Specifications

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE

8



ServerRedundancy

Itisriskytohaveasinglephysicalserverforyourenterprise,evenifyoutakeregularbackups.Werecommend

youtotakestepstoexpediterecoveryfromanoutageinaccordancewithanestablishedBusinessContinuity

andDisasterRecovery(BCDR)plan.



HotBackupDatabases

IncreasetheredundancyofthesystembyreplicatingtheEndpointEncryptionObjectDirectorytoasecond



physicalserver.Adedicatedreplicationtool“ObjectDirectoryBackup”whichisoptimizedtofollowthe

changelogofanEndpointEncryptionv5ObjectDirectoryissuppliedwiththeproductsuite.



Inthiscasesetuparesilientsystemusingtwophysicalboxes,bothhostingEndpointEncryptionServers–one

hostingthemasterOD

Bandtheotherhavingahotbackup.Incasethemasterserverfails,theEndpoint

EncryptionServeronthesecondbackupboxcanberestartedin“master”mode.Thenrebuildorreplacethe

affectedmachineandcreateanewmaster.



TheODBBackuputilitycanalsobeusedtomakeregularbac

kupsoftheODB,givingfurtherrecoveryoptions

incaseofadisaster.Thismethodhowever,requiresmanualinteractiontostartthefailover.



AHotBackupdocumentdiscussingthis scenarioisavailable.



Clustering

Fullyautomatedfailoversforapplicationsusuallyemployaclusterserverenvironment.AlthoughtheMcAfee

EndpointEncryptionObjectDirectoryandManagercanrunonacluster,werecommendagainstusing‘shared’

resourceswherepossible.AsperMcAfeeKB53698,WindowsClusterenvironmenthasnotbeenfullytestedat

thistimeinengineering.



LoadBalancing

GiventhebestconfigurationisusuallyasinglehighperformanceserverwithDASthentheleastoptimalwayto

performclusteringistoputtheObjectDirectoryonanetworkshare(NAS)andtheninstalltheManagement

Centerontwoserverswhichaccessthesharesimultaneously.



NOTE:Thelatterwillfunctio

n,butitwillbesignificantlydetrimentaltoserverperformance.



Youshouldnotethatifyouusespecialloadbalancingswitchestosplitnetworkload,youshouldsetthemto

alloweachclientactiveconnectiontooccurwiththesameswitchthroughoutthesyncevent(andnot

split/distributeeachpacketdu

ringasinglesync).



Makingremoteconnectionstothedatabaseisslowerthanlocalconnections,sothisdesignisoftentooslow

toworkeffectively.



IfDASisnotusedandthereareissuessuchasperformance,objectcorruption(especiallyasobjectnumbersin

theMcAfeeEndpointEncryptionObjectDire

ctoryincrease)McAfeesupportwillrecommendmovingtoDAS

andhighperformancededicatedserver.



IfaSANistheonlyoptionavailable,pleasenoteSANarrayscanprioritizetheconnectionstothephysicalbox

inwhatisknownasTierlevels.Tier1isthehighestpriority,Tier3isthelo

west.McAfeeEndpointEncryption

needsoptimaldiskaccesssowouldneedTier1prioritywithdedicatedLUNStoprovidethehighestspeed

connection.Thisisnecessaryforfullandpromptservicesynchronizationrequestsandadministration.This

avoidscorrupteddatabases,objects,clientsandslowadministrationperformance.RunningonSANisnot

recommended,bu

tifitmustbedone,thentheconnectionmustbeTier1.