About Endpoint Server redundancy

You can configure the DLP Agent to connect to multiple Endpoint Servers. Endpoint Servers can be connected using a load balancer. Multiple Endpoint Servers enable incidents and events to be sent to the Enforce Server in a timely way if an Endpoint Server becomes unavailable. For example, assume that an Endpoint Server becomes unavailable because of a network partition. The DLP Agent, after a specified amount of time, connects to another Endpoint Server to transmit the incidents and events that it has stored. The Symantec DLP Agent makes a best effort to fail over to a different Endpoint Server only when the current Endpoint Server is unavailable. If the original Endpoint Server is unavailable, the agent attempts to connect to another Endpoint Server in the configured list. By default, the DLP Agent tries to reconnect to the original Endpoint Server for 60 minutes before it connects to another Endpoint Server. In a load-balanced Endpoint Server environment, the connection interval is managed by the load balancer.
When a DLP Agent connects to a new Endpoint Server, it downloads the policies from that Endpoint Server. It then immediately begins to apply the new policies. To ensure consistent incident detection after a failover, maintain the same policies on all Endpoint Servers to which the DLP Agent may connect.
For
Endpoint Discover
monitoring, if a failover occurs during a scan, the initial
Endpoint Discover
scan is aborted. The DLP Agent downloads the
Endpoint Discover
scan configuration and policies from the failover Endpoint Server and immediately runs a new scan. The new scan runs only if there is an active
Endpoint Discover
scan configured on the failover Endpoint Server.
You must specify the list of Endpoint Servers when you install the DLP Agents. The procedure for adding a list of Endpoint Servers appears under each method of installation. You can specify either IP addresses or host names with the associated port numbers. If you specify a host name, the DLP Agent performs a DNS lookup to get a set of IP addresses. It then connects to each IP address. Using host names and DNS lookup lets you make dynamic configuration changes instead of relying on a static install-time list of stated IP addresses.