Specifications

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE

• Collects and sends its properties to the McAfee ePO server or Agent Handler

• Checks to see if any policy changes or client tasks have occurred on the McAfee ePO server and

pulls down the changes to the client

For example, if any change is made to a policy for a point-product managed by ePolicy Orchestrator,

such as VirusScan Enterprise, Endpoint Encryption, or Host Data Loss Protection, at the ASCI time that

change is pulled down by the agent and applied to the endpoints.

Ask how often changes occur for endpoint policies on your McAfee ePO server. For most organizations,

once your policies are put in place they do not change very often. Some organizations change an

endpoint policy less than once every few months. That means a system calling in every 60 minutes

looking for a policy change (approximately eight times in a typical work day) might be excessive. If

the agent does not find any new policies to download it will rest until the next ASCI then check again

at its next scheduled check-in time.

When determining your ASCI, the concern is not necessarily a waste of bandwidth. ASCI

communications are extremely light and only a few kilobytes per ASCI. The concern is the strain put

on the McAfee ePO server with every communication from every agent in larger environments. All of

your agents need at least two communications per day with the McAfee ePO server. This requires a

180 – 240 minute ASCI in most organizations.

For smaller organizations, less than 10,000 nodes, the ASCI number is not a concern and can be as

frequent as 60 minutes. But for larger organizations you want to make sure you do not keep the

default setting of 60 minutes, and use the 3 – 4 hour range for your ASCI.

For a much larger organization, 60,000 nodes or greater, the ASCI setting is much more important. If

your McAfee ePO server is not having performance issues, you can use the 4 hour ASCI interval. But if

there are any performance issues consider increasing your ASCI to 6 hours, possibly even longer. This

significantly reduces the number of agents that are simultaneously connecting to the McAfee ePO

server and improves performance on the server.

You can determine how many connections are being made to your

McAfee ePO server by using the ePO Performance Counters. See

Determining if your server has performance problems.

The following table provides ASCI basic guidelines.

Node count Recommended ASCI interval

100 – 1,0000 60 – 120 minutes

10,000 – 50,000 120 – 240 minutes

50,000 or more 240 – 360 minutes

Sending a policy change immediately

If you need to send a policy change or add a client task you execute an agent wake-up call. The agent

wake-up call is a communication from the McAfee ePO server to agents or a group, that you can

manually choose, that asks the agent to perform its ASCI immediately. Use the agent wake-up call

only in critical situations and not haphazardly because they can put a resource strain on the McAfee

ePO server while they are being performed. See McAfee ePolicy Orchestrator 4.5 Product Guide for

details.

If you need to wake-up thousands of systems, stagger the process by waking up a few thousand at a

time. You should also randomize the wake-up call for a few minutes to lessen the strain on the McAfee

ePO server. The following figure shows the randomization setting.

Policies and packages

McAfee agent policy

McAfee

ePolicy Orchestrator

4.0 and 4.5 Best Practices Guide