PGP Universal Server Cluster - Replicated Settings and Data


Article ID: 153723


Updated On:


Symantec Products


This article details which data is replicated between PGP Universal Server cluster members. This applies to PGP Universal Server 3.0.x.


When you have two or more PGP Universal Servers operating in your organization, you can configure them to synchronize with each other; this arrangement is called a cluster. Servers in a cluster can all keep data replicated from the other servers in the cluster: users, keys, managed domains, and policies. For those servers running PGP Universal Web Messenger they can also replicate Web Messenger data.

The following settings and data are considered global and are replicated to all servers in the cluster:

  • Consumers (internal and external users, devices, and their keys and properties)
  • Group configurations and consumer policies
  • Managed domains and mail settings (policies, dictionaries, archive servers, message templates)
  • Directory synchronization settings
  • Organization keys and certificates
  • Ignition keys
  • Trusted keys
  • Configured keyservers
  • Web Messenger data (if replication is enabled)
  • Learn Mode
  • PGP Verified Directory data (though the service can be enabled or disabled on individual servers).
As the administrator, you have some degree of control over what data is replicated to which cluster members:

  • You can allow or prevent the private keys of Internal Users from being replicated to individual servers.
  • You can configure the Web Messenger service to run only on a subset of cluster members, which limits Web Messenger data replication to only those servers running Web Messenger.

    Further, you can configure Web Messenger data replication so that it is replicated only to a subset of the eligible cluster members. For example, if you have a cluster of four servers, three of which run Web Messenger, you can configure Web Messenger replication so that each user's mailbox is replicated to only one or two of the three eligible servers.
Note: The following settings are not replicated:

  • Server TLS/SSL certificates
  • Mail routes
  • Mail proxies