Explanation of how the ePolicy Orchestrator database mirroring feature works
Last Modified: 2023-07-18 10:37:11 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Explanation of how the ePolicy Orchestrator database mirroring feature works
Technical Articles ID:
KB84683
Last Modified: 2023-07-18 10:37:11 Etc/GMT EnvironmentePolicy Orchestrator (ePO) 5.10.x, 5.9.x
SummaryExplanation of database mirroring:
The database mirroring feature is intended to improve efficiency on LDAP lookups on Agent Handlers. This feature works with the LDAP sync task, which is a new server task also introduced in ePO 4.6.6. When the LDAP sync task runs, it pulls information from registered LDAP servers and stores it in the ePO database. The LDAP sync task populates the tables in the ePO database that begin with the name "
With the database mirroring feature disabled:
If an LDAP change is detected, a signal is sent to the Agent Handlers to flush the cache. Any arbitrary change to a registered LDAP server triggers a cache flush.
The LDAP query can take a significant amount of time to complete, which can drive up session times and lead to max connection issues on the Agent Handler. This situation is wherein database mirroring can help. When the database mirroring feature is enabled, the Agent Handler changes LDAP queries into database queries. The Agent Handler follows the same algorithm as when the database mirroring feature is disabled. But, instead of querying LDAP, it queries the database tables populated by the LDAP sync task to look up information about the users. This query is treated as an authoritative lookup, which means that if the user information isn't found in the database, the lookup fails. It doesn't use LDAP as a fallback because that would introduce the very performance issue the feature is intended to address. Failed LDAP lookups can potentially take much longer to complete than successful ones. Benefits of database mirroring: Here are the benefits of enabling the database mirroring feature:
The only known downside in enabling the feature is a delay in successful lookups for newly added users associated with user-based policies. If a new user is added to a group associated with a user-based policy, that user-based policy lookup fails until the LDAP sync task runs and adds that user's information to the database.
Enable database mirroring: The database mirroring feature is disabled by default. You can enable database mirroring using these steps:
Affected ProductsLanguages:This article is available in the following languages: |
|