Solved

How to set up a McAfee Repository Server

Posted on 2011-02-28
27
4,273 Views
Last Modified: 2013-12-09
Hi All,
I have a Windows 2003 Server which I would like to use as a McAfee Repository servers. Basically it downloads from the internet all the SDAT updates etc, and the client PC's connected to the domain will receive these SDAT files.

How do I set this up on the server and configure the clients please?

0
Comment
Question by:ben1211
  • 13
  • 13
27 Comments
 
LVL 3

Expert Comment

by:Roshan_c
ID: 35004730
Hi,

Do you have enterprise mcafee solution, if so install EPO Console and it will update all the clients accordingly. so will have epo will download required sdat and will be updated to the client as per schedule
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 35004790
Do you mean you want a McAfee Distributed Repository ?

i.e. do you already have McAfee ePO installed and managing your clients ?

How many machines do you have ?

Thanks
Simon
0
 

Author Comment

by:ben1211
ID: 35025188
Yes I need a McAfee Distributed Repository.

The ePO server is located in a different country. I need to set up a server that downloads the SDAT files and then pushes it to the clients. Roughly about 50 clients.

How do I do this? I'm very much a rookie in this area, so I'm not even sure what the ePO server does.

All I do know is that I have a Windows 2003 Server, which has McAfee installed and the agent which communicates with the ePO server located in a different country. The Windows 2003 server needs to be able to download the latest SDAT files and push it to all the clients.
This is to prevent the clients from downloading the SDAT files from the internet, in order to save on bandwidth.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 35025418
OK, as you don't know much about ePO, you need to have a read of the evaluation guide attached

There are instructions on how to create a distributed repository, but you will need to know a bit more about ePO

If you want a distributed repository, it's easy, but if it's geographically different, you might want to look at installing a local ePO server and then getting the ePO server to communicate with the master ePO server

Have a read and come back with what you want to do
Cheers
Simon

plugin-epo-450-evaluation-guide-.pdf
0
 

Author Comment

by:ben1211
ID: 35069319
Simon...my apologies for my ignorance in this area.

What I basically need to do is set up a server (the AD Server running on windows 2003 server) which has McAfee running on it. I need this server to download all the SDAT files. And then these files need to be distributed to all the client's PC's, which are resident in the same area. We want to save on internet bandwidth and therefore want to prevent the user's PC's from downloading the SDAT file from the internet.

So how do I prevent the local user's PC' sfrom downloading the SDAT file from the internet? And how do the clients PC's wait for the file to be sent by the main server and then for this latest SDAT file to be executed automatically on the user's PC, updating the version of their virus definitions?
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 35072395
Hi Ben

No problems at all :-)

The best method would to be to install a local ePO server on the AD Server and manage the agents locally with your own defined ePO policies and agent, but if that's not an option, you need someone who controls the main ePO server to configure the AD Server as the Super Agent and then tell the Agents to pick up their DAT files from the Super Agent.

Do you have access to the ePO Console ?  If so I can tell you what you need to do

Cheers
Simon
0
 

Author Comment

by:ben1211
ID: 35079334
Hi Simon. Certain "words" you have used sound familar. I had a chat with a colleague who runs the ePO server in Colombia. He has already made the AD server as a repository server.

So here's the scenario, the ePO server is located in Colombia. The AD Servers who have been assigned a "Super Agent" status by the ePO server from Colombia, are now Repository Servers.

Is my understanding correct? When an ePO server assigned (i think via policy) a server to become a Super Agent, that Super Agent server basically now becomes a Repository Server.

Now who tells the local PC's running McAfee to pick up their SDAT updates from the AD Repository Server? Is there any configuration that needs to be done on the local client PC's?

0
 

Author Comment

by:ben1211
ID: 35099781
Hi Simon...hoping to hear from you soon please? :)
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 35100856
Hi Ben
Sorry I have been out on business this last two days :)

You need to create a McAfee agent policy that has the super agent configured as the first update source via ping time

This is done in epo so will need to be done by the guy who runs epo

If you need detailed steps then let me know and I will provide steps in the morning as it's 11pm in the uk
0
 

Author Comment

by:ben1211
ID: 35125276
Hi Simon,

Thank you for your reply. No problems that you couldn't get back sooner. I'm still working on this case with my colleagues in Colombia.

Simon, let's take it step by step. Correct me if I'm wrong.

Step 1: The ePO server needs to send a policy to my AD Servers in order to make them a "Super Agent".

When a Server is assigned a "Super Agent" status by the ePO server via a policy that is sent, does this automatically make this particular AD Server (with the Super Agent status) a Repository Server?


Step 2: How do I get the client PC's to update their SDAT files from the Repository Server (which is supposed to be the AD Server)?
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 35126753
Hi Ben

Yes, that is correct....you have two ways of creating a distributed repository....and I think that creating a new distributed repository will be better for you than using a Super Agent

in ePO, go to Software, Distributed Repositories and click new Distributed Repository and run through the wizard....

Once you've done that, you need to create a new McAfee Agent policy for the computers in your network to point to the new distributed repository.....open a new McAfee Agent policy and click the repositories tab and then make sure that the new distributed repository is listed first

Cheers
Simon
0
 

Author Comment

by:ben1211
ID: 35143685
Hi Simon,

I had a chat with my colleague in Colombia who is in charge of the ePO server.

Firstly, he says that he has sent a policy to one of the servers (10.170.11.99) and made it a Super Agent. He has also sent a policy to the PC's in this area to receive their updates from 10.170.11.99. But the problem is, these computers are not receiving their updates from 10.170.11.99 but receiving them from a secondary repository at a different office.

I'll attach a log that I exctracted from one of the computers at the site of 10.170.11.xx)

Maybe you could take a look and advise me please.


Agent-TLAILD100.log
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 35146023
Hi Ben

As you do not have control of the epo server, I would strongly suggest that your colleague in colombiA follows my instructions in my previous post about how to set up the distributed repository

This will remove the problem associated with the super agent

Cheers
Simon
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:ben1211
ID: 35154314
Simon is the distributed repository different from the Super Agent?
0
 

Author Comment

by:ben1211
ID: 35154315
How will the Distributed Repository solve this problem?
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 35154459
Yes, it is

It is easier to manage in your situation as you will be able to set the policy for your clients to automatically use the repository to get updates

Cheers
Simon
0
 

Author Comment

by:ben1211
ID: 35154636
Hi Simon...thanks for your prompt reply. Simon...could you tell me the different between a Distributed Repository and a Super Agent please? I would then be able to communicate that better with my colleague.
0
 
LVL 16

Accepted Solution

by:
legalsrl earned 500 total points
ID: 35154658
OK, here's a brief explanation

Super agents (sans the repo) are used to propagate super agent broadcast calls. They are used for global updating. Here is how it works:

   1. Something is checked into the master repository that triggers a global update (such as a DAT file)
   2. All distributed repositories are replicated to
   3. A signal is sent out to all super agents (whether they host a repo or not)
   4. Each Super Agent sends out a broadcast call on its network segment directing all agents that hear this call to perform an update

So because the super agents send out a broadcast call and broadcast calls are not propagated beyond their network segment you would have to put a super agent on each network segment for this to work but you may not want a distributed repository on each network segment.
0
 

Author Comment

by:ben1211
ID: 35154659
Simon, I am opening a new question, of which I need your help. Its a related question but a seperate project with McAfee.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 35154667
No probs, drop a link to the question in here :-)

Cheers
Si
0
 

Author Comment

by:ben1211
ID: 35179017
Hi Simon, my apologies, but I couldn't understand or rather "picture" your explanation.

The question I posed was the difference between a Super Agent and a Distributed Repository.

You mentioned something is checked into the master repository that triggers a global update. A signal is sent to all super agents. Each Super Agent sends out a broadcast call on its network segment and all agents that hear this call will perform an update.

Question: Where will these agents get its updates? From the Super Agent, or directly from the internet, or from the ePO server?


You mentioned "Super agents send out a broadcast call, which is not propogated beyond their network segment. So you put a Super Agent on each network segment."

But why would you want a Distributed Repository on each network segment?


I don't see the difference here between the Super Agent and the Distributed Repository.
0
 
LVL 16

Assisted Solution

by:legalsrl
legalsrl earned 500 total points
ID: 35181382
A Super Agent allows you to reduce the broadcast traffic on your network

If you had 10 subdomains with 256 IP Addresses on them and 1 parent domain with 256 IP Addresses on them, then without a Super Agent your ePO server would send out a broadcast address to 2816 (256 x 10 (child) plus 256 x 1(parent)) IP Addresses

With a Super Agent installed on each subdomain, then ePO would only send out a Broadcast to 266 IP Addresses ( 10 Super Agents + 256 IP from Parent Domain)

Hence a lot less traffic on the network....

With a Distributed Repository in each Subdomain, the SuperAgent would then broadcast to its domain and tell each of their Child Domains to update from their nearest (or specified) Distributed Repository.....

Imagine 2816 machines dragging the updates from the ePO Server.......that's a lot of bandwidth....

Hopefully this explains it....
0
 

Author Comment

by:ben1211
ID: 35187859
Hi Simon,

Your example was rather confusing. I'm so sorry. Do you think you could give me a simple explanation please?

I have further questions. you mentioned that with a Super Agent installed, the ePO server only sends out a broadcast to the Super Agents and ALL the IP Addresses? Meaning it send out a broadcast to all the Super Agents as well as the client PC's? Then what good is the super agent?

10 subdomains. Each domain has 256 IP's. So 10 x 256 IP's. So this is the amount of IP's updating from the ePO Server. What good is the Super Agent then?

I can't understand the difference Simon. I'm sorry. Could you help with a simple explanation please.

What does a Super Agent do? And what does a Distributed Repository do? Can a Distributed Repository work without the existence of a Super Agent?

Sim, i need to know how to get the clients to update from the AD Server, which seems to be a Super Agent. Right now that's not happening. Do you need the logs, Simon?
0
 
LVL 16

Assisted Solution

by:legalsrl
legalsrl earned 500 total points
ID: 35218372
Hi Ben

OK, this is the simplest I can make it.....normally these type of questions involve professional services costs....

The Super Agent tells the ePO Agents to update
The Super Agent tells the ePO Agents to update from their Distributed Repository

The clients won't be updating from the AD server as I'd say it's not configured correctly....it's probably pointing to the ePO server....

I'm just finishing work as I've been on site for 3 days, so I'll check in on Monday unless you post an update

Cheers
Simon
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 35221572
Whoops, made a mistake here....

I didn't mean that these questions incur costs, that's the whole point of EE !

I meant that normally this type of ePO configuration is done on a Professional Services day......

My bad :)

Cheers
Si
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 35234703
Hi Ben
Any update from you ?
Cheers
Simon
0
 

Author Comment

by:ben1211
ID: 35311305
Hi Simon,

I've been told there are four ways to set up a Distributed Repository:

1. Super Agent
2. FTP Server
3. HTTP Server
4. By the use of a Directory on a specific server (not sure how this works).

We are planning on working on a FTP Server.

I may probably close this question, and would re-open it again if I need further help. Do keep an eye out please.

I'm grateful for your help and your patience :)

0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now