manualshive.com logo in svg

McAfee ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE, Manual

The McAfee Endpoint Encryption Enterprise Best Practices Guide is a comprehensive manual designed to help users effectively implement and optimize their encryption solution. This essential manual is available for free download on our website. Ensure data security and compliance by following these best practices.

Share
Download
background image

15

 

 

TCP/IP

 

KeepAliveTime

 

Reduction

 

Reduce

 

this

 

setting

 

on

 

all

 

EEPC

 

servers

 

from

 

two

 

hours

 

(the

 

default)

 

to

 

five

 

minutes.

 

The

 

server

 

will

 

require

 

a

 

restart.

  

Once

 

this

 

is

 

done,

 

if

 

an

 

endpoint

 

client

 

loses

 

the

 

connection

 

with

 

the

 

server,

 

the

 

server

 

will

 

release

 

the

 

lock

 

after

 

approximately

 

5

 

minutes.

 

This

 

will

 

also

 

prevent

 

broken

 

remote

 

sbadmcl

 

connections

 

from

 

locking

 

the

 

scripting

 

user

 

account

 

for

 

2

 

hours.

 

 

Procedure

 

1.

 

Open

 

Regedit

 

2.

 

Go

 

to:

 

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

 

3.

 

Open

 

or

 

create

 

the

 

Dword

 

KeepAliveTime

 

4.

 

Change

 

the

 

value

 

to

 

300000

 

in

 

decimals

 

(Time

 

in

 

milliseconds)

 

 

Extra

 

info

 

The

 

KeepAliveTime

 

setting

 

controls

 

how

 

often

 

keep

alive

 

packets

 

are

 

sent

 

in

 

milliseconds

 

(300,000

 

is

 

recommended).

 

It

 

controls

 

how

 

often

 

TCP

 

sends

 

a

 

keep

alive

 

packet

 

to

 

verify

 

that

 

an

 

idle

 

connection

 

is

 

still

 

intact.

 

If

 

the

 

remote

 

computer

 

is

 

still

 

reachable,

 

it

 

acknowledges

 

the

 

keep

alive

 

packet.

   

MS

 

KB

 

article:

 

http://support.microsoft.com/default.aspx?scid=kb;en

us;324270#EQACAAA

 

 
 

Key:

 

Tcpip\Parameters

 

Value

 

Type:

 

REG_DWORD

 

(Time

 

in

 

milliseconds)

 

Valid

 

Range:

 

1

0xFFFFFFFF

 

Default:

 

7,200,000

 

(two

 

hours)

 

 
 

NOTE

:

  

A

 

similar

 

setting

 

KeepAliveInterval

 

has

 

a

 

default

 

1000

 

(=

 

1

 

second),

 

this

 

setting

 

is

 

correct

 

so

 

do

 

not

 

change

 

this.

 

Last

 

Access

 

Time

 

Stamp

 

(NtfsDisableLastAccessUpdate)

 

With

 

large

 

databases,

 

it

 

is

 

possible

 

that

 

some

 

groups

 

may

 

become

 

overpopulated.

 

When

 

a

 

large

 

group

 

is

 

opened

 

(for

 

example

 

one

 

with

 

over

 

5000

 

users),

 

it

 

can

 

take

 

some

 

time

 

to

 

open.

  

To

 

reduce

 

hard

 

disk

 

read

 

and

 

write

 

time,

 

a

 

registry

 

setting

 

can

 

be

 

set

 

to

 

prevent

 

the

 

Last

 

Access

 

time

 

stamp

 

from

 

being

 

updated

 

on

 

every

 

file

 

access.

  

The

 

performance

 

boost

 

will

 

be

 

about

 

50%!

  

A

 

restart

 

is

 

needed

 

after

 

the

 

change.

 

 

Procedure

 

1.

 

Open

 

regedit.

 

2.

 

Go

 

to

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem.

 

3.

 

Create

 

a

 

new

 

DWORD

 

value,

 

or

 

modify

 

the

 

existing

 

value,

 

named

 

"

NtfsDisableLastAccessUpdate

"

 

and

 

set

 

it

 

to

 

"

1

".

 

Microsoft

 

article:

 

http://technet2.microsoft.com/WindowsServer/en/library/80dc5066

7f13

4ac3

8da8

48ebd60b44471033.mspx?mfr=true

 

Windows

 

Server

 

as

 

a

 

File

 

Server

 

Tune

 

Microsoft

 

Windows

 

2003

 

server

 

to

 

be

 

a

 

file

 

server.

  

See

 

the

 

Microsoft

 

article

 

http://support.microsoft.com/kb/174619

 

about

 

this.

  

Theory

 

Increase

 

NTFS

 

MFT

 

(Master

 

File

 

Table,

 

used

 

to

 

be

 

FAT)

 

to

 

50%

 

of

 

the

 

disk

 

space.

 

The

 

result

 

is

 

that

 

small

 

files

 

are

 

being

 

stored

 

in

 

the

 

MFT

 

and

 

not

 

as

 

separate

 

files

 

in

 

the

 

NTFS.

 

This

 

helps

 

a

 

lot

 

because

 

we

 

have

 

thousands

 

of

 

small

 

files.

 

Procedure

 

Summary of Contents for ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE

Page 1: ...1 McAfee Endpoint Encryption Enterprise Best Practices Guide November 2009...

Page 2: ...d No part of this publication may be reproduced transmitted transcribed stored in a retrieval system or translated into any language in any form or by any means without the written permission of McAfe...

Page 3: ...OF 5000 USER MACHINE OBJECT DIRECTORY 10 VIRTUAL SERVERS 10 GLOBAL DEPLOYMENTS 11 OPTIMISATION ACTIONS 11 OPTIMISATION ACTIONS OVERVIEW 12 NAME INDEXING DBCFG INI 13 WARNINGS 13 DBCFG INI 13 GROUP SI...

Page 4: ...19 CLEARING THE AUDIT 19 DELETED ITEMS CLEANUP 20 CHECKING FOR DATABASE CORRUPTION 20 WHY DOES THE DATABASE GET CORRUPTED 20 ORPHANED OBJECTS 21 RESTORE COMMANDS 21 CLEANUP COMMANDS 21 DUMP MACHINE D...

Page 5: ...e product and the environment in which it is being used before arriving at any decision on implementation strategy Calculations and figures in this guide are based on field evidence and not theoretica...

Page 6: ...a distributed way For example the Web Helpdesk component can be installed on a dedicated web server while the rest of the components are on a separate Endpoint Encryption Server However the majority o...

Page 7: ...hared Server can be used for low numbers Please see Virtual Server section in this guide Virtual hardware has to be of higher specification if resources are shared See Page 11 2000 5000 users systems...

Page 8: ...nvironment has not been fully tested at this time in engineering Load Balancing Given the best configuration is usually a single high performance server with DAS then the least optimal way to perform...

Page 9: ...s The default settings of the Communication Server limit the queue to 200 entries a balance between taking connections and processing connections After that point the connections are refused This is a...

Page 10: ...use of Virtual Servers is a result of Lack of resources dedicated to the virtual server Dynamically assigned resources to the virtual server which starves it of the necessary performance during peak p...

Page 11: ...y is necessary it is better to include endpoints from all regions in the pilot phase Optimisation Actions NOTE These are generic recommendations based on experience but not always be suitable for your...

Page 12: ...me to five minutes Disable NTFS Last Access Update with a registry change Increase the size of the NTFS Master File Table MFT with a registry change Optimize backups Exclude the Object Directory and t...

Page 13: ...smaller than 5000 systems otherwise you find the number by multiplying the number of users or systems in the database by 0 6 Example If the number of users in the database is 10 000 the Locktimeout s...

Page 14: ...lable from your McAfee representative Attribs SingleFile No If this is set to Yes the attributes for objects will be placed into a single file instead of each one having their own file Not generally u...

Page 15: ...ours NOTE A similar setting KeepAliveInterval has a default 1000 1 second this setting is correct so do not change this Last Access Time Stamp NtfsDisableLastAccessUpdate With large databases it is po...

Page 16: ...3 or 4 instead of the default value of 1 Object Directory Backup Tool Setup If you set up your Object Directory backup tool make sure it is not running too many times a day because the in between tim...

Page 17: ...ed you schedule EEPC command line tool SBADMCL to cleanup machine audit and the user audit See Endpoint Encryption Object Directory Maintenance section below File Cache on Raid Hard Drive Controller L...

Page 18: ...containing old deleted users systems and other objects and are found through the System tab in the Endpoint Encryption Manager These objects can slow searches down If these objects are needed for aud...

Page 19: ...ds please see the Endpoint Encryption Scripting Tool User Guide which is found in most normal installations of the Endpoint Encryption Manager Extracting and Clearing Audit from the Database The audit...

Page 20: ...within the Object Directory is renamed The extension of the folder is renamed from RMV to WPE With a very large database these empty removed folders can sometimes slow down searches In a test lab try...

Page 21: ...have a full backup of SBDATA before doing this Restore Commands To restore orphaned user objects back into a group use this command SBADMCL Command RestoreUsers Adminuser Admin Adminpwd mypassword Gr...

Page 22: ...ects in the DumpMaDesc log can be deleted from the database If the normal deletion doesn t work use Windows Explorer to browse to the actual location in the database and delete the physical folder In...

Page 23: ...utes servicing each client EEPC has excellent password synchronization across all the endpoint clients a user is assigned to It is therefore logical that adding thousands of users to each machine will...

Page 24: ...nate Requests This option stops the machine from entering hibernation mode Note this option is not supported in Vista With later versions of EEPC v5 x this should normally be left disabled to allow no...

Page 25: ...ppear as a fixed drive and therefore swaps with the fixed disk after booting from it It can cause recovery problems with Remove or Emergency Boot for example Alternatively use with a floppy disk drive...

Page 26: ...tion to encrypted data Using one autoboot user for too many machines Instead use more autoboot users to reduce the multiple connections and load on the autoboot user object in the database Autoboot us...

Reviews:

No comments

Related manuals for ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE

Native Instruments Scarbee Mark 1 User Manual preview
Scarbee Mark 1
Brand: Native Instruments Pages: 14
Novell LINUX ENTERPRISE DESKTOP 11 - KDE Manual preview
LINUX ENTERPRISE DESKTOP 11 - KDE
Brand: Novell Pages: 102
Mitsubishi WiFi-Doc Client for iOS User Manual preview
WiFi-Doc Client for iOS
Brand: Mitsubishi Pages: 10
Spectrel Reserver Installation And Administration Manual preview
Reserver
Brand: Spectrel Pages: 74
Benefon TWIG CONFIGURATOR User Manual preview
TWIG CONFIGURATOR
Brand: Benefon Pages: 28
R&S SMW-K555 User Manual preview
SMW-K555
Brand: R&S Pages: 45
Oracle Secure Backup 10.3 Installation And Configuration Manual preview
Secure Backup 10.3
Brand: Oracle Pages: 174
Bay Networks Bay Dial VPN Configuration And Troubleshooting Manual preview
Bay Dial VPN
Brand: Bay Networks Pages: 186
Autodesk 057B1-41A111-1001 - AutoCAD LT 2010 User Manual preview
057B1-41A111-1001 - AutoCAD LT 2010
Brand: Autodesk Pages: 574
MACROMEDIA COLDFUSION MX 61 - CONFIGURING AND ADMINISTERING COLDFUSION... Using Manual preview
COLDFUSION MX 61 - CONFIGURING AND ADMINISTERING COLDFUSION...
Brand: MACROMEDIA Pages: 70
National Instruments BridgeVIEW User Manual preview
BridgeVIEW
Brand: National Instruments Pages: 455
TANDBERG MOVI 4.0 - FOR MAC User Manual preview
MOVI 4.0 - FOR MAC
Brand: TANDBERG Pages: 19
FARONICS DEEP FREEZE ENTERPRISE - UPDATE PROCEDURE... Update Manual preview
DEEP FREEZE ENTERPRISE - UPDATE PROCEDURE...
Brand: FARONICS Pages: 15
Quantum GoVault 40GB Software Manual preview
GoVault 40GB
Brand: Quantum Pages: 142
Barco Projector Toolset Reference Manual preview
Projector Toolset
Brand: Barco Pages: 245
Lenovo ThinkPad 765L Repair preview
ThinkPad 765L
Brand: Lenovo Pages: 1
Lenovo ThinkCentre M58e Specifications preview
ThinkCentre M58e
Brand: Lenovo Pages: 4
Lenovo ThinkCentre M58p Manual preview
ThinkCentre M58p
Brand: Lenovo Pages: 38

Brands by name

Popular brands

Load more brands