Data Loss Prevention

 View Only
  • 1.  Need Help In Migrating on Prem Symantec Endpoint DLP To Cloud

    Posted 10 days ago
    Edited by Manikyam KK 10 days ago
    Hello Team,

    Need Help migrate on premises DLP Endpoint Prevent to full fledged cloud

  • 2.  RE: Need Help In Migrating on Prem Symantec Endpoint DLP To Cloud

    Broadcom Employee
    Posted 9 days ago
    Edited by Stephen Heider 9 days ago
    Hi Manikyam,

    Glad to see you are installing DLP in the cloud!
    I am replying to share that I don't believe we provide documentation and coverage in terms of "migration" of Endpoint Prevent.

    Rather, we support the installation via new Endpoint Agent packages, mostly on account of it greatly simplifying the installation and management of the certificates involved. Your new Enforce Server in the cloud will have a new "root" level cert for the Endpoint Servers and Agents, and any agents reporting in to those Servers will require an installer package based on that root cert.

    We do have some new options in DLP 16 that you might find especially useful - the ability to use 3rd party signed certificates for the Endpoint Agent communications. Thus, I encourage you to take that into consideration as you plan your install.

    Some links which might prove useful:

    Secure Communications Between DLP Agents and Endpoint Servers (

    Deploying Data Loss Prevention on public cloud infrastructures (

    If you have further questions on specific issues please open a case with Technical Support!

    Warm regards,

    Stephen Heider

    Global Support Lead | Symantec Enterprise Division | DLP Support
    Broadcom  |

  • 3.  RE: Need Help In Migrating on Prem Symantec Endpoint DLP To Cloud

    Trusted Advisor
    Posted 9 days ago
      |   view attached

    I assume you are going to getting rid of the On prem server and replace it with the new Cloud server..

    1. First thing is to spin up the new endpoint Server in the cloud and get that installed and communicating with the Enforce server. (see the attached document). There are other documents on Cloud as well. You will need to test this, especially if you are using a cloud Load Balancer etc.
    2. You will need to generate the communication keys and make sure that the servers can talk and be controlled by the Enforce Server.
    3. Make sure to associate all of the policy groups to include the new Server so the policies will work on that new server. 
    4. For testing take one or a few of your existing Agents that are communicating with the original Endpoint Servers, and change the server that you want to talk to. You can do this from the Agent Overview section. (This will take a few minutes to update)
    5. Make sure the agent is talking to the new server and registered in the UI as talking to the new server.
    6. Test that agent as much as possible to make sure it works and policies are triggered. 
    Once you do that you can then you can begin to migrate all of the agents to that NEW cloud server. (Same process as #4)

    If you want to update the installation file, you can manually edit the Install.bat file and just change the name of the server that it is supposed to communicate with.

    Good Luck. - RP