This article details which data is replicated between PGP Encryption Server cluster members. 

When you have two or more PGP Encryption Servers operating in your organization, you can configure them to synchronize with each other; this arrangement is called a cluster.

Servers in a cluster can all keep data replicated from the other servers in the cluster: users, keys, managed domains, and policies.

For those servers running PGP Web Email Protection (Secure Email Delivery) they can also replicate Web Messenger data.

The following settings and data are considered global and are replicated to all servers in the cluster:

• Consumers (internal and external users, devices, and their keys and properties)
• Group configurations and consumer policies
• Managed domains and mail settings (policies, dictionaries, archive servers, message templates)
• Directory synchronization settings
• Organization keys and certificates
• Ignition keys
• Trusted keys
• Configured keyservers
• Web Messenger data (if replication is enabled)
• Learn Mode
• PGP Verified Directory data (though the service can be enabled or disabled on individual servers).

As the administrator, you have some degree of control over what data is replicated to which cluster members:

• You can allow or prevent the private keys of Internal Users from being replicated to individual servers.
• You can configure the Web Email Protection service to run only on a subset of cluster members, which limits WEP data replication to only those servers running the service.
  Important Note: Although you can halt services for WEP to only one node, it is recommended to enable this on all nodes if redundancy is needed.
  
  Further, you can configure WEP data replication so that it is replicated only to a subset of the eligible cluster members. For example, if you have a cluster of four servers, three of which run WEP, you can configure replication so that each user's mailbox is replicated to only one or two of the three eligible servers.  If you are wanting to replicate to some of the nodes, but not all, we generally recommend doing all if it is possible for best results. 
  Reach out to Symantec Encryption Support for further guidance.