Description of how the Clavister FineTune datasource works

How to's for older versions of CorePlus
Post Reply
jono
Posts: 85
Joined: 18 Apr 2008, 10:46
Location: Clavister HQ - Örnsköldsvik

Description of how the Clavister FineTune datasource works

Post by jono » 22 Apr 2008, 17:17

This article applies to:
  • Clavister FineTune
The management datasource. Clavister FineTune will read all the datasources specified in tools options.
finetune_datasource.PNG
finetune_datasource.PNG (14.97 KiB) Viewed 5685 times
When you start Clavister FineTune or when you have just added a new datasource Clavister FineTune will read the datasource to determine which Security Gateways, folders, namespaces and HA clusters that are configured. If you copy the whole directory and the subdirectories you will also copy ALL information used to manage the Security Gateways. If you for instance copy the everything from the default installed "c:\program files\clavister\Clavister FineTune\default" to a smb share it will become possible for every client that could access the particular share. Just edit the datasource and let the location point to the desired path.

The files
Clavister FineTune uses two kind of files to manage the Security Gateways, the namespaces, the folders and the HA clusters.
  • The .efw file
  • The .efc files
The .efw file
The "properties" file normally contains some or all of this fields;
  • The IP address
  • The encryption keys used for access to the Security Gateway via netcon
  • The name of the parent
  • Version no of the latest configuration saved in the datasource
  • Version no of the last known configuration running on the Security Gateway
  • Check out information
  • The version no of the running Security Gateway core
  • The registry key
  • The type. Security Gateway, namespace, folder or cluster
  • The Security Gateway type. Appliance or software
  • Comments
The .efc file
The "configuration" file normally contains;
  • The user who check in the file
  • The date and time of the check in
  • The tool. If it was modified by the security editor, plain text editor or download from the Security Gateway
  • Comments
  • The configuration
What happens when you check out, check in or undo a check out an entry
An entry is a Security Gateway, namespace, folder or a HA cluster.
  • When you check out an entry the folliwing till happen. Clavister FineTune copies the latest configuration into a 00000.efc file. Then it puts down the checkout information with user, computer, date and tool.
  • When you check in the entry the manager will move the 00000.efc file into the latest configurationversion plus one. It will then increase the DBCFGVERSION field and remove all the check out information from the .efw file
  • When you undo a check out the manager will just remove the 00000.efc file and remove the check out information from the .efw file.
Example of check out and check in
We have a Security Gateway named dummy and the latest configuration is 3.

The directory will contain these files starting with dummy
  • dummy.efw
    dummy.00001.efc
    dummy.00002.efc
    Dummy.00003.efc
The dummy.efw will contain these fields
  • CHECKOUTUSER
    CHECKOUTTIME
    CHECKOUTCOMPUTER
    CHECKOUTTOOL
    DBCONFIGVERSION 3
If someone checks out the Security Gateway
The directory will look like this;
  • dummy.efw
    dummy.00000.efc
    dummy.00001.efc
    dummy.00002.efc
    dummy.00003.efc
The dummy.efw will contain these fields
  • CHECKOUTUSER user
    CHECKOUTTIME 2003-11-14 11:38
    CHECKOUTCOMPUTER computer
    CHECKOUTTOOL Security Editor
    DBCONFIGVERSION 3
When that user checks in the Security Gateway
The directory will look like this;
  • dummy.efw
    dummy.00001.efc
    dummy.00002.efc
    dummy.00003.efc
    dummy.00004.efc
The dummy.efw will contain these fields
  • CHECKOUTUSER
    CHECKOUTTIME
    CHECKOUTCOMPUTER
    CHECKOUTTOOL
    DBCONFIGVERSION 4
What can go wrong
  • A file involved could be read only.
    Check if all files are readable for the user.
  • No check out information but a 00000.efc exists
    Remove the 00000.efc or copy it to the latest configuration version plus one. Change the DBCFGVERSION in the .efw file to that number.
  • Check out information but no 00000.efc exists
    Remove all check out information from the .efw file.
  • The DBCFGVERSION field in the .efw file has a wrong version number
    Change the field to the latest ( highest ) version of the .efc files.

Post Reply