DLP Agent supports to be installed in a Failover environment. Think about two endpoint servers, the first one is the Primary Endpoint Server and the other one is the Secondary Endpoint Server. The DLP agent can be installed under these two endpoint server. And, if the primary endpoint server is down, the DLP agent will connect to the secondary endpoint server after the timeout.
On the example below, we installed two endpoint server under the same DLP enforce server with these two IP address: 192.168.1.201 and 192.168.1.202. These two servers are named as Primary Endpoint Server and Secondary Endpoint Server.
Then, during the installation of the DLP agent, we need to input the IP address or the hostname of these two servers at the same time:
After the installation, the DLP agent will connect to the Primary Endpoint Server. We can check this by the netstat command on the DLP agent:
There are two method to change the endpoint server of the DLP agent.
The first one is using the DLP Enforce Server Console:
select the DLP agent from the console, click 'Actions' button, choose 'change Endpoint Server':
The second one is letting the DLP agent change the endpoint server after failover.
Defaultly, the DLP agent will change to the secondary endpoint server after 3600 seconds after the primary one is down. We can change this timeout in the Agent advanced settings:
After the timeout, we can check the connection on the DLP agent again:
