Data Loss Prevention

Question 1:  I've seen how to add multiple endpoint servers using the agent install script.  Is there a way to add a new Endpoint server to existing DLP Agents?  For example, if we have one Endpoint server up now, and decide to add another one later, and want all of the agents to be able to use both Endpoint servers, how do I make that happen without reinstalling all of the agents?  Is there a registry key or something that can be edited?  Can the change be pushed from the Enforce console?

Question 2: When we put multiple Endpoint servers in the install scripts, are connections load-balanced in any way, or do all of the agents default to using the first server in the list, and then use the second server only if the first is unavailable?  What happens if the first server is up and talking, but is under high load?  Will the agents keep trying to talk to server 1 until it chokes, or is there some kind of mechanism for them to move to the second server without the first being dead?

Thanks for your help...

Answer 1: There's an administrative action that can be used from within the DLP console to change the primary, secondary (and so on) servers than an agent reports to.  From Agent Overview, select the agent(s) you want to change, then choose Change Endpoint Server from under the Actions button.  Note that the default setting will only allow you to change 1 agent at a time (kind of painful).  The number of agents you can perform this admin task on can be changed in the manager.properties file on the Enforce server, so you might want to change it if you're doing this to a lot of agents.  If you're simply adding the secondary server, just make the primary what it is now, and add the secondary server setting.

Answer 2: No, these connections are not load balanced in any way.  If you happened to max out connections on the primary, other agents coming on line would go to their secondary server (after timing out on attempting to connect to the primary).  Server 1 won't choke because it has a setting to indicate how many connections it will accept.

Regards,

~Keith

Follow-up #1 - So I could go into the manager.properties file and change it to match however many clients I currently have deployed, restart the server, then go to my Agent listing, Select all, Actions, Change Endpoint Server, enter the Primary server and port, hit the +, enter the secondary server and port, and OK and save back out.  This should add the secondary server to all agents.  I did a test walkthrough of this and it seems that it will work just fine, with the caveat that it will only work on connected agents.  If the agent was Shut Down, or just plain Down, as in Agent Lost Connection, you get a message that the task can't be done.

Follow-up #2.  OK, so we could go into Server #1's config and tell it to handle no more than 3000 agents, and then any agent that tried to connect to it after # 3000 would go to Server #2, right?  That way we could ensure that Server 1 never got overloaded.  Sounds good to me.

Thanks very much for your help!