Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Implement Cluster for DLP Enforce by VCS - Windows Base

Created: 06 Oct 2013 • Updated: 07 Oct 2013 | 1 comment
Language Translations
yang_zhang's picture
+1 1 Vote
Login to vote

According to the previous article:

https://www-secure.symantec.com/connect/downloads/...

we can set up a cluster of the DLP Enforce for High Availability.

Below is a graphical instruction to implement cluster for DLP Enforce by VCS based on Windows platform.

Here is the simple topology of the testing environment with 3 servers. This is a 3-tier installation, and, we didn't draw the detection server:

Cluster_Enforce.png

1. Install Oracle DB and create DLP instance protect on server1.

2. On Enforce1 and Enforce2, install Oracle Client software. For the installation of the Oracle Client, please refer to this article:

https://www-secure.symantec.com/connect/articles/t...

3. On Enforce1, run ProtectInstaller to install the DLP Enforce.

4. After the installation of DLP Enforce on Enforce1, there will be a encryption key created which stored on the file CryptoMasterKey.properties

5. Copy the file CryptoMasterKey.properties from Enforce1's folder: \SymantecDLP\Protect\config to Enforce2.

6. On Enforce2, run ProtectInstaller to install the DLP Enforce, but, on the 'Initialize DLP Databse' windows, uncheck the 'Initialize Enforce Data':

DLPCluster_Enforce2.png

7. Select the CryptoMasterKey.properties which copied from Enforce1:

DLPCluster_Enforce3.png

8. Install VCS both on Enforce1 and Enforce2.

9. Launch Verits Cluster Manager to log into the cluster.

10. Add 5 resources which the type is GenericService. These 5 resources are: VontuManager, VontuMonitorController, VontuIncidentPersister, VontuUpdate, VontuNotifier. 

And the dependence of these 5 services is as below:

DLPCluster_Enforce11.png

Here, we finished the simple implement of the cluster for DLP Enforce. The Enforce1 and Enforce2 will act as a cluster to support High Availibility.

After configure the IP resource, the administrator can use the Virtual IP to log into the Enforce Console.

 

Comments 1 CommentJump to latest comment

mumair109917's picture

hi yang!

 

thanks for sharing such a nice info, i am going to test this configuration but here is a confusion so please clearfy that. 

according to your configuration we dont need to install enforce on shared drive is it true or not??

 

0
Login to vote