Synchronization Tool Configuration Best Practices

book

Article ID: 179242

calendar_today

Updated On:

Products

Email Security.cloud Web Security.cloud

Issue/Introduction

 

Resolution

Synchronization Tool Configuration Best Practices

  1. You must decide on a suitable system within your network on which to install and run the Synchronization Tool. This system must have internal network access to your directory system through LDAP and have external network access to the portal through HTTPS.
     

  2. The tool builds a data file to track changes to your source data. We recommend that you use a single instance of the tool to synchronize a given set of source data.
     

  3. Running multiple instances can result in the source data being out of step with the data in the cloud security services.
     

  4. It is recommended to install Schemus with JRE bundle as Schemus will use its own Java Runtime, the JRE directory is located in the directory where Schemus is installed.
     

  5. Create a Symantec.cloud Portal account specifically for use with the Synchronization Tool. This approach helps to avoid any changes being made to the account that may interfere with the synchronization process, e.g. password changes. Refer to Symantec.Cloud Portal User Account Permissions for Schemus - https://support.symantec.com/en_US/article.TECH225960.html
     

  6. When a single LDAP search cannot be configured to retrieve all the data, it is recommended that multiple sources be configured within a single configuration. Schemus merges the data from all the sources before sending them to Symantec.cloud. Multiple Sources are configured by clicking on Data Source from the left pane in the wizard and selecting Multiple Sources.
     

  7. Multiple configurations are not recommended since each configuration operates independently of the others. This can lead to corruption or inconsistent results when synchronizing with Symantec.cloud.

    One situation where multiple configurations may safely be used is for mail synchronizations where multiple email domains are configured on ClientNet. Each Schemus configuration must use different email domains. To ensure that this is the case, select a different set of domains on the Domains page in each configuration.
     

  8. It is not recommended to configure multiple configurations for Groups and Users synchronizations since the group memberships may not be updated correctly.

    If you do create multiple configurations for Group/User synchronizations or for Mail synchronizations with overlapping email domains, be sure to select Retry update from the Synchronization Type settings screen to reduce the possibility of data from one synchronization being deleted by another.
     

  9. To run the tool on an automated basis, decide whether to invoke the tool by a scheduling system (e.g. Microsoft Windows Scheduler) or by another application.
     

  10. It is strongly recommended that you use threshold limits to provide a safeguard against accidental deletion of entries in your data repository.

    Threshold limits warn you when the number of added or deleted entries exceeds a specified amount. This protects you from mistakes in your configuration, especially if you are using filters.