Currently Symantec Encryption Management Server does perform true failover when using the Clustering feature on the Server--that is, when one server goes down, the other nodes do not automatically wake up to take over all functions. Mail would need to be routed to the working systems, and if not already done, network resources would need to redirect clients to the Symantec Encryption Management Server.
In order to get failover from the Clustering a Load Balancer could be used to determine load and availability and direct traffic to appropriate servers as needed.
DNS Round Robin is not supported as it has been known to cause problems with replication. See article TECH232399 for more information.
A Feature Request has been submitted for built in failover for Services when there is an issue with one of the Symantec Encryption Management Servers.
This request includes Symantec Desktop Encryption client traffic, Email Proxies, Verified Key Directory Services, Web Email Protection Services, and LDAP Key lookup Services.Symantec Corporation is committed to product quality and satisfied customers. Technical Support filed a Feature Request to add the functionality listed above. This Feature Request is currently being considered by Symantec Corporation to be addressed in a forthcoming version of the product. There is no guaranteed date for this request from the Encryption Product Management team, or the Encryption Engineering team at this time. Please be sure to refer back to this article periodically as any changes to the status of the request will be reflected here. You can also subscribe to this article to receive notification when it is updated. To have your organization added to the list of companies that desire this Feature Request, please contact technical support.