Configure Endpoint Servers
The following table lists recommendations for configuring Endpoint Servers for high availability and disaster recovery.
Recommendations | More information |
|---|---|
Use DNS aliases for each endpoint server. | You can easily build a new Endpoint Server by using the same DNS alias. The process to recreate all the packages with new DNS names takes much longer. |
Use a load balancer. | Endpoint servers can be placed behind a load balancer for agent communication. The load balancer apportions communication between DLP Agents and endpoint servers equally. In general, apply the following capabilities and settings to ensure that load balancers work best with Symantec Data Loss Prevention :
|
Use DNS aliases for each endpoint server. | New agent packages are generated with the load balancer DNS name in the Endpoint Server Host field. The agents contact the load balancer, which passes the connection request to the Endpoint Server to perform the SSL handshake for the agent. Once connected, the load balancer continues the normal communication protocol. |
Back up the Endpoint Server certificates. | The certificates are at C:\Program Files\Symantec\DataLossPrevention\DetectionServer\<DLP version>\Protect\keystore . |
Deploy an Endpoint Server in the DMZ. | For organizations that need agent awareness without the need for users to log in through a VPN, deploy an Endpoint Server in the DM. This configuration allows agents to check in when they are connected to the Internet. |