cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 11 of 18
‎03-05-2017 08:46 PM

Re: McAfee Super Agent vs Agent handler.

Can anyone tell me the difference between super agent and agent handler in details.

0 Kudos
Reply
taziegma
Level 10
Report Inappropriate Content
Message 12 of 18
‎03-05-2017 09:19 PM

Re: McAfee Super Agent vs Agent handler.

Your question has already been answered in this thread. If you have a question or concern relating to your specific situation, please provide sufficient detail to allow us to assist you.

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 13 of 18
‎04-10-2018 06:36 AM

Re: McAfee Super Agent vs Agent handler.

As previously explained, for remote systems, you need an agent handler in a dmz so those systems can reach epo, not a superagent, as that is only a repository.  KB66797 is the kb for required ports open for communication.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
samt
Level 7
Report Inappropriate Content
Message 14 of 18
‎05-03-2017 07:27 AM

Re: McAfee Super Agent vs Agent handler.

Apologies for opening this discussion again, but I need some advice.

We are building a separate environment in our DMZ with a handful of workstations and servers. We need to manage these endpoints with a number of different policies. And at the moment, they have no agent installed.

I was looking to install a super agent relay onto one of the DMZ servers, open the ports and use that as a go between for the endpoints and ePO server. However, when putting this past McAfee, they advise that an Agent Handler is the only way forward.

I cant see why a relay wouldnt work. It seems like a simple path for my endpoints (in the DMZ) to pick up agent installs,VSE, policies etc via the Agent relay.

Can anyone advise if this is a good approach or why an Agent Handler would be better suited please.

Cheers

0 Kudos
Reply
tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 15 of 18
‎05-03-2017 07:54 AM

Re: McAfee Super Agent vs Agent handler.

It may have something to do with the port setting. Meaning, relay server seems to only use 8083/UDP to establish communication; while Agent Handler uses a host of TCP/UDP ports to establish a secure connection back to ePO/SQLDB

Ports needed by ePolicy Orchestrator for communication through a firewall Technical Articles ID:   KB66797 Last Modified:  11/10/2016

McAfee Corporate KB - kb66797

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
0 Kudos
Reply
johnmoe
Level 11
Report Inappropriate Content
Message 16 of 18
‎05-03-2017 04:24 PM

Re: McAfee Super Agent vs Agent handler.

I have a feeling it has to do with how the policies get distributed.  The way I understand it, an Agent Handler is more than just a distributed repository; it can handle policy and wake-up requests on behalf of the ePO server.  An Super Agent is just a repository that can server files and trigger wake-ups; I don't believe it can hand out policies, and the systems would actually check in back to the ePO server.  Since your DMZ systems wouldn't be able to talk back to the ePO server, there's nowhere to get that info.

Reply
CNTRK_com
Level 9
Report Inappropriate Content
Message 17 of 18
‎04-10-2018 06:26 AM

Re: McAfee Super Agent vs Agent handler.

Hi,

Yes, You explained openly differences Agent Handler vs SuperAgent.

Also this is important that "The agent handler requires an always-on, low-latency (<10 ms) connection directly to the SQL database. Most environments will be fine with no additional agent handlers, unless there is a desire for DMZ communication."

So, we have one more question that How can we control remote clients that no connection with ePO server?

regards,

0 Kudos
Reply
jappell
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 18 of 18
‎05-08-2017 05:34 AM

Re: McAfee Super Agent vs Agent handler.

Replying via airplane. Used other posts for simplicity and added comments as needed.

1. Super Agents w/ Lazy Caching - Super Agents is simply a feature of the McAfee Agent that when enabled allows select endpoints to serve content from the Master Repository to endpoints. Lazy Caching means that instead of synchronizing content on a set schedule, the agent will request content as it is needed.

2. Super Agent Distributed Repositories (often called SADRs) - You can designate systems to be Distributed Repositories and the master repository in its entirety will be synchronized to these systems. It is then possible via McAfee Agent repository policies to point systems to the appropriate distributed repository either by a set list, or based on ping times. Use this when you are in bandwidth sensitive locations. Instead of getting content from the ePO server, will be a system close to orhers in order to provide content, likely to be on the same segment.

3. Agent Handlers. The ePO application server is an agent handler. The Agent Handler service is a separate service from the ePO web application. It runs Apache and faciliates connectivity to the ePO database and is reponsible from consuming agent events and translating them into SQL inserts. The Agent Handler service is also a "proxy" of sorts to the master repository on the ePO server. When an agent checks in to the agent handler and requests a package, that package is delivered over HTTP via the Agent Handler. Agent handlers should be carefully placed. The handler should have a similar latency as the ePO server has with its SQL db backend. The agent handler requires an always-on, low-latency (<10 ms) connection directly to the SQL database. Most environments will be fine with no additional agent handlers, unless there is a desire for DMZ communication. These are overused and not well understood.

This is a starting point. Check out the guides for more info.

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC