Phal44
asked on
ePO and Distributed Repository questions
Im working with a client which has 2 separate sites linked by a VPN and ideally I would link the PCs and and the servers (one on each site) to all be managed under one ePO server.
I have looked into enabling the second server as a super agent and using that as a distributed repository but so far I've come up against a few issues and it has raised a few questions.
So far my synchronisations to the second server have been failing for one reason or another. The link isnt very fast so ePO might have trouble synchronising but I've read about using other more reliable means to replicate the files across which I will probably try.
My main question is about how the super agent/distributed repository will work as far as pushing out agents/av clients. If I assign a workstation to the remote site and it has policies to update from the super agent server does that also apply when deploying the agent/av client or will any deploy tasks always come from the main server?
Ideally I would like to be in a position where the rogue system detection can detect any new systems and automatically push out the agent/av client regardless of what site they are in.
As a side note - if anyone has any ideas/tips etc on getting PCs to report to the ePO server when theyre not in the office ie: at home or something then please feel free to let me know :)
I have looked into enabling the second server as a super agent and using that as a distributed repository but so far I've come up against a few issues and it has raised a few questions.
So far my synchronisations to the second server have been failing for one reason or another. The link isnt very fast so ePO might have trouble synchronising but I've read about using other more reliable means to replicate the files across which I will probably try.
My main question is about how the super agent/distributed repository will work as far as pushing out agents/av clients. If I assign a workstation to the remote site and it has policies to update from the super agent server does that also apply when deploying the agent/av client or will any deploy tasks always come from the main server?
Ideally I would like to be in a position where the rogue system detection can detect any new systems and automatically push out the agent/av client regardless of what site they are in.
As a side note - if anyone has any ideas/tips etc on getting PCs to report to the ePO server when theyre not in the office ie: at home or something then please feel free to let me know :)
ASKER
Guess the ePO peeps are on holiday then?
a ws will look to the mcafee agent policy to figure out where to get it's updates. in there will be all the repositories it can go to, with the last one being nai.com, etc... I think it will always check in with the epo server for a policy check, unless you use an agent handler i believe. bandwidth for that is pretty light.
RSD - would need to install rsd either on a dhcp server to have it cover all the different subnets, or install rsd on a machine on each subnet.
outside the office - if they do vpn, it should be the same. if no vpn, maybe you would need an agent handler out on the vpn, that gets interesting. There you want to make sure that they can get updates daily from mcafee... hope that helps.
RSD - would need to install rsd either on a dhcp server to have it cover all the different subnets, or install rsd on a machine on each subnet.
outside the office - if they do vpn, it should be the same. if no vpn, maybe you would need an agent handler out on the vpn, that gets interesting. There you want to make sure that they can get updates daily from mcafee... hope that helps.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So as long as the remote site with the super agent has a replicated repository then all deployed software will come from that server for that site and wont try to deploy over the VPN? Assuming that the settings dictate that the client is configured to update from the super agent of course!
What I noticed is that the software like agents and software clients only went across the link for the first deployment. All remaining deployments happened from the Agent Handler. As I mentioned I believe the Agent Handler acts like a proxy.
Please note that the distributed repository only works for client upgrades and updates. This is what I have noticed first hand.
I may have confused things in my previous post, in all areas I meant to say Agent Handlers not Super Agents. I hope this clears things up.
Please note that the distributed repository only works for client upgrades and updates. This is what I have noticed first hand.
I may have confused things in my previous post, in all areas I meant to say Agent Handlers not Super Agents. I hope this clears things up.
ASKER
Hmm!
In the reading I've done on this problem I read that the Agent Handlers needed fast & stable connections to replicate reliably?
My plan was to have the other server setup as a super agent with the clients configured to update from there but I'm having to put that on hold for a while till we sort out some internet connection issues preventing the VPN from being fastish or stable!
In the reading I've done on this problem I read that the Agent Handlers needed fast & stable connections to replicate reliably?
My plan was to have the other server setup as a super agent with the clients configured to update from there but I'm having to put that on hold for a while till we sort out some internet connection issues preventing the VPN from being fastish or stable!
As mentioned we only have a 2Mbit VPN link which is simply 4x aggregated ADSL links. Not exactly a super fast connection. We have had no issues since deploying the repository and the Agent Handler. Our remote site has 50 clients connecting to the Handler and Repository.
ASKER
Thats still faster than this VPN hehe
What I'm trying to configure is overkill for this particular customer but its more of a trial really to see whether I can get this working first.
When I first configured the server on the second site to be a super agent I tried to replicate the repository to that server but the sync constantly failed but that was probably due to the connection issues they have been experiencing.
We're still working out the connection issues on the second site but hopefully I'll be able to get it all synched once the line is working.
What I'm trying to configure is overkill for this particular customer but its more of a trial really to see whether I can get this working first.
When I first configured the server on the second site to be a super agent I tried to replicate the repository to that server but the sync constantly failed but that was probably due to the connection issues they have been experiencing.
We're still working out the connection issues on the second site but hopefully I'll be able to get it all synched once the line is working.
Good luck. Let me know if you need any more info.
ASKER
This has been progressing slowly - we have pretty much solved the internet speed issues at the remote site so I'm now seeing if I can get a working replication to the remote site. Hopefully this will work and we can get clients deployed there that will update from the superagent.
I will update again and award points if this works lol
I will update again and award points if this works lol
ASKER
Since our internet and VPN issues were resolved the EPO problems were alot easier to deal with.
The second server is running as a Superagent and updating on its own and seems good so far!
The second server is running as a Superagent and updating on its own and seems good so far!
Glad to hear things are starting to come together. Good luck.
ASKER