Is ePO a Blessing or a Curse?

[bfralia]

Well, it's back working again so I want to sit back and take a look at ePO. I'm a Systems Analyst on a small to medium size network depending on your point of view. Several years ago, I was involved in switching over from POP3 internet e-mail to MS-Exchange.

There was a consultant involved in that project (who didn't get to finish - when we discovered we knew as much about Exchange as he did) who thought Trend Anti-Virus was the greatest thing since Lye Soap. That got me directed in the review of Exchange anti-virus products. I had originally recommended the adoption of McAfee as the corporate A/V package. Somewhere along the line someone had upgraded to Active Virus defense and I never knew it.

I got all the grant numbers together and learned about the download site. To my surprise I discovered we were already licensed for Groupshield and a bunch of other things I didn't know about.

One of those things was ePO, it tweaked my curiousity to the point I finally built a test server, put it in production and I've never been without something to do since!

When it works, it's great, else .... I wont use the words I'm thinking here. We've gotten dependant on it, we use it to check our corporate computer inventory list. See what operating systems are installed at our foreign affiliates. The database is on MS-SQL server, I've got an ODBC link to the database and several queries I run through MS-Excel.

Management has become aware of it and depend on it. They have gotten more virus savvy and I get calls from people wanting to make sure we're covered from such and such virus. I think I like it better when it was an obscure product.

I'm curious about what other epo administrators think about it other than job security. Do you get emotional and throw things when it doesn't work? Do you lay awake at night wondering why it worked for months then just quit?

Maybe we can gang up on McAfee and get them to get more serious about it.

 

[jfp23]

I have been running epo3.0.2a for a few months now and rolled it out to 52 locations and close to 3000 workstations and servers, and it has been a great only some minor tweaks needed. It hasn't failed at all.

 

[mattmsudawg]

I used to feel the way you do about it b/c our server never used to work. But after about 2 months of troubleshooting at the beginning of the year everything has been working fine. When I had problems I would give a call to my sales rep and hound him about my case. Also ask to speak to the manager for whatever tier your case is in. It'll get them moving. After I did that they assigned a person specifically for my case and my case only.

 

[SPV]

We used to run ePO 2.51 on a low spec server which doubled up as an SMS server to a small site. That was bad news - it needed weekly reboots and near constant hand-holding.

A while ago we upgraded to ePO v3.x (and VS71) and took the oppportunity to go to a higher spec, dedicated server. Maybe we've been lucky, but we haven't had any major problems with it after that. That's with about 1600 clients over nearly 60 sites (including many 64k site links and RAS clients).

With regard to server stability, the best advice I got from a consultant was to allow 1Mb RAM for each client in the database. Sure enough, once we went to 1.5Gb RAM it started running sweetly. A small amount of money very well spent.

 

[JimmyZ1]

I've got about 12k in machines 150+ repositories

We don't have to many server issues, I have to bounce the server maybe once a month, but it's usually my fault the server craps out... but i do enjoy the workstations that randomly stop updating or think they're current when they're not.... or the random framework issue.

I'll tell you what before EPO big scary virus Nightmares, after EPO, I sleep better at night, not that I didn't anyways...

Can't stop what you can't see

Doh!!

 

[jbrackett]

I heard many of the same horror stories with regard to ePO, but they were usually referring to v2.x. I came late to the ePO game, and so started out fresh with v3.x. As far as I know, they are STILL working on a walkthrough manual, but it was intuitive enough that I was able to configure based on the installation and configuration manuals. Like anything else, there have been some minor issues, but all in all it has been a tremendous relief to not have to worry about what pcs are updated as schedules, and which ones aren't.

Basically, I'm a happy camper.

"The Crystal Wind is the storm, and the storm is data, and the data is life. You have been slaves, denied the storm, denied the freedom of your data. That is now ended; the whirlwind is upon you . . . . . . Whether you like it or not."

"Trent the Uncatchable" in The Long Run by Daniel Keys Moran

 

[bfralia]

I don't "hate" ePO but it does frustrate me at times. When it's working it's a great tool. The reports give me a lot of information.

My network isn't close to the size of Xavier2 but it's scattered across four continants with way dramatic changes in time zone, etc. That being the case, I have to pass some client fixes over to the local iT guy who really isn't IT but knows more about PC's than his peers. Getting them to take my request for some action seriously sometimes makes me wish I didn't know they haven't done as I ask.

They do tend to get with the program when they are under a massive attack and most computers are infected because they wouldn't change something to keep them updated.

Because of virus outbreaks and problems, it seems to occupy a lot more of my time than I'd prefer. Rather than check things once a day I have to keep a console open on my workstation all the while I'm at work.

 

[permster]

Yeah it sure does frustrate me as well. We used to run ePO 2.5x with hardly any problems. Then one day I decided to upgrade to ePO 3.0.2a due to limitations of the old software and new features that I thought we might be able to take advantage of.

I wish I could go back in time to stop myself from doing that. Oh what a nightmare ePO 3.0.2 is. Let me list a few of the problems thus far. This is over the past 6 months.

I've had to reload the ePO software on the server numerous times. The master repository seems to corrupt itself at will. The master repository is soooooo touchy. If you ever want to add something like an update or patch you can forget it. As soon as you check it in, the repository corrupts itself. Twice now I have checked in patches into the master repository and come in the next day to find that all 1600+ agents are not communicating properly with the server and master repository has corrupted itself. In those situations I would have to uninstall and reinstall the agents manually on all clients. That was McAfee's solution to the problem, uninstall and reinstall all 1600+ agents!

That list there doesn't even cover the half of it. I was so tempted to just go back to ePO 2.5x but I know what kind of a headache that would be.

So to sum all that up, if we weren't already locked in on our grant...I'd be looking for a new solution in a snap.

PS - This stuff might be fixed now...but stay away from System Compliance Profiler as well as ThreatScan! They will corrupt your repository. McAfee recommended that to me over the phone. That was a while back though so I'm not sure if that still holds true.

PPS - Oh yeah one last thing. Don't ever let the power go out in the middle of a pull or replicate task! I've had this happen twice now and both times the repository was corrupted and had to reload ePO from scratch.

 

[Windexx]

Seems great for small-medium environment but for extremely large and complex environments it does not scale well at this point.