Understanding how DLP Agents receive Configurations and Policies

book

Article ID: 198168

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

You want to understand how DLP Agents receive Configurations and Policies.

Resolution

DLP Agent behavior is determined through what Agent Configuration it has, and which Policies it has received. This article is a high-level overview of the design whereby the agents are assigned configurations and policies.

The following graphic demonstrates these relationships visually:

Key Principles:

  • Agents must be assigned to an Endpoint Server in order to receive Policies and Configurations.
    • Endpoint Server Assignment Methods:
      • Using the ENDPOINTSERVER parameter at installation time.
      • By selecting agents from the Agent List page in the Enforce server Console and using the "Change Server" feature.

 

  • All Endpoint Servers receive all active Configurations.
  • Each Endpoint Server receives only those policies contained within Policy Groups that have been assigned to it.

 

  • Agent Configuration objects must be assigned to an Agent Group and will be applied to the agents within that group.
  • Agents must be added to an Agent Group which has an Agent configuration assigned, in order to receive a Configuration
    • Agent Group Assignment Methods:
      • Dynamically by agent/user attribute
      • Manual assignment:
        • Statically entered in the "Always include these agents" field of the Agent Group page.
        • By selecting agents from the Agent List page in the Enforce Server Console and using the "Change Group" feature.

 

  • Policies must be assigned to Policy Groups.
    • Policy Groups must be assigned to Endpoint Servers in order for the Policies to then be associated with the Agents that have been assigned to that particular Endpoint Server.

Attachments