When the CAS client starts on the host, it looks for a checkpoint file
that it may have written to the system. This file tells CAS what it was
doing the last time it was running. CAS then connects to its Guardium
appliance. If it has found a checkpoint file, CAS will ask the Guardium
appliance to verify its version of its monitoring assignment against what
is stored in the Guardium database. While the CAS client and the Guardium
appliance have been disconnected, there may have been changes to the assignment.
When any differences are resolved, CAS will resume monitoring. If CAS
does not find a checkpoint file, it will ask the Guardium appliance what
it should do. If the Guardium appliance finds the CAS host in its database,
then the associated template sets will be sent to the CAS client, expanded
into monitored items, and monitoring will begin. If the Guardium appliance
cannot find the CAS host in its database, it will add it to the database
and send the default template set for the CAS host operating system.
If the CAS client loses its connection to the Guardium appliance or
cannot make an initial connection, it opens a failover file and begins
writing the messages that it would have sent to the server, to the failover
file. When it reconnects, the CAS client shuts down and restarts, sending
all messages stored in the failover file to the Guardium appliance, and
deleting the file. If the CAS client was unable to make the initial connection,
it will use the checkpoint file to determine what to monitor; otherwise
it continues doing what it was doing before communication failed. While
it is in failover mode, CAS periodically checks to see if it can reconnect
with the server. The number of times CAS will attempt to reconnect, and
the average time interval between reconnect attempts, are configurable
parameters.
If the reconnect attempt limit is met, the CAS client stops trying to
reconnect, but continues to write data to a failover file. To cap disk
space requirements on the database server, there are actually two failover
files. CAS writes to one file until it reaches its maximum failover file
size (which is configurable), and then switches to the other, overwriting
any previous data on that file. The default failover file size is 50MB
(for each of the files).
You can specify one or more secondary Guardium appliances when configuring
the CAS client. In failover mode, CAS only tries to reconnect to its primary
server until the size of the failover file reaches its limit. At that
time, CAS begins trying to connect to any of the secondary servers, as
well as its primary server (which is always the first server it tries
to connect with during any reconnect attempt). While it is connected to
a secondary server, CAS continues to try to reconnect to its primary server.
If secondary servers are used, you must be sure that the CAS configuration
information on all secondary servers matches the CAS configuration defined
on the primary server. This can be done by exporting all CAS definitions
for a CAS host from the primary server, and importing those definitions
on all secondary servers for that CAS host. See Setting Up and Maintaining
Secondary Servers, below for more information.
As with S-TAP, CAS connectivity outages create exceptions on the Guardium
appliance, so alerts can be issued within moments of detecting the outage.
In the S-TAP/CAS configuration file on the database server system, one
or more secondary Guardium servers can be defined. If the primary Guardium
server becomes unavailable, CAS on that database server system will connect
to a secondary Guardium appliance (as described above, see Start
Up and Failover). If secondary servers are
used, you must be sure that the CAS configuration information on all secondary
servers matches the CAS configuration defined on the primary server. This
can be done from an administrator portal, by exporting all CAS definitions
for a CAS host from the primary server, and then importing those definitions
on all secondary servers for that CAS host.
From the Administration Console tab, under Guardium
Definitions, click Export to open the Definitions Export panel.
Under Type, select CAS Hosts. A list of the CAS Hosts
defined on this system will be displayed.
Select each CAS Host to be exported.
Click the Export button. A file named exp_<date>_<time>.sql
will be saved on your system. This file will contain the definitions of
all CAS hosts selected, and the definitions of any template sets used
by those CAS hosts.
From the Administration Console tab, under Guardium
Definitions, click Import to open the Definitions Import panel.
Enter the name of the file containing the exported definitions
or click the Browse button to select that file.
Click the Upload button. You are notified when the operation
completes and the CAS host definitions contained in the file will be displayed.
Confirm the selected action (or not).
Note:
An import operation does not overwrite an existing definition. If you
attempt to import a definition with the same name as an existing definition,
you are notified that the item was not replaced. If you want to overwrite
an existing definition with an imported one, you must delete the existing
definition before performing the import operation.
Click the Done button to close the panel when you have
finished importing or removing all uploaded files.
After updating a CAS configuration on the primary server, you must update
that configuration on all secondary servers. Since the import operation
will not replace an existing definition, on each secondary server you
must delete the old CAS host definition before importing the new one,
as explained below.
Be sure to perform this procedure only while the selected CAS host is
connected to its primary server.
On the primary
server, from the Guardium administrator portal, export the definition
of the CAS host (see Exporting CAS Hosts, above).
On each secondary server, from the Guardium
administrator portal:
Delete the old CAS host definition that you want
to replace.
Import the definitions that were exported from the
primary server (see Importing CAS Hosts, above).
Back
to top
The CAS client agent is typically installed together with the S-TAP
agent. It can be installed later under Windows from the installation CD,
or under Unix by running the installation script, install_cas.sh,
which is located in the S-TAP installation directory, which by default
is: /usr/local/guardium/guard_stap.
(Import this set of Definitions) to import
the definitions.
(Remove this set of Definitions without Importing)
to remove the uploaded file without importing the definitions.