Should the Java heap sizes for the Detector and EnforceConnector services be the same size.

search cancel

Should the Java heap sizes for the Detector and EnforceConnector services be the same size.

book

Article ID: 391698

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor and Prevent for Web Data Loss Prevention Discover Suite Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Suite Data Loss Prevention Core Package Data Loss Prevention Network Discover Data Loss Prevention Network Email Data Loss Prevention Network Monitor Data Loss Prevention Network Monitor and Prevent for Email Data Loss Prevention Network Monitor and Prevent for Email and Web Data Loss Prevention Network Prevent for Email Data Loss Prevention Network Protect

Issue/Introduction

After upgrading from 15.8 MP3, there are now two new services on the Symantec DLP Detection Server, which are called the following:

Symantec DLP Detector Service
Symantec DLP Enforce Connector Service

With them, there are new corresponding .conf and .exe files for these services in <drive>\Program Files\Symantec\DataLossPrevention\DetectionServer\Services.

Given that there are two new .conf files should the Java heap sizes InitMemory and MaxMemory be modified to match the values present in prior version of DLP from the SymantecDLPDetectionServer.conf file, and secondly should both files have the same values?

Environment

DLP 16.0, 16.1

Resolution

The default values have been set during the installation/migration, which is likely similar to what you had previously for the wrapper.java.InitMemory and wrapper.java.maxmemory in the SymantecDLPDetectionServer.conf file.

The values can be adjusted and tuned according to the host system resources and past configuration as deemed necessary and under guidance from Broadcom Support or Consulting.

We would not set the InitMemory and MaxMemory values for both the Detector and EnforceConnector services to be the same in the new 16.x Detection Server.

In 16.1 we should no longer manually modify the .conf files to adjust the Java Heap sizes as these are controlled via new settings present in the Enforce console Advanced Server Settings page as follows, where UDS stands for Universal Detection Server:

UDS.Detector.InitMemory = 1024 (Default)

UDS.Detector.MaxMemory = 8192 (Default)

UDS.EnforceConnector.InitMemory = 1200 (Default)

UDS.EnforceConnector.MaxMemory = 1200 (Default)

Additional Information

You can find all the Detection Server Advanced Settings detailed in the 16.1 - Advanced Server Settings (techdocs.broadcom.com)

The "Symantec DLP Detection Server" service is the old service name used in 15.8 and older versions of DLP, for more details about the service change to the Detection Server in 16.1, please see 16.1 - Enhanced Detection Server Features and Benefits (techdocs.broadcom.com)

Note: In environments that have upgraded from an earlier version 15.x to 16.1 you may still see the older SymantecDLPDetectionServer.conf and SymantecDLPDetectionServer.exe present where the prior versions have not been uninstalled and the Symantec DLP detection server service will appear as disabled and not running in the Windows services.

Feedback

thumb_up Yes

thumb_down No