Repositories

Question 1

What are repositories?

Answer 1

House your security software packages and their updates for distribution to your managed systems

Question 2

Why is important to keep all of your security software up to date?

Answer 2

Security software is only as effective as the latest installed updates. For example, if your DAT files are out of date, even the best anti-virus software cannot detect new threats.

Question 3

What kind of content is typically included on respositories?

Answer 3

• Managed software to deploy to your clients
• Security content such as DATs and signatures
• Patches and any other software needed for client tasks that you create using ePO

Question 4

T/F Repositories can manage policies, collect events, and have code installed on them

Answer 4

False, a repository is nothing more than a file share located in your environment that your clients can access

Question 5

How do you get the content on your repositories out to your managed systems?

Answer 5

Via the McAfee Agent

Question 6

What are the components of the repository infrastructure and how do they work together?

Answer 6

Source site - updated daily by McAfee

Master Repository - regularly pulls DAT and engine updates files from the source site

Distributed Repository - The master repository replicates the packages to distributed repositories in the network

Managed systems - The managed systems in the network retrieve updates from a master or distributed repository

Fallback site - if managed systems can’t access the distributed repositories or the Master Repository, they retrieve updates form the fallback site

Question 7

What is the source site?

Answer 7

The source site provides all updates for your Master Repository. McAfee posts software updates to this site regularly, such as DATS

Question 8

How do you get content from the source site to your Master repository?

Answer 8

By using pull tasks

Question 9

T/F: You must use the McAfee HTTP or FTP update sites as your source site in your environment?

Answer 9

False, you can change the source site or create multiple source sites

Question 10

T/F You must use a source site as a source of content for your Master Repository?

Answer 10

False, You could just download updates and then check them into your master repository manually. But the source site allows for automation of this process.

Question 11

What is the Master Repository?

Answer 11

The Master Repository maintains the latest versions of security software and updates for your environment. This repository is the source for the rest of your environment

Question 12

What is a distributed repository?

Answer 12

A repository that hosts a copy of your master repository.
Typically, these are placed strategically throughout your network to ensure that managed systems are updated while minimizing network traffic, especially across slow connections

Question 13

How do you replicate the contents of your master repository to distributed repositories in your environment?

Answer 13

Through replication that occurs:
-Automatically when specified package types are checked in to the Master Repository (only if global updating is enabled)

• On a recurring schedule with replication tasks
• Manually, by running a replicate now task

Question 14

Why are distributed repositories useful?

Answer 14

DR help reduce updating traffic across low-bandwidth, connections, or at remote sites with many endpoints.

For instance, if there is a remote location with a slow connection to the ePO server, by configuring a DR there and having the endpoints pull their content updates from said DR, updates are copied across a slow connection only once - to the DR - instead of once to each system in the remote location

Question 15

What is the fallback site?

Answer 15

A source site enabled as a back up site for when managed systems can’t access their usual repositories?

Question 16

T/F: Only one fallback site can be enabled

Answer 16

True

Question 17

How many different branches are located in ePO repositories, and what are they called?

Answer 17

Current
Evaluation
Previous

Question 18

What is the purpose of the current branch?

Answer 18

The current branch should hold the latest packages and updates that you feel comfortable being distributed to the entirety of your environment

Question 19

What is the purpose of the evaluation branch?

Answer 19

The evaluation branch should hold the latest versions of packages or updates that you would like to test on a small group of test systems before deploying to the entirety of your environment

Question 20

What is the purpose of the previous branch?

Answer 20

The previous branch should hold the prior versions of DATs or packages that are known to function properly. This way, if something goes awry with a newer version of a package, you can redeploy your older versions

Question 21

T/F: The ePO server always acts as the Master Repository?

Answer 21

True

Question 22

What are the possible types of Distributed Repositories?

Answer 22

• FTP repositories
• HTTP repositories
• UNC share repositories
• SuperAgent repositories

Question 23

T/F: ePO requires not only certain protocols for its distributed repositories, but also specific server vendors to provide these protocols

Answer 23

False, while certain protocols are required, any server vendor can provide these protocols.

For example, if you use an HTTP repo, you could use either Microsoft Internet Information Services (IIS) or Apache server (apache)

Question 24

T/F: There is no OS requirement for systems that host a distributed repository

Answer 24

True. As long as the ePO server can access the folders you specify to copy its content to, and as long as the agents can connect to these folder to download their updates, everything works as expected

Question 25

If you’re starting with a new installation with no preconfigured repositories, what is a good type of DR to go with?

Answer 25

A SuperAgent, because they’re easy to configure and are reliable

Question 26

Is it possible to use an unmanaged system as a distributed repository?

Answer 26

Yes, but a local admin must keep the distributed files up to date manually.

It’s generally a better idea to manage your DRs through ePO, so recommended to only use unmanaged DRs if managed DRs are in conflict with network or organizational policy

Question 27

Talk about FTP servers as distributed repositories.

Answer 27

• Fast
• Able to manage extensive loads from the clients pulling data
• Helpful in a DMZ where HTTP might not be optimal, and UNC shares can’t be used
• Clients don’t need authentication and can use an anonymous log to pull their content.
• Not needing authentication reduces chance of failure

Question 28

Talk about HTTP servers as distributed repositories

Answer 28

• Fast serving out files to large environments

- Allow clients to pull content without authentication, reducing chance that a client might fail to pull its content

Question 29

Why can UNC Shares as distributed repositories potentially cause problems?

Answer 29

Agents might not properly update if your agents cannot authenticate to your UNC share because they are not part of the domain or the credentials are incorrect

Question 30

What features do SuperAgents have that differentiate them from the other types of Distributed Repositories?

Answer 30

• LazyCaching - allows SuperAgents to retrieve data from ePO servers only when requested by a local agent node
• Ability to send wake up calls agents in its broadcast domain

Question 31

What is the most optimal way to organize your SuperAgents?

Answer 31

Organizing them in a hierarchy, where each layer is using LazyCaching, further saves bandwidth and minimizes the wide-area network traffic

Question 32

What advantages do SuperAgents have over the other types of distributed repositories?

Answer 32

• Folder locations are created automatically on the host system before adding the repository to the repository list
• SuperAgent repositories don’t require additional replication or updating credentials - account permissions are created when the agent is converted to a SuperAgent

Question 33

When configuring systems as SuperAgents, what considerations should be made?

Answer 33

• Use existing file repositories in your environment, like SCCM
• You don’t need a SuperAgent on every subnet
• Turn off Global Updating to prevent unwanted updates of new engines or patches from the Master Repository

Question 34

What is the recommended level of SuperAgent hierarchy to implement?

Answer 34

Three Level Hierarchy

Question 35

What are the repository list files?

Answer 35

SiteList.xml and SiteMgr.xml

Question 36

What is the purpose of the repository list files

Answer 36

Includes the location and encrypted network credentials that managed systems use to select the repository and retrieve updates. The server sends the repository list to the McAfee Agent during Agent-Server communication

Question 37

What are the specific uses of the two repository list files?

Answer 37

SiteList.xml:

• Import to a McAfee Agent during installation
• Used by the agent and supported products

SiteMgr.xml:
-Back up and restore your distributed repositories and source sites if you have to reinstall the server

• Import the distributed repositories and source sites from a previous installation of the McAfee ePO software
• Used when reinstalling the McAfee ePO server, or for importing into other ePO servers that use the same distributed repositories or source sites

Question 38

What factors should be considered when determining where to place repositories?

Answer 38

• How many nodes do you manage with the ePO server?
• Are these nodes located in different geographic locations?
• What connectivity do you have to your repositories?

Question 39

What is the typical rule of Distributed Repository placement?

Answer 39

Typically, you create a repository for each large geographic location, but there a several caveats.

Question 40

What is the most common mistake in regards to DR?

Answer 40

Having too few or too many, consequently overloading network bandwidth

Question 41

Why can Global Updating cause issues in a large environment?

Answer 41

Global Updating can saturate your WAN links. For instance, sometimes McAfee releases ENS engine updates which are several MBs, compared to 400-KB DAT files. This can saturate your WAN links, and also you may prefer to upgrade in a stage release

Question 42

What is the sequence of events for the Global Updating process?

Answer 42

1. Content or packages are checked in to the Master Repository.
2. The McAfee ePO server performs an incremental replication to all distributed repositories.
3. The McAfee ePO server issues a wake-up call to all SuperAgents in the environment.
4. The SuperAgent broadcasts a global update message to all agents in the SuperAgent subnet.
5. Upon receipt of the broadcast, the agent is supplied with a minimum catalog version needed.
6. The agent searches the distributed repositories for a site that has this minimum catalog version.
7. Once a suitable repository is found, the agent runs the update task.

Question 43

How do you create a new source site in ePO?

Answer 43

Go to the Source Sites server setting

Question 44

If the ePO server and/or the McAfee Agent use a proxy server to connect to the internet, how do you configure this?

Answer 44

For the ePO server: The Proxy Settings Server Setting

For the McAfee Agent: In the Agent Repository policy

Question 45

What does the “bypass local addresses’ box in the Proxy Settings configuration screen do?

Answer 45

Input the IP Addresses or FQDN of systems hosting DR that you want the ePO server to be able to connect to directly

Question 46

How do you control which Repositories your managed systems reach out to for updates?

Answer 46

Through the McAfee Agent Repository Policy

Question 47

How can you export the SiteList.xml file?

Answer 47

Go to the master repository and select the export sitelist option

Question 48

T/F: McAfee releases both DATs and Engines daily.

Answer 48

False, DATs are daily, engines are less frequently

Question 49

What should be considered when scheduling a pull task?

Answer 49

Bandwidth and network usage - If you are using global updating, as recommended, schedule a pull task to run when bandwidth usage by other resources is low. With global updating, the update files are distributed automatically after the pull task finishes

Frequency of the task - DAT files are released daily, but you might not want to use your resources daily for updating

Replication and update tasks - Schedule replication tasks and client updates tasks to ensure that the update files are distributed throughout your environment

Question 50

What is the best way to ensure that your distributed repositories stay up to date?

Answer 50

Scheduling regular Repository Replicatino server tasks is the best way to ensure that your distributed repositories are up-to-date

Question 51

What is the difference between full replication and incremental replication?

Answer 51

Full replication means that entire contents of your Master Repository are copied over to your distributed repositories

Incremental replication uses less bandwidth by only copying updates in the Master Repository that are not yet in the distributed repository

Question 52

What is the recommended way to utilize both incremental and full replications tasks in ePO?

Answer 52

Schedule a daily incremental replication task. Schedule a weekly full replication task if it is possible for files to be deleted from the distributed repository outside of the replication functionality of the McAfee ePO software.

Question 53

How can you lessen the impact that replication tasks have on bandwidth resources.

Answer 53

• By replicating to different servers at different times

- By selecting only the specific files and signatures that are necessary to each system for replication

Question 54

How does the McAfee Agent choose which repository to update from?

Answer 54

The Agent can use a network ICMP ping or subnet address compare algorithms to find the distributed repository with the quickest response time (usually the closet repository to the system on the network)

Or, you can make it so that agents adhere to a repository order that you configure in the agent repository policy. While doing this, you can enable or disable specific distributed repositories

Question 55

At how many nodes in your environment do Distributed Repositories become recommended rather than optional?

Answer 55

> 25,000 systems