Use Server Virtualization for Detection Servers

As a best practice, configure the server virtualization to prevent over subscription. If over subscription occurs for host machines, DLP performance is degraded.
Whether you use dedicated or non-dedicated resources for the detection servers depends on several factors. Consider the following items when choosing resource allocation:
  • Number of CPUs
  • Amount of dedicated RAM
  • Resource reservations for CPU cycles and RAM
The following table lists recommendations and best practices for configuring a virtualized detection server environment:
Recommendations for configuring server virtualization for detection servers
Recommendation
More information
Clone virtual machines with DLP up and running.
Use the virtualization tools that are provided by your virtualization hosting solution.
Clone the secondary detection server when the primary DLP services are not running.
To restore detection servers, you are not required to use a cloned version. You can install fresh detection servers without losing data.
Use active and passive groups.
The number of groups depends on the organizational priority. The priority is based on how many passive servers the environment requires.