Installing Supplemental Forcepoint DLP Servers

After Forcepoint DLP has been installed on the management server (as described in Installing the Management Server), supplemental Forcepoint DLP servers can be installed to distribute analysis load.

Important: Before installing a supplemental server, make sure that the Forcepoint Management Infrastructure and Forcepoint DLP management components are already installed.

Note: Customers using Email Security Gateway (ESG) and Web Content Gateway (WCG) must not upgrade to the Supplemental Forcepoint DLP Server 10.4 which no longer support Optical Character Recognition (OCR) server, and must use the OCR server from previous version to keep the OCR functionality working. Stay tuned for further announcements regarding general availability of Email Security Gateway and Web Content Gateway with Forcepoint Security Manager 10.4 and Policy engine 10.4 to enable the new Policy Engine’s OCR functionality.

Review the following article for possible upgrade paths: Optical Character Recognition (OCR) backward compatibility in DLP and Upgrade path.

Do not install any Forcepoint DLP component on a domain controller.

Medium to large organizations may require more than one Forcepoint DLP server to perform content analysis efficiently. Having multiple Forcepoint DLP servers improves performance and allows for custom load balancing, as well as providing for organizational growth.

The following components are included on supplemental Forcepoint DLP servers:

Policy engine
Secondary fingerprint repository (the primary is on the management server)
Endpoint server
Optical Character Recognition (OCR) server
Crawler
Note: In production environments, do not install a Forcepoint DLP server on a Microsoft Exchange, Forefront TMG, or print server. These systems require abundant resources.