Important Updates to Cybersecurity Software

HelpSystems is updating the names of our cybersecurity software, including the Powertech product line. Don’t worry—the functionality of your products won’t change.

See the new names here > New, Simpler Names for HelpSystems Security Software.

Step I – Installation of the Powertech Products

To successfully install any Powertech product in a High Availability (HA) environment, the Powertech product must be installed on the HA system before the production system.

This is necessary because replication software could be setup with global settings to replicate non-library objects such as user profiles, authorization lists, IFS directories, etc. Many of the Powertech products check for the existence of these objects (especially user profiles) prior to installation, and will not install if these objects already exist.

Compliance Monitor has four user profiles;

Consolidator - PLCM2ADM and PLCM2OWN.

Endpoint - PLCMADM and PLCMOWN

Compliance Monitor has four authorization lists;

Consolidator - PLCM2ADM, PLCM2DTA and PLCM2PGM.

Endpoint – PLCMADM

Note: If the user profiles exist on the HA system, the installation of Compliance Monitor will fail. Turn off replication of the user profiles, delete the user profiles on the HA system and install Compliance Monitor again. 

Step II – Compliance Monitor Setup

Compliance Monitor has two components, the Endpoint - the system that the data is collected and reported on), and the Consolidator, which retrieves the data from the Endpoint (i.e. – the assessment), stores the data, and generates the reports.

Endpoint – After the Endpoint software is installed on the HA system, no replication setup is needed unless you are using Endpoint Local Filters.

Note: Refer to Step V on more information on the Endpoint Local Filter replication.

The Consolidator does require setup in the replication software as there are objects which need to be replicated to the HA system. The library for the Consolidator is PTCMT2 and the IFS directory is ‘/PowerTech/ComplianceMonitor’.

Compliance Monitor also has the ability to store reports in the IFS. Do not replicate the '/PowerTech/ComplianceMonitor' directory as it contains unique setup information and logs for the current system.

If you want the reports to be stored in the IFS, Powertech recommends creating a separate directory to store the reports and replicate this directory if the reports should also be on the HA system. Never replicate the '/PowerTech/Compliance Monitor' directory.

Step III – Use Object Synchronization Replication Software

Synchronization of the objects will need to be done on the individual object. Never use ‘Library Synchronization’ feature of the HA product as it will clear the product’s library and replicate just the objects that are defined to be replicated.

We have seen that Library Synchronization has caused issues that require the product to be uninstalled and reinstalled.

Step IV – Compliance Monitor ‘Consolidator’ Objects to Omit

Omit the following work file from being replicated in the PTCMT2 library. 

Add an ‘Omit’ filter for:

Library OBJECT TYPE
PTCMT2 CMGRID *FILE

After the ‘Omit’ filter has been set, add an ‘Include’ filter to replicate all of the other objects in the PTCMT2 library.

Library OBJECT TYPE
PTCMT2 *ALL *ALL

Step V – Compliance Monitor ‘Endpoint’ Replication

Powertech does not recommend replicating the Endpoint as there have been instances where there is duplicate data in the assessments and reports caused by the replication software. The consolidator requests the endpoint to gather the data and store it until the consolidator can retrieve this information. The endpoint does not store any data that would need to be on the HA system with the exception of the 'Endpoint Local Filter' (if setup and used on the endpoint).

If an Endpoint Local Filter has been setup there are two options to maintain this filter:

1. Manually enter the Endpoint Local Filter setup on both the source and the HA system.

2. Setup replication only for the Endpoint Local Filter objects.

To replicate the Endpoint Local Filter information. Add an ‘Include’ filter for Endpoint Local Filter:

Library OBJECT TYPE
PTCMT3 PCMLCLFTR *FILE
PTCMT3 PCMLCLFTRV *FILE
PTCMT3 PCMULCLFTR *USRIDX

Step VI – IFS Replication for ‘/PowerTech/ComplianceMonitor’ directory

The ‘Consolidator’ has an IFS directory ‘/PowerTech/ComplianceMonitor’ which contains configuration files. This directory should not be replicated to the HA system because the properties file could be different for each system. This directory and files are created when the Consolidator software is installed on the HA system.

Reports from Compliance Monitor can be saved to the IFS. The location of these reports is defined in the ‘Batch Report Output’ on each individual assessment. The directories that contain these reports do not have to be replicated for the product to function properly, however, these reports must be replicated to the HA system, then you have to view the location on each individual assessment and set up replication on these files and/or directories.

Step VII – Role Swap Considerations

When doing a ‘Role’ Swap in a planned swap or at the time of disaster, there are some items to consider. Depending the role swap configuration, the configuration with Compliance Monitor may or may not change. 

If host names are always used and DNS handles the reassignment of the IP addresses, then there should not be anything changed in Compliance Monitor when the role swap is done.

However, if the configuration is always the Endpoints and Consolidator with IP addresses, then the role swap would result in a disruption. Data that was previously collected under ID xxx.xxx.xxx.xxx would no longer be associated with the same ‘Endpoint’. 

With this in mind, here is how it could affect Compliance Monitor.

If the IP address is different on the HA system than the source system:

  • The Compliance Monitor WUI (web application interface) url is using the IP address, then it would have to be changed to get access to the HA system.
  • Review the host table entries on the Endpoints and Consolidator, as these would need to be updated so these systems can communicate to get assessments.

If the System Name has changed on the HA system than the source system:

  • If the system name is different, then this HA system will have to be added to the ‘System Group’.
  • The Endpoint for the ‘Batch Assessments’ will have to be changed to collect the assessment information from the correct system. View the Batch Assessments that have the source system as an ‘Endpoint’ and change it to be the HA system.

Note: This must be done for each and every batch assessment.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: October 15, 2018