IBM Security Guardium

  • 1.  GIM Failover to Backup Central Manager

    Posted Tue April 20, 2021 01:54 AM
    Hi Everyone,

    If we have 10 databases GIM communication to Central manager and STAP to the respective collectors.
    If primary CM fails, will those GIM Communications will switch over to Backup CM automatically? if not, how can make automatically communicate to secondary one?
    Because we during installation of GIM we point out to Primary CM IP for administration of all Agents.

    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------


  • 2.  RE: GIM Failover to Backup Central Manager

    Posted Tue April 20, 2021 02:04 AM
    The Backup CM designed for Guardium is not really an effective approach. In the event of Primary CM down, we must promote the backup CM to become Primary CM then only those managed units will function normally. And, when the original primary CM resume operation, we need to assign this original primary CM become backup CM then promote it back become Primary CM. So the process is very tedious.

    ------------------------------
    TS Teh
    ------------------------------



  • 3.  RE: GIM Failover to Backup Central Manager

    Posted Wed April 21, 2021 08:26 PM
    Hi,

    For GIM, the function is basically to managed the STAP such as configuration modification or upgrade. In general, it has no impact to the STAP functionality when the Primary CM is down or not accessible. Again, the Primary and Backup CM approach in Guardium is not really a full high availability approach.

    ------------------------------
    TS Teh
    ------------------------------



  • 4.  RE: GIM Failover to Backup Central Manager

    IBM Select
    Posted Thu April 22, 2021 09:58 AM
    You may need to update GIM_FAILOVER_URL, while your initial setup or before the failure of your primary GIM server. The GIM server can be any collector (need not be CM or backup CM), although it makes sense to change it in larger environments. Below link has some details about the functionality.
    GIM server failover - IBM Documentation

    Thanks 
    Deepak

    ------------------------------
    Deepak Rana
    ------------------------------



  • 5.  RE: GIM Failover to Backup Central Manager

    Posted Mon June 14, 2021 01:51 PM
    Hi  Deepak Rana ,

    1.  I add GIM_URL (xx.xx.xx.131) & GIM_FAILOVER_URL (xx.xx.xx.132)  parameter for one gim client.
    2. I stop guardium collecter 
    (xx.xx.xx.131) , the gim client switch to guardium collecter (xx.xx.xx.132)  as GIM.log under gim client side 
    <<

    /usr/local/guardium/modules/GIM/current/gim_ca.pem  -p 8446 -c 600

    [Sun Jun 13 17:27:30 2021] -I- Server (10.107.65.132) is alive

    [Sun Jun 13 17:27:30 2021] -I- Secondary connection [10.107.65.132:8446] is up

    :url=[10.107.65.132]

    >>
    3. the Gim process exist at secondary collector also
    4. but no the INSPECTION-ENGINEE at secondary collector  ?

    for help to get some idea for this issue..


    ------------------------------
    jennifer lai
    ------------------------------



  • 6.  RE: GIM Failover to Backup Central Manager

    IBM Select
    Posted Mon June 14, 2021 03:24 PM

    Hi ,

     

    GIM and STAP/IE failover process is completely different.

     

    GIM Server (normally CM but can be collector)  has only software registration info, when the GIM failover happens this info moves to the GIM_FAILOVER_URL.   This moves GIM only.

     

    The STAP/IE is on the collector, to move this automatically to alternate collector during failure , you either need to configure secondary collector or setup load balancing group. This part is independent of the GIM software.

     

     

    Thanks






  • 7.  RE: GIM Failover to Backup Central Manager

    Posted Tue June 15, 2021 05:48 AM
      |   view attached
    Hi everyone ,

     Today I simulate this situation again , found out the below msg  at  GIM.LOG  on DB side , 
    pending hash for all of module  [BUNDLE-STAP, GIM, STAP-UTILS, STAP, ] , something wrong 
    <<
    [Tue Jun 15 17:23:07 2021] -I- [guard_gimd::handle_sig_chld()] : checking dead procs
    [Tue Jun 15 17:23:07 2021] -I- process SUPERVISOR s running !
    [Tue Jun 15 17:23:07 2021] -I- Not time to send alive yet 1 < 78 / 60. aliveOverride=0
    [Tue Jun 15 17:23:39 2021] -I- mod_list is locked
    [Tue Jun 15 17:23:39 2021] -I- mod_list is unlocked
    [Tue Jun 15 17:23:39 2021] -I- [gim_client::check_gimd()] : Looking for dead guard_gimd processes
    [Tue Jun 15 17:23:39 2021] -I- [gim_client::check_gimd()] : Looking for zombies guard_gimd processes
    [Tue Jun 15 17:23:39 2021] -I- specialFileMonitor:
    $VAR1 = {
    '/usr/local/guardium/modules/GIM/11.3.0.0_r109764_1-1622640982/../../STAP-UTILS/current/files/etc/guard_monitor.ini' => 1622644171,
    '/usr/local/guardium/modules/GIM/11.3.0.0_r109764_1-1622640982/server_mods' => 1623124600,
    '/usr/local/guardium/modules/GIM/11.3.0.0_r109764_1-1622640982/../../conf.reload_uninstall' => '',
    '/usr/local/guardium/modules/GIM/11.3.0.0_r109764_1-1622640982/../../STAP/current/guard_tap.ini' => 1623133258,
    '/usr/local/guardium/modules/GIM/11.3.0.0_r109764_1-1622640982/../../conf.reload' => 1623124512
    };
    [Tue Jun 15 17:23:39 2021] -I- get_pending_param_list() : pending hash for ATAP:
    $VAR1 = {};

    [Tue Jun 15 17:23:39 2021] -I- get_pending_param_list() : pending hash for BUNDLE-GIM:
    $VAR1 = {};

    [Tue Jun 15 17:23:39 2021] -I- get_pending_param_list() : pending hash for BUNDLE-STAP:
    $VAR1 = {};

    [Tue Jun 15 17:23:39 2021] -I- get_pending_param_list() : pending hash for COMPONENTS:
    $VAR1 = {};

    [Tue Jun 15 17:23:39 2021] -I- get_pending_param_list() : pending hash for GIM:
    $VAR1 = {};

    [Tue Jun 15 17:23:39 2021] -I- get_pending_param_list() : pending hash for INIT:
    $VAR1 = {};

    [Tue Jun 15 17:23:39 2021] -I- get_pending_param_list() : pending hash for KTAP:
    $VAR1 = {};

    [Tue Jun 15 17:23:39 2021] -I- get_pending_param_list() : pending hash for STAP:
    $VAR1 = {};

    [Tue Jun 15 17:23:39 2021] -I- get_pending_param_list() : pending hash for STAP-UTILS:
    $VAR1 = {};

    [Tue Jun 15 17:23:39 2021] -I- get_pending_param_list() : pending hash for SUPERVISOR:
    $VAR1 = {};

    [Tue Jun 15 17:23:39 2021] -I- get_pending_param_list() : pending hash for UTILS:
    $VAR1 = {};

    [Tue Jun 15 17:23:39 2021] -I- get_pending_module_list() PENDING modules:
    $VAR1 = {};







    >>

    ------------------------------
    jennifer lai
    ------------------------------

    Attachment(s)

    log
    GIM.log   674 KB 1 version