Data Loss Prevention

Dear colleagues,

Does anyone knows what recommendations does Symantec give for building high available solution for Symantec Data Loss Prevention?

Looking for different options to make the full DLP with all modules included to be available at any time. Solutions for different modules could be different (e.g. I can install the same Endpoint detection server on other [virtual] sefver, set up the same agent configuration and secure endpoint detection server).

I'd apprectiate links to any official Symantec documentation that describes how to solve the problem.

You can use Symantec's VCS product to make a cluster of your Oracle and DLP Services.

You can refer to this thread:

https://www-secure.symantec.com/connect/forums/load-balance-enforce-server

Thank you!

The link you provided contains information on Enforce + Oracle. What about other DLP components? Network Monitor? Data Insight? Other detection servers? Does Symantec has high availability recommendations for those?

Guys, do you have suggestions for all DLP components?

basically it is required to backup enforce and DB , as all the contents,incident, polcies are here. Hence detections servers are not that importanant, you just need to install and point to enforce server.

Be careful!

Unless DLP has gotten some serious upgrades/enhancements, all you can do is a cold standby.  Cutover would require manual intervention.

The Enforce server and the detection servers don't have a concept of "mutliple" Enforce servers.  If you point two or more Enforce servers at a detection server, your system is likely to behave badly.

Likewise, the Enforce server has no concept that another Enforce server could be using the database. If two Enforce servers access the same database, I shudder to think what would happen.

JGT