Endpoint Protection

 View Only

Communication settings not updating for vShield Security Virtual Appliances

  • 1.  Communication settings not updating for vShield Security Virtual Appliances

    Posted Apr 22, 2016 12:44 PM

    We recently set up four vShield Shared Insight Cache security virtual appliances for our VDI system.  SInce then, we have introduced an additional SEPM server (Server-B).  At the time we created the SVAs, we only had one SEPM management server (Server-A), so the exported sylink.xml wouldn't have known about Server-B.  Server-A and Server-B are failover/load balancing peers using a shared MS-SQL database, so this setup doesn't involve replication partners.  SEPM is running 12.1 RU6 MP4, The SVAs are version 12.1.5337.5000.

    I created a new communication policy for our clients which tells them to prefer Server-B, but to use Server-A with a lower priority.  The clients appear to be communicating with Server-B as desired, but I'm not convinced that our Shared Insight Cache appliances got the memo.  We are not using SSL communication.  I turned on Apache web server logging on both servers and can see all of the SVAs contacting Server-A in the access log, but never Server-B.  Our Windows clients (VDI and non-VDI) are logging entries with Server-B.

    Are the vShield SVAs supposed to pick up the new communication settings like the regular Windows clients do?

    If so, does it require a reboot of the SVA or some other action to trigger the change (and will that have negative impact on our VDI clients if we reboot it)?

    If it is not automatic, is there a way to update the communication settings on the SVAs without creating them all over again?

     

    Thanks.