Master Repository Key Pair; Other Repository Public Keys; Methods Of Agent Distribution - McAfee EPOLICY ORCHESTRATOR 4.0.2 Product Manual

Distributing Agents to Manage Systems

Methods of agent distribution

Master repository key pair

The master repository private key signs all unsigned content in the master repository. These
keys are in anticipation of the McAfee Agent 4.0.
Agents version 4.0 or later use the public key to verify the repository content originating from
the master repository on this ePO server. If the content is unsigned, or signed with an unknown
repository private key, the downloaded content is considered invalid and deleted.
This key pair is unique to each server installation. However, by exporting and importing keys,
you can use the same key pair in a multi-server environment.
These keys are a new feature and only agents 4.0 or later are compliant with the new protocols.

Other repository public keys

These are the public keys that agents use to verify content from other master repositories in
your environment or McAfee source sites. Each agent reporting to this server uses the keys in
this list to verify content that originates from other ePO servers in your organization, or from
McAfee owned sources.
If an agent downloads content that originated from a source for which the agent does not have
the appropriate public key, the agent discards the content.
These keys are a new feature and only agents 4.0 or later are able to use the new protocols.
Methods of agent distribution
Due to the variety of scenarios and requirements of different environments, there are several
methods you can use to distribute the agent to the systems you want to manage. Before using
any of these methods, you should consider each.
The following table details the advantages and disadvantages of the different methods to
distribute the agent.
Table 1: Advantages and disadvantages of agent distribution methods
Method
Deploying agents while
creating Directory
Deploying agents from
ePolicy Orchestrator
Using login scripts
Installing manually
72 McAfee ePolicy Orchestrator 4.0.2 Product Guide
Advantages
Automatic; no other steps are required.
This is an efficient method for distributing
the agent.
This is an efficient method for an
environment where systems log on to the
network frequently. You do the work
once, and the agent is deployed
automatically.
This is an efficient method if you are not
using ePolicy Orchestrator to deploy the
agent, or if you have many Windows 95
and Windows 98 systems and do not want
to enable file and print sharing on them.
Disadvantages
If you are creating sites by importing large NT
domains or Active Directory containers, too
much network traffic may be generated for your
resources.
You must embed user credentials with
administrator rights to the desired systems.
Also, you must ensure that systems running
Microsoft XP Service Pack 2, have the
FRAMEPKG.EXE file added to the firewall
exceptions list.
Systems that don't log on to the network
frequently, may not be running the most
up-to-date agent.
This is not a time-efficient method if you have
many systems.