Data Loss Prevention

 View Only

 In a three tier architecture, what happens when the Enforce Server losses comms with the Oracle Database server?

Jump to Best Answer
Wasfi Bounni's profile image
Broadcom Knight Wasfi Bounni posted Nov 15, 2020 04:01 AM
Hi;

In a three-tier architecture, what happens when the Enforce Server losses comms with the Oracle Database server? 


Kindly
Wasfi
Alvaro Cervantes's profile image
Alvaro Cervantes posted Nov 20, 2020 09:50 AM Best Answer
In Symantec DLP, all servers and agents are independent in relation to their work once they are configured and all policies are distributed. All servers will continue doing their job, if communications are lost. If DB is down, Enforce will continue processing and storing incidents in a temporary space, and once DB is up, Enforce will catch up with incidents writing. If enforce servers fills up HD space, it will stop processing and detector servers will stop sending incidents and store them locally; something for agents when they are off the network or cannot talk to Endpoint server.

Good luck with your DLP and I will recommend having a test environment so you can test scenarios like this one.
A.C.
hdey_pmcs's profile image
hdey_pmcs posted Nov 16, 2020 09:55 AM
Hello Wasfi,

the detection servers use the policies and handle the incidents which are then being reported to enforce. 
So incidents are generated and not reported till enforce is avil. again, so responses that depend on the whole construction are not used.

Do you have endpoint detection servers? Keep an eye on the "off the corporate network" settings.

Here´s an article  :  https://knowledge.broadcom.com/external/article/160387/basic-questions-on-operationworking-of-s.html
Wasfi Bounni's profile image
Broadcom Knight Wasfi Bounni posted Nov 19, 2020 09:41 AM
Thank you hdey_pmcs. However, what happens if the Enforcer is available but  not the database server. I mean when the database server is not on the same server as enforcer? 3-tier architecture?