After VEN Installation
This section describes some of the basic things you can see immediately after installing the VEN.
Warning
Any adverse effects of using security scanners or other mechanisms intended to probe or exercise various parts of the VEN or its environment cannot be anticipated by Illumio and may interfere with VEN operation. Therefore, it may be necessary to allow-list some or all of the VEN software components. Consult your security solution vendor for details.
VEN Installation Directories
VEN installation comprises two main parts: the Program Directory and the Program Data Directory. The default location of these directories depends upon the operating system of the workload on which the VEN is installed.
Operating System | Default Program Directory | Default Program Data Directory |
|---|---|---|
Linux, Solaris, AIX |
|
|
Windows | C:\Program Files\Illumio | C:\ProgramData\Illumio |
For details about using non-default installation directories, see the RPM Only section in VEN Install and Upgrade > VEN Installation & Upgrade with VEN CTL > Linux: Install and Upgrade with CLI and VEN CTL.
Program Directory
Caution
The Program Directory hierarchy contains executable and configuration files that are not expected to change except during install/upgrade/uninstall operations. The following table describes some of the more important parts of the Program Directory hierarchy for Linux workloads. This information is incomplete and subject to change without notice. Using any APIs that are not explicitly documented here as Public is unsupported. Precise details will vary by operating system but are generally similar to Linux.
Location relative to Program Directory | API Status | Permissions / Ownership | Contents at Installation |
|---|---|---|---|
| Private |
| Helper scripts for VEN administration |
| Private |
| VEN executables and scripts |
| Private |
| Defaults and templates for VEN configuration |
| Public |
| Illumio VEN control interface script |
| Private |
| VEN libraries and embedded software |
| Private |
| VEN install-time configuration file |
| Private |
| Defaults and templates for OS configuration |
Program Data Directory
Caution
The Program Data Directory hierarchy contains configuration files that are expected to change. The following table describes some of the more important parts of the Program Directory hierarchy for Linux workloads. This information is incomplete and subject to change without notice. Using any APIs that are not explicitly documented here as being Public is prohibited and unsupported. Precise details will vary by operating system, but are generally similar to Linux.
Location relative to Program Data Directory | API Status | Permissions / Ownership | Contents at Installation |
|---|---|---|---|
dumps | Private |
| Storage for VEN crash dump files |
etc | Private |
| VEN run-time configuration files |
log | Private |
| VEN logs and data files |
reports | Private |
| Storage for VEN support reports |
tmp | Private |
| Temporary storage for VEN data files |
VEN Runtime User and Group
By default, VEN installation creates a runtime user and group named ilo-ven to run non-privileged parts of the VEN software. For security, the ilo-ven user is configured without a login shell or home directory.
Caution
For better security, do not give the ilo-ven user a login shell or home directory.
VEN Control Interface and Other Commands
The Illumio VEN control interface script illumio-ven-ctl is a command-line tool for performing key tasks for administering the VEN, such as starting and stopping processes, setting run-time configuration, and checking the VEN status.
Important
You must run the Illumio VEN control interface script as root. Do not attempt to use any other commands to administer the VEN.
Use only the VEN Control Interface script to administer the VEN. Don't attempt to use any other mechanisms such as
initd,systemd, Solaris SMF, or Windows SCM as these are intended only for automated use by the operating system.
sudo /opt/illumio_ven/illumio-ven-ctl ...
For details about using the VEN control interface script, see Linux VEN ActIvation after Installation.