Page 40
TLX640 Matrix Switch Product Manual
thinklogical
Rev. H, February 2020
At system power up, after initial boot-up, the
Primary Controller Card
will only evaluate its Partition
Table (upstream.csv file) once upon becoming active. The
Back-Up Controller Card
will NOT evaluate
its Partition Table (upstream.csv file) at initial boot-up, but rather when a switchover occurs from Primary
Active to Back-Up Active. If an
upstream.csv
file is found, a log entry to the
deamon.log
file is made
indicating
“Partition ENABLED.” If no file is found, then a log entry of “Partition DISABLED” is made.
The inactive Back-Up Controller Card will not verify its Partition Table (csv file), so it will not log error
messages with current time stamp entries until it becomes active. Also, any errors that occur during the
Partition Table evaluation process will be logged as
“error” with a
field and line invalid
identifier. The
daemon.log file
will be at the following location on the controller card:
/var/log/daemon.log
.
For access to the
daemon.log
file via SSH, refer to THE NETWORK INTERFACES section of this
manual (pg. 5) for correct IP addresses of controller cards when in Primary Active or Back-Up Active
mode.
To verify the system
’s
Partitioning policy
, Thinklogical recommends the following:
1) Review the
daemon.log
file on the active controller card and correct any errors in the Partition
Table before implementing multiple levels of security classification domains on the same Matrix
Switch.
2) Fully test the
Partitioning
on the active Primary Controller Card before implementing multiple
levels of security classification domains on the same Matrix Switch.
3) In a redundant system, make the Back-Up Controller Card active by disconnecting the LAN cable
from the Primary Controller Car
d’s LAN port. Check the
daemon.log
file on the Back-Up
Controller Card for any errors in the Partition Table and correct them before implementing multiple
levels of security classification domains on the same Matrix Switch
using the Back-Up Controller
Card.
4) Fully test the Back-Up Controller
Card’s
Partitioning Domains
before implementing multiple
levels of security classification domains on the same Matrix Switch.
There are cases where updates to the Partition Table need to be made in an active system.
When
an update is made to the table, the Controller will not evaluate the updated table until the procedures
outlined below are followed.
When updates are made to the Partition Table in a
non-redundant system
, Thinklogical recommends
the following
(This procedure will be disruptive to system connections)
:
1) Update the Partition Table of the Primary Controller Card.
2) Take the Primary Controller Card out of service by following guidelines in th
e “Safely Remove an
Active Controller Car
d” section of this document (pg. 22).
When updates are made to the Partition Table in a
redundant system
, Thinklogical recommends the
following
(This procedure will NOT be disruptive to system connections)
:
1) Update the Partition Table of the inactive Back-Up Controller Card.
2) Take the Primary Controller Card out of service by following guidelines in the
“Safely Remove an
Active Controller
Card” section of this document (pg. 22). This will cause the Back-Up Controller
Card to become active and evaluate its Partition Table.
3) Update the Partition Table of the inactive Primary Controller Card with the same table used for the
Back-Up Controller Card.
4) Extract and re-inserted the Primary Controller Card back into the chassis to cause the system to
make the Primary Controller Card the active controller and begin using the updated Partition
Table. Ensure that the LAN connection to the Primary Controller Card is restored promptly.
Note: When using a Back-Up Controller configuration, both controllers must have the
same Partition Table file(s) to maintain the security of the system.