Agent-Server Communication - McAfee EPOLICY ORCHESTRATOR 4.5 Product Manual

Distributing Agents to Manage Systems
About the McAfee Agent
these products and to products developed by McAfee's Security Innovation Alliance partners.
While enabling products to focus on enforcing their policies, the McAfee Agent delivers services
that include updating, logging, reporting events and properties, task scheduling, communication
and policy storage.
The agent is installed on the systems you intend to manage with ePolicy Orchestrator. Systems
can only be managed by ePolicy Orchestrator with an agent installed.
While running silently in the background, the agent:
• Gathers information and events from managed systems and sends them to the ePO server.
• Installs products and upgrades on managed systems.
• Enforces policies and schedules tasks on managed systems and sends events back to the
ePO server.
• Updates security content such as the DAT files associated with McAfee VirusScan.
SuperAgent
A SuperAgent is an agent that can broadcast wake-up calls to other ePO agents located on the
same network broadcast segment (usually identical with a network subnet). Each SuperAgent
then pings the agents in its subnet. Agents located in a segment with no SuperAgent do not
receive the wake-up call. This is an alternative to sending ordinary agent wake-up calls to each
agent in the network, and the advantage is that it can distribute network traffic.
SuperAgents can also serve as the repository of distributable software and updates for those
agents in its broadcast segment. Additionally, the agent's global updating feature relies entirely
upon SuperAgent wake-up calls to perform its function.
Agent Handler
An Agent Handler is the ePO component responsible for managing communication between
agent and server. Beginning with ePolicy Orchestrator 4.5, Agent Handlers can be installed on
other computers to provide fault tolerant and load-balanced communication to many agents,
including geographically distributed agents.

Agent-server communication

During agent-server communication, the agent and server exchange information using a
proprietary network protocol that ePolicy Orchestrator uses for secure network transmissions.
At each communication, the agent collects its current system properties, as well as events that
have not yet been sent, and sends them to the server. The server sends new or changed policies
and tasks to the agent, and the repository list if it has changed since the last agent-server
communication. The agent enforces the new policies locally on the managed system and applies
any task or repository changes.
Agent-server communication can be initiated in these ways:
• Agent-to-server communication interval (ASCI) lapses.
• Agent-initiated communication upon agent startup.
• Agent wake-up calls from ePO or Agent Handlers.
• Communication initiated manually from the managed system (Windows only).
McAfee ePolicy Orchestrator 4.5 Product Guide 61