1 / 27

ProtectV – Troubleshooting

ProtectV – Troubleshooting. ProtectV Certification Course. Network Issues. ProtectV Manager, ProtectV Client, The cloud service provider, KeySecure and other network components are accessed using predetermined TCP and UDP ports.

candra
Download Presentation

ProtectV – Troubleshooting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ProtectV – Troubleshooting ProtectV Certification Course

  2. Network Issues • ProtectV Manager, ProtectV Client, The cloud service provider, KeySecure and other network components are accessed using predetermined TCP and UDP ports. • In case firewalls are used on the network it is required to reconfigure them in order to allow access on the appropriate ports.

  3. Network Issues • List of required ports for the ProtectV solution Note: Also open the required ports to manage/use the VM’s you will protect using ProtectV (Ie. SSH for Linux VM’s and RDP for Windows machines).

  4. Network Issues • List of required ports for the ProtectV solution Note: Also open the required ports to manage/use the VM’s you will protect using ProtectV (Ie. SSH for Linux VM’s and RDP for Windows machines).

  5. Network Issues • Test to see if a port is open • The below example of using the telnet command was made on a Linux machine, but the same can be used on a windows machine as well. [root@localhost ~]# telnet 10.9.17.3 9090 Trying 10.9.17.3... Connected to 10.9.17.3 (10.9.17.3). Escape character is '^]'. test Connection closed by foreign host. [root@localhost ~]# telnet 10.9.17.3 9091 Trying 10.9.17.3... telnet: connect to address 10.9.17.3: Connection refused telnet: Unable to connect to remote host: Connection refused • Getting a prompt to enter characters means the port is opened. • Getting a “Connection refused” message means the port is closed.

  6. ProtectV Client on Linux • Check if the ProtectV Client is running • Run the command "ps -ef | grep engage“ • If the “Engage” daemon is running, ProtectVClient was installed

  7. SetIP • In case the ProtectV manager is not able to connect to the ProtectV Client, manually set the IP of the VM with ProtectV client. • Open the PVM web interface • Under “Instance Management”, choose the instance, Click on “Take Action” and choose “Set IP Address” Note: In case the “Set IP Address” option is grayed out, shut down the VM, refresh the instances in PVM and try again.

  8. Adding an HA peer • Issue: • An error is received when trying to add a secondary PVM as an HA peer. Error(607): ProtectV Manager is in use, please use a new one • Suggestion: • In case the secondary PVM was added as an HA peer in a previous setup process, you will not be able to use it. You will need to launch a new installation of PVM to be used as a secondary peer.

  9. CLI Commands - PVM HA Status • ha>get-status From the CLI enter the following commands: • ha [Enter] • get-status [Enter] (PVM) ha> get-status instances: vsphere$integ@5026e3ef-d02e-defb-f821-19e2061c66f5: id: 'vsphere$integ@5026e3ef-d02e-defb-f821-19e2061c66f5' statusCode: 0 statusStr: 'healthy' vsphere$integ@5026ebae-41a8-3c43-7e9d-e7f91c8ae293: id: 'vsphere$integ@5026ebae-41a8-3c43-7e9d-e7f91c8ae293' statusCode: 0 statusStr: 'healthy' master: 'vsphere$integ@5026e3ef-d02e-defb-f821-19e2061c66f5' active: 'Yes'

  10. CLI Commands - Getting HA heart-beat config • ha>get-heartbeat-config From the CLI enter the following commands: • ha [Enter] • get-heartbeat-config [Enter] (PVM) ha> get-heartbeat-config responseTimeoutSecs: 10 periodSecs: 30 retryCount: 5

  11. CLI Commands - Logging and Monitoring • Logging Commands • logging>Syslog - Configure syslog server settings. • servers - Updates Syslog server configuration • servers ip1 port1 [ip2] [port2] • show - Retrieves current syslog server addresses and ports • enable-forwarding - Enables Syslog forwarding • disable-forwarding - Disables Syslog forwarding • logging>transfer • debuglogs- Transfers internal logs for use by SafeNet support • logs - Transfers system or audit logs to an SCP or SFTP server • SNMP Commands • snmp>traps>config>get - Retrieves current SNMP Trap Server Config • snmp>traps>config>set - Updates SNMP Trap Server Config • snmp>traps>config>disable - Disables SNMP Traps • snmp>traps>config>enable - Enables SNMP Traps

  12. CLI Commands - Misc • PVM information • status>overview - Aggregate status overview for partitions and instances • status>power-overview - Aggregate power status overview for instances • status>system-overview - Aggregate system status overview for Linux

  13. API syslog functions • Syslog server: • updateSyslogServer() - This function updates syslog server addresses for both primary syslog server and secondary syslog server. • enableSyslogForwarding() - This function starts syslog forwarding • getSysogServerInfo() - This function retrieves the current syslog server addresses and port assignments, and the log forwarding state (enabled/disabled). • disableSyslogForwarding() - This function stops syslog forwarding. • Syslog configuration example: C:\Python27>python >>> import SOAPpy >>> pvm = SOAPpy.SOAPProxy("https://admin:Password1!@10.9.17.1:8080/soap") >>> pvm.updateSyslogServer('10.1.6.252','514') [0, '', None] >>> pvm.enableSyslogForwarding() [0, '', None]

  14. API Logging functions • Logging: • debugLogTransfer() - This function transfers internal logs using ftp/sftp/scp server for use by SafeNet support • safeLogTransfer() - This function transfers the ProtectV Manager log using the stated protocol as an encrypted zip file to the user. • scheduleClearLogJob() - This function is used to schedule the clearing of older logs, either immediately, or at a specific time (now/daily/weekly etc.)

  15. AWS and VMWare Advanced Troubleshooting

  16. Troubleshooting: • Some messages returned by ProtectV can exceed default message/buffer settings in SOAP clients. If you see size-related errors, you’ll need to increase the message/buffer size. Refer to your SOAP client documentation for details. • Issue: Functionality for the getPartitionRecoveryData API not available in the ProtectV Manager Console. • Resolution: If corruption has occurred, data required to recover an encrypted partition must be collected using either the SOAP API or CLI. • getPartitionRecoveryData - This method collects recovery data from the instance and saves it in the ProtectV Manager database

  17. Upgrade: • Issue: In Windows, upgrading a fully encrypted ProtectV Client version 1.0.1 client will not allow re-encryption after upgrade and decryption of all partitions • Resolution: 1 Decrypt all partitions on the Windows 1.0.1 clients prior to upgrading ProtectV Manager 1.0.1. 2. Uninstall ProtectV Client version 1.0.1 on the Windows client. 3. Re-install ProtectV Client version 1.1 on the Windows client. 4. Upgrade ProtectV Manager 1.0.1 to version 1.1. 5. Encrypt all partitions as desired.

  18. AWS Advanced Troubleshooting

  19. Troubleshooting: • Issue: VPC - Although proxy support is added in version 1.1, proxy user authentication is currently not supported. If user authentication is enabled on the proxy server, ProtectV will not work. • Resolution: When calling the setProxyConfig() API or the network proxy set CLI, do not use the proxy_user or proxy_password parameters. • Issue: WSDL DOTNET: The getPartition SOAP API fails with a Deserialization error. • Resolution: Modify your deserializer in C#.

  20. Troubleshooting: • Issue: A newly attached volume in AWS fails if it is specified as <volume name>. • Resolution: Attach volumes as /dev/<volume name>. • Issue: An incorrect number of partitions is listed in the getPartitions SOAP call. • Resolution: Detach the volume and attach it to the instance in OS mode.

  21. Troubleshooting: • Issue: Resuscitated former primary peer is not properly booted. • Resolution: To avoid booting problems for the resuscitated former primary peer, set the periodSecs parameter in the configureHeartBeat API to 60 seconds. • Issue: Encryption fails with tempDisk error, “Failed to map temp disk to client - %s),” and the client will go to pre-boot mode • Resolution: After failure, the instance should be in pre-boot mode. You can then boot the instance into OS mode using bootupProtectedInstance. The partitions can then be encrypted or decrypted (using bootupProtectedInstanceEx) and used in normal operation.

  22. Troubleshooting: • Issue: In Windows, a SES APPCRASH when unable to write SECURDSK file data, b36: 0x3d1c1 b39: 0x42686 (when 2nd partition has zero bytes free) error occurs • Resolution: A minimum of 8MB should be available on a disk before attempting encryption. • Issue: In Windows, decrypt call fails with error "Enable Partition access failed" if encrypted volume is attached in pre-boot (or stopped) instance. • Resolution: Boot, and then decrypt or attach volumes in OS mode.

  23. VMWare Advanced Troubleshooting

  24. Troubleshooting: • Issue: API changes made in Heartbeat configuration are not reflected in the GUI (Administration > System Settings >High Availability > HA Settings). • Resolution: To get the current status of the Heartbeat configuration, use the following API request: pvm.getHaHeartBeatConfig(). • Issue: Temporary volumes created for an encryption/decryption process are not deleted after the encryption/decryption job is completed. • Resolution: Manually delete the temporary volumes.

  25. Troubleshooting: • Issue: Connection is lost between PVM and the GUI during HA failover scenarios. • Resolution: Log in again to reconnect. • Issue: In Windows, ProtectV Manager fails to communicate with client after attaching a preformatted volume in a pre-boot state. • Resolution: After ProtectV client installation, preformatted disks should be added in OS mode.

  26. Questions ?

  27. Thank you!

More Related