Symantec Data Loss Prevention (DLP) supports three different installation types:
Symantec recommends the three-tier installation. However, your organization might need to implement a two-tier installation depending on available resources and organization size. Single-tier installations are recommended for branch offices, small organizations, or for testing/PoC purposes.
To implement the single-tier installation, you install the Oracle database, the DLP Enforce Server, and a Detection Server all on the same computer. Typically, this installation is implemented for testing purposes or for small organizations.
A Symantec Data Loss Prevention Single Server deployment is a single-tier deployment that includes the Single Tier Monitor detection server. The Single Tier Monitor is a detection server that includes the detection capabilities of the Network Monitor, Network Discover/Cloud Storage Discover, Network Prevent, Mobile Prevent, Network Prevent for Email, and the Endpoint Prevent and Endpoint Discover detection servers. Each of these detection server types is associated with one or more detection "channels." The Single Server deployment simplifies Symantec Data Loss Prevention administration and reduces maintenance and hardware costs for small organizations, or for branch offices of larger enterprises that would benefit from on-site deployments of Symantec Data Loss Prevention.
If you choose either of these types of installation, the Symantec Data Loss Prevention administrator needs to be able to perform database maintenance tasks, such as database backups.
SYMANTEC DLP – ENFORCE PLATFORM INSTALLATION
Follow the bellow steps to install Symantec DLP – Enforce Server.
Step 1: Run the installer file: ProtectInstaller64_14.0
Step 2: On the Setup Wizard, Click Next to begin the installation process
Step 3: After you review the license agreement, select I accept the agreement, and click Next.
In the Select Components panel, select the type of installation you are performing and then click Next. There are four choices:
Enforce: Select Enforce to install Symantec Data Loss Prevention on an Enforce Server for two- or three-tier installations. When you select Enforce, the Indexer is also automatically selected by default.
Detection: Select Detection to install a detection server as part of a two- or three-tier installation.
Indexer: Select Indexer to install a remote indexer.
Single Tier: Select Single Tier to install all components on a single system. Single-tier systems are for branch offices or small organizations, or for testing, training, and risk assessment.
Select Single Tier Installation, click Next.
Step 7: In the License File panel, browse to the directory containing your license file. Select the license file, and click Next.
Step 8: Skip WinPcap installation if you are not installing Network Monitor Module, click Next
Step 9: Select the destination directory where you want to install Enforce Server, click Next.
Step 10: In the Select Start Menu Folder panel, enter the Start Menu folder where you want the Symantec Data Loss Prevention shortcuts to appear. Click Next.
Step 11: Create System Account
Step 12: Specify on which port this server should accept connections from Symantec Enforce.
Step 13: Oracle Database Server Settings to Accept Requests
Step 14: User Information for Symantec DLP Database
Step 15: Select an Additional Locale to Support
Step 16: Choose whether or not to initialize the database
Step 17: Choose whether to enable Certificate Authentication
Step 18: Enter Administrator Credentials
Step 19: Please wait while Setup installs Symantec DLP
Step 20: Store incident attachments on a file system or other device rather than in the database
Step 21: Opt in or out of the DLP Supportability Telemetry program
Step 22: Installing Symantec DLP
Step 23: Finishing Symantec DLP installation process
Verifying an Enforce Server installation
After installing an Enforce Server, verify that it is operating correctly before importing a solution pack.
Confirm that Oracle Services (OracleOraDb11g_home1TNSListener and OracleServicePROTECT) automatically start upon system restart.
If you selected the option Start Services, then confirm that all of the Symantec Data Loss Prevention Services are running under the System Account user name that you specified during installation. Note that on Windows platforms, all services run under the System Account user name (by default, “protect”), except for the Vontu Update services, which run username_update (by default, “protect_update”). Symantec Data Loss Prevention includes the following services:
Vontu Incident Persister
Vontu Monitor Controller
If the Symantec Data Loss Prevention services do not start, check the log files for possible issues (for example, connectivity, password, or database access issues).
The Symantec Data Loss Prevention installation log is c:\SymantecDLP\.install4j\installation.log.
Symantec Data Loss Prevention operational logs are in c:\SymantecDLP\Protect\logs.
Oracle logs can be found in c:\app\Administrator\admin\protect on the Oracle server computer.
Once you have verified the Enforce Server installation, you can log on to the Enforce Server to view the administration console. Using the administration console, go to System > Settings > General accept the EULA, enter your company information, and confirm that all of your licenses have been correctly activated.
Subscribing will provide email updates when this Article is updated. Login is required.