Manualshelf

Specifications

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
31323334353637383940
The EMEA offices have another data center in the UK with several other offices across EMEA. These
other offices range from 200 nodes 3,000 nodes. The one ePO server resides in the UK data center
and runs VirusScan Enterprise, Host Intrusion Prevention System, and SiteAdvisor.
The APAC offices include two smaller offices.
Region Office Number of nodes Servers
U.S. New York, Data Center 7,000 Repository
U.S. Office 1 5,000 Repository
U.S. Office 2 6,000 Repository
U.S. Office 3 5,000 Repository
EMEA U.K., Data Center 3,000 McAfee ePO server
EMEA Office 1 200
EMEA Office 2 1,000 Repository
EMEA Office 3 3,000 Repository
APAC Office 1 500
APAC Office 2 300
U.S. region servers
Put one server class client, for example dual processor 3 Ghz and 8 GB of RAM, at each site in the U.S.
EMEA region servers
Use the Systems Management Server (SMS) and install SuperAgents at each office in the EMEA since
they are smaller sites. Your repository does not have to be dedicated to McAfee as long as it's not
serving files to several thousand agents.
APAC region servers
There are small offices in the APAC region with slow WAN links back to the McAfee ePO server in the
UK. Plus these WAN links are already saturated with traffic. This means replication from the McAfee
ePO server to an APAC repository is not feasible unless it is done during off hours. This is a reasonable
option if you want to put SuperAgents in APAC.
Fortunately, the APAC offices each have their own fast dedicated connections out to the Internet and
do not have to route Internet traffic back to the data center in the UK. That provides two potential
solutions:
You can adjust the client tasks in APAC to have them go to the next nearest repository which may
be in California.
You must completely randomize the agents updating schedule so you
spread their updates throughout the day.
You can put a SuperAgent in the DMZ (publicly accessible on the Internet) at one of our data
centers. Then adjust the APAC client tasks forcing them to only update from this SuperAgent in the
DMZ. Because the SuperAgent is local to the data center replication from ePO will be very fast. And
since the agents don’t have to use a WAN link and can go straight to the Internet your slow WAN
bandwidth concerns are solved.
Repositories
Determine repository count
3
McAfee
®
ePolicy Orchestrator
®
4.0 and 4.5 Best Practices Guide
31