Video Screencast Help

Symantec DLP facts

Created: 23 Oct 2009 | 7 comments
mihai.dobos's picture

Hello,

Can someone direct me to a detailed technical data sheet for DLP products?
I'm interesed in:
- 64-bit OS support for monitoring/disocover/mgnt/etc servers
- support for agents on mobile devices, like blackberry or symbian
- latency, throughputs, other performance issues.

Can someone send me some info?

Best regards,

Mihai

Comments 7 CommentsJump to latest comment

jjesse's picture

Currently there is no 64-bit agent for Endpoint as far as I know, trying to get the offical word but as far as i understand on the endpoint side it is 32-bit only.  Will double check that

Also there is not a supported agent for mobile devices, yet I have heard that it is on the roadmap.

For data rest it does not matter whether or not the server is 64-bit or 32-bit as you doing the scanning against  the file share/database/etc... 

A lot of the performance issues/throughputs/latency all depend on how you set things up and also what product within DLP you are talking about as well (Data in Motion vs Data at Rest).

Each DAR scan can be throttled and scheduled around backup windows, work hours, etc.

Drop me a note if you have further questions or would like to talk in person

Jonathan Jesse Practice Principal ITS Partners

Jim - DLP Support Team's picture
-We can scan againist 64bit shares and databases, however Enforce, EDPA and Detection servers must remain on 32-bit OS.
Article ID: 50079 Network monitor does not show traffic on RHEL x64
Article ID: 42256
Can Vontu run on a 64 bit OS?
Applies To

 

 
• Vontu Installation/Upgrade
Problem Summary

 

 
If you have a 64-bit OS installed, will Vontu run on it?
 
Solution

 

 
Vontu does not currently support 64-bit OS. You can run on 64-bit hardware, but the OS must be installed as 32-bit.

-Mobile device support is currently not available
-Discover Performance/throughput:  See - Symantec DLP Network Sizing Guide KB 46671 https://kb-vontu.altiris.com/article.asp?article=46671&p=4

Public Article ID: 49240
Discover Performance Troubleshooting
Applies To

 

 
• Vontu Discover Server
 
 
Problem Summary

 

 
My Discover Scan is slower than I would expect. How can I determine where the bottleneck is?
 
Solution

 

 
In general, the performance bottleneck for Discover scans is the transfer to the Discover machine.  Linux Discover processes are 1/3 slower than Windows. 
  1. Setup your target
  2. Check your policy groups.  Are there any empty policy groups?  This will affect Discover performance.
  3. Run the scan for 10 minutes, keeping an eye on CPU usage on the Discover machine. Then pause the scan. Calculate the scan rate in GB/Day using the information on the Scan Detail page.
    • If it is at least 250 GB/Day then all is good.  Resume the scan. 
    • If it is much less than 250 GB/Day go to step 4.
  4. Was the CPU usage on the Discover machine close to 100% during the 10 minutes of scanning? 
    • If so, you are probably limited by cracking.  Check to see if the target has a lot of XLS and/or PDF files.  If this is the case, there is not much that can be done except add more hardware. 
    • If CPU was not maxed out, go to step 5.
  5. Manually copy 2GB worth of representative files from the target to the Discover machine and calculate the transfer rate.  (It is important to copy the actual files that you will be scanning as the average file size has a big impact on transfer rates.) 
    • If this rate is slower than 300 GB/Day, then you are probably limited by network issues.  Check NIC settings and make sure they are compatible with the relevant switch settings.  Check number of hops and move Discover closer to target if possible. 
    • If the rate is greater than 300 GB/Day go to step 6
  6. Turn off collection of ACL and Owner information.  In Crawler.properties, set filesystemcrawler.collectaclandowner = false.  Restart the Discover monitor.  Run the 10 minute test again. 
    • If this solves the problem, then you need to weigh the value of scan rate vs security meta-data.  Collecting the extra meta-data takes time and there probably isn't anything that can be done to speed it up.
 

____________
Jim Martin | Sr. Technical Support Engineer |
Data Loss Prevention, Symantec
http://go.symantec.com/vontu

Looking for something else?
Chances are you can find it in our Knowledgebase
https://kb-vontu.altiris.com

Symantec Corporati

symcisacpuhog's picture

thank you for the answer jim but im a bit confused.  Are you talking about the network product or the vontu dlp endpoint agent?  i am just looking for a simple answer of "does dlp endpoint support windows 7 32 bit and 64bit?"  If not when is the expected date.  I checked the big windows 7 support page you guys have but it says it will support win7 in december but doesnt specify 32 or 64bit.  TIA

Naor Penso's picture

Currently there is no agent for 64bit OS.
The DLP Agent does support Windows 7 But only 32Bit.

Kind Regards,
Naor Penso

For Forum threads, please click "Mark as Solution" if answered.
For all content, please give a thumbs up if you agree with or support the post.
Thanks :)

RonakP's picture

Symantec DLP 10.0 Has agents for 32bit Windows 7 and 64bit Windows 7. They were released in April or May of 2010

 

There are 2 different installers for it.

George-Aflac's picture

Does anyone know what the product ID is for Symantec DLP endpoint agent 10.5.1000.01022.  I have to manualy clean the clients from the registry and need the product ID.

George

UFO's picture

Is there any document describing DLP 11 hardware support? Looking for it for a long time.

STS: DLP