How to update an ePolicy Orchestrator Master Repository from another ePolicy Orchestrator server
Technical Articles ID:
KB82581
Last Modified: 2023-07-18 05:41:03 Etc/GMT
Environment
ePolicy Orchestrator (ePO) 5.x
Summary
In certain circumstances, it's necessary or advantageous to pull content from one ePO server to another. This article describes the best way to achieve this task.
Update an ePO Master Repository from another ePO server:
NOTE: In the following steps, ePO-B is the ePO server that's updated from the Master Repository of ePO server ePO-A.
- Export the Master Repository Public Keys from ePO-A:
- Log on to the ePO-A console.
- Click Menu, Configuration, Server Settings.
- Select Security Keys in the Setting Categories list, and then click Edit.
- Next to Local Master Repository key pair, make a note of the number of key pairs. You can have one or two key pairs – a 1024-bit pair or a 2048-bit pair.
- Click Export Public Key for the first key.
- Click OK.
- Click Save.
- Browse to a shared location that both servers can access. The default file name is rp<bit_size><server_name>.zip. For example, rp2048ePO-A.zip.
- Click Save.
- If you have two key pairs, click Export Public Key for the second key and save it in the same location.
- Import the Public Keys from ePO-A into ePO-B:
- Log on to the ePO-B console.
- Click Menu, Configuration, Server Settings.
- Select Security Keys in the Setting Categories list, and then click Edit.
- Next to Import and back up keys, click Import.
- Browse to the location where you saved the exported .zip files, select the .zip file, and then click Next.
- Verify that it's the appropriate Master Repository Public Key, and then click Save.
- If you've exported more than one key from ePO-A, repeat these steps for the remaining key.
- Confirm that you can see ePO-A's Public Keys listed in the Other repository public keys section.
- On ePO-A, create a UNC-distributed repository. The repository must be in a location that's accessible from ePO-B. It can be on ePO-A itself, but isn't needed.
IMPORTANT: It's critical that the guidelines in this step are followed exactly. If not, ePO-B could pull ePO-A's Agent package and keys, which can result in ePO-B's client systems being moved to ePO-A.
When configuring the repository, under Package Types, select the content that you want to provide to ePO-B. When you select packages, do not choose All Packages; instead, choose Selected Packages, and select only the packages that you want to replicate. Do not select any of the following package types:
- McAfee Agent
- ePO Agent Key Updater
We recommend that you select only the packages listed under Signatures and engines. Don't select the Replicate legacy DATs option.
The new distributed repository must be used only for providing content to ePO-B. Disable it in your McAfee Agent policies, so that client systems don't try to update from it.
- After you've configured the new repository, run a Replicate Now task to populate it with the selected content.
- On ePO-B, define a new Source Site and configure it to point to the new distributed repository:
- In the ePO-B console, click Menu, Configuration, Server Settings.
- Select Source Sites in the Setting Categories list, and then click Edit.
- Click Add Source Site.
- Specify a Repository name, select UNC as the Type, and then click Next.
- Specify the UNC path to the distributed repository on ePO-A (for example, \\ePO-A\Repository), and then click Next.
- Specify the download credentials, and then click Test Credential. After the Credentials are valid message is shown, click Next.
- Verify that the settings are correct, and then click Save.
- Create a Repository Pull task to update ePO-B from ePO-A:
- In the ePO-B console, click Menu, Automation, Server Tasks.
- Click New Task, name the task, keep the Schedule status as Enabled, and then click Next.
- Select Repository Pull from the Action drop-down list.
- Select ePO-B as the Source Site, and select the packages you want to update from the Available Source Site Packages. Click OK, and then click Next.
- Schedule the task, and then click Next.
- Verify that the settings are correct, and then click Save.
This Repository Pull task now updates ePO-B, using content from ePO-A.
|