The Symantec Veritas Cluster Server (VCS) can provide fail over capabilities for the Enforce Server. If an Enforce Server fails on a particular computer, the Veritas Cluster Server can fail over the Enforce Server to a standby computer, which reduces downtime for Data Loss Prevention. However, certain tasks and processes may be affected during fail over of the server. This article describes the impact fail over has on such tasks and processes and explains how you can respond to that impact.

This solution applies to Symantec Data Loss Prevention version 11.1.1 and later.

Repeat configuration tasks 

During failover, the server that hosts the Enforce Server behaves like a computer that has been restarted. If you are performing any type of configuration action in the Enforce Server administration console, the changes you make may be lost if the Enforce Server failure occurs before you save the changes. The Enforce Server administration console may not respond normally during failover, which usually takes less than two to three minutes to complete.  When the standby Enforce Server becomes active, you must log in again and repeat any configuration changes that were not saved before the failover. You may experience this behavior when performing the following activities in the console as a failover occurs:

• Creating or editing a policy
• Creating or editing a response rule
• Creating or editing server or Agent configurations
• Creating or editing Discover scans
• Editing any configurable object where changes were not saved

Restart long-running processes

In addition to configuration actions, certain other longer-running tasks must be restarted if they were executing when the failure occurred. These tasks include:

• Exact Data Matching (EDM) indexing 
• Indexed Document Matching (IDM) indexing 
• Vector Machine Learning (VML) training
• Exporting incidents to CSV, XML, or Web archive formats

Effect on incidents

Incidents queue on the detection servers as they arrive. If the Enforce Server fails, the incidents continue to queue on the detection server until the Enforce Server is restored, when they are sent to the Enforce Server. None of these incidents are lost as a result of the failure of the Enforce Server.

You may also experience the following regarding incidents:

• After failover of the Enforce Server,  one extra, duplicate incident may be reported by the Enforce Server administration console.
• After failover of the Enforce Server, the Servers > Overview page of the Enforce Server administration console reports an incorrect number in the Messages (Today) column.