To provide load balancing for large numbers of clients, multiple Agent Handlers can be deployed in an agent handler group. If you have existing load-balancing hardware, place multiple Agent Handlers behind one or more load balancers. But, if you use Secure Sockets Layer (SSL) for agent-to-server communications, the load balancer(s) must be configured to allow SSL traffic to pass between the clients and Agent Handlers.
Instructions:
NOTE: We recommend that you enable SSL traffic pass-through on your load balancer. If your Trellix Agent (TA) version is earlier than version 5.0 (branded McAfee Agent), the load balancers must be configured to enable SSL traffic pass-through between the clients and Agent Handlers. For TA 5.0 or later, this is optional but recommended.
- Determine the Agent-server communication port (default 80) and the Agent-server communication secure port (default 443) used by your handlers.
NOTE: You can confirm the Agent-server communication port and Agent-server communication secure port on your ePO server by navigating to Menu, Configuration, Server Settings, and then selecting Port.
- Import the SSL certificate and key files from your ePO server into the load balancer(s) if you're terminating the SSL connection on the load balancer. These files are located in the following folder on your ePO server:
Certificate: <ePO Install folder>\Apache2\conf\ssl.crt\ahCert.crt
Key: <ePO Install folder>\Apache2\conf\ssl.crt\ahpriv.key
- Forward the traffic on to the Agent-server communication port of the handler if you're terminating the SSL connection on the load balancer. The default value for this port is 80.
NOTE: Be certain to configure the load balancer to use the X-Forwarded-Proto header (case-sensitive) with a value of https.
- Forward the traffic to the Agent-server communication secure port on your ePO server if you have enable SSL traffic pass-through on your load balancer. The default value for this port is 443.
For instructions to import these files to your load balancer or other related load balancer configuration, consult the manufacturer's documentation.