Symantec Data Center Security Failover and Load Balancing
search cancel

Symantec Data Center Security Failover and Load Balancing

book

Article ID: 432116

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

You would like to have additional details on how to configure failover and Load Balancing for DCS.

Environment

DCS 6.10.x

Resolution

Setting up failover and load balancing

The DCS agents must be able to connect at all times to download the security policy and to send log events. You should set up failover to maintain communication if the management server becomes unavailable. Load balancing is used to distribute client management between multiple communications servers. 


DCS 6.10.x management platform is enhanced significantly to handle and scale a large number of agents and load balance of agents. You can install two or more communication Servers that communicate with one database and will handle failover automatically if one comm server goes down. Failover redirects the workload to an available comm server when the one server fails. Load balancing distributes workloads to prevent one comm server from being overloaded.

You can also install more than one management server for high availability in case any of the management servers are not available.




Install additional Communication servers.

The number of agents supported by each Communication Server depends on several factors, most importantly the volume and size of logs generated by the monitored and protected agents.
When planning your deployment, it is important to align the architecture with your organization’s size and expected workload. Broadcom provides recommended sizing guidance for the management platform and Communication Servers as part of the Symantec Data Center Security documentation.

You should review the DCS Management Server hardware requirements to ensure adequate CPU, memory, storage performance, and database capacity. Proper sizing of the Management Server is critical, as it handles policy management, event processing, reporting, and database operations. Under-sizing can lead to performance bottlenecks, delayed event processing, and reduced system responsiveness.

In addition to hardware resources, consider the following factors during planning:

  • Total number of agents
  • Average and peak log generation rate
  • Event retention period
  • Geographic distribution of endpoints
  • High availability and disaster recovery requirements
  • Database placement (dedicated vs. shared server)

For medium to large environments, it is generally recommended to deploy multiple Communication Servers and, where possible, separate the Management Server and database onto dedicated systems to improve scalability and performance.

Careful review of the official DCS Management Server hardware requirements and Communication Server sizing recommendations will help ensure a stable, scalable, and high-performing deployment.
DCS management Server hardware requirements

Install additional management servers for high availability

In Symantec Data Center Security 6.10.x, the Management Server primarily acts as a database connector and control layer. It manages policy distribution, administrative communication, and console access, while the database handles event storage and processing.

Because of this architecture, database connectivity is the most critical component for performance and stability.

Broadcom recommends deploying more than one Management Server to ensure high availability. Having multiple Management Servers:

  • Eliminates a single point of failure
  • Maintains console access during outages or maintenance
  • Improves overall resilience

For production environments, at least two Management Servers should be deployed, along with a highly available database backend.

Note: If your one management Server goes down or offline for any reason then you need to login to the second management Server to manage your assets. 

Console view of Management Server and Comm Server health

In Symantec Data Center Security (DCS), administrators can monitor the real-time health and availability of both Communication Servers and Management Servers directly from the Console home page.

The dashboard provides a centralized operational view, allowing DCS admins to quickly assess system status without needing to log into individual servers.

From the DCS console home page, administrators can:

  • View the online/offline status of Management Servers and Communication Servers
  • Monitor server connectivity to the database
  • Check service health and operational state
  • Identify communication failures between agents and servers

By continuously monitoring server health from the console, DCS administrators can proactively address issues before they impact security monitoring or policy enforcement.

 

Powered by Wolken Software