McAfee EPolicy Orchestrator 5.1.0 Software

2y ago
26 Views
3 Downloads
3.57 MB
213 Pages
Last View : 10d ago
Last Download : 5m ago
Upload by : Lucca Devoe
Transcription

Best Practices GuideMcAfee ePolicy Orchestrator 5.1.0Software

COPYRIGHTCopyright 2014 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.comTRADEMARK ATTRIBUTIONSIntel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee ActiveProtection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfeeTotal Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.Other marks and brands may be claimed as the property of others.LICENSE INFORMATIONLicense AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.2McAfee ePolicy Orchestrator 5.1.0 SoftwareBest Practices Guide

Contents1Preface7About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .What's in this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7778Introduction11Using McAfee ePO software in your network . . . . . . . . . . . . . . . . . . . . . . . 11Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Installing and configuring your McAfee ePO software2Configuring your hardware17What affects McAfee ePO performance . . . . . . . . . . . . . . . . . . . . . . . . .Server hardware requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . .Planning your hardware configuration . . . . . . . . . . . . . . . . . . . . . . . . .Using one server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Installing your server in a virtual environment . . . . . . . . . . . . . . . . . . .Sharing the SQL database hardware . . . . . . . . . . . . . . . . . . . . . . .Planning your hard disk configuration . . . . . . . . . . . . . . . . . . . . . . . . .Using a SAN with your SQL database . . . . . . . . . . . . . . . . . . . . . . . . . .3Installing and upgrading McAfee ePO software29Installing McAfee ePO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Upgrading an existing McAfee ePO server . . . . . . . . . . . . . . . . . . . . . . . .Using product version numbers . . . . . . . . . . . . . . . . . . . . . . . . .Determining the best upgrade strategy . . . . . . . . . . . . . . . . . . . . . .Moving the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Moving agents between servers . . . . . . . . . . . . . . . . . . . . . . . . . . .Using the Transfer Systems task . . . . . . . . . . . . . . . . . . . . . . . .4Using the McAfee Agent and your System Tree2929313232343437How the McAfee Agent works . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Deploying agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Creating the McAfee Agent file . . . . . . . . . . . . . . . . . . . . . . . . .Deploying agents from the McAfee ePO server . . . . . . . . . . . . . . . . . . .Using the Active Directory to synchronize McAfee Agent deployment . . . . . . . . . .Deploy the McAfee Agent using a URL . . . . . . . . . . . . . . . . . . . . . .Adding the McAfee Agent to your image . . . . . . . . . . . . . . . . . . . . .Deploying the McAfee Agent using third-party tools . . . . . . . . . . . . . . . . .What the System Tree does . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Using Active Directory synchronization . . . . . . . . . . . . . . . . . . . . . .Sorting your systems dynamically . . . . . . . . . . . . . . . . . . . . . . . .McAfee ePolicy Orchestrator 5.1.0 Software17182424242525283739404142444445464646Best Practices Guide3

ContentsManaging and reporting551Managing endpoint security with policies and packagesManaging policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .McAfee Agent policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Configure an agent-server communication interval . . . . . . . . . . . . . . . . .Send a policy change immediately . . . . . . . . . . . . . . . . . . . . . . . .Deploy packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Using client and server tasks in your managed environment55How client tasks deploy products . . . . . . . . . . . . . . . . . . . . . . . . . . .Product deployment workflows . . . . . . . . . . . . . . . . . . . . . . . . .Configure product updates . . . . . . . . . . . . . . . . . . . . . . . . . . .Modifying McAfee ePO with server tasks . . . . . . . . . . . . . . . . . . . . . . . .7Reporting with queries5556586163Reporting features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .How to use custom queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create custom event queries . . . . . . . . . . . . . . . . . . . . . . . . . .How event summary queries work . . . . . . . . . . . . . . . . . . . . . . . .Create custom table queries . . . . . . . . . . . . . . . . . . . . . . . . . .85152535354Running reports with the web API636465707681Using the web URL API or the McAfee ePO user interface . . . . . . . . . . . . . . . . . . 81McAfee ePO command framework . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Using the web URL Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Using S-Expressions in web URL queries . . . . . . . . . . . . . . . . . . . . . . . . 89Parsing query export data to create web URL queries . . . . . . . . . . . . . . . . . . . 92Web URL query examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95Query with ID number . . . . . . . . . . . . . . . . . . . . . . . . . . . .95Query with XML data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99Query using table objects, commands, and arguments . . . . . . . . . . . . . . . 101Scaling your managed network9Using repositories107What repositories do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Repository types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .FTP repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .HTTP repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .UNC share repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . .SuperAgent repositories . . . . . . . . . . . . . . . . . . . . . . . . . . .Where to place repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . .How many repositories do you need? . . . . . . . . . . . . . . . . . . . . . . . . .Disable server Master Repository . . . . . . . . . . . . . . . . . . . . . . . .Global Updating restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10Using Agent Handlers119Introducing Agent Handlers . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Agent Handler basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Agent Handlers eliminate multiple McAfee ePO servers . . . . . . . . . . . . . . .Agent Handler functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Providing scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Failover protection with Agent Handlers . . . . . . . . . . . . . . . . . . . . .Network topology and deployment considerations . . . . . . . . . . . . . . . . .4McAfee ePolicy Orchestrator 5.1.0 123124126Best Practices Guide

ContentsAgent Handler installation and configuration . . . . . . . . . . . . . . . . . . . . . .Deployment considerations . . . . . . . . . . . . . . . . . . . . . . . . . .Agent Handler configuration overview . . . . . . . . . . . . . . . . . . . . . .Configure Agent Handlers list . . . . . . . . . . . . . . . . . . . . . . . . .Configure Agent Handlers groups and virtual groups . . . . . . . . . . . . . . . .Configure Agent Handlers priority . . . . . . . . . . . . . . . . . . . . . . .Configure assignments for Agent Handlers . . . . . . . . . . . . . . . . . . . .Adding an Agent Handler in the DMZ . . . . . . . . . . . . . . . . . . . . . . . . .Configure hardware, operating system, and ports . . . . . . . . . . . . . . . . .Install software and configure the Agent Handler . . . . . . . . . . . . . . . . .Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129129129131131132132133134135138Maintaining and optimizing your McAfee ePO software11Maintaining your McAfee ePO server143Monitoring server performance . . . . . . . . . . . . . . . . . . . . . . . . . . . .Finding and using Performance Monitor . . . . . . . . . . . . . . . . . . . . .Use "perfmon" with ePolicy Orchestrator . . . . . . . . . . . . . . . . . . . .Check event processing . . . . . . . . . . . . . . . . . . . . . . . . . . .Estimating and adjusting the ASCI . . . . . . . . . . . . . . . . . . . . . . . . . .Estimating the best ASCI . . . . . . . . . . . . . . . . . . . . . . . . . . .Configure the ASCI setting . . . . . . . . . . . . . . . . . . . . . . . . . .Maintaining your SQL database . . . . . . . . . . . . . . . . . . . . . . . . . . .Maintaining the McAfee ePO SQL database . . . . . . . . . . . . . . . . . . . .Recommended tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Recommended daily tasks . . . . . . . . . . . . . . . . . . . . . . . . . . .Recommended weekly tasks . . . . . . . . . . . . . . . . . . . . . . . . . .Recommended monthly tasks . . . . . . . . . . . . . . . . . . . . . . . . .Periodic tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12Bandwidth usage161Agent deployment and bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . .Calculating client updates bandwidth . . . . . . . . . . . . . . . . . . . . . .Bandwidth required to deploy managed products . . . . . . . . . . . . . . . . . . . .Bandwidth recommendations for repository distribution . . . . . . . . . . . . . . . . . .Calculating bandwidth for repository replication and product updates . . . . . . . . .13Automating and optimizing McAfee ePO workflow161162163164166169Find systems with the same GUID . . . . . . . . . . . . . . . . . . . . . . . . . .Purging events automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create a purge events server task . . . . . . . . . . . . . . . . . . . . . . .Purge events by query . . . . . . . . . . . . . . . . . . . . . . . . . . . .Creating an automatic content pull and replication . . . . . . . . . . . . . . . . . . .Pull content automatically . . . . . . . . . . . . . . . . . . . . . . . . . . .Filtering 1051 and 1059 events . . . . . . . . . . . . . . . . . . . . . . . . . . .Filter 1051 and 1059 events . . . . . . . . . . . . . . . . . . . . . . . . .Finding systems that need a new agent . . . . . . . . . . . . . . . . . . . . . . . .Create a new Agent Version Summary query . . . . . . . . . . . . . . . . . . .Update the McAfee Agents with a product deployment project . . . . . . . . . . . .Finding inactive systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Change the Inactive Agents query . . . . . . . . . . . . . . . . . . . . . . .Delete inactive systems . . . . . . . . . . . . . . . . . . . . . . . . . . .Measuring malware events . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create a query that counts systems cleaned per week . . . . . . . . . . . . . . .Finding malware events per subnet . . . . . . . . . . . . . . . . . . . . . . . . . .Create a query to find malware events per subnet . . . . . . . . . . . . . . . . .McAfee ePolicy Orchestrator 5.1.0 2182Best Practices Guide5

ContentsAutomating DAT file testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Pull and copy DAT updates from McAfee . . . . . . . . . . . . . . . . . . . . .Create a test group of systems . . . . . . . . . . . . . . . . . . . . . . . . .Configure an agent policy for the test group . . . . . . . . . . . . . . . . . . .Configure an on-demand scan of the test group . . . . . . . . . . . . . . . . . .Schedule an on-demand scan of the test group . . . . . . . . . . . . . . . . . .Configure an Automatic Response for malware detection . . . . . . . . . . . . . .Create an automatic compliance query and report . . . . . . . . . . . . . . . . . . . .Create a server task to run compliance queries . . . . . . . . . . . . . . . . . .Create a report to include query output . . . . . . . . . . . . . . . . . . . . .Create a server task to run and deliver a report . . . . . . . . . . . . . . . . . .14Plan your disaster recoveryUseUseUseUseADisaster Recovery . . . . . . . . . .server clusters for disaster recovery . . .cold and hot spares on one physical site .cold and hot spares on two physical sites .Additional Information183184187188188189190191193194194197. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197. 198. 198. 198201Ports used to communicate through a firewall . . . . . . . . . . . . . . . . . . . . . . 201Getting more information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203Index6McAfee ePolicy Orchestrator 5.1.0 Software207Best Practices Guide

Preface This guide provides information about suggested best practices for using your McAfee ePolicyOrchestrator (McAfee ePO ) 5.1.0 software. About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.AudienceMcAfee documentation is carefully researched and written for the target audience.The information in this guide is intended primarily for: Administrators — People who implement and enforce the company's security program. Users — People who use the computer where the software is running and can access some or all ofits features. Reviewers — People who evaluate the product.ConventionsThis guide uses these typographical conventions and icons.Book title, term,emphasisTitle of a book, chapter, or topic; a new term; emphasis.BoldText that is strongly emphasized.User input, code,messageCommands and other text that the user types; a code sample; a displayedmessage.Interface textWords from the product interface like options, menus, buttons, and dialogboxes.Hypertext blueA link to a topic or to an external website.Note: Additional information, like an alternate method of accessing anoption.Tip: Suggestions and recommendations.McAfee ePolicy Orchestrator 5.1.0 SoftwareBest Practices Guide7

PrefaceAbout this guideImportant/Caution: Valuable advice to protect your computer system,software installation, network, business, or data.Warning: Critical advice to prevent bodily harm when using a hardwareproduct.What's in this guideThis guide outlines some core recommendations for implementing McAfee ePO software version 5.1.This document is not meant to be a comprehensive guide for all implementations. Instead, use theinformation in this document during these four stages:1234Installing and configuring your McAfee ePO software — Use these chapters: Configuring your hardware on page 3 Installing and upgrading McAfee ePO software on page 3 Using the McAfee Agent and your System Tree on page 3Managing and reporting on your McAfee ePO environment — Use these chapters: Managing endpoint security with policies and packages on page 4 Using client and server tasks in your managed environment on page 4 Reporting with queries on page 4Scaling your McAfee ePO server managed network — Use these chapters: Using repositories on page 4 Using Agent Handlers on page 4Maintaining and optimizing your McAfee ePO software — Use these chapters: Maintaining your McAfee ePO server on page 5 Bandwidth usage on page 5 Automating and optimizing McAfee ePO workflow on page 5 Plan your disaster recovery on page 6This document frequently references other documents in the McAfee ePO documentation set. Theinformation contained in the other guides is not duplicated in this guide, but this guide points you tothat information.To fully understand the recommendations included in this guide, you must have a basic understandingof McAfee ePO software. If you don't have this level of experience, or you need more informationabout the software, consult one of the following documents: McAfee ePolicy Orchestrator Installation Guide McAfee ePolicy Orchestrator Product Guide McAfee ePolicy Orchestrator web API Scripting Guide McAfee ePolicy Orchestrator Log File Reference GuideThese guides are available from the McAfee Support Website.8McAfee ePolicy Orchestrator 5.1.0 SoftwareBest Practices Guide

PrefaceAbout this guideFind product documentationAfter a product is released, information about the product is entered into the McAfee online KnowledgeCenter.Task1Go to the Knowledge Center tab of the McAfee ServicePortal at http://support.mcafee.com.2In the Support Content pane: Click Product Documentation to find user documentation. Click Technical Articles to find KnowledgeBase articles.3Select Do not clear my filters.4Enter a product, select a version, then click Search to display a list of documents.McAfee ePolicy Orchestrator 5.1.0 SoftwareBest Practices Guide9

PrefaceAbout this guide10McAfee ePolicy Orchestrator 5.1.0 SoftwareBest Practices Guide

1IntroductionThe goal of this document is to increase your understanding of the McAfee ePO software so that youcan easily and effectively protect your network.ContentsUsing McAfee ePO software in your networkComponentsUsing McAfee ePO software in your networkMcAfee ePO software is a scalable, extensible management platform that enables centralized policymanagement and enforcement of your security products and the systems where they are installed.It also provides comprehensive reporting and product deployment capabilities, all through a singlepoint of control.Using McAfee ePO software, you can perform these security tasks: Deploy security products and patches to the systems in your network. Manage the host and network security products deployed to your systems through the enforcementof security policies and the creation of tasks. Update the detection definition (DAT) files, anti-virus engines, and other security content requiredby your security software to ensure that your managed systems are secure. Use the built-in query system wizard to create reports that display informative user-configuredcharts and tables containing your network security data. Use a server task to run a query on a regular schedule, create a report, and email it to a list ofusers.McAfee ePolicy Orchestrator 5.1.0 SoftwareBest Practices Guide11

1IntroductionComponentsComponentsThe architecture of the McAfee ePO software and its components is designed to help you successfullymanage and protect your environment.The McAfee ePO server provides these major functions: Manages and deploys products Enforces policies on your endpoints Collects events, product properties, and system properties from the managed endpoints and sendsthem back to McAfee ePO Distributes McAfee software, including new products, upgrades, and patches Reports on your endpoint securityThis figure shows the major McAfee ePO components.Figure 1-1 Major McAfee ePO components12McAfee ePolicy Orchestrator 5.1.0 SoftwareBest Practices Guide

1IntroductionComponentsThe major McAfee ePO components are:1McAfee ePO server — Connects to the McAfee ePO update server to download the latest securitycontent2Microsoft SQL database — Stores all data about your network managed systems, McAfee ePO,Agent Handlers, and repositories3McAfee Agent installed on clients — Provides these features:4 Policy enforcement Product deployments and updates Connections to send events, product, and system properties to the McAfee ePO serverAgent-server secure communication (ASSC) connections — Provides communications thatoccur at regular intervals between your systems and the serverIf remote Agent Handlers are installed in your network, agents communicate with the serverthrough their assigned Agent Handlers.5Web console — Allows users to log on to the McAfee ePO console to perform securitymanagement tasks, such as running queries to report on security status or working with yourmanaged software security policies6McAfee web server — Hosts the latest security content so that your McAfee ePO server can pullthe content at scheduled intervals7Distributed repositories — Installed throughout your network to host your security contentlocally so that agents can receive updates more quickly8Agent Handlers — Reduces the workload of the server by off-loading event processing andMcAfee Agent connectivity dutiesAgent Handlers are most effective when on the same network segment as the McAfee ePO database.9LDAP or Ticketing system — Connects your McAfee ePO server to your Lightweight DirectoryAccess Protocol (LDAP) server or Simple Network Management Protocol (SNMP) ticketing server10 Automatic Responses — Provides notifications to administrators and task automation when anevent occurs11 Web Console — Provides Hypertext Transfer Protocol Secure (HTTPS) connection between theMcAfee ePO server and the web browser using default port 8443.McAfee recommends you not use the default port number for additional security. See McAfee ePolicyOrchestrator Product Guide to change console-to-application server communication port.12 Distributed Repositories — Repository connections vary depending on the type of repository. Forexample, HTTP, FTP, or UDP connections.13 Agent Handlers — Agent Handlers installed in the DMZ require specific port connections. SeePorts used to communicate through a firewall on page 201.McAfee ePolicy Orchestrator 5.1.0 SoftwareBest Practices Guide13

1IntroductionComponents14McAfee ePolicy Orchestrator 5.1.0 SoftwareBest Practices Guide

Installing and configuring yourMcAfee ePO softwareSuccessfully installing and configuring McAfee ePO software on your server isthe first step to protecting your network environment.Chapter 2Chapter 3Chapter 4Configuring your hardwareInstalling and upgrading McAfee ePO softwareUsing the McAfee Agent and your System TreeMcAfee ePolicy Orchestrator 5.1.0 SoftwareBest Practices Guide15

Installing and configuring your McAfee ePO software16McAfee ePolicy Orchestrator 5.1.0 SoftwareBest Practices Guide

2Configuring your hardwareWhen you configure the McAfee ePO software, you must consider many factors, including the size ofyour network and the hardware you use.ContentsWhat affects McAfee ePO performanceServer hardware requirementsPlanning your hardware configurationPlanning your hard disk configurationUsing a SAN with your SQL databaseWhat affects McAfee ePO performanceTo install and use the McAfee ePO server, it's important to know what factors affect the performance ofyour server and the attached SQL database.For example, a McAfee ePO server and database can manage up to 200,000 client systems with onlythe VirusScan Enterprise product installed. But, as you add more software products and clients, thatsame server hardware can no longer provide the performance you expect.Each of these factors affects your McAfee ePO server performance and must be considered as yourmanaged network grows and your security needs change. McAfee ePO server hardware — See the Server hardware requirements on page 18 for serverCPU, RAM, and hard drive recommendations. SQL Server — This server is the main workhorse behind the McAfee ePO server and affects thephysical hardware and the ongoing maintenance of the SQL Server. See Server hardware requirements on page 18 for SQL Server CPU, RAM, and hard driverecommendations. See Maintaining your SQL database on page 151 for table data defragmentation and processesto purge client events.Number of software products installed — Each software product you install adds processingload on the McAfee ePO server and the SQL database.McAfee ePolicy Orchestrator 5.1.0 SoftwareBest Practices Guide17

2Configuring your hardwareServer hardware requirements Number of managed clients and their Agent Handlers — These numbers are proportional tothe McAfee ePO server and database performance. See Server hardware requirements on page 18 for SQL Server CPU, RAM, and hard driverecommendations for the number of managed clients. Each Agent Handler places these fixed loads on the database server: Heartbeat updates every minute Work queue checks (every 10 seconds) Pool of database connections held open to the database (2 connections per CPU to theEventParser service and four connections per CPU to the Apache service)Server hardware requirementsYou must determine the hardware requirements before you install the McAfee ePO software for theMcAfee ePO server, SQL Server, and Agent Handlers, if needed.Because the McAfee ePO server distributes software and content, you might think you need oneMcAfee ePO server for each major geographical region for efficient bandwidth utilization. You don'tneed more than one McAfee ePO server. Many McAfee ePO server users with large and small officesdispersed all over the world use only one McAfee ePO server. These users have repositories, which aresimple file shares, at each office to handle the content distribution.One McAfee ePO server has no technical limit on how many nodes it can manage. The key concept toremember about McAfee ePO servers is less is better. The fewer McAfee ePO servers you have, theeasier it is to maintain your environment. Many users have one McAfee ePO server manage 200,000or more nodes.The theoretical limit of McAfee ePO servers, in relationship to managed nodes, is even higher when youadd Agent Handlers. But adding Agent Handlers directly impacts the performance of your McAfee ePOSQL database.The SQL database, where the McAfee ePO server data is stored, determines the performance of yourMcAfee ePO server. This database is the main workhorse behind the McAfee ePO server. The threeitems that affect SQL performance are CPU, RAM, and disk performance. These three items control theresponsiveness of the McAfee ePO server, from an SQL perspective. McAfee recommends that youexceed the minimum recommendations wherever possible.The following table lists the hardware recommend for various sized organizations.Nodecount18McAfee ePO serverSQL )Harddrive(TB)**CPUcores*RAM(GB)Harddrive(GB) 6–3220–40816–320.5–1.04820–40 See Planningyour hard diskconfiguration20–40 on page 40–80McAfee ePolicy Orchestrator 5.1.0 SoftwareAgent HandlerNotesYou can use asingle serveror VMsBest Practices Guide

2Configuring your hardwareServer hardware requirementsNodecountMcAfee ePO serverSQL ��12840–8032 64–1281–24840–80150,000 Agent HandlerNotes* These are physical Quad-core CPUs running at 2.2 GHz and 7.2 Gigatransfers per second (GT/s)** Estimated event load for 6 monthsTable Notes: These estimates are for a McAfee ePO server running the EndPoint Suite of products. Basic RAM rule — Add 16 GB for every 25,000 nodes.You must use a 64-bit version operating system for the McAfee ePO server. You can use either a 32-bitor 64-bit version for the SQL database server operating system.The following sections offer examples of environments that provide some guidelines for organizationsize and hardware requirements.These examples provide the minimum requirements for hardware. McAfee recommends that you exceedthese requirements to improve performance and allow for growth, wherever possible.Example 1 — Fewer than 10,000 nodesIn an organization with fewer than 10,000 nodes, you can reduce hardware costs by installing theMcAfee ePO server and SQL database on the same physical server. You can also have multiple McAfeeproducts deployed in this environment, such as McAfee VirusScan Enterprise (VSE). Once you add the McAfee Host Intrusion Prevention product, separate the McAfee ePO server and SQLdatabase onto two physical servers.This figure shows an organization with fewer than 10,000 nodes.Figure 2-1 Fewer than 10,000 node McAfee ePO network componentsIn this figure, the McAfee ePO server has:McAfee ePolicy Orchestrator 5.1.0 SoftwareBest Practices Guide19

2Configuring your hardwareServer hardware requirements1The McAfee ePO server and the Microsoft SQL database on the same server.Microsoft does not allow the SQL Express database to exceed 10 GB, and the memory available forthe SQL Server Database Engine is limited to 1 GB.The hardware used for McAfee ePO server and SQL database must be the most recent release ofhardware with these minimum requirements: 4 Quad-core processor CPUs (for example, 16 core processors) 8 GB of RAM 300 GB of free hard drive spaceExample 2 — 10,000–25,000 nodesYou can use a

McAfee ePolicy Orchestrator web API Scripting Guide McAfee ePolicy Orchestrator Log File Reference Guide These guides are available from the McAfee Support Website. Preface About this guide 8 McAfee ePolicy

Related Documents:

users with installed McAfee Endpoint Encryption*, this solution provides an enabling framework to re-motely and securely unlock the hard drive. SOLUTION ARCHITECTURE McAfee ePolicy Orchestrator Deep Command is an add-on module that

4 From McAfee.com, copy the McAfee ePO software to the virtual McAfee ePO server. 5 From the McAfee ePO server, run the setup utility. 6 Using a remote browser, log on to McAfee

Security Target McAfee, Incorporated v9 May 2007 CHAPTER 1 1. Security Target Introduction This Security Target (ST) describes the objectives, requirements and rationale for McAfee Host Intrusion Prevention (HIP) v6.0.2 and ePolicy Orchestrator (ePO) v3.6.1 (Patch 1). The language used in this Security Target is consistent with the Common

McAfee Drive Encryption made up of the encryption software installed on client systems and the managing component on the servers. It is deployed and managed through McAfee ePolicy Orchestrator (McAfee ePO ) using policies. A policy is a set of rules that determines how McAfee Drive Encryption software functions on the user's computer.

McAfee Management of Native Encryption (MNE) 4.1.1 McAfee Policy Auditor 6.2.2 McAfee Risk Advisor 2.7.2 McAfee Rogue System Detection (RSD) 5.0.4 and 5.0.5 McAfee SiteAdvisor Enterprise 3.5.5 McAfee Virtual Technician 8.1.0 McAfee VirusScan Enterprise 8.8 Patch 8 and Patch 9 McA

You also need to determine the number of McAfee ePolicy Orchestrator (McAfee ePO) /McAfee NAC servers required to protect your network. The Sensor is purpose-built for the monitoring of traffic across one or more network segments. For more information, see the McAfee Network Security Plat

McAfee Suite Installer Setup Guide Page 6 McAfee Suite Installer Configure the McAfee ePO Server Log in to ePolicy Orchestrator Log in with the User Name of Admin and the password that you designated during the installation. On first login, y

Death Notice List of Names The Christchurch Press, a division of Fairfax New Zealand Ltd, publishers of The Press, press.co.nz, The Weekend Press, Christchurch Mail, Central Canterbury News, The Northern Outlook, Avenues.