Servers Tab

Root SOClosedSecurity officer - UKC partition administrator role. ˃ Configuration ˃ Servers.

→ Presents:

Server Commands

  • Hover over one of the server icons.
  • → The ▼ button appears.

Get Info

Root SOClosedSecurity officer - UKC partition administrator role. ˃ Configuration ˃ Servers ˃ ▼ ˃ Select Server ˃ Get Info

Presents the CORE server status and metadata. In particular:

  • Address <server's hostname and port as used in its bootstrap.
  • Server's role <EP | Partner | Aux>
  • Status <Running | Error >
  • The rest depends on the Status:
    • If the server cannot be reached, it presents: "Reason: <the content of the error message>".
    • If the server is reachable and responsive:
      • Server version
      • OS
      • Platform Attributes: <Number of cores, CPU load, free and total memory>
      • Last started at <date and time>

Download Crypto Logs

This operation collects crypto logs from EP and its Partner and assures that the logs on the servers match. Once the integrity is confirmed, the collection is signed, and the resulting archive is downloaded to the local disk. See Crypto Logs.

To perform this operation, select the EP server.

Root SOClosedSecurity officer - UKC partition administrator role. ˃ Configuration ˃ Servers ˃  ▼ ˃ Select Server ˃ Download Crypto Logs

→ The Download Crypto Logs dialog appears:

  • Period - presents the following options:
    • Default: the last 24 hours.
    • The ▼ button to select a custom period.
  1. Select Period.
  2. Click Download
  3. → The filename is displayed, and the control passes to the Web Browser's download.

  4. To verify the authenticity of the data, refer to Integrity Assertion.

Note
This feature works with crypto logs collected by the system starting with CORE release 2.0.2001. Logs collected by earlier releases are not compatible with this feature and will preempt its execution.

Remove

Root SOClosedSecurity officer - UKC partition administrator role. ˃ Configuration ˃ Servers ˃ ▼˃ Select Server ˃ Remove

To remove a server pair - remove one of its members. You can’t remove the last server pair from the CORE cluster.

Important
After removing a server from the CORE cluster, run EKMClosedEnterprise Key Management - previous name of the product. Service Restart (see EKM Service Management) on all servers connected to it. See Connectivity Requirements.

Removing Auxiliary server:

Add Auxiliary Server

Prerequisites: Prepare an Additional Server.

Root SOClosedSecurity officer - UKC partition administrator role. ˃ Configuration ˃ Servers ˃ Add Server ˃ Add Auxiliary

→ The 3-step procedure appears:

  1. In the Details step, provide the new server name and port as specified in its bootstrap.
    Click Next.
  2. The Verify Certificate step. If the new server finished the preparation - its certificate appears for approval.
  3. Note
    To approve the server, contact the admin of the Aux server. The thumbprint of the original certificate was presented to the admin during Prepare an Additional Server.
    Click Next.

  4. The Finish step completes the acceptance of the new server. However, the new server status is unreachable:
  5. Status of servers

  6. To finalize the enrollment of the new server, restart the EKMClosedEnterprise Key Management - previous name of the product. service on the new server (see EKM Service Management).

Add Server Pair

Prerequisites: on each of the new servers Prepare an Additional Server.

Root SOClosedSecurity officer - UKC partition administrator role. ˃ Configuration ˃ Servers ˃ Add Server ˃ Add Server Pair

→ The 3-step procedure appears.

The dialog is similar to the Add Auxiliary Server. The only difference is that instead of one server, we are adding a pair of servers.

Note
To finalize the enrollment of the new pair, restart the EKMClosedEnterprise Key Management - previous name of the product. service on the new servers (see EKM Service Management)