Installation Guide

Conduit Platform 1.0.0For use with McAfee ePolicy Orchestrator

Introducing McAfee Conduit Platform

McAfee®

Conduit Platform provides a secure connection between McAfee®

ePolicy Orchestrator®

(McAfeeePO

™

) and mobile devices.

Conduit Platform can be used with on-premise installations of ePolicy Orchestrator, versions 5.1 andlater.

The Conduit Platform configuration includes these components:

• Server — Installed on a Tomcat server in your environment. The Conduit Platform server handlescommunication to and from mobile devices.

• Extension — Installed in ePolicy Orchestrator. The extension manages communication betweenePolicy Orchestrator and the Conduit Platform server.

Using Conduit Platform in high availability environments

To improve availability, we recommend setting up two or more Conduit Platform servers. With multipleservers, requests from mobile devices are handled randomly. ePolicy Orchestrator dynamically handlesload balancing; a third-party load balancer is not required.

The time-out interval for requests is determined by the managed product app.

Installation requirementsConduit Platform has specific system, certificate, and network requirements for installation andoperation.

For details about ePolicy Orchestrator requirements, see the ePolicy Orchestrator documentation.

1

Requirement Details

Software ePolicy Orchestrator, versions 5.1 and later, on-premise only

Hardware (physicalor virtual)

• 16 GB RAM

• Dual Core CPU

Operating system • Windows Server 2008 64-bit with Service Pack 2 or later (Standard orEnterprise Edition)

• Windows Server 2008 R2 64-bit with Service Pack 1 or later (Standard orEnterprise Edition)

• Windows Server 2012 64-bit (Standard Edition)

• Windows Server 2012 R2 64-bit (Standard Edition)

Active Directory You must know the:• Domain controller name or IP address of the LDAP server

• Port number that LDAP runs on

SSL certificate • Public (not self-signed)

• Obtained from a recognized authority like Verisign or Go Daddy

• Matches the address (A) record defined in the Domain Name System (DNS)unless a wildcard (*) certificate is used

In high availability environments, you can associate a wildcard certificatewith multiple Conduit Platform servers.

Network You must have a valid, externally facing URL to access the Conduit Platformserver.

Router and firewallaccess rules

Allow communication from the Conduit Platform server to:• Port 443

• LDAP port

Installation account • Use a valid LDAP account for installation.

We recommend using service account credentials.

• Use the same LDAP account to install the Conduit Platform server andextension.

• Elevated permissions aren't required.

2

Installation instructionsTo configure the Conduit Platform for use with ePolicy Orchestrator, complete these tasks in order.

Tasks• Install the Conduit Platform server on page 3

The Conduit Platform installer configures Tomcat and guides you through serverinstallation.

• Install the Conduit Platform extension in ePolicy Orchestrator on page 3Enable Conduit Platform functionality and management by installing the Conduit Platformextension.

• Register your Conduit Platform server in ePolicy Orchestrator on page 4Establish communication between your Conduit Platform server, LDAP server, and ePolicyOrchestrator by configuring a Registered Server in ePolicy Orchestrator.

Install the Conduit Platform serverThe Conduit Platform installer configures Tomcat and guides you through server installation.

Before you beginYou must know the domain controller name or IP address of the LDAP server, and the portnumber that LDAP runs on. The default port is 389.

If the installer isn't available on the McAfee Downloads site, see KB85679 for manual installationinstructions.

If you're setting up multiple Conduit Platform servers to improve availability, repeat the installationprocess on each server.

Task1 On the system where you want to install the Conduit Platform server, right-click the installer file,

then select Run as administrator.

2 On the welcome page, click Next.

3 Select the folder location to install the server, then click Next.

4 Select your SSL certificate, enter the password for the certificate, then click Next.

Because the software doesn't prompt for certificate expiration, we recommend noting the expirationdate of your SSL certificate, and setting a calendar reminder to update it as needed. You can updatethe SSL certificate using the installer.

5 Enter your LDAP server URL and credentials for your installation service account, then click Next.

6 When installation completes, click Finish.

Install the Conduit Platform extension in ePolicy OrchestratorEnable Conduit Platform functionality and management by installing the Conduit Platform extension.

The Conduit Platform extension comes bundled with managed products that require it.

This method manually installs the Conduit Platform extension from a local copy. For details aboutother methods of checking in product packages, see the ePolicy Orchestrator documentation.

3

TaskFor option definitions, click ? in the interface.

1 Download and save the Conduit Platform extension in an accessible location.

Don't unzip the extension file.

2 On the ePolicy Orchestrator console, select Menu | Software | Extensions, then click Install Extension.

3 Browse to and select the Conduit Platform extension, then click OK.

4 Review and accept the product details and license agreement, then click OK.

Register your Conduit Platform server in ePolicy OrchestratorEstablish communication between your Conduit Platform server, LDAP server, and ePolicy Orchestratorby configuring a Registered Server in ePolicy Orchestrator.

If you're setting up multiple Conduit Platform servers to improve availability, repeat this process foreach server.

Task

1 In the ePolicy Orchestrator console, select Menu | Configuration | Registered Servers, then click New Server.

2 From the Server Type drop-down list, select Conduit Platform, enter a unique name for the server, thenclick Next.

3 Provide details about the connection to the Conduit Platform and LDAP servers, click Test Connectionto establish connection with the server, then click Save.

Option Definition

Server URL Specifies the URL of your organization's Conduit Platform server.

Don't use an IP address.

User namePassword

Specifies the user name and password for the connection to the LDAP server.

Use the same installation service account that you used to install the Conduit Platformserver.

Verification Click Test Connection to verify credentials.

Connection to the server isn't fully established until you click Save.

Monitoring the connection to the Conduit Platform serverA Conduit Platform Health Check server task regularly tests the connection between your ConduitPlatform server and ePolicy Orchestrator.

By default, the server task is enabled and runs every 10 minutes. If no connection is found, the servertask attempts to re-establish connection. You can change the server task interval as neededdepending on the stability of your network. Shorter intervals result in greater CPU and network usage.

We recommend checking the Server Task Log periodically to verify that the Conduit Platform HealthCheck server task is successful.

4

Copyright © 2015 McAfee, Inc. www.intelsecurity.com

Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others.

0-00 5