McAfee Epolicy Orchestrator Archistecture

how McAfee ePolicy Orchestrator System design and structure


Each module in ePO architecture as it part in the system, those are the part’s of each module:

McAfee Agent/Common Management Agent

-Framework Service
-Collects properties & events
-Passes information to ePO (Apache) Server
-Receives policy or task changes
-New policy requests are delivered from the Apache policy cache
-Uses a proprietary SPIPE protocol to encapsulate
-ASCI – Agent to Server Communication Interval

Event Parser Service

-Is in charge of parsing incoming events to the Database.
-DAL (Data Abstraction Layer)
-Event Parser Plugin
-Normalizing events
-Common Event Format (CEF)
-Event Receptor AlertER.DLL
-Parses event from the events directory or shared memory through the DAL.
-Parses events through AlertER.dll to send notifications based on policy.


-Console UI – provides your internet browser with a webpage to remotely manage the ePO server
-Reporting – SQUID (Structured Query User Interface)
-Extension Management – allows for modular changes to the ePO platform and Point Products management.
-User Management – Provides user permission and settings for the ePO server and components.
-Notifications – Provides the UI, rule engine and Actions of Notifications.
-Policies – Provides policy management, the UI and point product management.
-System tree management – Provides the UI of the system tree, organization of nodes, tags and policies of those nodes.

Leave a Reply

Your email address will not be published. Required fields are marked *