You need to back up the Protect directory on the Symantec Data Loss Prevention (DLP) Enforce server, for disaster recovery or migration purposes.
DLP 15.7.x - 15.8.x
This method is covered in the DLP Install guide under the "Creating the Enforce Reinstallation Resources file" section. See the Install guide for further details. Here is a summary:
Step 1
Switch to the DLP bin folder:
Windows: C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\bin
Linux: /opt/Symantec/DataLossPrevention/EnforceServer/<version>/Protect/bin
Step 2
Generate an Enforce Reinstallation Resources file by running the following command:
Windows:
C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect\bin> ReinstallationResourcesUtility.exe export "C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect" "C:\EnforceReinstallationResources.zip"
Linux:
[[email protected] bin]# ./ReinstallationResourcesUtility export /opt/Symantec/DataLossPrevention/EnforceServer/15.7/Protect/ /tmp/EnforceReinstallationResources.zip
Note: These steps assume that the DLP Enforce server is installed using default settings (C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect), and that the user is operating in a command line window with a working directory outside of that path.
mkdir config
robocopy /SEC "C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config" .config CryptoMasterKey.properties
robocopy /SEC "C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config" .config EncryptedPropertiesFilesEncryptionKey.key
mkdir keystore
robocopy /SEC "C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\keystore" .keystore
zip -r EnforceReinstallationResources.zip config keystore
Note: The zip command is present on single-tier and two-tier deployments under the oracle bin directory. In a three-tier setup, send the copied files to a compressed folder using Windows Explorer.
create the config directory while preserving permissions
mkdir -p /tmp/config
cp -p /opt/Symantec/DataLossPrevention/EnforceServer/<version>/Protect/config/CryptoMasterKey.properties /tmp/config/
cp -p /opt/Symantec/DataLossPrevention/EnforceServer/<version>/Protect/config/EncryptedPropertiesFilesEncryptionKey.key /tmp/config/
Create the keystore directory
mkdir -p /tmp/keystore
cp -r -p /opt/Symantec/DataLossPrevention/EnforceServer/<version>/Protect/keystore/* /tmp/keystore/
Create the zip archive
cd /tmp
zip -r EnforceReinstallationResources..zip config keystore
To verify the zip archive (Windows or Linux):
unzip -l reinstallationresources.zip
Point to this new EnforceReinstallationResources.zip when reinstalling Symantec Data Loss Prevention from your backup version.
If you reinstall using Silent Mode, you include the following parameters (in addition to other required parameters):
Windows: REINSTALLATION_RESOURCE_FILE="C:\EnforceReinstallationResources.zip"
Linux: REINSTALLATION_RESOURCE_FILE=/tmp/EnforceReinstallationResources.zip
If you choose to run the EnforceServer.msi file to complete the installation, on the Initialize Database panel select Preserve Database Data and specify the EnforceReinstallationResources.zip file.
For detailed information about DLP backups and recovery, see the Data Loss Prevention System Maintenance Guide - 15.7 / 15.8.