reference deployment

McAfee ePolicy Orchestrator on AWS

Manage your entire security infrastructure with a centralized console

This Quick Start sets up an Amazon Web Services (AWS) architecture and deploys the McAfee ePolicy Orchestrator (McAfee ePO) security management platform on the AWS Cloud, using services such as Amazon Elastic Compute Cloud (Amazon EC2), Amazon Virtual Private Cloud (Amazon VPC), and Amazon Relational Database Service (Amazon RDS). The Quick Start also uses AWS best practices to address common scalability, high availability, and security requirements.

McAfee ePO is a centralized, extensible platform that enables you to manage and enforce your security policies. It detects threats and helps to protect endpoints against these threats in your network.

In less than an hour, you can use a single console—the McAfee ePO console—to manage endpoint security, data loss prevention, encryption, server security in the public cloud, and the information-sharing Data Exchange Layer (DXL).

You can also launch this Quick Start in the AWS GovCloud (US) Region.

This Quick Start was developed by McAfee, Inc. in collaboration with AWS. McAfee, Inc. is an
APN Partner.

This Quick Start supports the AWS GovCloud (US) Region.
  •  What you'll build
  • Use this Quick Start to automatically set up the following McAfee ePO environment on AWS:

    • A highly available architecture that spans two Availability Zones.
    • A VPC configured with public and private subnets according to AWS best practices, to provide you with your own virtual network on AWS.
    • An internet gateway to allow access to the internet. The bastion hosts use this gateway to send and receive traffic.
    • In the public subnets, managed NAT gateways to allow outbound internet access for resources in the private subnets.
    • In the public subnets, a Linux bastion host in an AWS Auto Scaling group to allow inbound Secure Shell (SSH) access to EC2 instances in public and private subnets.
    • In the private subnets, a McAfee ePO server.
    • In the private subnets, agent handlers in an Auto Scaling group.
    • In the private subnets, DXL brokers in an Auto Scaling group.
    • In the private subnets, Amazon Relational Database Service (Amazon RDS) for Microsoft SQL Server.
  •  How to deploy
  • To build your McAfee ePO environment on AWS, follow the instructions in the deployment guide. The deployment process includes these steps:

    1. If you don't already have an AWS account, sign up at
    2. Launch the Quick Start. Each deployment takes less than an hour. You can choose from the following options, including deployment in the AWS GovCloud (US) Region:
    3. Test the deployment by verifying that you can launch and access the McAfee ePO console.

    To customize your deployment, you can configure your VPC, subnets, and bastion host instances, and customize the configuration of the McAfee Enterprise Security Management Platform, the ePO server, ePO database, and ePO client.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Cost and licenses
  • You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start.

    The cost of the resources created by the Quick Start varies based on how many instances you want to protect and the products that are being managed. Prices are subject to change. See the pricing pages for each AWS service that you will be using in this Quick Start for full details.

    Bring Your Own License (BYOL) is the supported licensing option with this Quick Start–based deployment. By using this Quick Start reference deployment, you agree to terms and conditions outlined in the product End User License Agreement (EULA).  

    If you are currently a McAfee ePO customer, you can use your current, valid license for McAfee ePO. To purchase products that McAfee ePO manages and to request a license, please contact McAfee Sales or a McAfee authorized partner or reseller.