Encryption Management Server clustering and replication uses network Interface 1

book

Article ID: 222372

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

By default, Encryption Management Server uses network Interface 1 for clustering and replication. Note that Encryption Management Server refers to the first network interface - normally eth0 - as Interface 1.

If Encryption Management Server has more than one network interface, a different network interface can be used for clustering and replication. However, before making this change, please consider the following:

  1. If the network interface you wish to use for clustering and replication is on a different subnet to Interface 1, you will probably need to create a static routing file. For example, /etc/sysconfig/network-scripts/route-eth1.
  2. Static routing files are not included in the Encryption Management Server backups.
  3. Changing the network interface for clustering and replication cannot be done using the administration console.
  4. Changes to your firewall rules may need to be made in order to allow the cluster members to communicate on TCP port 444 using the different network interface.
  5. The network interface card is very unlikely to be a performance bottleneck. Therefore it is highly improbable that there will be any performance advantage to changing the network interface used for clustering and replication.

Environment

Symantec Encryption Management Server 10.5 and above.

Resolution

Provided that the Encryption Management Server cluster members can communicate with each other over TCP port 444 using the chosen network interface, please do the following:

  1. ssh to each Encryption Management Server.
  2. Edit the file /etc/ovid/prefs.xml.
  3. Find the tag <cluster>.
  4. In the cluster section, change the value of the <interface-id> tag. For example, to use Interface 2 change this:
    <interface-id>Interface 1</interface-id>
    to this:
    <interface-id>Interface 2</interface-id>
  5. Save the file.
  6. Restart the replication service:
    pgpsysconf --restart pgprep