User manual MCAFEE ENDPOINT ENCRYPTION ENTERPRISE BEST PRACTICES GUIDE

Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!

If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Lastmanuals provides you a fast and easy access to the user manual MCAFEE ENDPOINT ENCRYPTION ENTERPRISE. We hope that this MCAFEE ENDPOINT ENCRYPTION ENTERPRISE user guide will be useful to you.

Lastmanuals help download the user guide MCAFEE ENDPOINT ENCRYPTION ENTERPRISE.


Mode d'emploi MCAFEE ENDPOINT ENCRYPTION ENTERPRISE
Download
Manual abstract: user guide MCAFEE ENDPOINT ENCRYPTION ENTERPRISEBEST PRACTICES GUIDE

Detailed instructions for use are in the User's Guide.

[. . . ] McAfee® Endpoint Encryption Enterprise Best Practices Guide November 2009 1 Copyright © 2009 McAfee, Inc. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc. , or its suppliers or affiliate companies. 2 Contents INTRODUCTION PURPOSE OF THIS GUIDE RELEVANT PRODUCTS SOLUTION ARCHITECTURE DESIGN PHILOSOPHY SERVER CONFIGURATION BASIC SERVER REQUIREMENTS RECOMMENDED SERVER HARDWARE SERVER REDUNDANCY HOT BACKUP DATABASES CLUSTERING LOAD BALANCING SERVER AND OBJECT DIRECTORY OPTIMISATION ENDPOINT TO SERVER COMMUNICATION NETWORK LOAD ESTIMATION ESTIMATING THE SIZE OF THE OBJECT DIRECTORY TYPICAL GROWTH OF 5000 USER/MACHINE OBJECT DIRECTORY VIRTUAL SERVERS GLOBAL DEPLOYMENTS OPTIMISATION ACTIONS OPTIMISATION ACTIONS OVERVIEW NAME INDEXING (DBCFG. INI) WARNINGS DBCFG. INI GROUP SIZES TCP/IP KEEPALIVETIME REDUCTION LAST ACCESS TIME STAMP (NTFSDISABLELASTACCESSUPDATE) WINDOWS SERVER AS A FILE SERVER OBJECT DIRECTORY BACKUP TOOL SETUP ANTIVIRUS SCANNER WINDOWS PERFORMANCE MANAGING AUDITS FILE CACHE ON RAID HARD DRIVE CONTROLLER CONNECTION SPEED OBJECT DIRECTORY PHYSICAL LOCATION OBJECT DIRECTORY ACCESS SEARCHING FOR OBJECTS CLEARING DELETED OBJECTS SBSERVER. INI 5 5 5 6 6 7 7 7 8 8 8 8 9 9 9 10 10 11 11 12 13 13 13 14 15 15 15 16 16 17 17 17 17 18 18 18 18 18 3 OBJECT DIRECTORY MAINTENANCE MAINTENANCE INTRODUCTION ENVIRONMENT AUDIT MAINTENANCE EXTRACTING AND CLEARING AUDIT FROM THE DATABASE CLEARING THE AUDIT DELETED ITEMS CLEANUP CHECKING FOR DATABASE CORRUPTION WHY DOES THE DATABASE GET CORRUPTED? ORPHANED OBJECTS RESTORE COMMANDS CLEANUP COMMANDS DUMP MACHINE DESCRIPTION USER OBJECTS GENERAL PERFORMANCE TIPS GENERAL ADVICE DEFAULT PRODUCT SETTINGS (FOR MAXIMUM COMPATIBILITY). THINGS TO AVOID 19 19 19 19 19 19 20 20 20 21 21 21 22 23 24 24 25 4 Introduction Purpose of this Guide When planning a large rollout of Endpoint Encryption v5, it is important to understand the process of scaling the back end Object Directory and the associated Endpoint Encryption Communications Server processes to meet requirements. [. . . ] Once this is done, if an endpoint client loses the connection with the server, the server will release the lock after approximately 5 minutes. This will also prevent broken remote sbadmcl connections from locking the scripting user account for 2 hours. Extra info The KeepAliveTime setting controls how often keepalive packets are sent in milliseconds (300, 000 is recommended). It controls how often TCP sends a keepalive packet to verify that an idle connection is still intact. If the remote computer is still reachable, it acknowledges the keepalive packet. MS KB article: http://support. microsoft. com/default. aspx?scid=kb;enus;324270#EQACAAA Key: Tcpip\Parameters Value Type: REG_DWORD (Time in milliseconds) Valid Range: 10xFFFFFFFF Default: 7, 200, 000 (two hours) NOTE: A similar setting KeepAliveInterval has a default 1000 (= 1 second), this setting is correct so do not change this. Open Regedit Go to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters Open or create the Dword KeepAliveTime Change the value to 300000 in decimals (Time in milliseconds) Last Access Time Stamp (NtfsDisableLastAccessUpdate) With large databases, it is possible that some groups may become overpopulated. When a large group is opened (for example one with over 5000 users), it can take some time to open. To reduce hard disk read and write time, a registry setting can be set to prevent the Last Access time stamp from being updated on every file access. The performance boost will be about 50%! Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem. Create a new DWORD value, or modify the existing value, named "NtfsDisableLastAccessUpdate" and set it to "1". Microsoft article: http://technet2. microsoft. com/WindowsServer/en/library/80dc50667f134ac38da8 48ebd60b44471033. mspx?mfr=true 1. 3. Windows Server as a File Server Tune Microsoft Windows 2003 server to be a file server. See the Microsoft article http://support. microsoft. com/kb/174619 about this. Theory Increase NTFS MFT (Master File Table, used to be FAT) to 50% of the disk space. The result is that small files are being stored in the MFT and not as separate files in the NTFS. This helps a lot because we have thousands of small files. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Filesystem. In the right pane, look for the Dword named NtfsMftZoneReservation. If not exists, create a new DWORD NtfsMftZoneReservation in the registry and set its value to 4. EXTRA INFO The default value for this key is 1. [. . . ] · · · 25 · When using smartcard readers and tokens, avoid assigning many or all of the Reader or Token file groups together. Whilst they can be used together, more compatibility and easier troubleshooting is ensured using just the specific token or reader files required for a group of machines. Using $autoboot$ user assigned to machines permanently for convenience to bypass pre boot logon as a normal everyday operational client ­ there is NO security in doing this. This results in end users never seeing the preboot authentication screen. [. . . ]

DISCLAIMER TO DOWNLOAD THE USER GUIDE MCAFEE ENDPOINT ENCRYPTION ENTERPRISE

Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets...
In any way can't Lastmanuals be held responsible if the document you are looking for is not available, incomplete, in a different language than yours, or if the model or language do not match the description. Lastmanuals, for instance, does not offer a translation service.

Click on "Download the user manual" at the end of this Contract if you accept its terms, the downloading of the manual MCAFEE ENDPOINT ENCRYPTION ENTERPRISE will begin.

Search for a user manual

 

Copyright © 2015 - LastManuals - All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.

flag