Operations
This section provides information on operations that the DDC Administrator performs on the CipherTrust Manager.
Reconfiguring DDC Agents
In some situations, for example, if the hostname or IP address of the CipherTrust Manager appliance changes, Agents' connection with DDC must be reconfigured with the new hostname or IP address.
Reconfiguring DDC Agents on Windows
To reconfigure a DDC Agent:
Log on to the host machine as administrator.
Open Enterprise Recon Configuration Tool (er2_config_cmd.exe).
By default, the tool is available at
C:\Program Files (x86)\Ground Labs\Enterprise Recon 2\
.In the Master server IP address or host name field, specify the new hostname or IP address of the CipherTrust Manager.
Click Test Connection. A message stating "Connectivity test is successful" confirms successful reconfiguration.
Click Finish.
Reconfiguring DDC Agents on Debian
To reconfigure a DDC Agent:
Log on to the host machine as a user with root privileges.
Reconfigure connection with DDC on the CipherTrust Manager appliance.
sudo er2-config -i <hostname|ip_address>
Here,
<hostname|ip_address>
represents the new IP address or hostname of the CipherTrust Manager appliance.Restart the Agent service. Configuration settings will be effective after the Agent restarts.
sudo /etc/init.d/er2-agent -restart
Reconfiguring DDC Agents on RHEL
To reconfigure a DDC Agent:
Log on to the host machine as a user with root privileges.
Reconfigure connection with DDC on the CipherTrust Manager appliance.
er2-config -i <hostname|ip_address>
Here,
<hostname|ip_address>
represents the new IP address or hostname of the CipherTrust Manager appliance.Restart the Agent service. Configuration settings will be effective after the Agent restarts.
sudo /etc/init.d/er2-agent restart
Tuning Scan Settings
You can customize system parameters for all the DDC Agents by using the ksctl tool. The following system parameters can be modified this way:
- Agent Memory (in MB)
- CPU used
- Throughput
The ksctl command to use to this end is ksctl ddc settings scan modify
.
Usage:
ksctl ddc settings scan modify [flags]
Flags:
Flag | Usage |
---|---|
--agent-memory int | Setting for the maximum memory usage that the scanner service can use on the agent host, in MB. Default 1024. |
-h, --help | help on the command's usage |
--jsonfile string | JSON format to create resources in DDC endpoints. |
--max-scan-throughput int | Max I/O rate the scanner service will use to read data from the data store, in MBps. Set to 0 for unlimited. Default 0. |
--scan-cpu string | CPU priority set for the agent used in the scan. The possible values are 'low' and 'normal'. Default 'low'. |
Global Flags:
Flag | Usage |
---|---|
--configfile string | Full path and name to a file that contains the configuration parameters (optional). |
--connection string | The friendly name of the server you want to authenticate against. (default "local_account") |
--domain string | The CipherTrust Manager Domain that the command will operate in. Can be used only with user/password and not with token. By default the command will operate in the root domain or the domain the user is logged-in. |
--jwt string | The JSON Web Token (JWT) - access token can be passed instead of user/password (optional). 'ksctl tokens create' creates a JWT. |
--nosslverify | Do not verify the certificate for SSL/HTTPS authentication (not recommended) |
--password string | CipherTrust Manager Server User Password. Do not use this flag to enter the password (masked) from terminal. |
--respfmt string | Response Output format (json is the only supported value at present, optional) (default "json") |
--timeout int | Timeout in seconds for TCP connection attempts |
--token string | The refresh token returned from the login command to be passed instead of user/password (optional). 'ksctl login' creates a token and writes it to the config file. |
--url string | CipherTrust Manager Server URL |
--user string | CipherTrust Manager Server User Name |
-v, --verbose | Provide verbose output while executing command (optional) |
Examples:
ksctl ddc settings scan modify --agent-memory 1024 --scan-cpu normal --max-scan-throughput 2
ksctl ddc settings scan modify --jsonfile scansettings.json
Warning
The ksctl ddc settings scan
command will be deprecated in the coming release.
Restarting DDC Agents
Restarting Agents on Windows
To restart a DDC Agent, run the following commands:
net stop "Enterprise Recon 2 Agent (<ARCH>)"
net start "Enterprise Recon 2 Agent (<ARCH>)"
Here, <ARCH>
represents the Windows architecture - x32 or x64.
Restarting Agents on Debian
To restart a DDC Agent, run:
sudo /etc/init.d/er2-agent restart
Alternatively, restart the Agent service by stopping it and again starting it manually. Run the following commands:
sudo /etc/init.d/er2-agent stop
sudo /etc/init.d/er2-agent start
Restarting Agents on RHEL
To restart a DDC Agent, run:
sudo /etc/init.d/er2-agent restart
Alternatively, restart the Agent service by stopping it and again starting it manually. Run the following commands:
sudo /etc/init.d/er2-agent stop
sudo /etc/init.d/er2-agent start