Considerations for using Veritas Cluster Server with the Data Loss Prevention Enforce Server
Last Updated August 22, 2018
The Symantec Veritas Cluster Server (VCS) can provide fail over capabilities for the Enforce Server. If an Enforce Server fails on a particular computer, the Veritas Cluster Server can fail over the Enforce Server to a standby computer, which reduces downtime for Data Loss Prevention. However, certain tasks and processes may be affected during fail over of the server. This article describes the impact fail over has on such tasks and processes and explains how you can respond to that impact.
This solution applies to Symantec Data Loss Prevention version 11.1.1 and later.
Repeat configuration tasks
During fail over, the server that hosts the Enforce Server behaves like a computer that has been restarted. If you are performing any type of configuration action in the Enforce Server administration console, the changes you make may be lost if the Enforce Server failure occurs before you save the changes. The Enforce Server administration console may not respond normally during fail over, which usually takes less than two to three minutes to complete. When the standby Enforce Server becomes active, you must login again and repeat any configuration changes that were not saved before the fail over. You may experience this behavior when performing the following activities in the console as a fail over occurs:
Creating or editing a policy
Creating or editing a response rule
Creating or editing server or Agent configurations
Creating or editing Discover scans
Editing any configurable object where changes were not saved
Restart long-running processes
In addition to configuration actions, certain other longer-running tasks must be restarted if they were executing when the failure occurred. These tasks include:
Exact Data Matching (EDM) indexing
Indexed Document Matching (IDM) indexing
Vector Machine Learning (VML) training
Exporting incidents to CSV, XML or Web archive formats
Effect on incidents
Incidents queue on the detection servers as they arrive. If the Enforce Server fails, the incidents continue to queue on the detection server until the Enforce Server is restored, when they are sent to the Enforce Server. None of these incidents are lost as a result of the failure of the Enforce Server.
You may also experience the following regarding incidents:
After fail over of the Enforce Server, one extra, duplicate incident may be reported by the Enforce Server administration console.
After fail over of the Enforce Server, the Servers > Overview page of the Enforce Server administration console reports an incorrect number in the Messages (Today) column.
Imported Document ID: TECH220178
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe