In some enterprise environment, the sensitive documents that needs to be protected by IDM, are locate in some kind of restricted area. The DLP Enforce cannot access these files logically/physically, or have no rights to access these files. Under such scenario, how can we create a remote IDM?
The solution/workaround for this kind of scenario is to install a separate DLP Enforce inside the restricted area where the documents files locate, create a IDM profile in this DLP Enforce, then copy the profile into another DLP Enforce.
Under the testing environment, we installed 2 DLP Enforce: Enforce1 and Enforce2. The Enforce2 has the rights to access the documents in the file server, and Enforce1 doesn't.
Here are the steps to create remote IDM using copy of RDX file.
From Enforce2:
1. Create a IDM Profile, and select 'Use Remote SMB Share':
2. Choose 'Submit Indexing Job on Save':
3. Check out the indexing is finished:
4. After the indexing completed, the rdx file will be created under the \SymantecDLP\Protect\index folder:
In Enforce1:
5. Create a dummy zip file that contain a dummy file, for example, one zip file contains one txt file:
6. Create a IDM profile, select the option 'Upload Document Archive to Server Now', and select the dummy file create on previous step:
7. After the indexing finished, there will be rdx files under the \SymantecDLP\Protect\index folder:
8. The SN of the profile on Enforce1 will be different to the one on Enforce2.
In our example, the SN of the profile on Enforce1 is 151.1, the SN of the profile on Enforce2 is 1101.2
Copy the rdx files from Enforce2 to Enforce1, to the same folder.
And, rename the profile from Enforce2 into the one of Enforce1:
9. Restart the detection server to make the change loaded:
10. From the event log of the detection server, there will be one message say the profile is loaded:
11. Create a policy to use this IDM profile. Then the sensitive documents will trigger incidents in Enforce1.