When the CAS client starts on the host, it looks for a checkpoint file that it may have written to the system. This file tells CAS what it was doing the last time it was running. CAS then connects to its Guardium appliance. If it has found a checkpoint file, CAS will ask the Guardium appliance to verify its version of its monitoring assignment against what is stored in the Guardium database. While the CAS client and the Guardium appliance have been disconnected, there may have been changes to the assignment. When any differences are resolved, CAS will resume monitoring. If CAS does not find a checkpoint file, it will ask the Guardium appliance what it should do. If the Guardium appliance finds the CAS host in its database, then the associated template sets will be sent to the CAS client, expanded into monitored items, and monitoring will begin. If the Guardium appliance cannot find the CAS host in its database, it will add it to the database and send the default template set for the CAS host operating system.
If the CAS client loses its connection to the Guardium appliance or cannot make an initial connection, it opens a failover file and begins writing the messages that it would have sent to the server, to the failover file. When it reconnects, the CAS client shuts down and restarts, sending all messages stored in the failover file to the Guardium appliance, and deleting the file. If the CAS client was unable to make the initial connection, it will use the checkpoint file to determine what to monitor; otherwise it continues doing what it was doing before communication failed. While it is in failover mode, CAS periodically checks to see if it can reconnect with the server. The number of times CAS will attempt to reconnect, and the average time interval between reconnect attempts, are configurable parameters.
If the reconnect attempt limit is met, the CAS client stops trying to reconnect, but continues to write data to a failover file. To cap disk space requirements on the database server, there are actually two failover files. CAS writes to one file until it reaches its maximum failover file size (which is configurable), and then switches to the other, overwriting any previous data on that file. The default failover file size is 50MB (for each of the files).
You can specify one or more secondary Guardium appliances when configuring the CAS client. In failover mode, CAS only tries to reconnect to its primary server until the size of the failover file reaches its limit. At that time, CAS begins trying to connect to any of the secondary servers, as well as its primary server (which is always the first server it tries to connect with during any reconnect attempt). While it is connected to a secondary server, CAS continues to try to reconnect to its primary server.
If secondary servers are used, you must be sure that the CAS configuration information on all secondary servers matches the CAS configuration defined on the primary server. This can be done by exporting all CAS definitions for a CAS host from the primary server, and importing those definitions on all secondary servers for that CAS host. See Setting Up and Maintaining Secondary Servers, below for more information.
As with S-TAP, CAS connectivity outages create exceptions on the Guardium appliance, so alerts can be issued within moments of detecting the outage.
In the S-TAP/CAS configuration file on the database server system, one or more secondary Guardium servers can be defined. If the primary Guardium server becomes unavailable, CAS on that database server system will connect to a secondary Guardium appliance (as described above, see Start Up and Failover). If secondary servers are used, you must be sure that the CAS configuration information on all secondary servers matches the CAS configuration defined on the primary server. This can be done from an administrator portal, by exporting all CAS definitions for a CAS host from the primary server, and then importing those definitions on all secondary servers for that CAS host.
From the Administration Console tab, under Guardium Definitions, click Export to open the Definitions Export panel.
Under Type, select CAS Hosts. A list of the CAS Hosts defined on this system will be displayed.
Select each CAS Host to be exported.
Click the Export button. A file named exp_<date>_<time>.sql will be saved on your system. This file will contain the definitions of all CAS hosts selected, and the definitions of any template sets used by those CAS hosts.
From the Administration Console tab, under Guardium Definitions, click Import to open the Definitions Import panel.
Enter the name of the file containing the exported definitions or click the Browse button to select that file.
Click the Upload button. You are notified when the operation completes and the CAS host definitions contained in the file will be displayed.
Click (Import this set of Definitions) to import the definitions.
Click (Remove this set of Definitions without Importing) to remove the uploaded file without importing the definitions.
Confirm the selected action (or not).
Note: An import operation does not overwrite an existing definition. If you attempt to import a definition with the same name as an existing definition, you are notified that the item was not replaced. If you want to overwrite an existing definition with an imported one, you must delete the existing definition before performing the import operation.
Click the Done button to close the panel when you have finished importing or removing all uploaded files.
After updating a CAS configuration on the primary server, you must update that configuration on all secondary servers. Since the import operation will not replace an existing definition, on each secondary server you must delete the old CAS host definition before importing the new one, as explained below.
Be sure to perform this procedure only while the selected CAS host is connected to its primary server.
On the primary server, from the Guardium administrator portal, export the definition of the CAS host (see Exporting CAS Hosts, above).
On each secondary server, from the Guardium administrator portal:
Delete the old CAS host definition that you want to replace.
Import the definitions that were exported from the primary server (see Importing CAS Hosts, above).
The CAS client agent is typically installed together with the S-TAP agent. It can be installed later under Windows from the installation CD, or under Unix by running the installation script, install_cas.sh, which is located in the S-TAP installation directory, which by default is: /usr/local/guardium/guard_stap.