Solution Architecture; Design Philosophy - McAfee ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE Manual

Solution Architecture
Design Philosophy
McAfee Endpoint Encryption is a client/server application designed to be implemented with a simple, single
server architecture. This single server hosts an encrypted database known as the Object Directory, and runs
services to allow connections to the database from both the Encrypted Endpoints and the Management Center
applications. Communication with the database occurs in a secure way (detailed descriptions are provided in
the Management Center Administration Guide). This single server can host all components of the
Management Center, even in enterprise environments.
While it is most common to implement the product with a single server, there are also other options. The
components are modular and are installed in a distributed way. For example, the Web Helpdesk component
can be installed on a dedicated web server while the rest of the components are on a separate Endpoint
Encryption Server. However, the majority of our implementations are done with a single server because this is
usually the best approach.
NOTE: This guide has all recommendations, assuming a single server approach.
When reading the following sections ‐ even though our recommendation may be to use a single server with
Direct Attached Storage (DAS), a virtual server with NAS based storage is usable and will have some
advantages in your environment for small numbers of endpoints or with limited sync events and limited users
per client. However, we advise against using such implementations and recommend you discuss your
requirements with McAfee before implementation.
If the performance of the McAfee solution is below the acceptable limits, migrating towards our
recommendations is sure to lend improvement.
6