Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

DDC Administration

Operations

search

Please Note:

Operations

This section provides information on operations that the DDC Administrator performs on the CipherTrust Manager.

Reconfiguring DDC Agents

In some situations, for example, if the hostname or IP address of the CipherTrust Manager appliance changes, Agents' connection with DDC must be reconfigured with the new hostname or IP address.

Reconfiguring DDC Agents on Windows

To reconfigure a DDC Agent:

  1. Log on to the host machine as administrator.

  2. Open Enterprise Recon Configuration Tool (er2_config_cmd.exe).

    By default, the tool is available at C:\Program Files (x86)\Ground Labs\Enterprise Recon 2\.

  3. In the Master server IP address or host name field, specify the new hostname or IP address of the CipherTrust Manager.

  4. Click Test Connection. A message stating "Connectivity test is successful" confirms successful reconfiguration.

  5. Click Finish.

Reconfiguring DDC Agents on Debian

To reconfigure a DDC Agent:

  1. Log on to the host machine as a user with root privileges.

  2. Reconfigure connection with DDC on the CipherTrust Manager appliance.

    sudo er2-config -i <hostname|ip_address>

    Here, <hostname|ip_address> represents the new IP address or hostname of the CipherTrust Manager appliance.

  3. Restart the Agent service. Configuration settings will be effective after the Agent restarts.

    sudo /etc/init.d/er2-agent -restart

Reconfiguring DDC Agents on RHEL

To reconfigure a DDC Agent:

  1. Log on to the host machine as a user with root privileges.

  2. Reconfigure connection with DDC on the CipherTrust Manager appliance.

    er2-config -i &lt;hostname|ip_address>

    Here, <hostname|ip_address> represents the new IP address or hostname of the CipherTrust Manager appliance.

  3. Restart the Agent service. Configuration settings will be effective after the Agent restarts.

    sudo /etc/init.d/er2-agent restart

Tuning Scan Settings

You can customize system parameters for all the DDC Agents by using the ksctl tool. The following system parameters can be modified this way:

  • Agent Memory (in MB)
  • CPU used
  • Throughput

The ksctl command to use to this end is ksctl ddc settings scan modify.

Usage:

ksctl ddc settings scan modify [flags]

Flags:

FlagUsage
--agent-memory intSetting for the maximum memory usage that the scanner service can use on the agent host, in MB. Default 1024.
-h, --helphelp on the command's usage
--jsonfile stringJSON format to create resources in DDC endpoints.
--max-scan-throughput intMax I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited. Default 0.
--scan-cpu stringCPU priority set for the agent used in the scan. The possible values are 'low' and 'normal'. Default 'low'.

Global Flags:

FlagUsage
--configfile stringFull path and name to a file that contains the configuration parameters (optional).
--connection stringThe friendly name of the server you want to authenticate against. (default "local_account")
--domain stringThe CipherTrust Manager Domain that the command will operate in. Can be used only with user/password and not with token. By default the command will operate in the root domain or the domain the user is logged-in.
--jwt stringThe JSON Web Token (JWT) - access token can be passed instead of user/password (optional). 'ksctl tokens create' creates a JWT.
--nosslverifyDo not verify the certificate for SSL/HTTPS authentication (not recommended)
--password stringCipherTrust Manager Server User Password. Do not use this flag to enter the password (masked) from terminal.
--respfmt stringResponse Output format (json is the only supported value at present, optional) (default "json")
--timeout intTimeout in seconds for TCP connection attempts
--token stringThe refresh token returned from the login command to be passed instead of user/password (optional). 'ksctl login' creates a token and writes it to the config file.
--url stringCipherTrust Manager Server URL
--user stringCipherTrust Manager Server User Name
-v, --verboseProvide verbose output while executing command (optional)

Examples:

ksctl ddc settings scan modify --agent-memory 1024 --scan-cpu normal --max-scan-throughput 2

ksctl ddc settings scan modify --jsonfile scansettings.json

The ksctl ddc settings scan command will be deprecated in the coming release.

For more information on using the ksctl tool, refer to CLI.

Restarting DDC Agents

Restarting Agents on Windows

To restart a DDC Agent, run the following commands:

net stop "Enterprise Recon 2 Agent (&lt;ARCH>)"
net start "Enterprise Recon 2 Agent (&lt;ARCH>)"

Here, <ARCH> represents the Windows architecture - x32 or x64.

Restarting Agents on Debian

To restart a DDC Agent, run:

sudo /etc/init.d/er2-agent restart

Alternatively, restart the Agent service by stopping it and again starting it manually. Run the following commands:

sudo /etc/init.d/er2-agent stop
sudo /etc/init.d/er2-agent start

Restarting Agents on RHEL

To restart a DDC Agent, run:

sudo /etc/init.d/er2-agent restart

Alternatively, restart the Agent service by stopping it and again starting it manually. Run the following commands:

sudo /etc/init.d/er2-agent stop
sudo /etc/init.d/er2-agent start