As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Technical Articles ID:
KB81534
Last Modified: 2023-07-24 11:19:43 Etc/GMT
Environment
ePolicy Orchestrator (ePO) 5.x
ePO on Amazon Web Services (AWS)
Summary
Recent updates to this article:
Date
Update
July 24, 2023
Minor formatting updates; no content changes.
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
This article is a consolidated list of common questions and answers. It's intended for users who are new to the product, but can be of use to all users.
Contents:
Click to expand the section you want to view:
What services does the ePO server use?
The ePO server uses the following services:
Application Server (Tomcat) service - The core responsibilities of this service are as follows:
Provides your web browser with a Java-based webpage to remotely manage the ePO server through the ePO console
Manages extensions, notifications, policies, repositories, System Tree, and dashboards
Enables Structured Query User Interface to provide the reporting user interface
Runs the automatic response system
Provides user permissions and settings for the ePO server and components
Event Parser service - The core responsibilities of this service are as follows:
Passes events to the Tomcat service
Stores events in the ePO database
Normalizes events using Common Event Format
Apache service - The core responsibilities of this service are as follows:
Handles communications from McAfee Agent (MA) to the ePO server
Caches policies to reduce database reads and speeds up agent-server communication intervals (ASCI)
Manages events, groups, tags, and agent sorting
Passes events to the Event Parser service
Are there any tools available to help parse the log files?
We recommend using Notepad ++ and SMS Log Viewer. Microsoft Operations Manager also has a log viewer where you can view logs in real time, similar to SMS Log Viewer.
Is there any ePO console training available?
For a list of training courses, see the Product training page.
When the ePO agent is uninstalled, how long is the data associated with the agent retained?
The retention limit in SQL is set to 365 days. This data isn't guaranteed to be removed after it crosses the age threshold, but merely becomes eligible for deletion.
How do I upgrade to the latest ePO release or update?
See the following documentation:
How do I check in my products to ePO 5.x?
ePO 4.6 introduces the Software Manager. From this version onward, you can automatically see updates (other than DATs and Engines) to your licensed products listed in the Software Manager. You can use the Software Manager to download the following:
Licensed software
Evaluation software
Software updates
Product documentation
To manually check in packages, see the ePolicy Orchestrator Product Guide for your version. To view all ePO Documentation, see the Product Documentation page.
What's the minimum hard drive space needed to upgrade an ePO database to a new version of ePO?
The minimum hard drive space needed depends on the size of the ePO database. A safe estimate is about twice the size of your current ePO database. An upgrade requires a large amount of transaction log space that's used during the upgrade to hold a copy of the EPOEvents table (typically, the largest table in an ePO database). Make sure that the transaction log is allowed to grow to a size at least as large as the EPOEvents table.
Does the ePO installer change the SQL Server during installation?
No, the ePO installer doesn't change the SQL Server installation.
The ePO installation doesn't use the primary database and makes no SQL server-wide changes. It doesn't require System Administrator rights on the SQL Server itself to install. But, it requires permissions to create and drop a database during the installation process.
The installer creates a database, uses the database, and then drops the database to verify that it has the appropriate rights. The installer writes to two databases: Tempdb and ePO database. After the installation is complete, DBO rights on the ePO database are sufficient for normal operation.
The Primary database and MSDB are indirectly changed when the ePO database object and its Xactlog are created. But, the ePO installer makes no changes directly. Also, ePO executes the CREATE DATABASE invocations during installation from the context of dbo.master. But, that's only because it has to start somewhere.
How do I troubleshoot installation failures?
The main ePO installer log is %temp%\McAfeeLog\EPOXXX‑Install‑MSI.log. This file contains all information about the installation including what the installer was doing and any failure information. Search from the bottom up for the word aborted. You can then see where the setup was quit and the error messages are directly above.
What can I do when my installation fails with a 1603 error?
A 1603 error is a generic Microsoft MSI error code that appears during an installation or upgrade of any product. The code on its own can't determine the cause. Other logs and symptoms can help a Technical Support Engineer investigate and resolve the issue.
How do I stop the web browser certificate warning from displaying when connecting to the ePO console?
The ePO server uses a self-signed certificate for SSL communication with the web browser, which, by default, the browser doesn't trust. This fact causes a warning message to display every time you connect to the ePO console. To prevent this warning message from displaying, you must do one of the following:
Add the ePO server certificate to the collection of trusted certificates used by the browser.
Replace the default ePO server certificate with a valid certificate that's signed by a certificate authority (CA) that the browser trusts.
How do I change the ePO server SQL database connectivity settings?
You can change the SQL database connectivity settings using a webpage available at https://localhost:8443/core/config-auth, where 8443 is the console communication port. After installation, this method is the only way to configure the SQL database connectivity settings through a user interface.
What's the best method to monitor and be alerted of Failed or Terminated server tasks?
Automatic responses are generally the mechanism used to generate notifications to ePO administrators for these types of events. But, these responses are triggered from client and server events. Unfortunately, there isn't a generic server event generated if there's a failed server task.
ePO has a server event generated when the following tasks fail:
Replication
Pull
AD Discovery
NT Domain Sync
Computer Import
NOTE: Configure tasks by creating an Automatic Response for Notification Server events. Then, filter by event IDs that correspond to these specific server task failures.
Agent Handlers (AHs) need to communicate directly with the ePO SQL Server. Is there a guide available to estimate the increased impact to the SQL Server for each Agent Handler added and number of clients it supports?
A general rule is that the number of processor cores on the server should be x8 (or 16), whichever is greater. So, a system running two hyper-threaded Xeons allows 32 threads for the event parser work queue and 32 database connections. A single processor non-hyper-threaded system defaults to the minimum of 16 threads and connections.
When's the best time to add more AHs to an ePO environment?
Most commonly, it's recommended that you use AHs to connect clients in a DMZ. AHs help with network and application load balancing, or both. If you're seeing numerous server busy messages, it might be time to add an Agent Handler, increase your ASCI times on the agent policies, or both.
NOTE: Apache processes only 250 simultaneous connections, but the server typically processes these connections in milliseconds. We determined that this low number is adequate even for enterprise environments.
We've seen many "server too busy" (245 connections) messages; does adding an Agent Handler resolve this problem?
It might, but if there's a problem on the back-end SQL Server, it won't. Adding an Agent Handler only increases the load to the SQL Server.
There are many possible reasons for the server too busy message in the Agent log. Check whether the server recovers by itself after a short time without restarting the service. If the server recovers by itself, it's likely a configuration issue. Consider taking the following actions:
Decreasing the frequency of the ASCI
Creating distributed repositories
Decreasing the number of client tasks or the frequency at which they're running. One Agent Handler can typically handle up to 50,000 client systems.
Do leap second issues affect ePO?
No. A leap second is a one-second adjustment sometimes applied to UTC to keep its time of day close to the mean solar time (UT1).
Leap second issues don't affect ePO and MA.
General
What is ePO on AWS?
We can now deploy ePO and other related infrastructure elements through AWS Quick Start. The solution is known as ePO on AWS.
Where can I find more information about this AWS solution?
See the AWS Quick Start page.
Can I use my existing license or do I need to purchase a new license to use the ePO on AWS offering?
You can use your existing ePO on-premises license to use the ePO on AWS offering (Bring Your Own License (BYOL)). No new license or SKU purchase is needed.
What are the infrastructure elements that are part of the AWS Quick Starts stack?
ePO Application Server, AHs, DXL Brokers, and Relational Database Service (RDS) SQL Database are part of the AWS Quick Starts stack.
Who owns and pays for the infrastructural elements that run in AWS?
The customer owns and pays the running costs to AWS.
What versions are the stack elements (ePO/DXL brokers) based on?
They're based on the following:
ePO 5.10
DXL 4.1.0
I don't use DXL functionality and don't need it; why is there a DXL broker in the default stack configuration?
It's needed so that endpoints within the corporate network are reachable for operations such as Agent Wake Up or Run Client Task.
If you have an alternative such as AWS Direct Connect that ensures connectivity from your AWS Virtual Private Cloud (VPC) to your internal network, you can change the 'Auto scaling Groups' for DXL brokers. After the stack is set up, change these groups to have a Min and Max value of 0.
Why use 'Quick Starts' over designing and setting up an infrastructure myself?
Quick Starts is the gold standard for deployments in AWS. The architecture and stack elements have been designed in consultation with AWS. Using AWS Quick Starts also removes the complexity of sizing and designing the deployment architecture.
Does this offer use AWS Relational Database Service (RDS) for SQL?
Yes.
Does this Quick Starts solution support BYOSQL?
Yes, if it's an existing RDS instance; otherwise, no.
Is there a similar offering for Azure?
Not currently. If you want an offering, raise a Product Enhancement Request (PER). For details, see KB60021 - How to submit a new Product Idea.
If I have a product that I use that's in the Product Compatibility List (PCL) 'block list', how do I plan to support it?
Raise a PER. For details, see KB60021 - How to submit a new Product Idea.
Is operation of the stack elements in FIPS mode supported?
No.
Is AWS GovCloud supported with this solution?
Yes.
Initial Set-up and Configuration
For the Deployment Environment field (in the template), what's the difference between 'Production' and 'Development'?
The Development option enables customers to trial the solution at a lower cost. For example, the SQL instance that spins up when the 'Development' option selected is the RDS SQL Server Express edition.
Can I switch from 'Development to 'Production' mode?
No. You must create a stack with the 'Production' mode selected.
What do I have to do if the number of managed endpoints (or managed products) increases or decreases in my environment?
ePO Application Server - Create an Amazon Machine Image(AMI) out of the running ePO instance. Shut down the original EC2 instance and remove it from the Load Balancer target groups. Start a new ePO instance from the AMI, and configure the needed capacity, such as EC2 instance type or storage. After the ePO server is up and running, add it to the Load balancer target group.
See the table in the "Cost Estimation" section for guidance on the recommended instance parameters.
AHs and DXL brokers - Auto scaling capabilities for these components ensures availability of an appropriate number of functional AHs and DXLs. No action is needed.
RDS SQL - You have to manually change the Database instance specifications. See the table in the "Cost Estimation" section for guidance on the recommended instance parameters.
Which of the template parameters can be changed at a later point in time?
See the following table for details.
What components of the stack does 'high availability' apply to?
It applies to the following:
AH
DXL Brokers
RDS SQL
Can the selected availability zones be of different regions, for example, Frankfurt and London?
No, high availability is restricted to availability zones within the same region.
Are the requests from the endpoint agents load balanced in a setup with high availability?
Yes.
Why's there a need to specify an AWS Key Pair? What's this used for?
The key pair is needed to enable secure connection to the instances.
How can I control access to my ePO? For example, to restrict access to only to a set of IPs?
Use the External Access CIDR field in the ePO Application Server Configuration template.
How do I connect my Active Directory (AD) infrastructure to ePO running on AWS?
Connect the AWS VPC to your internal network. Make this connection through either a Virtual Private Network (VPN) or AWS Direct Connect.
Are there any firewall ports that I need to open for communication with my on-premises infrastructure?
No. Outbound ports to DXL broker, ePO console, and AH are configured during stack creation.
Can I pair the stack with an existing RDS instance?
Yes.
How's the logon URL for ePO determined? Where can I get this information?
You can find this information using any of the following methods:
Under CloudWatch, Dashboards (select stack), Quick Links.
Under Stacks, Select the root stack. The information is in the Outputs tab.
Through the Welcome email.
NOTE: The Welcome email isn't sent to customers that use the GovCloud region.
Can I export my existing Database (DB) and import it into RDS? Does this solution help?
No. This solution doesn't provide any Out of Bound (OOB) options to help with importing an existing DB.
Can I have AH or DXL brokers both on-premises and in AWS?
This situation isn't recommended. Latency between an AH and the Database needs to be as low as possible for better performance and scalability.
How do distributed repositories work with ePO and DXL brokers in AWS?
UNC and HTTP as distributed repositories are supported. With AWS VPN connectivity, you can use SuperAgent repositories on-premises with lazy caching and point-to-point relay as well.
Can I change the CFT template and does Technical Support it?
Yes. But we don't maintain any custom or customer changes. So, you might lose your custom work when creating an AMI.
WARNING:You might lose access to our 'update' feature for AH and DXL brokers, if the default templates aren't used.
What if I don't provide a Load Balancer certificate Amazon Resource Name (ARN)? How will the communication work in this case?
If no certificate is provided, a self-signed certificate is created and used for communication.
How can I control access to the stack elements (ePO, AHs, and DXL brokers)?
Use the 'External Access CIDR' field within the Network Configuration template.
Cost Estimation
How quickly can the stack be set up?
The stack can be set up typically in less than an hour. The actual configuration of the template parameters is a small proportion of the total time.
Information about the instances that are spun as part of the stack.
For DXL Brokers - Log on to the DXL broker and run the 'yum update' command for security updates.
NOTE: Remote AHs and DXL Brokers are located under the Auto-scaling group. If they're closed and created with new instances, you might have to perform the patching again.
What's the process for applying hotfixes to the ePO Application Server?
You must accomplish the task manually; run the ePO installer.
What's the process for upgrading and applying a hotfix for an AH and DXL Broker?
Perform either of the steps below:
Apply updates delivered by us via the CI or CD pipeline. This action is achieved when selecting Yes for 'Updates for Stack Components' in the template.
If 'Updates for Stack Components' is set to No, you can manually update the stack from the CloudFormation template Actions and perform an Update Stack. The action replaces the older versions and AMIs of AHs and DXL Brokers with the newer versions.
NOTE: Customers that use the GovCloud region have to use this option.
What components are the 'Updates for Stack Components' relevant to?
They're relevant to AHs and DXL Brokers.
NOTE: Customers using the GovCloud region have to use the CloudFormation template Actions and perform an Update Stack.
How does the update mechanism for the AH and DXL Brokers work when 'Updates for Stack Components' is selected?
New instances of AHs and DXL Brokers are spun up. When the health of these new instances is determined to be appropriate, the old instances are closed.
What if I opt out of 'Updates for Stack Components'?
You have to update the stack components manually.
Is there a similar AutoUpdate mechanism for the ePO Application Server?
No.
Is Database Snapshots turned on by default and how frequent is it?
The DB snapshots are turned on by default, and the backups are daily. More information can be found at the AWS webpage.
How about database snapshots when an existing instance is used?
If an existing RDS is used, it follows the same backup schedule for the existing RDS.
What if Application Server goes down? What would be the recovery process?
Follow the ePO disaster recovery process.
If I've changed the template, for example, for DXL brokers, can I still use 'easy updates' for AHs made available through the CI or CD pipeline?
No, changing the template isn't supported.
Is the migration process for transferring endpoints to ePO on AWS similar to on-premises?
Yes. A VPN connection is needed to establish connection to the database that's on premises.
What is Auto Scaling and how does it work?
Based on the use of stack elements, AHs, and DXL Brokers are added or removed. This action translates to optimal resource consumption and money spent. Auto Scaling is handled behind the scenes by monitoring parameters. For example, as active connections and latency between AHs and the database.
What components does Auto Scaling extend to?
Auto Scaling extends to AHs and DXL Brokers.
Can I disable Auto Scaling?
Yes. Manually set minimum and maximum values for the 'Auto scaling Groups' for AH and DXL Brokers.
Where can I find the ePO log and is it available in real time?
The ePO, AH, and other logs can be found in CloudWatch under /mcafee/.
Is the solution integrated with CloudWatch?
The ePO, AH, and DXL provision logs can be found in CloudWatch. The solution also provides an OOB dashboard that provides information about the health of the stack components.
How do I determine whether there's an event relating to Auto Scaling or update of AH or DXL broker?
The information is available in the Auto Scaling group history.
What happens if I manually close any ePO, AH or DXL instances from within the AWS console?
WARNING:Don't manually close any instances of the ePO solution from within the AWS console. It results in unintended consequences.
How do I reset or recover the ePO, RDS or DR password?
You can reset the password from the parameter store under Systems Manager Service. If you've forgotten the password to your ePO console, ePO database, or DR passphrase, you can retrieve them from within the parameter store of your stack.
How are ePO 5.10.0 Cumulative Updates different from previously released patches? Updates, for example ePO 5.9.1, are full installer packages. Cumulative Updates, for example ePO 5.10.0 Update 2, are a rollup of fixes that contain only the delta needed for the fixes.
Are there any considerations for applying an ePO update when ePO is installed in FIPS mode?
There are no special considerations when the ePO servers are installed in FIPS mode.
Why has the Update model for ePO 5.10.0 been introduced?
This model has been introduced to make it easy for customers to stay current and secure. The Update model enables a lightweight two-step approach for applying fixes in a customer environment.
Are Cumulative Updates the preferred model for delivering fixes for ePO 5.10.0?
Yes. Cumulative Updates replace the earlier model for delivering defect fixes via updates.
Are ePO 5.10.0 updates cumulative?
Yes. As the name suggests, Cumulative Updates for ePO 5.10.0 are cumulative in nature.
Example: ePO 5.10.0 Cumulative Update 2 contains all fixes available in Update 1. You need to apply only the latest Cumulative Update to get to a current state.
What versions of ePO are supported for Cumulative Update 2?
General Availability releases:
ePO build 5.10.0.2408.4
ePO build 5.10.02428.5 (Repost)
I've done a Disaster Recovery of my ePO setup after applying a Cumulative Update; do I need to apply the Cumulative Update?
Yes. Run the updater tool included in the Cumulative Update and select Repair to reapply the fixes.
Where can I find updates for ePO 5.10.0?
You can find the updates either in the ePO Software Catalog or on the Product Downloads site.
Where can I find the version of the update installed via the ePO console?
The version of the update installed is found in the Server Settings page under ePO and Database Server Information.
Example: Server Information:
Version: 5.10.0.2428
Update Installed: Update 2
Why am I able to see ePO 5.10.0 Update 2, but not Update 1 on the Product Downloads site or in the Software Catalog?
Update 1 was only Released to Support (RTS) and wasn't made available on the Product Downloads site or in the Software Catalog.
How do I install an ePO 5.10.0 update in my environment?
The ePO 5.10.0 Update # package also includes the ePO Updater Tool. The tool is intended to guide and simplify the application of fixes in customer environments.
Is it possible to run ePO Updater on Remote AH servers?
Yes. But, you need to execute the ePO update first on the ePO Server and Local AH before trying to execute it on the Remote AH server.
What can I do when the ePO services aren't stopping when executing an ePO update?
One of the following actions must be implemented if you see a pop-up message while running the ePO Updater tool. The message states that the services aren't stopped.
To complete the update, perform one of the following actions:
Stop the services manually.
Perform an End task operation of the services via the Task Manager and click Repair.
Is it possible to revert the changes applied from an ePO update?
Yes. Click Rollback in the updater tool to restore ePO to its previous state.
Will the ePO Updater work on non-English operating systems?
Yes. But the updater locale is in English only.
Is a cluster environment supported?
Yes. But, you must execute the ePO Updater tool on a data drive when ePO is installed in a cluster environment.
Can I run the ePO Updater when the SQL Server encryption option is set to ON?
No. When the SQL Server encryption is set to ON, you see the following error: "Failed to connect to database."
Workaround: Enable the flag in \resources\app\config\settings.json. By default, it's set to false.
Change the following value to true: "encryptedDBConnection": true.
Where can I find information about the fixes that an update contains?
See, KB51569 - Supported platforms for ePolicy Orchestrator.
In the article, under the "Release Information" section, you can find a list of all ePO updates and their corresponding release notes. The ePO Updater Tool also provides information about the included fixes.
Are security vulnerability fixes delivered in the ePO updates?
Yes. Updates are the preferred approach for delivering fixes for security vulnerabilities.
Which versions of ePO are updates available for?
Cumulative Updates are available for ePO 5.10.0 and later.
I'm a customer upgrading from ePO 5.3.x or 5.9.x; how can I get to a current state?
Follow the steps below:
I've already upgraded to 5.10.0. How can I continue to stay current?
Download and apply the latest updates as they're released. If you would like to be notified when an ePO update is released, subscribe to SNS notifications.
For details, see KB51560 - Trellix on-premises product release cycle.
Where in the ePO console can I find the version of ePO that I've currently installed?
Log on to the ePO console, and navigate to Server settings, Server information.
What is ePO on GCP?
ePO on GCP deploys and configures ePO 5.10.0 Update 10 or later on a supported VM server that runs in the GCP platform.
Can I use my existing license, or do I need to purchase a new license to use the ePO on GCP offering?
You can use your existing ePO on-premises license (BYOL). No new license or SKU purchase is needed.
What are the minimum infrastructure elements that are needed to deploy in GCP?
An ePO Application Server, AHs, RDS, and SQL Database.
Who owns and pays for the infrastructural elements that run in GCP?
The customer owns and pays for the running costs to host ePO on GCP.
What version of ePO is certified for GCP?
ePO 5.10.0 Update 10.
I don't use DXL functionality and don't need it; do I need it to deploy ePO in GCP?
DXL functionality is needed so that endpoints within the corporate network are reachable for operations such as Agent Wake Up or Run Client Task. But, if you have an alternative service in GCP that makes sure that there's connectivity from your GCP Virtual Private Cloud (VPC) to your internal network, you can change the Auto scaling Groups for DXL brokers. After the stack is set up, change these groups to have a Min and Max value of 0.
If I have a product that I use that's in the PCL block list, how do I plan to support it?
Submit a product idea. For details, see KB60021 - How to submit a new Product Idea.
Is FIPS mode supported?
Yes.
Can I upgrade from a trial version to a production licensed version?
Yes.
What do I have to do if the number of managed endpoints (or managed products) increases or decreases in my environment?
ePO Application Server
Create an instance for running on ePO instance.
Shut down the original EC2 instance and remove it from the Load Balancer target groups.
Start a new ePO instance from the AMI.
Configure the needed capacity, such as EC2 instance type or storage.
After the ePO server is up and running, add it to the Load balancer target group.
NOTE: See the table in the "Cost Estimation" section for guidance on the recommended instance parameters.
AHs and DXL brokers
Auto scaling capabilities for these components ensure availability of an appropriate number of functional AHs and DXLs. No action is needed.
RDS SQL
You have to manually change the Database instance specifications. See the table in the "Cost Estimation" section for guidance on the recommended instance parameters.
What components of the ePO on GCP does 'high availability' apply to?
It applies to the following:
AH
DXL Brokers
RDS SQL
Can the selected availability zones be of different regions, for example, Frankfurt and London?
No. High availability is restricted to availability zones within the same region.
Are the requests from the endpoint agents load balanced in a setup with high availability?
Yes.
How quickly can the stack be set up?
If everything is ready, the firewall rules are in place, and the DNS has been created, it takes a few hours.
Can I apply an existing VPC to deploy my ePO infrastructure?
Yes. See the ePO Installation Guide.
How do I connect my AD infrastructure to ePO running on GCP?
Connect the GCP VPC to your internal network. Make this connection through either a VPN or GCP Direct Connect.
Are there any firewall ports that I need to open for communication with my on-premises infrastructure?
Yes. Outbound ports to DXL broker, ePO console, and AH must be configured during ePO stack deployment.
Can I pair the stack with an existing RDS instance?
Yes.
How is the logon URL for ePO determined?
The logon ePO URL is the DNS you've configured.
Can I export my existing database and import it into RDS? No.
Can I have AH or DXL brokers both on-premises and in AWS?
This situation isn't recommended. Latency between an AH and the Database needs to be as low as possible for better performance and scalability.
How do distributed repositories work with ePO and DXL brokers in GCP?
UNC and HTTP as distributed repositories are supported. With GCP connectivity, you can use SuperAgent repositories on-premises.
What if I don't provide a Load Balancer certificate ARN. How does the communication work in this case?
If no certificate is provided, a self-signed certificate is created and used for communication.
How can I control access to my ePO by restricting access to only to a set of IPs?
Use the External Access CIDR field in the ePO Application Server Configuration template.
How can I control access to the stack elements (ePO, AHs, and DXL brokers)?
Use the External Access CIDR field within the Network Configuration template.
Do I have the responsibility of patching the base operating system for the stack elements? If so, how do I do that?
Remote AHs
To update the Server Core instances, follow the Microsoft instructions. For details, see Patch a Server Core installation.
DXL Brokers
Log on to the DXL broker and run the yum update command for security updates.
NOTE: Remote AHs and DXL Brokers are located under the Auto-scaling group. If they're closed and created with new instances, you might have to perform the patching again.
What's the process for applying hotfixes for the ePO Application Server?
You must accomplish the task manually and run the ePO installer.
Is the migration process for transferring endpoints to ePO on GCP similar to on-premises?
Yes. A VPN connection is needed to establish connection to the database that's on premises.
What components does Auto Scaling extend to?
AHs and DXL Brokers.
Can I disable Auto Scaling?
Yes. Manually set the minimum and maximum values for the Auto scaling Groups for AH and DXL Brokers.