Skip to main content

Illumio Core 25.2.10 Administration Guide

VEN Startup and Shutdown

This topic provides information on starting and stopping VENs.

Start Up VENs

The VEN starts when the workload is booted from the system boot files. The VEN can also be started manually.

Automatic VEN Startup

The VEN starts when the workload is booted from system boot files:

Platform

Command

Notes

Linux/AIX/Solaris

/etc/rc.d/init.d/illumio-ven

Or

/etc/init.d/illumio-ven

Installs firewall kernel modules if necessary, sets firewall to the desired state.

CentOS/RHEL 7+, starting from 19.3.2

/usr/lib/systemd/system/illumioven.service

Initializes and starts the daemon processes needed for VEN operation.

Important

This command is only supported in Illumio Core 19.3.2-VEN and later.

Windows

None needed.

The Service Control Manager (SCM) starts all VEN services at boot.

Manual VEN Startup

The VEN can also be started manually with illumio-ven-ctl start.

Platform

Command

Linux/AIX/Solaris/RHEL/CentOS

/opt/illumio_ven/illumio-ven-ctl start

Windows

  • VEN releases 23.2.x and earlier

    C:\Program Files\Illumio\illumio-ven-ctl.ps1 start

  • VEN releases 24.2.10 and later

    <VEN Installation Directory>\Illumio\illumio-ven-ctl.exe start
Remote VEN Restart

Beginning with VEN release 25.2.10, you can restart a VEN directly from the PCE without physical access to the workload. Remote Restart is similar to other VEN operations that you can initiate from the PCE, such as unpairing and upgrading.

How VEN Remote Restart Works

  • After you click Restart, the PCE waits for a heartbeat from the VEN before it sends a restart request to the VEN.

  • After receiving the restart request from the PCE, the VEN restarts and then sends the Last VEN Service Restart Performed time on the next heartbeat.

  • When the PCE receives the Last VEN Service Restart Performed time on the heartbeat, it marks the restart operation completed and displays Last VEN Service Restart Performed on the VEN details page. The reported time remains on the page for 1 hour.

  • If you click Restart again before the previous restart operation has concluded, a message displays letting you know.

  • The restart operation is typically unnoticeable from the PCE UI. The VEN sends a "goodbye" message while stopping and resumes heartbeating after it has restarted. Depending on how long the restart operation takes, the PCE may or may not report the VEN as "inactive."

  • The restart operation will not trigger the VEN's offline timer.

  • An audit event is logged when the VEN is restarted (see VEN Restart Audit Event). 

  • As the VEN doesn't flush its policy during this restart operation, policy remains in the kernel.

VEN Restart Audit Event

VEN Remote Restart logs an audit event that captures event details.

Go to Troubleshoot > Events.

ven-restart-audit-event.png
To restart a VEN from the PCE

Note

The Restart button is grayed out if the VEN is Suspended or Offline.

  1. Go to Servers & Endpoints > Workoads.

  2. Click the VEN tab.

  3. In the VEN list page, click the VEN you want to restart.

  4. On the VEN's detail page, click Restart.

Shut down VENs

At shutdown, the VEN sends a “goodbye” message to the PCE. The PCE marks the workload as offline and initiates a policy recomputation. After the new policy is distributed throughout the network, the workload without the VEN is effectively isolated from the network.

Linux/AIX/Solaris Workload Shutdown

Platform

Command

Notes

Linux/AIX/Solaris/RHEL/CentOS

illumio-ven-ctl stop

  • Stops all VEN processes.

  • The VEN sends a “goodbye” message to the PCE.

Windows

None needed.

  • Service Control Manager (SCM) stops all VEN services.

  • The VEN sends a “goodbye” message to the PCE.