DLP: Setting up a DLP on-prem OCR server
search cancel

DLP: Setting up a DLP on-prem OCR server

book

Article ID: 276273

calendar_today

Updated On:

Products

Data Loss Prevention API Detection for Developer Apps Virtual Appliance Data Loss Prevention API Detection Virtual Appliance Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Cloud Package Data Loss Prevention Cloud Prevent for Microsoft Office 365 Data Loss Prevention Cloud Service for Discovery/Connector Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Storage Data Loss Prevention Core Package Data Loss Prevention Data Access Governance Data Loss Prevention Discover Suite Data Loss Prevention Endpoint Discover Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Suite Data Loss Prevention Enforce Data Loss Prevention Enterprise Suite Data Loss Prevention for Mobile Data Loss Prevention for Office 365 Email and Gmail with Email Safeguard Data Loss Prevention Form Recognition Data Loss Prevention Network Discover Data Loss Prevention Network Email Data Loss Prevention Network Monitor Data Loss Prevention Network Monitor and Prevent for Email Data Loss Prevention Network Monitor and Prevent for Email and Web Data Loss Prevention Network Monitor and Prevent for Web Data Loss Prevention Network Prevent for Email Data Loss Prevention Network Prevent for Email Virtual Appliance Data Loss Prevention Network Prevent for Web Virtual Appliance Data Loss Prevention Network Protect Data Loss Prevention Network Web Data Loss Prevention Oracle Standard Edition 2 Data Loss Prevention Plus Suite Data Loss Prevention Sensitive Image Recognition

Issue/Introduction

On-premises OCR content extraction requires the installation of an OCR Server.
 
You configure the OCR Server (micro service) from the Enforce Server administration console. A single OCR Server can be installed on a separate computer, or on the same computer as the detection server (not recommended). Symantec recommends that you install the OCR Server on hardware that is dedicated to the OCR Server. You can also install the OCR Server on VMs with dedicated resources. Dedicated resources are necessary because of its high processing requirements.
 
For the full "Getting Started..." please visit the following link: Getting Started with DLP

Environment

DLP: 16.x

DLP: 15.8.x

Resolution

VERSION DISCLAIMER:
Please note that the following instructions are version agnostic, and can generally be used on any currently supported version. As such you will find several variables denoted such as "<DLPversion>" to indicate where a version number "should" be used. You will need to replace these variables with the appropriate version that you are attempting to use. Below are a few examples of such translations...

<DLPversion>  = 15.8, 16.0, 16.0.1 or 16.0.2
<DLPfullversion>  = 16.0.10000.60631
<ORACLEversion>  = 193000 or 19.3.0.0
<JREversion> = jdk8u322-b06 or 8u322b06

 

Install an OCR Server using the Symantec DLP OCR Server Installer setup wizard.

1. Download Symantec_DLP_<DLPfullversion>_OCR_Server.zip from support.broadcom.com

2. Once downloaded, extract the zip file to the following path: C:\Users\<username>\Downloads\Symantec_DLP_<DLPfullversion>_OCR_Server\DLP\<DLPfullversion>\OCR

3. Click on "OCRServer.msi" 

4. Click "Next"

5. Accept the agreement and click "Next"

6. Select the desired "Destination directory", Click "Next"

7. Select the desired "Data directory", Click "Next"

8. Click "Install", the installer will run

9. Click "Finish" when the installation is complete 

Now the OCR service is running and is ready to receive OCR requests. A certificate is required for communication between the OCR client on the Enforce Server and the OCR Server. Steps to accomplish this can be found here

You can use Diagnostics for properly sizing OCR Server Deployments, steps for enabling the diagnostic logs and how to use the results can be found here

Additional Information

To enable the newest OCR option, DLP OCR in the Cloud, follow the steps found in the following documentation here

To "upgrade" 15.x OCR Servers, there is no "upgrade" the process is: 

  1. Export and save the private keys, certs, trusted certs from 15.x OCR server.
  2. Uninstall the 15.x OCR server
  3. Install the 16.x OCR server
  4. Import the private keys, certs, trusted certs from 15.x OCR server