it is not a client task per say. It really depends on available of the circuits/bandwidth. The following approach works but is a little bit more complicated.
1. Create a query of devices that are not running the latest agent: managed systems, table format, on the "configure chart" set the maximum item to a number you feel appropriate as concurrent deployments.
2. Create a server task that runs periodically (every 30 minutes, every hour ?, it has to be longer than the time to push the agent), select action run query, sub action deploy mcafee agent
So that's pretty much it, then you client update task will take over to update VSE (set a good randomization in there to spread the load)
When creating the query at the result type stage, when you say 'create a query of devices that are not running the latest agent' do I select 'Agent Version (deprecated)' ? as the sort by value?
Could you provide me with the steps to do this?
HI Zade, on the chart page select the maximum item and the value you deem appropriate, the info on the column page is irrelevant, on the filter page Under Agent Properties, Product Version (Agent) select that field and filter on the version that are inappropriate. The deprecated agent version filed can also work.
Hope this helps.
I think I've figured it out, but the agent version on my side is not filled in for the machines that are managed by the 'old server'. Could I do 'managed state = unmanaged' or is there a way of choosing the agent version 'blank'
As you can see there are 2579 machines still with the old epo server, I've been selecting this and just doing a select all and deploying the agent, but I'm finding now that I'm only getting 30/40 completed machines each time (where as the first bulk was like hundreds). Thats why I want the task just to run automatically in the background and just pickup machines as they are powered on throughout the day. Let me know what you think the best way to target these, at the moment they are showing as 'unmanaged' in the system tree i think, maybe I could use the managed state. hmmm
managed stat=unmanaged or agent version blank are both good options.
For those agents still on the old server, do consider the transfer functionality or maybe look at using a system management tool or a GPO script to install the agent as alternative deployment methods.
From the new ePO server, you can push all you want but if all those machines are offline or somehow unreachable it wont do any good. That's why taking actions from the old server is easier since you know the status of the device.