Data Loss Prevention

hi all

first, thank you for all the topics regarding this point.


we've read those artcle, for the majority it discuss the retore and backup plan of the enforce and oracle database.

we already face this issue and know how to handle it following the symantec recommandations.


our question concern the possibility to set up high availability for the detections servers,

is it possible for exemple to cluster the endpoint server? is it possible to clusterthe network monitor?


thank you for your return,

regards;

You can install 2 endpoint server and point the DLP agent to these 2 endpoint server. Then, if one of these 2 server down, the agent will switch to another. This is some kind of 'cluster'. For network monitor, I think you will need the support of network hardware. If a monitor down, there should be 'someone' to determine this down and make the network traffic span port changed. The network monitor cannot support cluster by himself.

thanks yang for your return,

 

i'm agree with you, for the endpoint that's what we are finally planning to do.

 

for the Monitor, i'm agree that the fact to manually reconfigure for the network traffic span port changement is a necessary.

 

what about the Network Prevent (Web/SMTP)?

For Network Prevent, the simplest way to achieve cluster is to integrate with your DNS. After install 2 network prevent server, you will get 2 IP address. Then, on the DNS, configure these 2 IP address with the same DNS name. Your MTA and proxy should configure to use the name, not IP address to integrate with the prevent. So, these 2 prevent with different IP but the same DNS name will act as a cluster.

We use load balancers in front of our HTTP/SMTP prevent solutions to provide HA and failover.