Data Loss Prevention

Hi,

We are purchased the Symantec DLP Endpoint Discover and Prevent (each 500 users) products.

Planned to install Endpoint Discover and Prevent on separate servers. Is that possible to install like this?

Because in the Enforce server we have only one option called Endpoint for registering a detection server. So in my case how to register the above two servers separately?

TIA

If the server hardware and the requirements are good enough then you can install only one detection server and have those 1000 agents reporting to the Detection server.

There is no need to install 2 separate server.

Hi Karthik,

Splitting the functionality isn't the norm (and won't work as you're intending), if you deploy Discover scan configuration only to one of those servers it will only reach the 500 users connecting to that particular server and not the other 500 (and vice versa for Prevent configuration). 

The Endpoint Prevent/Discover servers are mainly just connection aggregators that facilitate the communication between the agent and the Enforce server. A single server with 2 CPUs and 8GB RAM in most cases will easily be able to maintain 1000 users utilising both Prevent and Discover functionality. In a typical organisation, you'll have 2 Endpoint Detection servers (serving both functions) with one in each Data Centre - which you'll each make one as the primary and the other secondary when you generate the package or point them to a DNS alias that will perform round-robin and split the agents between the automatically.

If you have a requirement for resource intensive policies (greedy regular expression, large IDM or EDM profiles or utilising two-tier detection) with 1000 users, you'd just increase the RAM to 16GB or as needed and possibly up them to 4 cores.

Dean

Thanks Pete!!

Thanks for the info Dean!!!!