Knowledge Center

ePolicy Orchestrator server on AWS disaster recovery procedure
Technical Articles ID:   KB90845
Last Modified:  8/28/2018


McAfee ePolicy Orchestrator (ePO) 5.10 on AWS

Amazon Web Services (AWS)


This article provides information about the disaster recovery process for McAfee ePO server on AWS.

  • This procedure is intended for use by network and ePO administrators only. McAfee does not assume responsibility for any damage incurred because it is intended as a guideline for disaster recovery. All liability for use of the following information remains with the user.
  • It is preferable to use the built-in disaster recovery feature and use these steps, only if a valid snapshot was created in the AWS RDS database.
    You can create this snapshot manually or through a default server task provided for this purpose. See the Product Guide for detailed information (PD27630).
  • The agent uses either the last known IP address, DNS name, or NetBIOS name of the McAfee ePO server. If you change any one of the settings, ensure that the agents have a way to locate the server. The easiest way to accomplish the task is to retain the existing DNS record and change it to point to the new IP address of the McAfee ePO server. After the agent has successfully connected to the McAfee ePO server, it downloads an updated Sitelist.xml with the current information.
  • You can also use this procedure if you want to migrate the McAfee ePO server to another system. But, it is preferable to use the built-in disaster recovery feature to migrate the McAfee ePO server to another system.


Shutdown (if running) the ePO Application Server and Local Agent Handler:
  1. Shut down the old ePO Application Server and Local Agent Handler.
  2. Log on to the AWS console and perform the following steps if your old ePO Application Server and Local Agent Handler are running:
    1. Shut down or stop the ePO Application Server instance from the EC2 instances.
    2. Navigate to the Load Balancing, Target Groups, and remove the old ePO Application Server from the Targets.
    3. Navigate to Load Balancers, and select Agent Handler Load balancer, then remove the Local Agent Handler of ePO (example: mcafee-ePO)

Set up the new ePO Application server:

IMPORTANT: You must be aware of your existing McAfee ePO server configuration before you continue with the following steps.

  1. Create a new Amazon EC2 instance on the same AWS region for the new ePO Application server. This instance must be based on the AMI Name Windows_Server-2016-English-Full-Base-2018.07.11, which is used for McAfee ePO server.
  2. Select the EC2 instance type, which is the same as your old ePO Server Application Server configuration. For example, m5.large
  3. Assign the existing VPC of your ePO Application server and select the same Private Subnet. For example: vpc-xxxxx, PrivateSubnet1 (10.0.2.x)
  4. Select the Storage for the server and add Tags (The same as your old ePO server).
  5. Assign the existing Security Groups. For example: Assign RDPAdminSecurityGroup, ePOInstanceSecurityGroup, and ePOLoadBalancerSecurityGroup.
  6. Select the AWS Key Pair.
  7. Wait for the EC2 instance to start successfully.

Install and configure the new ePO Application Server:

  1. Log on to the new ePO Application Server EC2 instance and copy the ePO installer.
  2. Reinstall the McAfee ePO software through the installer, and point to the existing RDS instance with the option Restore from existing Snapshot.
  3. Enter the AWS RDS details, RDS Endpoint URL, Database name, and Password.

    NOTE: You can obtain the RDS details from the AWS RDS instance page.
  4. Provide the ePO Administrator credentials of your old ePO server and Disaster Recover Passphrase.
  5. Wait for the installation to complete.
  6. Add the new ePO Application Server to the Load BalancersTarget Groups. Targets must be reporting as Healthy.
  7. Add the new Local Agent Handler to the Agent Handler Load balancer from Load Balancers, Instances. The status must show InService.
  8. Attempt to log on to the ePO console.

    NOTE: If you are unable to log on, review all steps performed in this article and ensure that they have been properly completed. If you cannot resolve the console logon issue, contact Technical Support for further assistance before proceeding. See the Related Information section for contact details.

NOTE: Some of the configurations performed earlier as part of the CloudFormation Template deployment might not be available after the Disaster Recovery procedure. For example: CloudWatch Logs and Metrics for the new ePO Application Server

Rate this document

Beta Translate with

Select a desired language below to translate this page.


This article is available in the following languages:

English United States
Spanish Spain

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.