Data Loss Prevention

 View Only
  • 1.  Deploying DLP components across multiple platforms

    Posted Jun 22, 2011 10:52 AM

    Has anyone seen issues while trying to implement DLP components on multiple platforms? For example, using Windows for the endpoint components and Linux for network components.  Is there anything that needs to be taken into consideration while considering a multi-platform implementation - any compatibility, functionality, feature, deployment issues or other gotchas?  Also, has deploying DLP components in a VM environment caused any issues/gotchas?



  • 2.  RE: Deploying DLP components across multiple platforms
    Best Answer

    Posted Jun 22, 2011 03:01 PM

    As long as all the servers are separate and not a single-tier or 2-tier installation, then everything should work smoothly. Remember that all communication between servers is done over IP and is not platform-specific.

    Deploying Endpoint and storage servers in a VM hasn't caused any issues for me in the past. However take care in setting up Network prevent as you have to ensure that the server is logically inline. It can get kinda tricky when there's just one cable going into one box.

    Hope that helps!
    ~Xavier



  • 3.  RE: Deploying DLP components across multiple platforms

    Posted Jun 22, 2011 03:49 PM

    A few things you want to consider:

    (a)  When you do a heterogeneous environment like this, you're going to be a little limited in terms of doing automatic upgrades.  The detection servers that are NOT on the same platform as your Enforce server will need to be manually upgraded when you do an upgrade.  Not that big of a deal, but something to consider, especially if you are deploying lots of detection servers.

    (b) Features and function should be the same whether on Linux or Windows, EXCEPT with Network Discover.  DLP uses Windows drivers to reset the last accessed date/time on files when it scans them.  Therefore, Linux Discover servers are not able to reset the last accessed date/time when scanning.  This may come into play if you have backups being done based on those timestamps, etc. There may be some other nuances with regards to certain types of targets that should be considered.  All things considered, I'd probably opt for Windows servers for Network Discover if at all possible.

     

    Regards,

    ~Keith



  • 4.  RE: Deploying DLP components across multiple platforms

    Posted Jun 23, 2011 02:03 PM

    Xavier and Keith, thanks for the tips!