Drive Encryption communication architecture


Environment

McAfee Drive Encryption (DE) 7.x

For environment information, see KB79422 - Supported platforms for Drive Encryption 7.x.

Summary

The table below shows the communication architecture for Drive Encryption. 
 
Communication DE 7.x
Upstream - Key backup Event
Upstream - Other Event
Message handling - Key backup ePO
Message handling - Other Agent Handler + SQL Server
Downstream (No Firewall)  Data Channel (Pushed)
Downstream (Firewalled) Data Channel (Pulled)
 
Delivery of client-server messages causes perceived policy enforcement slowdown or failure
One of the major changes in communication architecture is that most client-server messages are now sent using the ePO Event mechanism. DE relies solely on McAfee Agent to send its Events to the Agent Handler. Often, there can be a delay between DE creating an Event and passing it to McAfee Agent and the McAfee Agent sending the Event up to the Agent Handler. This sequence of events can lead to the perception that nothing is happening on the client. But, DE is simply waiting for McAfee Agent to dispatch its Events. When the Event is dispatched, the DE policy enforcement process continues.

Because of this delay, the DE policy enforcement can continue after the McAfee Agent status monitor reports that McAfee Agent policy enforcement is complete. Unlike other McAfee managed products, Drive Encryption requires a complex sequence of client-server communications. This sequence is needed to request the user data before policy enforcement can be completed.

The current policy enforcement state of DE is visible in the Drive Encryption Status Monitor on the client. When policy enforcement is complete, the status monitor shows "Policy enforcement complete". If the status displays a message similar to "Created get all users event", an Event is waiting to be sent up to the Agent Handler. Clicking Send Events from the McAfee Agent Status Monitor window sends the event immediately.

Tip: If activation appears to have halted or policies have failed to be enforced, click Send Events from the McAfee Agent Status Monitor window.


DE/ePO Architecture
In the following diagrams:
  • Red arrow = ePO Communication Channel 
  • Green arrow = DE Communication Channel
NOTE: Drive Encryption (DE) was formerly known as Endpoint Encryption for PC (EEPC). The diagram below shows references to EEPC but applies to DE.

Upstream
Illustration of how the upstream messages are processed from the client to the server

Downstream
Illustration of how the downstream messages are processed from the server to the client

Affected Products