Home » McAfee Manuals » Networking » McAfee DTP-1650-MGRA » Manual Viewer

McAfee DTP-1650-MGRA Installation Guide - Page 49

Installing McAfee DLP WCF service, Web Access Authorized Groups

View all McAfee DTP-1650-MGRA manuals

Add to My Manuals
Save this manual to your list of manuals

Page 49 highlights

Installing McAfee DLP Endpoint Installing McAfee DLP WCF service 5 Installing McAfee DLP WCF service The McAfee DLP Windows Communication Foundation (WCF) service is used to communicate between McAfee ePolicy Orchestrator, McAfee Data Loss Prevention Endpoint, and the McAfee DLP Monitor. In McAfee Total Protection for Data Loss Prevention, it is not used to communicate with ePolicy Orchestrator or with the McAfee DLP Monitor. Web access authorized groups When installing the McAfee DLP WCF service, you are asked to specify the Web Access Authorized Groups (WAAG). We recommend setting up a group or groups in Windows Active Directory or Open LDAP with the names of users authorized to log on to the database. When the McAfee DLP Endpoint policy console attempts to connect to WCF, it impersonates the logged on user. After the user name is authenticated, WCF checks to see if the user is a member of the WAAG before connecting to the database. WCF service installation options There are two basic options for installing the Windows Communication Foundation (WCF) service: on the same server as the McAfee ePO (SQL) database (local installation) or on a separate server (remote installation). Where McAfee ePolicy Orchestrator is installed, together with its database or on a separate server, is not relevant to this discussion, only the relative locations of WCF and the database. Option 1: Installing WCF locally When installing WCF on the same server as the McAfee DLP Endpoint database, you can use Windows authentication or SQL authentication. The option is selected on the WCF service installation wizard. The selected authentication applies only to the connection between WCF and the database. The connection between the administration workstation and WCF always uses Windows authentication. If you have selected Windows authentication, and the logged on user is a member of the WAAG, connection to the database proceeds without further checking. The user must be defined in the SQL database. See Adding a user in SQL Server. Figure 5-1 WCF service local to the McAfee ePO database McAfee Data Loss Prevention 9.2.1 Installation Guide 49

Section	Page
Contents	3
Preface	5
About this guide	5
Audience	5
Conventions	5
Find product documentation	6
1 Setting up the hardware	7
Adding devices and servers	7
Check the shipment	7
Plan your installation	8
Rack mount the appliances	8
Connect a management console	9
Configure McAfee DLP Manager	10
Select an integration mode for McAfee DLP Monitor	11
SPAN port configuration	11
Integrate the appliance using a SPAN port	12
Network tap configuration	13
Network tap types	13
Integrate the appliance using a network tap	14
Complete the setup	14
2 Installing or upgrading the software on 4400 appliances	15
Download the 4400 archive	15
Boot options	16
Set up the next boot option	17
Install a fresh image on 4400 appliances	17
Upgrade the products on 4400 appliances	18
Apply a hotfix	20
Convert an installation to another McAfee DLP product	20
Restoring the drives	21
3 Installing or upgrading software on 1650 and 3650 appliances	23
Download the 1650 or 3650 archive	23
Install a fresh image on 1650 or 3650 appliances	24
Upgrade the products on 1650 or 3650 appliances	25
Apply a hotfix	26
4 Configuring McAfee DLP appliances and adding servers	29
Configure McAfee DLP appliances using Setup Wizard	29
Configure McAfee DLP appliances after installation	35
Add McAfee DLP products to McAfee DLP Manager	35
Configuring McAfee DLP Prevent	36
MTA requirements for McAfee DLP Prevent	37
Configure McAfee DLP Prevent	38
Add LDAP servers to McAfee DLP Manager	39
Add McAfee Logon Collector to McAfee DLP Manager	41
Add syslog servers to McAfee DLP systems	42
Resynchronize McAfee DLP systems with an NTP server	42
Testing the system	43
5 Installing McAfee DLP Endpoint	45
Verify system requirements	46
Configure the server	47
Install McAfee ePolicy Orchestrator	48
Installing McAfee DLP WCF service	49
Install the McAfee DLP WCF service	50
Add a user in Microsoft SQL Server	50
Run the McAfee DLP WCF installer	53
Troubleshoot the McAfee DLP WCF service	54
Repository folders	55
Creating and configuring repository folders	55
Configure folders on Windows Server 2003	55
Configure folders on Windows Server 2008	56
User and permission sets	57
Create and define McAfee DLP administrators	57
Create and define permission sets	58
DLP permission set options	58
Install the McAfee Data Loss Prevention Endpoint extension	59
Initialize the McAfee DLP Endpoint Policy console	60
Upgrade the license	62
Check in the McAfee DLP Endpoint package to ePolicy Orchestrator	63
Deploy McAfee DLP Endpoint	63
Define a default rule	63
Deploy McAfee DLP Endpoint with ePolicy Orchestrator 4.6	64
Verify the installation	65
Uninstall McAfee DLP Endpoint	66
6 Integrating McAfee DLP Endpoint into a unified policy system	67
Setting up Unified DLP on ePolicy Orchestrator	68
Install the network extension	68
Install the UDLP (host) extension	68
Configure McAfee Agent on ePolicy Orchestrator	69
Add an evidence folder on ePolicy Orchestrator	69
Connecting McAfee DLP Manager and the ePolicy Orchestrator server	70
Gather ePolicy Orchestrator registration information	70
Add an ePolicy Orchestrator database user	70
Register McAfee DLP Manager on ePolicy Orchestrator server	71
Register ePolicy Orchestrator on McAfee DLP Manager	71
Checking the connection	72
Configuring McAfee DLP Endpoint on McAfee DLP Manager	72
Generate a global policy for McAfee DLP Endpoint	73
Maintaining compatibility with installed McAfee clients	73
Add an Agent Override Password	74
Set the manual tagging option	74
Installation and configuration complete	75
Index	77
A	77
B	77
C	77
D	77
E	77
H	77
L	77
M	77
P	77
R	77
S	77
T	77
U	77
V	77

Match case Limit results 1 per page

Installing McAfee DLP WCF service

The McAfee DLP Windows Communication Foundation (WCF) service is used to communicate between

McAfee ePolicy Orchestrator, McAfee Data Loss Prevention Endpoint, and the McAfee DLP Monitor. In

McAfee Total Protection for Data Loss Prevention, it is not used to communicate with ePolicy

Orchestrator or with the McAfee DLP Monitor.

Web access authorized groups

When installing the McAfee DLP WCF service, you are asked to specify the

Web Access Authorized Groups

(WAAG). We recommend setting up a group or groups in Windows Active Directory or Open LDAP with

the names of users authorized to log on to the database.

When the McAfee DLP Endpoint policy console attempts to connect to WCF, it impersonates the logged

on user. After the user name is authenticated, WCF checks to see if the user is a member of the WAAG

before connecting to the database.

WCF service installation options

There are two basic options for installing the Windows Communication Foundation (WCF) service: on

the same server as the McAfee ePO (SQL) database (local installation) or on a separate server (remote

installation). Where McAfee ePolicy Orchestrator is installed, together with its database or on a

separate server, is not relevant to this discussion, only the relative locations of WCF and the database.

Option 1: Installing WCF locally

When installing WCF on the same server as the McAfee DLP Endpoint database, you can use Windows

authentication or SQL authentication. The option is selected on the WCF service installation wizard.

The selected authentication applies only to the connection between WCF and the database. The

connection between the administration workstation and WCF always uses Windows authentication. If

you have selected Windows authentication, and the logged on user is a member of the WAAG,

connection to the database proceeds without further checking.

The user must be defined in the SQL database. See

Adding a user in SQL Server

Figure 5-1

WCF service local to the McAfee ePO database

Installing McAfee DLP Endpoint

Installing McAfee DLP WCF service

McAfee Data Loss Prevention 9.2.1

Installation Guide