Move one Cloud Detection Server from one Enforce Server to another
book
Article ID: 184777
calendar_today
Updated On:
Products
Data Loss Prevention Cloud Detection ServiceData Loss Prevention Cloud Detection Service for ICAPData Loss Prevention Cloud Detection Service for RESTData Loss Prevention Cloud Service for Email
Issue/Introduction
Cloud Detection Servers are bound with a specific Enforce, this is why there is no procedure for such action.
If there is a need to move one server to another, open a case with support.
Resolution
Cloud Detection Servers are bound with a specific Enforce, this is why there is no procedure for such action. However, if there is a need to move one server to another please follow the steps below:
Because incidents created for one Enforce cannot be shipped to a different Enforce Server, before migrating you should first stop all traffic from being sent to the Detector.
Depending on the type of Cloud Detector, do one of the following:
CloudSOC
De-activate the Enforce Managed DLP instance in the CloudSOC (note: do not Remove, just De-Activate) Portal+
Document/Backup (screenshot, or print to pdf) Existing Cloud applications from Enforce associated with the cloud detector under Manage > Application Detection > Configuration. Please ensure you open each individual application and take a screenshot, or print to pdf of each one not just the list.
Document/Backup (screenshot, or print to pdf) Advanced detector settings for the Cloud detector server under System > Servers and Detectors > Overview - click on your Cloud detector server then click on the Server Settings button to access the Advanced Server settings page. You can use this information later to modify any settings required on the new Enforce server for the Cloud detector (e.g. ContentExtraction.EnableMetaData = off/on) that had been modified in the old Enforce server. For more detail see Advanced detector settings (16.0.2 - techdocs.broadcom.com)
Delete the cloud applications under Manage > Application Detection > Configuration. This is a necessary step to delete the detector from the Enforce.
WSS
Disable the Scanning of All Traffic in WSS
O365
Disable DLP transport rule in O365 / Gmail to stop sending messages through the service
Remove the CDS from old Enforce server by deleting it on System > Servers and Detectors > Overview.
Open a case with Support to unbind specific Detector ID from original Enforce Server.
The Cloud Support team will:
unbind specific detector ID from Enforce
generate and provide new Enrollment Bundle which can be used to connect to the new Enforce Server
After the detector has been rebound.
Ensure the newly re-added detector shows as 'Connected' in the Enforce Console
CloudSOC
Re-create applications removed in step 2 under Manage > Application Detection > Configuration.
Re-activate the Enforce Managed DLP instance in the CloudSOC Portal
Re-sync cloud applications from Enforce under Manage > Application Detection > Configuration.
WSS
Re-Enable the Scanning of All Traffic in WSS
O365
Re-Enable the DLP Transport rule in O365 / Gmail to resume sending messages through the service.