search cancel

About Symantec DLP Installation Tiers

book

Article ID: 258039

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Core Package Data Loss Prevention Enforce Data Loss Prevention Enterprise Suite Data Loss Prevention Plus Suite

Issue/Introduction

Symantec DLP has 3 different installation types referred to as "Tiers".

Single-Tier:
     - A single-tier deployment consists of all 3 major servers required for DLP (Oracle, Enforce, Detection) to be installed on the same physical machine.
     - This is typically only recommended for small lab environments or in some rare cases very small companies may find this useful.
     - Please note that if you plan to install Enforce and the Detection server on the same physical server, this is still considered a single-tier installation even if Oracle is on it's own box.
Two-Tier: 
     - A two-tier deployment consists of two servers, the first server will have Oracle AND Enforce on the same machine, while having a Detection Server on a secondary machine.
     - This is probably the least common deployment type.
Three-Tier: 
     - A three-tier deployment consists of each core server having their own physical servers (Oracle, Enforce, Detection). Oracle would be on server1, Enforce would be on server2, and the Detection server would be on server3.
     - This is the most common deployment, and likely the one we would recommend in most scenario's.
     - While single-tier may be cost efficient for labs, we will almost always recommend a three-tier solution for all production environments.

Cause

Description from the DLP 15.8 Windows Installation Guide...

Resolution

How to identify what tier your installation is?

1. The first thing to check are your Services!
     - If you see the following services installed, then you are a single tier installation. Note that you should see BOTH the Enforce Services and the Detection Server Service. If you only see one or the other, then this is not a single-tier installation.
          - SymantecDLPDetectionServerControllerService (Enforce Server)
          - SymantecDLPIncidentPersisterService (Enforce Server)
          - SymantecDLPManagerService (Enforce Server)
          - SymantecDLPNotifierService (Enforce Server)
          - SymantecDLPDetectionServerService (Detection Server)

2. Run the "tnsping protect" command, this should work for both Linux and Windows.

You will note that this shows you the path to the parameter file that is used "sqlnet.ora". If you see a reference to the "client" which we see here as "client_1", this means the Oracle Client is installed on this machine, and the full database is on another server, which you can also see referenced here as "js-oracle". This value may be abbreviated in another way such as "CLNT_1" or other variations. If you see something like "DB_1" this references the full database and means that the database is actually installed locally. Another alternative would be to "echo %ORACLE_HOME%" your ORACLE_HOME environment variable. This will display your ORACLE_HOME path on the screen. This command is slightly different between Linux and Windows which is why the TNSPING command above is recommended instead.

If all 3 installations are on their own machines, then this is a three-tier installation. If you find that Oracle and Enforce are on the same Server, but that the Detection Server is on a separate Server, then this would be a two-tier installation.

Attachments