Paul,
I've worked with a few customers that like this idea. It was required by some customers, but eventually they stopped doing the COLD DR enforce server. It ultimaley was more of a pain than it is worth. Especially if the server is just sitting there cold.. waste of energy and allocated power.
Things to think about..
- 95% of the DLP data is in the DB, so backing that up is more imprtant than anything
- On the enforce server the only thing to really back up is the config dir (Cryto file etc), scripts, keystore etc.
Here are the options:
- Keep Enforce on a VM - If there was ever an outage on the Enforce server, it is easier in most cases to spin back up the VM on another host. - no installation or modification needed.
- Keep a Cold DR - If you had a cold DR server, you wold need to make sure the files have been duplicated to the DR one. - more work.
- Reinstall the SW on a new Server - Install the SW takes less than 5 minutes and just need to have a backup of the Config Files. - Not too much work especially with VM's
The BIG issue is the life cycle of keeping that COLD DR upto date when it comes to UPGRADES. When you upgrade to a newer Version/Patch, you will need to update the LIVE SYSTEM. This will update the DB and then the Enforce Console. When you need to update the COLD DR, you will need to install that SYSTEM from scratch, along with applying the patch. In some cases this may be tricky if the DB has already been upgraded.
So in reality you will be doing #3 on a regular basis in order to maitain the COLD DR. Might as well ONLY do that when you have an outage and need to rebuild.
Just my thoughts..
Good Luck
Ronak
PLEASE MARKED SOLVED WHEN POSSIBLE.