1McAfee®EndpointEncryptionEnterpriseBestPracticesGuideNovember2009
10AnObjectDirectorywith5000usersand5000systemscouldbeexpectedtogrowasfollows:TypicalGrowthof5000user/machineObjectDirectory
11GlobalDeploymentsThesingleserverapproachworkswellaslongastheendpointscanmakeandsustainaTCP/IPconnectiontotheserver.Depend
12OptimisationActionsOverviewMcAfeegenerallyrecommendsthefollowingactions(mostofwhicharedescribedinmoredetaillater):•Optimizeh
13NameIndexing(DBCFG.INI)Nameindexingshouldbeenabledonalldatabasesespeciallythosewithover1000endpointsorusers.Itwillbenoticeab
14LifeTime=86400Thetime(inseconds)forwhichtheindexwillbeusedbeforeitisautomaticallyre‐createdifsomebodylogsontothedatabase.T
15TCP/IPKeepAliveTimeReductionReducethissettingonallEEPCserversfromtwohours(thedefault)tofiveminutes.Theserverwillrequireares
161. OpenRegedit.2. GotoHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Filesystem.3. Intherightpane,lookfortheDwordnamedNtfsMf
17 WindowsPerformanceBydefaulttheWindowsperformancesettingsaresetto‘Applications’.However,testingshoulddefinethebestsetting.
18ObjectDirectoryPhysicalLocationConsiderationshouldbemadetothelocationoftheObjectDirectory.ThedefaultfinalfolderfortheEndpoi
19ObjectDirectoryMaintenanceMaintenanceIntroductionTokeepthedatabasecleanandhealthy,maintenanceisrequiredonaregularbasis.Thisma
2Copyright©2009McAfee,Inc.AllRightsReserved.Nopartofthispublicationmaybereproduced,transmitted,transcribed,storedinaretrieval
20ToexportandthenclearALLuserauditsusethiscommand:SBADMCL–Command:DumpUserAudit–Adminuser:Admin–Adminpwd:mypassword–File:c:\dump\Dum
21OrphanedObjectsTobeginacleanup,thedatabasestartswithwhatareknownas“Orphaned”objects.TheseareobjectsthatexistintheObjectDi
22DumpMachineDescriptionIfobjectsseemtohangtheManagerwhenopened,thenattempttodumpthemachinedescriptiontofindwhichobjectsarea
23UserObjects‐GeneralPerformanceTipsEEPCcansupportthousandsofuserspergroupandpermachine.Thatsaid,forperformanceandsecurityre
24GeneralAdviceDefaultProductsettings(formaximumcompatibility).InstallingtheEndpointEncryptionManager(EEM)usingthedefaultsettings
25oftheothergroupsshouldnotbeusedunlessthereisaspecificreason.Theseusuallyinclude“EEPC52OPTION:”orsimilaratthestartofthena
26• Whenusingsmartcardreadersandtokens,avoidassigningmanyoralloftheReaderorTokenfilegroupstogether.Whilsttheycanbeusedto
3ContentsINTRODUCTION 5PURPOSEOFTHISGUIDE 5RELEVANTPRODUCTS 5SOLUTIONARCHITECTURE 6DESIGNPHILOSOPHY 6SERVERCONFIGURATION 7BASIC
4OBJECTDIRECTORYMAINTENANCE 19MAINTENANCEINTRODUCTION 19ENVIRONMENT 19AUDITMAINTENANCE 19EXTRACTINGANDCLEARINGAUDITFROMTHEDATABASE
5IntroductionPurposeofthisGuideWhenplanningalargerolloutofEndpointEncryptionv5,itisimportanttounderstandtheprocessofscalingt
6SolutionArchitectureDesignPhilosophyMcAfeeEndpointEncryptionisaclient/serverapplicationdesignedtobeimplementedwithasimple,single
7ServerConfigurationBasicServerRequirementsTheEndpointEncryptionCommunicationsServerprocessrunsunderMicrosoftWindows2000/2003.Cur
8ServerRedundancyItisriskytohaveasinglephysicalserverforyourenterprise,evenifyoutakeregularbackups.Werecommendyoutotakeste
9ServerandObjectDirectoryOptimisationEndpointtoServerCommunication‐NetworkLoadEstimationEndpointEncryptionnetworktrafficistheea
Comments to this Manuals