Welcome to the Palo Alto Networks Endpoint (Traps) discussion forum!

Reply
L1 Bithead

Welcome to the Palo Alto Networks Endpoint (Traps) discussion forum!

This board has been created to provide a location in which to ask quick questions about the Traps product, (including information about the installation or management of the Endpoint Security Manager, the Traps endpoint agent, and the associated utilities), interesting configurations you've implemented, to initiate discussions about your experiences running Traps, and to connect with other Traps experts.

 

You can find the Traps/Endpoint Knowledge Base here (opens in a new window/tab): Endpoint Articles

 

(Please note that while this forum will include activity from the Traps support team, any urgent issues should be reported to Support directly to ensure prompt attention).

 

Thanks for stopping by and joining the conversation!

L2 Linker

Re: Welcome to the Palo Alto Networks Endpoint (Traps) discussion forum!

Hey Community,

 

I need some help with a deployment architecture. 

 

For a small install (less than 1000 end points) can both the DB and the EMS Console&Server be hosted on a single virtualized server?

 

Or should we deploy the solution with 2 dedicated servers:

1x server = ECM Console and ECM Server on same machine

1x database server = SQLite OR SQL 2014 – not sure which one?

 

According to the below documentation, the install can be done using one server.

 

https://www.paloaltonetworks.com/documentation/40/endpoint/endpoint-admin-guide/traps-deployment-sce...

 

Any help/feedback is much appreciated.

 

- JD

L4 Transporter

Re: Welcome to the Palo Alto Networks Endpoint (Traps) discussion forum!

Hi @JDominguez

 

Based on your description, there are two applicable options: Standalone Deployment and Small Single Site Deployment.

 

Standalone Deployment

Screen Shot 2017-07-13 at 12.26.33 AM.png

 

 This design is typically recommended for initial proof of concept (POC) or a small site with fewer than 3000 Traps agents, use a standalone deployment to install the following Endpoint Security Manager (ESM) components on a single server or virtual machine:

• ESM Server

• ESM Console

• Forensic (quarantine) folder

• Database

I don't recommend to any of my customers to use this design in production, as it does not provide any redundancy for console or cores.

 

 

 

Small Single Site Deployment

 

Screen Shot 2017-07-13 at 12.27.04 AM.pngAs per the link you posted, and the official admin guide, this design requires:

 

  • One dedicated database server
  • One ESM Console for managing the security policy and Traps agents
  • Two ESM Servers, one primary and one backup, on the same network segment as the database server and ESM Console
  • One forensic folder accessible by all endpoints for storing real-time forensic details about security

This is the minimal I always recommend to all my clients due to the redundancy aspects and flexibility.

 

Now to your questions.

My recommendation is that you adopt the Small Single Site Deployment

1 x ESM Console + Core (Combined)

1 x ESM Core (Redundancy)

1 x Database Server - Notice that SQLITE is no longer supported or recommended by Palo Alto even in POCs; hence, the official recommendation for environments with more than 250 endpoints is SQL Server Enterprise or SQL Server Standard as per the below screenshot.

Important: You only can have one console installed.

 

For further details on requirements please refer tothe following for the administrator guide: link: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/technical-documentation/40/endpoin...

Screen Shot 2017-07-13 at 12.39.00 AM.png

I hope this helps. 

 

 

 

 

Tags (2)
L2 Linker

Re: Welcome to the Palo Alto Networks Endpoint (Traps) discussion forum!

Hi @Willian,

 

The above helps alot! Thanks for the time and effort you put into your reply - it's much appreciated!

 

I'm sure many more folks will be using this post for reference.

 

Regards,

 

Josh Dominguez

L2 Linker

Re: Welcome to the Palo Alto Networks Endpoint (Traps) discussion forum!

Hi,

 

I cant seem to find a setting to change the date format from m/d/y to d/m/y.

 

If the setting is not there, how do i make suggestion to PA to add these setting?

 

Thanks

Highlighted
L1 Bithead

Re: Welcome to the Palo Alto Networks Endpoint (Traps) discussion forum!

I logged the same request as a bug under 4.0.1 a while back and was advised that it would be addressed in a future version, so I expect that it is on a road-map somewhere.

 

Much as I can work with m/d/y formatting, it's nice to have the d/m/y formatting that we are used to and have with our other products, like Windows, McAfee, SQL, Office, SAP, Exchange (ok - maybe not so much Exchange - backend Powershell prefers m/d/y).

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!