22
ePolicy Orchestrator
®
3.6 Walkthrough Guide
Organizing the Directory and Repositories
ePolicy Orchestrator Directory: concepts and roles
3
Lost&Found groups
The Directory root and each site includes a Lost&Found group. Depending on the
methods you use to create and maintain Directory segments, the server uses different
characteristics to determine where to place systems within the Directory. Lost&Found
groups store systems whose locations could not be determined by the server.
Best practices information
If you delete systems from the Directory, you also need to uninstall the agent from
these systems. Otherwise, these systems continue to appear in the Lost&Found group
because the agent continues to communicate to the server.
Environmental borders
How you implement ePolicy Orchestrator and organize the systems for management
depends significantly on the borders that exist in your network. Borders influence the
organization of the Directory differently than the organization of your network topology.
McAfee recommends evaluating the following borders in your network and
organization, and whether they must be taken into consideration when defining the
organization of your Directory.
Topological
Your network is already defined by domains or Active Directory containers. The better
organized your network environment, the easier it is to create and use the Directory.
Geographical
If your organization includes facilities in multiple geographic locations, even on multiple
continents, this must be taken into consideration when building your Directory.
Available bandwidth and administrative roles must be considered when your
organization has multiple locations.
Managing security is a constant balance between protection and performance.
Organize your Directory to make the best use of limited network bandwidth. Consider
how the server connects to all the parts of your network, especially remote locations
that are often connected by slower WAN or VPN connections, instead of faster LAN
connections. You may want to set updating and agent-to-server communication policies
differently for these remote sites to minimize network traffic over slower WAN or VPN
connections.
Grouping systems first by geography provides several advantages for setting policies:
You can set update policies for the site or group so that all systems update from one
or more distributed software repositories located nearby.
If sites are located in other countries, you can deploy language-specific versions of
the agent or security software to these systems at once.
You can configure the update and product deployment policies for these systems
once.
You can schedule tasks to run at off-peak hours.
Summary of Contents for ePolicy Orchestrator
Page 2: ......