Product And Update Deployment - McAfee EPOLICY ORCHESTRATOR 4.0.2 Product Manual

Deploying Software and Updates

Product and update deployment

Package type
Package signing and security
All packages created and distributed by McAfee are signed with a key pair using the DSA (Digital
Signature Algorithm) signature verification system, and are encrypted using 168-bit 3DES
encryption. A key is used to encrypt or decrypt sensitive data.
You are notified when you check in packages that are not signed by McAfee. If you are confident
of the content and validity of the package, continue with the checkin. These packages are
secured in the same manner described above, but are signed by ePolicy Orchestrator when
they are checked in.
Digital signatures guarantee that packages originated from McAfee or were checked in by you,
and that they have not been tampered with or corrupted. The agent only trusts package files
signed by ePolicy Orchestrator or McAfee. This protects your network from receiving packages
from unsigned or untrusted sources.
Legacy product support (NetShield for Netware)
Older products use a flat directory structure to install product updates. Currently, this is limited
to NetShield for NetWare.
If the update location you specify in the task settings is a distributed repository managed by
ePolicy Orchestrator, you must enable NetShield for Netware support when you check the
corresponding package in to the master repository. Doing so copies the packages into both
directory structures, enabling you to support legacy products.
Package ordering and dependencies
If one product update is dependent on another, you must check their packages in to the master
repository in the required order. For example, if Patch 2 requires Patch 1, you must check in
Patch 1 before Patch 2. Packages cannot be reordered once they are checked in. You must
remove them and check them in again, in the proper order. If you check in a package that
supersedes an existing package, the existing package is removed automatically.
Product and update deployment
The ePO repository infrastructure allows you to deploy product and update packages to your
managed systems from a central location. Although the same repositories are used, there are
differences.
Comparison of product deployment and update packages
Product deployment packages
Must be manually checked in to the master repository.
Can be replicated to the distributed repositories and
installed on managed systems with global updating.
McAfee ePolicy Orchestrator 4.0.2 Product Guide
Description
Update packages
DAT and engine update packages can be copied from the
source site automatically with a pull task. All other update
packages must be checked int o the master repository
manually.
Can be replicated to the distributed repositories and
installed on managed systems automatically with global
updating.
Origination
packages into the master repository
manually.
133