Designation of Primary role to a host within an LDT GuardPoint Group
The first host that enables a GuardPoint over NFS/CIFS share is designated as the primary host for the LDT GuardPoint Group. The primary designation persists until the GuardPoint is disabled or CTE services on the primary host are stopped. When needed, LDT designates another member of the LDT GuardPoint Group to assume the primary role for the group.
A secondary host is not a proper candidate for promotion to primary status if any of the following conditions exist for the GuardPoint on the secondary host:
-
The NFS share is mounted as read-only on the CTE host
-
The CTE host has not received the latest policy information
-
The latest key version available to the CTE host is not the most recent key version available to other members of the group
If the CTE host fails to perform the required operations for promotion to primary role, the host rejects the promotion request. The election process continues and it selects another host for promotion to primary role.
The read-only access to the GuardPoint directory restricts the designated host from performing LDT operations. LDT operations require read and write access to the NFS share.
The second and third conditions are most likely a transient communication failure between CipherTrust Manager and the designated CTE host. Once the communication issue between CipherTrust Manager and the CTE host is resolved, the CTE host will accept subsequent designation for primary status.
The last condition is usually the result of IO or networking issues between CTE host and the NAS share. If this occurs, the CTE host must be disabled and removed from the LDT GuardPoint Group. Removal of the CTE host will trigger election of another CTE host for primary role. If you are unable to disable the GuardPoint on the CTE host, you must reboot the host, and then remove the host from the LDT GuardPoint Group using the voradmin ldt group remove command.
