Video Screencast Help

Virtualization and minimizing server use for DLP deployment

Created: 24 Jun 2010 | 6 comments
kwillacey's picture

Hello All,

I was wondering if someone could tell me which products can install on the same servers and which can't. I need to test the solution in house but it is a small company and as such we don't have many servers to spare or want to get too many additional servers.

I know that Network Discover, Protect, Detect and Prevent can all be installed on VMWare. Network Monitor requires a dedicated server as well as Enforce (I say this because if I add Enforce on VMware I will still have to install the oracle database on a real server).

Is it possible to install the Endpoint platform, Discover and Prevent on the same server?

Simply put which products can be installed on the same server and which cannot?

I look forward to the response from all you experts.

Comments 6 CommentsJump to latest comment

jjesse's picture

Enforce can be virtualized as long Oracle is not on the same server.  Endpoint Discover and Endpoint Protect can be put on a virtual server.  The same with Network Discover and Network Protect.  Network Monitor and Network Prevent.  

refer to the Symantec DLP Admin Guide and User guide for more information.  Also you can find more informaiton on the DLP knowledge base, kb-vontu.altiris.com

Jonathan Jesse Practice Principal ITS Partners

kwillacey's picture

Thanks a lot, but where can I find a straight forward answer to which prodcuts can be installed on the same server and which can't. I need this information to plan for the amount of servers I will need for my delpoyment. I do not have access to the knowledge base.

For instance:

Network Discover & Network Protect - same server
Endpoint Discover & Endpoint Prevent - same server
Enforce - its own server
Endpoint Platform - its own server
Network Prevent - its own server
Network Monitor - its own server

Thanks.

benr's picture

Knowledge Base can be found here and requires authentication, but is open to all customers:
https://kb-vontu.altiris.com/

Network Discover and Protect can run on the same server, no need for virtualization
Endpoint Discover and Protect can run on the same server, no need for virtualization
Enforce is typically run on own server, especially if Oracle is on same server.  You can run Endpoint/Discover on same server but not recommended.
Endpoint Server cannot be virtualized (not supported) and needs its own server
Network Prevent can be virtualized, some customers run Network Prevent for Web on same hardware as Network Prevent for Email--in separate VM containers.  Obviously you'd need appropriate memory and processing power
Network Monitor cannot be virtualized, needs its own server

kwillacey's picture

Can someone please help??? Does anyone know which DLP products can be installed on the same server and which ones require a dedicated server. Your response will be greatly appreciated, thanks.

Neil Christie's picture

In our deployment I virtualized a bunch of the discover servers.  The problem was that we needed the 16GB of memory which caused issues with how many VMs I could put on the hardware.  The cost saving went out the window.  The only component that would not work so good on VM would be the monitor piece since it needs to have an extra NIC.

UpNorth's picture

Please see page 23 of the Symantec Data Loss Prevention Systems Requirements Guide.  I have attached it to this thread. 

AttachmentSize
Symantec_DLP_10.5_System_Requirements_Guide.pdf 725.36 KB