How epo really works
Lets discovery how McAfee ePolicy Orchestrator System design and structure
Each module in ePO architecture as it part in the system, those are the part's of each module:
McAfee Agent/Common Management Agent
-Framework Service
-Collects properties & events
-Passes information to ePO (Apache) Server
-Receives policy or task changes
-New policy requests are delivered from the Apache policy cache
-Uses a proprietary SPIPE protocol to encapsulate
-ASCI – Agent to Server Communication Interval
McAfee Agent/Common Management Agent
-Framework Service
-Collects properties & events
-Passes information to ePO (Apache) Server
-Receives policy or task changes
-New policy requests are delivered from the Apache policy cache
-Uses a proprietary SPIPE protocol to encapsulate
-ASCI – Agent to Server Communication Interval
APACHE Server
-Proprietary SPIPE (3DES)
-In charge of communication from McAfee Agent to ePO server
-Cache policies to reduce database reads and speed up ASCI time
-Manages events, Group management, Tag management, agent sorting
-Passes events to the Event Parser Service
Event Parser Service
-Is in charge of parsing incoming events to the Database.
-DAL (Data Abstraction Layer)
-Event Parser Plugin
-Normalizing events
-Common Event Format (CEF)
-Event Receptor AlertER.DLL
-Parses event from the events directory or shared memory through the DAL.
-Parses events through AlertER.dll to send notifications based on policy.
Tomcat
-Console UI - provides your internet browser with a webpage to remotely manage the ePO server
-Reporting - SQUID (Structured Query User Interface)
-Extension Management – allows for modular changes to the ePO platform and Point Products management.
-User Management – Provides user permission and settings for the ePO server and components.
-Notifications – Provides the UI, rule engine and Actions of Notifications.
-Policies – Provides policy management, the UI and point product management.
-System tree management – Provides the UI of the system tree, organization of nodes, tags and policies of those nodes.