Use Server Virtualization for the Enforce Server
You can use virtual machines for primary and secondary instances of the Enforce Server with a full clone of the primary. Whether you use dedicated or non-dedicated resources for the Enforce Server and detection server depends on several factors. Consider the following items when choosing resource allocation:
- Number of CPUs
- Amount of dedicated RAM
- Resource reservations for CPU cycles and RAM
The virtualization overhead and guest operating system overhead can lead to a performance degradation in throughput for large datasets compared to a system running on physical hardware. Use your own test results as a basis for sizing deployments to virtual machines. For HA purposes, choose a server virtualization environment that is configured to prevent over-subscription on host machines. Over-subscription is detrimental to DLP performance.
You can clone DLP using virtualization tools. DLP install files are synced up hourly with rsync (or similar application) between primary and secondary. You must clone the secondary Enforce Server when the primary DLP services are not running.