Symantec Data Loss Prevention supports three different installation types:
three-tier, two-tier, and single-tier
Single-Tier: To implement the single-tier installation, you install the Oracle Database, the Enforce Server, and a detection server all on the same computer. Use single-tier installation only for testing or risk assessment purpose.
Two-Tier: To implement the two-tier installation, you install the Oracle Databse and the Enforce Server on the same computer. You then install detection server on a separate computer.
Three-Tier: To implement the three-tier installation, you install the Oracle Database, the Enforce Server, and a detection server on separate computers.
The Three-Tier installations require that you install the Oracle Client (SQL*Plus and Database Utilities) on the Enforce Server to communicate with the Oracle server.
Here are the steps to perform a three-tier installation:
1. Prepare three servers: server1 used for the Oracle Databese, server2 used for the Enforce, and server3 for the detection server.
2. Install Oracle and create the Symantec Data Loss Prevention database on server1. See the 'Symantec Data Loss Prevention Oracle 11g Installation and Upgrade Guide' for information about install Oracle Database.
3. On server2, you need to install Oracle Client.
Choose 'Custom' for the installation type:
4. For the product components, select 'Oracle Database Utilities', 'SQL*Plus' and 'Oracle Net':
5. Copy the tns configuration file from server1 (located on: \\server1\c$\app\Administrator\product\11.2.0\dbhome_1\NETWORK\ADMIN\tnsnames.ora) to server2 (copy to: \\server2\C:\app\Administrator\product\11.2.0\client_1\network\admin).
6. From server2, open command line, then, run the command: tnsping protect, make sure the command run successfully:
7. Install DLP Enforce on server2:
8. For the Oracle Database Server Information, input the hostname of the Oracle Database, which is the hostname of server1:
9. For the information of Oracle Database User Configuration, input the 'User Name' as 'protect':
10. Finish the installation of DLP Enforce on server2.
11. On server3, install Detection Server by run the same installation file of DLP Enforce, but, choose 'Detection' as Server Components:
12. Add server3 as a detection server on DLP Enforce Console.
DONE!