McAfee DTP-165C-DPVG Installation Guide - Page 47

Installing McAfee DLP Endpoint Installing McAfee DLP WCF service 6 Pay attention to the following points when installing ePolicy Orchestrator: 1 In the McAfee ePO installation wizard, use the following settings. Installation wizard Setting screen Installation Options Select Install Server and Console Setup Requirements When installing on Windows 2003 Server, we recommend using the SQL Server 2005 Express installer included in the McAfee ePO installer. Another configuration option is to create an ePolicy Orchestrator instance on an existing SQL Server 2005 or 2008 server and select it. This is the preferred option when installing on Windows 2008 Server. After verification that you want to install the software, the SQL installation continues without user input. If prompted to install SQL Server 2005 Backward Compatibility, you must install it. Database Server Account We recommend using a SQL Server account. If preferred, an NT account can also be used. 2 During the installation, you might see a warning about trusted sites. Write down the recommended additions to the Microsoft Internet Explorer trusted sites list before clicking OK. You will need to add them later. Installing McAfee DLP WCF service The McAfee DLP Windows Communication Foundation (WCF) service is used to communicate between McAfee ePolicy Orchestrator, McAfee Data Loss Prevention Endpoint, and the McAfee DLP Monitor. In McAfee Total Protection for Data Loss Prevention, it is not used to communicate with ePolicy Orchestrator or with the McAfee DLP Monitor. Web access authorized groups When installing the McAfee DLP WCF service, you are asked to specify the Web Access Authorized Groups (WAAG). We recommend setting up a group or groups in Windows Active Directory or Open LDAP with the names of users authorized to log on to the database. When the McAfee DLP Endpoint policy console attempts to connect to WCF, it impersonates the logged on user. After the user name is authenticated, WCF checks to see if the user is a member of the WAAG before connecting to the database. WCF service installation options There are two basic options for installing the Windows Communication Foundation (WCF) service: on the same server as the McAfee ePO (SQL) database (local installation) or on a separate server (remote installation). Where McAfee ePolicy Orchestrator is installed, together with its database or on a separate server, is not relevant to this discussion; only the relative locations of WCF and the database. Option 1: Installing WCF locally When installing WCF on the same server as the McAfee DLP Endpoint database, you can use Windows authentication or SQL authentication. The option is selected on the WCF service installation wizard. The selected authentication applies only to the connection between WCF and the database. The McAfee Data Loss Prevention 9.2.0 Installation Guide 47