McAfee EPOLICY ORCHESTRATOR 4.5 Installation Manual
McAfee ePolicy Orchestrator 4.5
Installation Guide
COPYRIGHT
Copyright © 2009 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form
or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE
EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN,
WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in
connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property
of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED,
WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH
TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS
THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET,
A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU
DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN
THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
License Attributions
Refer to the product Release Notes.
McAfee ePolicy Orchestrator 4.5 Installation Guide2
Contents
Pre-Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
First-Time Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Upgrading to ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Server and Agent Handler requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Database requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Database considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Distributed repositories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Supported products and components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Operating systems language support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Installing the server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Installing an Agent Handler. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Removing unused consoles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Unsupported products. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Performing backups before upgrading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Upgrading the ePO server from version 3.6.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Upgrading the ePO server from version 4.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Post-Installation Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Completing a first-time installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Completing an upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Migrating events from version 3.6.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Files to check in manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Configuring the software for a server with multiple NICs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Uninstalling the software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Common installation messages and their solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Default locations of troubleshooting log files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3McAfee ePolicy Orchestrator 4.5 Installation Guide
McAfee ePolicy Orchestrator 4.5 Installation Guide4
Pre-Installation
Before installing ePolicy Orchestrator 4.5, review these requirements and recommendations.
Contents
System requirements
Supported products and components
Operating systems language support
System requirements
Verify that your environment meets the minimum requirements listed here:
• Server and Agent Handler
• Database
• Distributed repositories
Server and Agent Handler requirements
Free disk space — 1 GB minimum (first-time installation); 1.5 GB minimum (upgrade); 2 GB
recommended.
Memory — 1 GB available RAM; 2–4 GB recommended.
Processor — Intel Pentium III-class or higher; 1 GHz or higher.
Monitor — 1024x768, 256-color, VGA monitor.
NIC — Network interface card; 100 MB or higher.
NOTE: If using a server with more than one IP address, ePolicy Orchestrator uses the first
identified IP address. If you want to use additional IP addresses for agent-server communication,
see
Installing an Agent Handler
Dedicated server — If managing more than 250 computers, McAfee recommends using a
dedicated server.
File system — NTFS (NT file system) partition recommended.
IP address — McAfee recommends using static IP addresses for ePO servers.
Server-class operating system — 32bit or 64bit
• Windows Server 2003 Enterprise with Service Pack 2 or later
• Windows Server 2003 Standard with Service Pack 2 or later
• Windows Server 2003 Web with Service Pack 2 or later
• Windows Server 2003 R2 Enterprise with Service Pack 2 or later
.
5McAfee ePolicy Orchestrator 4.5 Installation Guide
Pre-Installation
System requirements
• Windows Server 2003 R2 Standard with Service Pack 2 or later
• Windows Server 2008
NOTE: Installation is blocked if you attempt to install on a version of Windows earlier than
Server 2003. In addition, ePolicy Orchestrator stops functioning if, after having been installed
on Windows Server 2003, the server is upgraded to Windows Server 2008.
Browser
• Firefox 3.0
• Microsoft Internet Explorer 7.0 or 8.0
If using Internet Explorer and a proxy, follow these steps to bypass the proxy server.
1 From the Tools menu in Internet Explorer, select Internet Options.
2 Select the Connections tab and click LAN Settings.
3 Select Use a proxy server for your LAN, then select Bypass proxy server for local
addresses.
4 Click OK as needed to close Internet Options.
Domain controllers — The server must have a trust relationship with the Primary Domain
Controller (PDC) on the network. For instructions, see the Microsoft product documentation.
Security software
• Install and/or update the anti-virus software on the ePolicy Orchestrator server and scan
for viruses.
CAUTION: If running VirusScan Enterprise 8.5i or 8.7i on the system where you are installing
ePolicy Orchestrator, you must ensure that the VSE Access Protection rules are disabled
during the installation process, or the installation fails.
• Install and/or update firewall software on the ePolicy Orchestrator server.
Ports
• McAfee recommends avoiding the use of Port 8443 for HTTPS communication. Although this
is the default port, it is also the primary port used by many web-based activities, is a popular
target for malicious exploitation, and it is likely to be disabled by the system administrator
in response to a security violation or outbreak.
NOTE: Ensure that the ports you choose are not already in use on the ePolicy Orchestrator
server computer.
• Notify the network staff of the ports you intend to use for HTTP and HTTPS communication
via ePolicy Orchestrator.
NOTE: Installing the software on a Primary Domain Controller (PDC) is supported, but not
recommended.
Supported virtual infrastructure software
• VMware ESX 3.5.x
• Microsoft Virtual Server 2005 R2 with Service Pack 1
• Windows Server 2008 Hyper-V
McAfee ePolicy Orchestrator 4.5 Installation Guide6
Pre-Installation
System requirements
Database requirements
Microsoft updates and patches
Update both the ePO server and the database server with the latest Microsoft security updates.
If you are upgrading from MSDE 2000 or SQL 2000, be sure to follow Microsoft's required
upgrade scenarios.
Databases supported for use with ePolicy Orchestrator
• SQL Server 2005 Express. This database is included with ePolicy Orchestrator for use in
environments where there is no supported database available.
• SQL Server 2005.
• SQL Server 2008 Express.
• SQL Server 2008.
NOTE: Use of ePolicy Orchestrator with MSDE 2000 or SQL 2000 (or earlier) is not supported.
Database installation documented in this Guide
The only database installation scenario described in detail is a first-time installation of SQL
Server 2005 Express. In this scenario, the ePOSetup installs both the ePolicy Orchestrator
software and the database on the same server. If the database is to be installed on a different
server from the ePolicy Orchestrator software, manual installation is required on the remote
servers.
Other relevant database installations and upgrades
See the documentation provided by the database manufacturer for information about the
following installation scenarios:
• Installing SQL Server 2005.
• Installing SQL Server 2008.
• Upgrading from MSDE 2000.
• Upgrading from SQL 2000.
• Upgrading from SQL 2005.
• Upgrading from SQL 2005 Express.
• Maintenance settings — McAfee recommends making specific maintenance settings to
ePO databases. For instructions, see
Maintaining ePO databases
in the
ePolicy Orchestrator
Help.
SQL Server
• Dedicated server and network connection — Use a dedicated server and network
connection if managing more than 5,000 client computers.
• Local database server — If using SQL Server on the same system as the ePOserver,
McAfee recommends using a fixed memory size in Enterprise Manager that is approximately
two-thirds of the total memory for SQL Server. For example, if the computer has 1GB of
RAM set 660MB as the fixed memory size for SQL Server.
7McAfee ePolicy Orchestrator 4.5 Installation Guide
Pre-Installation
System requirements
• SQL Server licenses — If using SQL Server, a SQL Server license is required for each
processor on the computer where SQL Server is installed.
CAUTION: If the minimum number of SQL Server licenses is not available after you install
the SQL Server software, you may have issues installing or starting the ePolicy Orchestrator
software.
Database considerations
Using ePolicy Orchestrator with a database
A database must be installed before ePolicy Orchestrator can be installed. Any of the following
databases, if previously installed, meets this requirement.
• SQL Server 2005
• SQL 2005 Express
• SQL 2008
• SQL 2008 Express
NOTE: SQL 2000 is not supported.
If none of those databases was previously installed, the ePO installation wizard detects that no
database is present and offers you the opportunity to install SQL Server 2005 Express.
The following tables provide additional information about the database choices and other
software requirements.
NoteRequirementsDatabase
SQL Server 2005
or SQL Server
2008
Express
connection
Local database server
Licenses
NoteSoftware
Needed if managing more than 5,000 computers.Dedicated server and network
If the database and ePO server are on the same system,
McAfee recommends using a fixed memory size in Enterprise
Manager or SQL Server Management Studio that is
approximately two-thirds of the total memory for SQL Server.
For example, if the computer has 1 GB of RAM, set 660 MB
as the fixed memory size for SQL Server.
A license is required for each processor on the computer
where SQL Server is installed. If the minimum number of SQL
Server licenses is not available, you might have difficulty
installing or starting the ePolicy Orchestrator software.
You must acquire and install..NET FrameworkSQL Server 2005
McAfee ePolicy Orchestrator 4.5 Installation Guide8
You must acquire and install.MSXML 6.0
1
From the Internet Explorer Tools menu, select Windows
Update.
2
Click Custom, then select Software.
3
Select MSXML6.
4 Select Review and install updates, then click Install Updates.
Pre-Installation
System requirements
NoteSoftware
Firefox 3.0
Redistributable
Redistributable - x86 9.0.21022
Compatibility
SQL Server 2005 Express
Microsoft updates
You must acquire and install.Internet Explorer 7 or 8, or
You must acquire and install if using SQL Server 2005 Express..NET Framework 2.0
If not previously installed, the installation wizard installs automatically.Microsoft Visual C++
If not previously installed, the installation wizard installs automatically.Microsoft Visual C++
If not previously installed, the installation wizard installs automatically.MDAC 2.8
If not previously installed, the installation wizard installs automatically.SQL Server 2005 Backward
If no other database has been previously installed, this database can be installed
automatically at user’s selection.
Update the ePolicy Orchestrator server and the database server with the most
current updates and patches.
The installation fails if using a version of MSI previous to MSI 3.1.MSI 3.1
Database installation documented in this guide
The only database installation scenario described in detail is a first-time installation of SQL
Server 2005 Express. In this scenario, the ePolicy Orchestrator Setup installs both the ePolicy
Orchestrator software and the database on the same server. If the database is to be installed
on a different server from the ePolicy Orchestrator software, manual installation of SQL is
required on the remote server.
Other relevant database installations and upgrades
See the documentation provided by the database manufacturer for information about the
following installation scenarios:
• Installing SQL Server 2005 or 2008.
• Upgrading from MSDE 2000 to SQL Server 2005 or 2008.
• Upgrading from MSDE 2000 to SQL Server 2005 Express.
Nested triggers — The SQL Server Nested Triggers option must be enabled.
Database collation — The only database collation supported by ePolicy Orchestrator is the
U.S. English default: SQL_Latin1_General_Cp1_CI_AS.
Maintenance settings — McAfee recommends making specific maintenance settings to ePolicy
Orchestrator databases. For instructions, see
Maintaining ePolicy Orchestrator databases
in the
ePolicy Orchestrator 4.5 Help.
SQL Server
Dedicated server and network connection — Use a dedicated server and network connection
if managing more than 5,000 client computers.
Local database server — If using SQL Server on the same system as the ePolicy Orchestrator
server, McAfee recommends using a fixed memory size in Enterprise Manager that is
approximately two-thirds of the total memory for SQL Server. For example, if the computer has
1 GB of RAM, set 660 MB as the fixed memory size for SQL Server.
9McAfee ePolicy Orchestrator 4.5 Installation Guide
Loading...