McAfee ePolicy Orchestrator 5.10.0 Installation Guide

[Pages:100]McAfee ePolicy Orchestrator 5.10.0 Installation Guide

COPYRIGHT

Copyright ? 2018 McAfee, LLC

TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others.

LICENSE INFORMATION

License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

2

McAfee ePolicy Orchestrator 5.10.0 Installation Guide

Contents

1 Installation overview

7

Which type of installation do you need? . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Single server installation workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Cloud services installation workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Cluster installation workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Upgrade installation workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2 Planning your installation

13

Considerations for scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Examples of organization size and network components . . . . . . . . . . . . . . . . . 14

Factors that affect McAfee ePO performance . . . . . . . . . . . . . . . . . . . . . 16

Internet protocols in a managed environment . . . . . . . . . . . . . . . . . . . . . . . 17

Things to do before installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3 System requirements

19

System requirements and recommendations . . . . . . . . . . . . . . . . . . . . . . . . 19

Software requirements and recommendations . . . . . . . . . . . . . . . . . . . . . . . 20

Operating system requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Supported virtual infrastructure software . . . . . . . . . . . . . . . . . . . . . . . . . 21

Supported SQL Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Configure TCP/IP access to the SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . 22

Supported Internet browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Agent Handler server requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

SQL Server installation documented in this guide . . . . . . . . . . . . . . . . . . . . . . . 24

Required SQL permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Supported SQL database user name and password formats . . . . . . . . . . . . . . . . . . . 25

Port options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Automatic product installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Distributed repository requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Supported products and known issues . . . . . . . . . . . . . . . . . . . . . . . . . . 27

4 Installing McAfee ePO on a single server

29

Install McAfee ePO on a single server . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

5 Installing McAfee ePO on a cloud server

33

Using an AWS server for McAfee ePO . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Using a Microsoft Azure server for McAfee ePO . . . . . . . . . . . . . . . . . . . . . . . 33

Port requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Configure the Microsoft Azure server for McAfee ePO . . . . . . . . . . . . . . . . . . . . . 35

Install McAfee ePO on an Azure server . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Update McAfee ePO public DNS name . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Manage your Agent Handlers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Distributed Repository connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

McAfee ePolicy Orchestrator 5.10.0 Installation Guide

3

Contents

6 Installing McAfee ePO in a cluster environment

39

Create the McAfee ePO application role . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Create the Client Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Add the data drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Install McAfee ePO software on each cluster node . . . . . . . . . . . . . . . . . . . . . . 41

Create the Generic Service resources . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Test the McAfee ePO cluster installation . . . . . . . . . . . . . . . . . . . . . . . . . . 44

7 Setting up your McAfee ePO environment

45

Configuring your environment automatically . . . . . . . . . . . . . . . . . . . . . . . . 45

Install products automatically on your McAfee ePO server . . . . . . . . . . . . . . . . 45

Configuring your environment manually . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Things to consider before manual configuration . . . . . . . . . . . . . . . . . . . . 46

Manual methods for adding systems to be managed . . . . . . . . . . . . . . . . . . 46

Installing the McAfee Agent and licensed software . . . . . . . . . . . . . . . . . . . . . . 47

Install product packages manually on your McAfee ePO server . . . . . . . . . . . . . . 49

Deploy agents to your systems to be managed . . . . . . . . . . . . . . . . . . . . 49

Deploy the McAfee Agent using a URL . . . . . . . . . . . . . . . . . . . . . . . . 50

Deploying the McAfee Agent using third-party tools . . . . . . . . . . . . . . . . . . . 50

Best practice: Using Active Directory to synchronize McAfee Agent deployment . . . . . . . . . 51

Best practice: Adding the McAfee Agent to your image . . . . . . . . . . . . . . . . . . 51

Add systems to the System Tree manually . . . . . . . . . . . . . . . . . . . . . . 53

Complete your server configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Define proxy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Enable software license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Confirm that your systems are being managed . . . . . . . . . . . . . . . . . . . . 54

Confirm that your protection software stops a sample threat . . . . . . . . . . . . . . . 55

Confirm the threat response in McAfee ePO . . . . . . . . . . . . . . . . . . . . . 55

What to do next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

8 Upgrading McAfee ePO to a new version

57

Preparing your environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Backing up McAfee ePO databases and directories . . . . . . . . . . . . . . . . . . . 58

Make sure that your Windows Server has enough disk space . . . . . . . . . . . . . . . 58

Make sure that the Windows 8.3 naming convention is enabled . . . . . . . . . . . . . . 59

Product Compatibility Check tool . . . . . . . . . . . . . . . . . . . . . . . . . 59

Upgrade checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Pre-Installation Auditor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Prepare your SQL database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Verify your SQL Server environment . . . . . . . . . . . . . . . . . . . . . . . . 62

Update your database server certificates . . . . . . . . . . . . . . . . . . . . . . . 62

Upgrade your McAfee ePO software . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Download and extract the software . . . . . . . . . . . . . . . . . . . . . . . . . 63

Stop McAfee ePO services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Stop Agent Handlers services before upgrading . . . . . . . . . . . . . . . . . . . . 63

Start and complete the InstallShield wizard . . . . . . . . . . . . . . . . . . . . . . 64

Upgrade your Agent Handlers . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Restart updates and verify the upgrade . . . . . . . . . . . . . . . . . . . . . . . 66

Migrate SHA-1 certificates to SHA-2 or higher . . . . . . . . . . . . . . . . . . . . . 66

Upgrade your McAfee ePO cluster server . . . . . . . . . . . . . . . . . . . . . . . 68

9 Troubleshooting installation

69

Troubleshooting and log file reference . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Common installation messages with their causes and solutions . . . . . . . . . . . . . . . . . 69

Log files for troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Installer logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

4

McAfee ePolicy Orchestrator 5.10.0 Installation Guide

Contents

Server logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 McAfee Agent logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

A Adding an SSL certificate to trusted collection

77

Replace the server certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Install the security certificate for Internet Explorer . . . . . . . . . . . . . . . . . . . . . . 78

Install the security certificate for Firefox . . . . . . . . . . . . . . . . . . . . . . . . . . 79

B Install Agent Handlers

81

C Restoring McAfee from a Disaster Recovery Snapshot

83

Disaster Recovery Snapshot prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . 83

Restore McAfee ePO software in a single server environment . . . . . . . . . . . . . . . . . . 83

Restore McAfee ePO software in a cluster environment . . . . . . . . . . . . . . . . . . . . 85

Restore Agent Handler connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

D Using McAfee ePO in FIPS mode

89

FIPS basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

McAfee ePO operating modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

The cryptographic boundary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Install McAfee ePO in FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Upgrade from an earlier FIPS-compliant McAfee ePO server . . . . . . . . . . . . . . . . . . . 92

Restoring McAfee ePO server in FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . 92

Verify that Agent Handler is in FIPS 140-2 mode . . . . . . . . . . . . . . . . . . . . . . . 92

Verify that the Apache server is in FIPS 140-2 mode . . . . . . . . . . . . . . . . . . . . . . 93

Verify that the application server is in FIPS 140-2 mode . . . . . . . . . . . . . . . . . . . . 93

E Remove the software

95

Uninstall McAfee ePO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Uninstall McAfee ePO from a cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Index

97

McAfee ePolicy Orchestrator 5.10.0 Installation Guide

5

Contents

6

McAfee ePolicy Orchestrator 5.10.0 Installation Guide

1

Installation overview

Contents Which type of installation do you need? Single server installation workflow Cloud services installation workflow Cluster installation workflow Upgrade installation workflow

Which type of installation do you need?

Install McAfee ePO software as a single-server installation or as a cluster, cloud, or upgrade installation. Each installation scenario includes a workflow and procedure. Planning your installation and reviewing system requirements are also part of the installation process.

McAfee ePolicy Orchestrator 5.10.0 Installation Guide

7

1

Installation overview Single server installation workflow

Single server installation workflow

Before you can install McAfee ePO software for the first time, you must ensure your SQL Server software is configured for TCP/IP access and install a supported operating system on the McAfee ePO server. 1 Ensure your SQL Server is configured for TCP/IP access.

2 Download and extract the McAfee ePO software from downloads/my-products.html or the McAfee download site using a grant number.

3 Verify the latest Microsoft updates are running on the SQL Server and the McAfee ePO server.

4 Run the setup utility on the McAfee ePO server to install McAfee ePO. As part of the installation process the McAfee ePO Pre-Installation Auditor checks for compliance issues.

5 Choose a deployment method to deploy McAfee Agent.

6 Confirm that systems are managed by ensuring that McAfee Agent can successfully connect to McAfee ePO.

Cloud services installation workflow

Set up a cloud services account and configure your virtual environment to run cloud services with McAfee ePO. 1 Set up a cloud services account and configure these items:

? Virtual server to use as your McAfee ePO server

? Virtual SQL Server

? Security Group 2 Assign an elastic IP address to each virtual server. 3 From a management computer, use Remote Desktop to connect to the virtual McAfee ePO server.

8

McAfee ePolicy Orchestrator 5.10.0 Installation Guide

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download