New features

The current release of the product includes these new features.

New assessments

This release includes several new assessments. Each assessment collects metrics and makes the values available to Automatic Responses, Queries & Reports, and Dashboards.

  • Verify that the disaster recovery snapshot is consistent with the backup of the McAfee® ePolicy Orchestrator® (McAfee® ePO™) database.
  • Determine if the database server encountered any error conditions that generated a memory dump.
  • Determine if the database transaction log files have an excessive number of virtual log file structures.
  • Review the database server error log for errors and failures.
  • Review the usage statistics for the database table indexes.
  • Review the thread usage in the McAfee ePO Application Server Java virtual machine.
  • Obtain the performance counters specific to the McAfee ePO server processes.

New assessments require additional permissions granted to the database user account used by Performance Optimizer. Granting these additional permissions is optional, and we recommend caution. For example, If the SQL Server instance that hosts the McAfee ePO database also hosts other application databases, don't enable these additional permissions. For details, see these KB articles:

  • How to grant permission to use xp_readerrorlog (KB87625)
  • How to configure the sysadmin permission for DBCC LOGINFO (KB87616)

New queries added to dashboards

This release includes many new queries and dashboard updates.

  • Assessment summary dashboard
    • New dashboard query Recommendations for assessments that require action
    • New dashboard query 7-day trend of scores for assessments that require action
  • Database backups dashboard
    • New metric added for Disaster recovery snapshot: General findings in the dashboard query Database backup findings
  • New metric added for Database memory dumps: General findings in the dashboard query Database integrity check findings
    • New metric added for SQL Server uptime in the dashboard query Database and server configuration check
    • New dashboard query for Database virtual log file count
  • Blocks and deadlocks dashboard
    • New dashboard query Cumulative count of blocks and deadlocks observed during assessments to display locked object counts
  • Disk usage dashboard
    • New dashboard query Database file read/write performance to display bytes per read/write
  • Memory and CPU dashboard
    • New dashboard query Total thread usage by the McAfee ePO Application Server
    • New dashboard query Total thread usage by McAfee ePO extension
    • New dashboard query Cumulative memory usage by threads in extensions
    • New dashboard query Total CPU time by threads in extensions
  • Server Performance counters dashboard

    • New dashboard query McAfee ePO Data Channel performance counters
    • New dashboard query McAfee® Agent connections performance counters
    • New dashboard query McAfee ePO Event Parser performance counters

  • Tables and Indexes dashboard

    • New dashboard query Table indexes most frequently accessed
    • New dashboard query Number of days since the last update of table index statistics
    • New dashboard query Trend of top 10 index fragmentation percentages
    • New dashboard query Listing of top 100 indexes by size

New PDF reports

In this release, new PDF reports are available by default. Each PDF includes the output of several queries that are used on each dashboard. Each PDF corresponds to a specific dashboard.

  • Assessment Summary
  • Database backups, integrity, and settings
  • Database query blocks and deadlocks
  • Server performance counters
  • Disk usage summary
  • Memory and CPU usage summary
  • Tables and indexes
  • Top exceptions and warnings from the McAfee ePO Application Server

New automatic responses

This release includes several new Automatic responses that correspond to new event types.

New automatic response New event type
Review errors in the database server error log Database error log
A database index has statistics that are out of date Database index usage statistics
The database server has recent memory dumps Database memory dumps
The database transaction log has a high number of virtual log files Database virtual log files
Review the configuration of various items in McAfee ePO McAfee ePO configuration
The McAfee ePO database is not consistent with the disaster recovery snapshot McAfee ePO Disaster Recovery Snapshot
The McAfee ePO server was changed after the disaster recovery snapshot McAfee ePO Disaster Recovery Snapshot
The McAfee ePO Application Server service is experiencing blocked threads Thread usage in the McAfee ePO Application Server

Assessment changes

The following enhancements are included in this release.

  • Added metrics for index size to the existing index fragmentation assessment.
  • Updated blocks and deadlocks assessments to report more information about which objects were involved in the lock/deadlock.
  • Changed server tasks assessments so that the drill-down link to edit the server task is not displayed for 'hidden' server tasks.
  • Generated events for Automatic Responses for the legacy 1.0 assessments.
  • Added more useful graphs to the Assessment History dashboard.
  • Added more metrics related to IO performance of database server.
  • Added custom detail page with a drill-down link to the Server Task Log for specific database assessments.
  • Fine-tuned the server task error message about the database user permissions.
  • Added SQL Server uptime to the database configuration assessment. Many of the SQL Server metrics collected are based on the last start time for the SQL Server instance.

Server settings changes

New Server Settings control the Orion Log Analyzer component and enable the McAfee ePO Performance Counter collection.

  • Start/stop/status controls on the server settings page for the Orion Log Analyzer
  • Specify a locally accessible folder that contains a CSV file generated by Windows Performance (PerfMon)

Monitoring the McAfee ePO performance counters

You can now import the McAfee ePO performance counters from a CSV file. These CSV files must be produced by the Windows Performance Monitor. It is required that the folder with the CSV files is accessible for the McAfee ePO Application Server service. Performance Optimizer reads the locally accessible CSV files and import the latest values for the performance counters. Inside the CSV files, the timestamp format must be specified in the format "10/19/2016 15:30:44.322" (month/day/year hour:minutes:second.millseconds) to ensure that the values in the CSV file are interpreted correctly. Any other date formats should be specified in Server SettingsPerformance Optimizer.

Using this feature allows for Remote Agent Handlers and event parsers to be monitored. For example, these performance counters can be imported into the Performance Optimizer metrics. Notifications and reports can be generated from these values:

  • \ePolicy Orchestrator Server\Open ePO Agent Connections
  • \ePolicy Orchestrator Server\Completed Agent Requests/sec
  • \ePolicy Orchestrator Server\Processed Events/sec
  • \ePolicy Orchestrator Server\Max Event Parser threads
  • \ePolicy Orchestrator Server\Currently running Event Parser threads
  • \ePolicy Orchestrator Server\Event queue length
  • \ePolicy Orchestrator Server\Static event queue length
  • \ePolicy Orchestrator Server\Data channel threads
  • \ePolicy Orchestrator Server\Data Channel saturation

Using Windows Performance Monitor, it is possible to configure a performance counter session to write the values to a CSV file. It is recommended to configure Windows Performance Monitor on the primary McAfee ePO application server system, and to specify the Remote Agent Handler systems so that Windows Performance Monitor can remotely connect and pull the values for the performance counters. By doing this, you have one Windows Performance Monitor session that is monitoring multiple systems and writing to one CSV file.

An example of the CSV format is shown here. This is how it should appear if only two of the available performance counters are being monitored.

Line 1: "(PDH-CSV 4.0) (Pacific Daylight Time)(420)", \\WIN-PQBSLLB47N1\ePolicy Orchestrator Server\Open ePO Agent Connections, \\WIN-PQBSLLB47N1\ePolicy Orchestrator Server\Completed Agent Requests/sec

Line 2: "09/01/2016 14:19:45.449","0","0"

Line 3: "09/01/2016 14:20:00.456","0","0"

...

Note: The labels Line X: are added only to identify the structure of the contents. You can also include other relevant performance counters to help manage your McAfee ePO environment. See KB87807 for detailed information.