Tuesday, June 7, 2016

Recap: Agent Handlers in an enterprise network


In this figure, all Agent Handlers:
• Are connected to the McAfee ePO SQL database using low-latency high-speed links
• Are located close to the clients they support
• Have failover configured between Agent Handlers in other cities
• Are managed from the McAfee ePO server
The Agent Handlers in these cities have specific configurations.
• Dallas — The Agent Handler is configured with failover support to the Agent Handler in Los
Angeles.
• Los Angeles — The two Agent Handlers have load balancing configured.
• Washington DC — The Agent Handler uses specific ports to connect to the McAfee ePO server
from behind a firewall.


Notes:
Agent Handlers distribute agent-server comms by directing managed systems (client machines) to report to agent handler (AH) instead of epo server

 AH should NOT used as:
- distributed repo. repo distribute large files (Think of newer DAT files, product updates, etc). AH use logic to communicate events back to db. These events tell mcafee agent to download new products from distributed repo. AH cache files from distributed repo but should NOT replaced distributed repo.

 - slow or irregular links.

 AH Functions:
1) use work queue as primary communication mode
2) check server every 10s & perform requested action eg: agent wakeup calls, product deployment, data channel messages
3) communicate with each other , for load balancing and failover

 Roaming with AH:
- users roam between different sites connect to nearest AH. possible if all locations configured in mcafee agent failover list.

 Repo caching
- AH cache content and product updates if mcafee agent can't access content from master repo on epo server

Q: How much bandwidth is used for communication between the database and the Agent Handler?

A: Bandwidth between the Agent Handler and the database varies based on the number of agents
connecting to that Agent Handler. However, each Agent Handler places a fixed load on the database server for:
• Heartbeat (updated every minute)
• Work queue (checked every 10 seconds)
• Database connections held open to the database (2 connections per CPU for EventParser plus 4 connections per CPU for Apache)

Q: How many agents can one Agent Handler support?

A: Agent Handlers for scalability are not required until a deployment reaches 100,000 nodes. Agent Handlers for topology or failover might be required at any stage. A good rule is one Agent Handler per 50, 000 nodes.





- Ref: ePolicy Orchestrator 5.1.0 Best Practices Guide - Rev B


- wong chee tat :)
Posted by
Labels: , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)