7 Replies Latest reply on Nov 23, 2009 6:18 PM by GWIRT

    ePO Agent Key Updater

    Quitch
      This is one of the options for updates. What component does it represent, or rather what does this component represent?
        • 1. RE: ePO Agent Key Updater
          i'm encountering this as well. anyone can help?
          • 2. RE: ePO Agent Key Updater
            Laszlo G
            I'm not really sure, perhaps it's used to manage the public key used between ePO server and McAfee Agents...?
            • 3. RE: ePO Agent Key Updater
              dustrho
              I know this is an old thread, but I'm curious to know what this is as well.

              Anyone?
              • 4. RE: ePO Agent Key Updater
                SuperDAT
                The below is in ePO's product guide, may be able to help you guys.


                Agent-server secure communication (ASSC) keys
                • The first time the agent communicates with the server, it sends its public key to the server.
                • From then on, the server uses the agent public key to verify messages signed with the
                agent's secret key.
                • The server uses its own secret key to sign its message to the agent.
                • The agent uses the server's public key to verify the agent's message.
                • You can have multiple secure communication key pairs, but only one can be designated as
                the master key.
                • When the client agent key updater task runs (ePO Agent Key Updater 3.5.5), agents
                using different public keys receive the current public key.
                • If you are upgrading from ePolicy Orchestrator 3.6 or earlier, a legacy key is retained. If
                you are upgrading from ePolicy Orchestrator 3.6.1, the legacy key is the master key by
                default. If you are upgrading from ePolicy Orchestrator 4.0, the master key is unchanged.
                Whether or not you upgrade from version 3.6.1 or 4.0, the existing keys are migrated to
                your ePO 4.5 server.
                • 5. RE: ePO Agent Key Updater
                  Hello

                  Yes this updates keys, but should i enable this option?

                  Is this enabled in you´r installation? and if i enable or not is there any problems whith that?

                  Now it´s not enabled in update task.

                  I´m running epo 4.5, vs 8.5 and agent 4.0 with all the latest SP:s
                  • 6. Re: RE: ePO Agent Key Updater
                    David.G

                    So... does this mean there's no need to enable this update task if we're running ePO 4.5, upgraded from 4.0. As I understand the guide's extract, ePO 4.5 migrates the server key thus there should be no need for this update task, right?

                     

                    I'm going to go with "if it ain't broken, don't touch it" approach, but would still like to understand as many of the features as possible.

                     

                    Thanks.

                    • 7. Re: RE: ePO Agent Key Updater
                      GWIRT

                      Ideally, you would want to keep the Key Updater enabled. This will run if there is a change in the keys (e.g you promote a new master key). If you disable this component, the agents will not be able to stay up-to-date with the latest keys.