6 Replies Latest reply on Sep 2, 2016 8:42 AM by p0grit0

    ePO Reporting Capabilities

    p0grit0

      Hello experts,

       

      We are planning to setup a new ePO to the plant we are building, now the client is asking whether their existing ePO can see the reports or run queries on the new ePO. FYI, the existing ePO is behind a firewall (Outside Interface) and the new ePO will be located on the safer zone of the firewall (Inside Interface).

       

      Thanks so much and more power to all of you.

        • 1. Re: ePO Reporting Capabilities
          andrep1

          it all depends on the firewall rules you'd be willing to put in.

          They could have direct access to log on or you could us roll up reporting to copy flattened data table from the new to the old. For this to work, the old ePO need to be able to talk to the new db server.

          • 2. Re: ePO Reporting Capabilities
            p0grit0

            Thanks Andre, although do you have sample configuration for this?

            • 3. Re: ePO Reporting Capabilities
              andrep1

              For the roll up reporting, the roll up server (existing) needs access to the new sql server on tcp 1433, unless using an instance then you need to use the instance's port

              Understand that roll up is just flat files:when you click on a system, it is the only thing you can see. You can't drill down to events. Same thing the other way around. So a little bit like export to a csv.

               

              Simplest is to have firewall rules allowing all clients to connect to the new ePO. Managing two ePO is more work than one. Some might suggest an agent handler, but that requires opening up the firewall for ePO and SQL.

               

              It really depends on requirements and constraints

              • 4. Re: ePO Reporting Capabilities
                p0grit0

                Hi again Andre,

                 

                This is basically the architecture, there's an existing Corporate ePO and we are adding 2 more servers for the new plant we are building.

                1. DMZ ePO will get update files from Corporate ePO.

                2. Office ePO will get update files from DMZ ePO, install agents to clients, monitor and manage clients and enforce policies.

                 

                Now we want to know how the Corporate ePO will be able to monitor events on the Office ePO.

                • 5. Re: ePO Reporting Capabilities
                  andrep1

                  You can't real time monitor from one ePO to the other one. Best bet is one ePO server behind the firewall and ensure all your agents can talk to you ePO . An ePO server, properly sized, can handle hundreds of thousands of clients.

                  McAfee KnowledgeBase - Ports needed by ePolicy Orchestrator for communication through a firewall

                  Alternatives is to procure a SIEM tool to integrate events from your ePO server, firewall, etc... (Like HP Arcsight, McAfee Nitro, IBM Qradar, etc)

                   

                  To me a few firewall changes and a single ePO is the easiest and less costly.

                  • 6. Re: ePO Reporting Capabilities
                    p0grit0

                    Well I guess the best bet I have is the roll-up reporting.

                     

                    Anyway, thanks again Andre! You've been really helpful.