Load balancer best practices with DLP Endpoint Prevent
search cancel

Load balancer best practices with DLP Endpoint Prevent

book

Article ID: 173959

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention

Issue/Introduction

You want to deploy a load balancer into your Symantec Data Loss Prevention (DLP) Endpoint Prevent environment and need best practice recommendations.

Resolution

Refer to the About using load balancers in an endpoint deployment Broadcom Online Help page.

On this page there are three important Advanced Agent Settings regarding setting up Endpoint Prevent with a Load Balancer.

  • EndpointCommunications.IDLE_TIMEOUT_IN_SECONDS.int
  • EndpointCommunications.HEARTBEAT_INTERVAL_IN_SECONDS.int
  • CommLayer.NO_TRAFFIC_TIMEOUT_SECONDS.int

These settings are described in more details on the Advanced Agent Settings Broadcom online Help page.
 
Resolving based on Fixed hostname for DNS:

  • DNS-based load balancing can be used.
  • Based on DNS load balancing implementation, it should be possible for Endpoint Servers to be on different subnets.
  • For failovers to the original server, all the "work" of load balancing gets completed by the load balancing implementation (e.g., F5, etc.).

Note:

  • "Source IP persistence"  needs to be set on the Load Balancer. The recommendation is to set the persistence to 24 hours otherwise issues with reporting may be experienced.
  • Some Load Balancers do not support source IP persistence. If not supported by your Load Balancer, configure another way to make sure that the endpoints are not "bouncing" between servers.
  • The DNS-based load balancing essentially sends agents to their servers in a round-robin fashion: Agent 1 => Server 1, Agent 2 => Server 2, etc. If Server 1 isn't available, Agent 1 goes to Server 2, etc. If all but one Server fails, all Agents go over to the available Server - 3, 4, 5, etc., until previous Servers are back online. After which, DNS again assigns Agent 1, 2, etc., to servers in order available => Server 1, 2, etc.
  • Ping times (by Load Balancer like F5) can determine how quickly new connections can go to the newly available servers.
  • Presumably, Endpoints have a choice of two Servers (internal vs external). Otherwise, all the "work" of load balancing gets completed by the LB implementation (e.g., F5, etc.)
  • BRCM is certifying F5 Load Balancer in Forwarding (Layer2) type mode
Powered by Wolken Software