McAfee ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE Specifiche Pagina 8
- Pagina / 26
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
8
ServerRedundancy
Itisriskytohaveasinglephysicalserverforyourenterprise,evenifyoutakeregularbackups.Werecommend
youtotakestepstoexpediterecoveryfromanoutageinaccordancewithanestablishedBusinessContinuity
andDisasterRecovery(BCDR)plan.
HotBackupDatabases
IncreasetheredundancyofthesystembyreplicatingtheEndpointEncryptionObjectDirectorytoasecond
physicalserver.Adedicatedreplicationtool“ObjectDirectoryBackup”whichisoptimizedtofollowthe
changelogofanEndpointEncryptionv5ObjectDirectoryissuppliedwiththeproductsuite.
Inthiscasesetuparesilientsystemusingtwophysicalboxes,bothhostingEndpointEncryptionServers–one
hostingthemasterOD
Bandtheotherhavingahotbackup.Incasethemasterserverfails,theEndpoint
EncryptionServeronthesecondbackupboxcanberestartedin“master”mode.Thenrebuildorreplacethe
affectedmachineandcreateanewmaster.
TheODBBackuputilitycanalsobeusedtomakeregularbac
kupsoftheODB,givingfurtherrecoveryoptions
incaseofadisaster.Thismethodhowever,requiresmanualinteractiontostartthefailover.
AHotBackupdocumentdiscussingthis scenarioisavailable.
Clustering
Fullyautomatedfailoversforapplicationsusuallyemployaclusterserverenvironment.AlthoughtheMcAfee
EndpointEncryptionObjectDirectoryandManagercanrunonacluster,werecommendagainstusing‘shared’
resourceswherepossible.AsperMcAfeeKB53698,WindowsClusterenvironmenthasnotbeenfullytestedat
thistimeinengineering.
LoadBalancing
GiventhebestconfigurationisusuallyasinglehighperformanceserverwithDASthentheleastoptimalwayto
performclusteringistoputtheObjectDirectoryonanetworkshare(NAS)andtheninstalltheManagement
Centerontwoserverswhichaccessthesharesimultaneously.
NOTE:Thelatterwillfunctio
n,butitwillbesignificantlydetrimentaltoserverperformance.
Youshouldnotethatifyouusespecialloadbalancingswitchestosplitnetworkload,youshouldsetthemto
alloweachclientactiveconnectiontooccurwiththesameswitchthroughoutthesyncevent(andnot
split/distributeeachpacketdu
ringasinglesync).
Makingremoteconnectionstothedatabaseisslowerthanlocalconnections,sothisdesignisoftentooslow
toworkeffectively.
IfDASisnotusedandthereareissuessuchasperformance,objectcorruption(especiallyasobjectnumbersin
theMcAfeeEndpointEncryptionObjectDire
ctoryincrease)McAfeesupportwillrecommendmovingtoDAS
andhighperformancededicatedserver.
IfaSANistheonlyoptionavailable,pleasenoteSANarrayscanprioritizetheconnectionstothephysicalbox
inwhatisknownasTierlevels.Tier1isthehighestpriority,Tier3isthelo
west.McAfeeEndpointEncryption
needsoptimaldiskaccesssowouldneedTier1prioritywithdedicatedLUNStoprovidethehighestspeed
connection.Thisisnecessaryforfullandpromptservicesynchronizationrequestsandadministration.This
avoidscorrupteddatabases,objects,clientsandslowadministrationperformance.RunningonSANisnot
recommended,bu
tifitmustbedone,thentheconnectionmustbeTier1.
- McAfee®EndpointEncryption 1
- Contents 3
- Introduction 5
- SolutionArchitecture 6
- ServerConfiguration 7
- ServerRedundancy 8
- HotBackupDatabases 8
- Clustering 8
- LoadBalancing 8
- VirtualServers 10
- GlobalDeployments 11
- OptimisationActions 11
- NameIndexing(DBCFG.INI) 13
- Warnings 13
- DBCFG.INI 13
- Groupsizes 14
- Procedure 15
- Anti‐VirusScanner 16
- WindowsPerformance 17
- ManagingAudits 17
- ConnectionSpeed 17
- ObjectDirectoryAccess 18
- SearchingforObjects 18
- ClearingDeletedObjects 18
- SBSERVER.INI 18
- ObjectDirectoryMaintenance 19
- DeletedItemsCleanup 20
- OrphanedObjects 21
- RestoreCommands 21
- CleanupCommands 21
- DumpMachineDescription 22
- GeneralAdvice 24
- Thingstoavoid 25
Prodotti e manuali riguardandi Server McAfee ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
(35 pagine)© 2020, manymanuals.it. Tutti i diritti riservati | 0.096 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale