To manage and use ASSC keys in your environment use these tasks.
Tasks
• Manage ASSC keys on page 146
You can generate, export, import, and delete ASSC keys from the Server Settings.
• View systems that use an ASSC key pair on page 148
You can view the systems whose agents use a specific agent‑server secure communication key pair in the Agent‑server secure communication keys list.
• Use the same ASSC key pair for all servers and agents on page 148
You should ensure that all McAfee ePO servers and agents use the same agent‑server secure communication (ASSC) key pair.
• Use a different ASSC key pair for each McAfee ePO server on page 149
You can use a different ASSC key pair for each McAfee ePO server to ensure that all agents can communicate with the required McAfee ePO servers in an environment where each server must have a unique agent‑server secure communication key pair.
Manage ASSC keys
You can generate, export, import, and delete ASSC keys from the Server Settings.
Task
For option definitions, click ? in the interface.
1 Click Menu | Configuration | Server Settings, select Security Keys from the Setting Categories list.
The Edit Security Keys page appears.
2 Select one of these actions.
10
Agent-server communication Security keysAction Steps Generate
and use new ASSC key pairs.
Use these steps to generate new agent‑server secure communication key pairs.
1 Next to the Agent‑server secure communication keys list, click New Key. In the dialog box, type the name of the security key.
2 If you want existing agents to use the new key, select the key in the list, then click Make Master.
Agents begin using the new key after the next agent update task is complete. If the server manages 4.6 agents, make sure the 4.6 Agent Key Updater package has been checked into the master repository.
In large installations, generating and using new master key pairs should be performed only when you have specific reason to do so. McAfee recommends performing this procedure in phases so you can more closely monitor progress.
3 After all agents have stopped using the old key, delete it.
In the list of keys, the number of agents currently using that key is displayed to the right of every key.
4 Back up all keys.
Export ASSC
keys. Use these steps to export agent‑server secure communication keys from one McAfee ePO server to a different McAfee ePO server, to allow agents to access that new McAfee ePO server.
1 In the Agent‑server secure communication keys list, select a key, then click Export.
The Export Agent‑Server Communication Keys dialog box appears.
2 Click OK.
Your browser prompts you to for action to download the sr<ServerName>.zip file to the specified location.
Depending on the internet browser you are using, If you have specified a default location for all downloads this file might be automatically saved to that location.
Import ASSC
keys. Use these steps to import agent‑server secure communication keys that were exported from a different McAfee ePO server. This procedure allows agents from that server to access this McAfee ePO server.
1 Click Import. The Import Keys page appears.
2 Browse to and select the key from the location where you saved it (by default, on the desktop), then click Open.
3 Click Next and review the information on the Import Keys page.
4 Click Save.
Action Steps Designate an
ASSC key pair as the master.
These steps allow you to change which key pair, listed in the Agent‑server secure communication keys list, is specified as the master. Do this after importing or generating a new key pair.
1 From the Agent‑server secure communication keys list, select a key, then click Make Master.
2 Create an update task for the agents to run immediately, so that agents update after the next agent‑server communication.
Ensure that the agent key updater package is checked in to the master repository and has been replicated to all distributed repositories that are managed by ePolicy Orchestrator. Agents begin using the new key pair after the next update task for the agent is complete. At any time, you can see which agents are using any of the agent‑server secure communication key pairs in the list.
3 Back up all keys.
Delete ASSC
keys. Do not delete any keys that are currently in use by any agents. If you do, those agents cannot communicate with the server.
1 From the Agent‑server secure communication keys list, select the key you want to remove, then click Delete.
The Delete Key dialog box appears.
2 Click OK to delete the key pair from this server.
View systems that use an ASSC key pair
You can view the systems whose agents use a specific agent‑server secure communication key pair in the Agent‑server secure communication keys list.
After making a specific key pair the master, you might want to view the systems that are still using the previous key pair. Do not delete a key pair until you know that no agents are still using it.
For option definitions, click ? in the interface.
Task
1 Click Menu | Configuration | Server Settings, select Security Keys from the Setting Categories list, then click Edit.
The Edit Security Keys page appears.
2 In the Agent‑server secure communication keys list, select a key, then click View Agents. The Systems using this key page appears.
This page lists all systems whose agents are using the selected key.
Use the same ASSC key pair for all servers and agents
You should ensure that all McAfee ePO servers and agents use the same agent‑server secure communication (ASSC) key pair.
If you have a large number of managed systems in your environment, McAfee recommends performing this process in phases so you can monitor agent updates.
10
Agent-server communication Security keys1 Create an agent update task.
2 Export the keys chosen from the selected McAfee ePO server.
3 Import the exported keys to all other servers.
4 Designate the imported key as the master on all servers.
5 Perform two agent wake‑up calls.
6 When all agents are using the new keys, delete any unused keys.
7 Back up all keys.
Use a different ASSC key pair for each McAfee ePO server
You can use a different ASSC key pair for each McAfee ePO server to ensure that all agents can communicate with the required McAfee ePO servers in an environment where each server must have a unique agent‑server secure communication key pair.
Agents can communicate with only one server at a time. The McAfee ePO server can have multiple keys to communicate with different agents, but the opposite is not true. Agents cannot have multiple keys to communicate with multiple McAfee ePO servers.
For option definitions, click ? in the interface.
Task
1 From each McAfee ePO server in your environment, export the master agent‑server secure communication key pair to a temporary location.
2 Import each of these key pairs into every McAfee ePO server.