You have the DLP Cloud Service enrolled, and want to backup relevant details from your Enforce Server
search cancel

You have the DLP Cloud Service enrolled, and want to backup relevant details from your Enforce Server

book

Article ID: 258252

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Cloud Package Data Loss Prevention Cloud Service for Email

Issue/Introduction

With the DLP Cloud Service installed the existing "Enforce ID" is a key identifier or "UUID", which is unique to every Enforce instance. The current method of preserving a backup of Enforce data (the Reinstallation Resources utility) does not collect this piece of information.

Environment

DLP Cloud Services with on-premises Enforce Server

Cause

You need to retain this information in the event of a Disaster Recovery scenario, as per the details given at this Help Center topic:

Configure the Symantec Data Loss Prevention Cloud Service for Disaster Recovery (broadcom.com)

 

Resolution

The Enforce ID is displayed when viewing the Enforce Server, by clicking on it in the System > Servers and Detectors view.

You can also confirm the Enforce ID (the "UUID") directly from the Database, by running the following query (as the "protect" user):

SELECT * FROM ENFORCEINSTANCE;

Output for above example:

ENFORCEUUID
------------------------------------
B8C8DDBB-4C37-9BA6-9BA6-B8C8DDBBD3A

 

Preserve a copy of this ID in the event of a system recovery.

Additional Information

If Enforce was reinstalled after a disaster or hard failure (or as a backup server following instructions for backup and recovery), the resultant Enforce ID may be different than the backup ID.

Confirm it via the methods given in the Resolution steps in this article.

If you need to replace the new Enforce ID with the original one (saved as prior backup), use the following method:

Connect to the database via SQLPlus, as the "protect" user.

Run the following command:

UPDATE ENFORCEINSTANCE e set ENFORCEUUID = REPLACE(e.ENFORCEUUID, '<current UUID>','<original UUID>');

Requery to confirm the UUID has been set:

SELECT * FROM ENFORCEINSTANCE;

If it matches, run the below command to set the change:

commit;

The COMMIT statement is vital. Even if the new UUID shows up in the SQL query, it won't persist without committing the change.

Afterward, restart all Symantec DLP services.

 

See links to additional information about preparing for DR scenarios, using the Reinstallation Resources utility:

Creating the Enforce Reinstallation Resources file (broadcom.com)

The utility includes the collection of the enforce_keystore.jks from the original Enforce Server. That keystore contains the Cloud Certificate for your enrolled Cloud Detectors.

 

Further details about High Availability and Disaster Recovery:

About High Availability and Disaster Recovery for Symantec Data Loss Prevention (broadcom.com)

Cloud Architectural Considerations (broadcom.com)

 

Detailed steps for backup and recovery are given in these topics:

Backing Up and Recovering on Windows (broadcom.com)

Backing up and recovering on Linux (broadcom.com)

 

Powered by Wolken Software