Clustering DLP Prevent allows your environment to optimizes traffic and provides high availability. You will need to be on DLP Prevent 10.0 patch 2 or later, but the upgrade process is actually pretty easy.
Okay, to get started, your first step is to download the latest DLP Prevent ISO by using your grant number on the McAfee Software Download site.
Find the DLP Prevent listing and download the latest hotfix or patch (the latest is McAfee DLP Prevent 10.0.203 currently).
After the download’s complete, you’ll want to boot your DLP Prevent appliance off of the ISO. I’m just going to demo it with my virtual appliance in ESXi.
First, I’m going to upload the ISO to the ESX server. To do so, I’m going to browse my ESX datastores and select the location I want to upload my ISO. When I click upload, I can then select the file I just downloaded and click Open.
Next, I’ll right click on my DLP Prevent appliance host and click edit settings to set the CD/DVD drive to point to the image on the datastore that I had just uploaded.
I’ll also want to make sure that the Connect button is checked.
I’ll also want to take a look at the boot options and boot into the bios to make sure that it is set to boot from the CD/DVD drive first in the boot order.
I’m when I restart the system, it will boot into the bios.
In the bios, I just want to make sure that the boot order has my CD-ROM is listed first. Then I can save and exit and it'll boot off the CD/DVD from the ISO.
Now that I’ve booted off the CD/DVD drive, it’ll prompt me with a menu of options. I want to make sure to select option “C”, where it performs the upgrade and retains all of the settings.
After I’ve selected option “C”, I’ll enter “a” to continue and confirm the upgrade. After that, it starts the upgrade process.
After the upgrade is complete and the appliance is at a login prompt, we can log into ePO and see its status under Menu > Appliance Management.
We can see the new Prevent Appliance version here as well as the fact that they are currently in standalone mode
Okay, great, now that the appliance is upgraded, let’s set up the load balancing. Just make sure that the two DLP Prevent appliances are connected to the same network segment for it to work.
To set up Load balancing, go to Menu > Policy Catalog
Select DLP Prevent Server from the product dropdown, then click on the General policy that assigned to your systems, which is probably My Default.
In the policy screen, check Enable next to Load Balancing.
Next, assign it a cluster ID, such as 1, and then give it a virtual IP address.
After you hit save and apply the changes, perform an agent wakeup on your DLP Prevent appliances. It may take about 5 minutes for the cluster to stabilize and identify the cluster master and cluster scanners.
Afterword, we can take a look in Appliance Management again and see that the descriptions have changed accordingly. They are now listed as clustered.
Okay, great, that’s pretty much it. As you can see, it’s easy to upgrade DLP Prevent and set up load balancing to optimize your network traffic and provide high availability.