ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Best Practices for Disaster Recovery with Symantec Endpoint Encryption 11.x


Article ID: 161187


Updated On:


Endpoint Encryption


This Knowledge Base article provides information on the best practices for planning and executing a successful Disaster Recovery program for the Symantec Endpoint Encryption product.


Use the information in this article to help prepare the Symantec Endpoint Encryption 11.x environment and data in an event of a disaster or an unplanned interruption, such as a natural disaster or power outage.

Preparing for disaster recovery:

You prepare for disaster recovery by backing up the Management Password, database files, database settings, server certificate, server installation files, Active Directory settings, port numbers, and the domain name, IP address, and host name of the management server. You should also back up all client installation files As a best practice, you should store the backed-up data off-site at a secure location.

High-level tasks to prepare for disaster recovery

The following sections describe recommended practices to help you prepare and manage disaster recovery in your enterprise. Although, an administrator can perform the following recommendations, you can contact Symantec Technical Support for any assistance with the process.

Task Description
Step 1: Back up the database often Back up your database immediately following the successful installation and configuration of the Symantec Endpoint Encryption Management Server. At scheduled, frequent intervals, you should manually back up your database or perform automatic backups. For more information on backing up your Microsoft SQL Server database, see the Microsoft MSDN Library or your database owner.
Step 2: Back up important files or save information that you will require when you start the disaster recovery process The files or information that you must back up or save and use during the disaster recovery process are:
  • Password: Save the Symantec Endpoint Encryption Management password.
  • Certificate: Save the Web Server SSL certificate and Removable Media Encryption Recovery Certificate.
  • Database: Back up and save the database back up file (.bak) and database certificate that is used for configuring secure SQL Server. Also, save the database settings such as database server name, database port number, database account that was used for Symantec Endpoint Encryption Management Server installation and database access.
  • Active Directory settings: Save the Active Directory Configuration settings such as the forest name, server name, domain name, and Active Directory's Administrator account name and password.
  • Management Server information: Save the MSI files of Management Server, Management Agent, Drive Encryption and Removable Media Encryption. Also, save the Management Server IP address, host name, domain name, and port numbers used for configuring the web services.
Step 3: Copy the files you backed up off-site

Store the backed-up data off-site at a secure location.

Caution: When you back up files to a secure, off-site, location, be sure that the files are copied properly. If the copied files are corrupt, you cannot restore your data.

Step 4: Test your backup strategy Simulate a mock-disaster situation and try to restore all backed up files, database, and re-establish communication between server and clients.

Caution: To minimize the associated risks of simulating a mock-disaster situation, carefully review your organization’s policies and procedures.


Recovering after an interruption - disaster recovery sequence

Symantec recommends that you adhere to a recommended disaster recovery preparation and strategies. If you do encounter an interruption and need to recover, follow this recovery sequence:

  1. Set up an environment to install and configure Symantec Endpoint Encryption. For information on requirements to create the environment, see the Symantec Endpoint Encryption 11.x Installation Guide.
  2. Restore the Symantec Endpoint Encryption Management Server.
    • Use the IP address and host name of the server that you backed up and restore the Management Server.
  3. Restore the database and install Symantec Endpoint Encryption Management Server
    • Restore the backed up database. For more information on restoring the Microsoft SQL Server database, see the Microsoft MSDN Library or your DBO.
    • Install the Symantec Endpoint Encryption Management Server using the existing database option. Use the Management Server information that you backed up while installing the Management Server. For information on the Management Server installation, see the Symantec Endpoint Encryption 11.x Installation Guide.
  4. Restore client communication.
    • Restart a Symantec Endpoint Encryption client computer and verify communication between the Management Server and the client.



Applies To


This only applies to Symantec Endpoint Encryption 11.x