Data Loss Prevention

 In a three tier architecture, what happens when the Enforce Server losses comms with the Oracle Database server?

Jump to Best Answer
posted 11-15-2020 04:01 AM
Hi;

In a three-tier architecture, what happens when the Enforce Server losses comms with the Oracle Database server? 


Kindly
Wasfi
Best Answer
In Symantec DLP, all servers and agents are independent in relation to their work once they are configured and all policies are distributed. All servers will continue doing their job, if communications are lost. If DB is down, Enforce will continue processing and storing incidents in a temporary space, and once DB is up, Enforce will catch up with incidents writing. If enforce servers fills up HD space, it will stop processing and detector servers will stop sending incidents and store them locally; something for agents when they are off the network or cannot talk to Endpoint server.

Good luck with your DLP and I will recommend having a test environment so you can test scenarios like this one.
A.C.
Hello Wasfi,

the detection servers use the policies and handle the incidents which are then being reported to enforce. 
So incidents are generated and not reported till enforce is avil. again, so responses that depend on the whole construction are not used.

Do you have endpoint detection servers? Keep an eye on the "off the corporate network" settings.

Here´s an article  :  https://knowledge.broadcom.com/external/article/160387/basic-questions-on-operationworking-of-s.html
Thank you hdey_pmcs. However, what happens if the Enforcer is available but  not the database server. I mean when the database server is not on the same server as enforcer? 3-tier architecture?