McAfee DTP-1650-MGRA Installation Guide - Page 49
Installing McAfee DLP WCF service, Web Access Authorized Groups
View all McAfee DTP-1650-MGRA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 49 highlights
Installing McAfee DLP Endpoint Installing McAfee DLP WCF service 5 Installing McAfee DLP WCF service The McAfee DLP Windows Communication Foundation (WCF) service is used to communicate between McAfee ePolicy Orchestrator, McAfee Data Loss Prevention Endpoint, and the McAfee DLP Monitor. In McAfee Total Protection for Data Loss Prevention, it is not used to communicate with ePolicy Orchestrator or with the McAfee DLP Monitor. Web access authorized groups When installing the McAfee DLP WCF service, you are asked to specify the Web Access Authorized Groups (WAAG). We recommend setting up a group or groups in Windows Active Directory or Open LDAP with the names of users authorized to log on to the database. When the McAfee DLP Endpoint policy console attempts to connect to WCF, it impersonates the logged on user. After the user name is authenticated, WCF checks to see if the user is a member of the WAAG before connecting to the database. WCF service installation options There are two basic options for installing the Windows Communication Foundation (WCF) service: on the same server as the McAfee ePO (SQL) database (local installation) or on a separate server (remote installation). Where McAfee ePolicy Orchestrator is installed, together with its database or on a separate server, is not relevant to this discussion, only the relative locations of WCF and the database. Option 1: Installing WCF locally When installing WCF on the same server as the McAfee DLP Endpoint database, you can use Windows authentication or SQL authentication. The option is selected on the WCF service installation wizard. The selected authentication applies only to the connection between WCF and the database. The connection between the administration workstation and WCF always uses Windows authentication. If you have selected Windows authentication, and the logged on user is a member of the WAAG, connection to the database proceeds without further checking. The user must be defined in the SQL database. See Adding a user in SQL Server. Figure 5-1 WCF service local to the McAfee ePO database McAfee Data Loss Prevention 9.2.1 Installation Guide 49