VEN Clone Detection and Remediation
When a workload is cloned, so too is the VEN installed on it. Cloned VENs can cause significant load and consistency issues for the PCE. Clones may also generate redundant heartbeats and conflicting policy synchronization events, often triggered by frequent IP changes or duplicated host identities.
To address these issues, the PCE detects cloned workloads so that the associated cloned VEN can be assigned (either automatically or manually) a unique identity distinct from the original VEN. This is known as remediation.
Clone Detection Signals
Event Log: When a clone is detected, the PCE generates a Workload Clone Alert and logs the event
agent.clone_detectedin the Event log.
The following applies only to detected, unremediated VEN clones (pending manual remediation).
PCE UI: A red error icon appears on Servers & Endpoints > Workloads > VENs, and the cloned VEN’s details page displays “VEN clone detected.” You can also search for cloned VENs by filtering for “VEN clone detected.”
REST API: The Illumio REST API represents clone detection with the
clone_detectedstate.
VEN Clone Remediation by Operating System & Illumio Release
There are two types of remediation: Automatic and Manual. The remediation type available in a given case depends on:
The workload's operating system
The version of the VEN and the PCE
Remediation Type | Operating System | Illumio PCE & VEN Version |
|---|---|---|
Automatic | Windows (domain-joined) | All versions |
Windows (non-domained-joined) | 25.2.40 and later | |
Linux & Solaris | 25.2.40 and later | |
Manual | Windows (non-domained-joined) | Pre-25.2.40 |
Linux & Solaris | Pre-25.2.40 | |
AIX | All versions |
Understanding Remediation Types
Automatic Remediation
Important
Automatic remediation for non‑domain‑joined Windows and Linux/Solaris VENs requires PCE and VEN version 25.2.40+. Domain‑joined Windows VENs are supported on all versions of the VEN and PCE.
Automatic Remediation automatically pairs detected clones with the PCE without requiring user intervention. As part of this process, the cloned VEN is assigned its own identity and becomes a distinct agent separate from the original VEN. Pairing is synonymous with activating the VEN.
Manual Remediation
When automatic remediation isn't possible, perform the following steps to manually remediate cloned VENs:
Filter for "VEN clone detected" in Servers & Workloads > Workloads > VENs tab.
Pair the VEN with the PCE. See Pairing Profiles and Scripts.