Working with Tools on

Working with Xen Paravirtualization Tool

Mon, 01 Jan 0001 00:00:00 +0000

Using Tools > Clustering Tool, you can setup an appliance virtual environment. The default installation of a Protegrity appliance uses hardware virtualization mode (HVM). The appliance can be reconfigured to use parallel virtualization mode (PVM) to optimize the performance of virtual guest machines.

Protegrity supports these virtual servers:

Xen®
Microsoft Hyper-V™
KVM Hypervisor

XEN paravirtualization details are fully covered in section Xen Paravirtualization Setup. In that section you will find information how to:

Working with the File Integrity Monitor Tool

Mon, 01 Jan 0001 00:00:00 +0000

Using Tools > File Integrity Monitor, you can make a weekly check. The content modifications can be viewed by the Security Officer since the PCI specifications require that sensitive files and folders in the Appliance are monitored. This information contains password, certificate, and configuration files. All changes made to these files can be reviewed by authorized users.

Rotating Appliance OS Keys

Mon, 01 Jan 0001 00:00:00 +0000

When you install the appliance, it generates multiple security identifiers such as, keys, certificates, secrets, passwords, and so on. These identifiers ensure that sensitive data is unique between two appliances in a network. When you receive a Protegrity appliance image or replicate an appliance image on-premise, the identifiers are generated with certain values. If you use the security identifiers without changing their values, then security is compromised and the system might be vulnerable to attacks. Using the Rotate Appliance OS Keys, you can randomize the values of these security identifiers on an appliance. This tool must be run only when you finalize the ESA from a cloud instance.

Managing Removable Drives

Mon, 01 Jan 0001 00:00:00 +0000

As a security feature, you can restrict access to the removable drives attached to your appliances. You can enable or disable the access to the removable disks, such as, CD/DVD drive or USB Flash drives.

The access to the removable disks is enabled by default.

Disabling CD or DVD drive

To disable CD or DVD drive:

On the CLI Manager, navigate to Tools > Removable Media Management > Disable CD/DVD Drives.

Tuning the Web Services

Mon, 01 Jan 0001 00:00:00 +0000

Using Tools > Web Services Tuning, you can monitor and configure the Application Protector Web Service Sessions. You can view information such as Session Shared Memory ID, maximum open sessions, open sessions, free sessions, and session timeout.

CAUTION: It is recommended to contact Protegrity Support before applying any changes for Web Services.

In the Web Services Tuning screen you can find and configure the following fields.

Start Servers: In the StartServers field, you configure the number of child servers processes created on startup. Since the number of processes is dynamically controlled depending on the load, there is usually no reason to adjust the default parameter.

Tuning the Service Dispatcher

Mon, 01 Jan 0001 00:00:00 +0000

The Service Dispatcher parameters are the Apache Multi-Processing Module (MPM) worker parameters. The Apache MPM Worker module implements a multi-threaded multi-process web server that allows it to serve higher number of requests with limited system resources. For more information about the Apache MPM Worker parameters, refer to https://httpd.apache.org/docs/2.2/mod/worker.html.

To improve service dispatcher performance, navigate to Tools > Service Dispatcher Tuning.

The following table provides information about the configurable parameters and recommendations for Service Dispatcher performance.

Working with Antivirus

Mon, 01 Jan 0001 00:00:00 +0000

The AntiVirus program uses ClamAV, an open source and cross-platform antivirus engine designed to detect malicious trojan, virus, and malware threats. A single file or directory, or the whole system can be scanned. Infected file or files are logged and can be deleted or moved to a different location, as required.

The Antivirus option allows you to perform the following actions.

Option	Description
Scan Result	Displays the list of the infected files in the system.
Scan now	Allows the scan to start.
Options	Allows access to customize the antivirus scan options.
View log	Displays the list of scan logs.

Customizing Antivirus Scan Options from the CLI

To customize Antivirus scan options from the CLI: