Dear giuliod,
If you install Symantec Encryption Management Server (SEMS, previously known as PGP Universal Server) in a VMWare infrastructure then you have the possibility to take a snapshot of the virtual machine which is a very useful feature. If the server goes down then snapshot helps recover your system. Additionally, SEMS also supports backing up your data. Backups include all information necessary to restore the SEMS to its exact condition when the backup was created, including proxy and policy settings, as well as keys and user information. In case of server down, you can also install a new SEMS and choose to restore the server from backup at the installation option.
I am not sure how your DLP and SEMS setup look like. In general some of our customers have implemented in the following way:
- The outbound email is first checked by the DLP and if the email needs to be encrypted (DLP flagged) then the email is forwarded to the SEMS server. The SEMS performs the encryption and gives it back to the DLP server.
- For the emails that do not need any encryption, the emails are basically sent out directly by DLP to the next mail hop.
- For the inbound emails: if the mail needs to be decrypted and the SEMS is down, the incoming mail hop should keep the mail in the mail queue. If the mail is not encrypted, it should directly forward that email to your exchange server.
Furthermore, there are SNMP tools which can be used for monitoring the server behavior. SEMS also offer this feature. So it may be useful to consider implementing a SNMP feature in such a single point of error scenario.
Hope it helps.
Best Regards,
bipshr