Symantec Encryption Management Server (PGP Server) configuration with Multiple Interfaces on the same subnet: WARNING
search cancel

Symantec Encryption Management Server (PGP Server) configuration with Multiple Interfaces on the same subnet: WARNING

book

Article ID: 155389

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

Although it is possible to create multiple interfaces on the same subnet, be it virtual, or physical, doing so can cause major problems with the PGP Universal Server and how it handles its own processes and connections.  Some of these processes and connections include, but are not limited to:

*Clustering abnormalities or failure to replicate data to cluster members.
*Mail flow problems where there is high potential for mail looping, or incorrect processing of mail.
*Database abnormalities, including creation of duplicate data in a database causing problems.
*Connectivity issues, such as mail processing not responding properly, keyserver search requests failing to serve etc.

Resolution

It is highly discouraged to configure such environments as many issues have been traced back to this type of configuration.

An example of multiple interfaces on the same subnet is as follows:

eth0: 192.168.1.10
eth1: 192.168.1.20

Another example of this could be:

eth0: 192.168.2.100
eth1: 192.168.2.200

Or:

eth0: 192.168.3.15
eth0:0: 192.168.3.25

The last example is for virtual NICs where both interfaces actually use the same NIC.

These above examples are only to illustrate what is meant by multiple interfaces on the same subnet.

If a PGP Server has multiple physical NICs, or if it is needed to have multiple IP addresses on the PGP Server, please plan accordingly such that this configuration is avoided.  Doing so will complicate supporting of the PGP server and the likelihood of causing problems is high.

Support for multiple interfaces is intended to provide connectivity across subnets. For instance, you may have a private interface for most PGP Server functions and a public interface for Web Messenger.

For a gateway placement, one adapter may be connected either directly to the Internet or placed in a DMZ while the other adapter provides connectivity to the local network.

NIC teaming is not currently supported.

 

 

Additional Information

154069 - Best Practices: Environmental Requirements for Symantec Encryption Management Server clustering (AKA PGP Server)