TCP Connection Failures (High Volume Signing Operations)

In this architecture, network firewalls or intermediate network devices may terminate idle TCP sessions based on their connection timeout configurations. If there is no continuous traffic between AppViewX and the HSM, the active TCP connection may be disconnected. This behavior can result in intermittent code signing hangs, session interruptions, or communication failures during signing operations.

The troubleshooting steps help identify and resolve TCP connection timeout-related issues affecting connectivity between AppViewX and the Fortanix HSM.

Deployment Flow

AppViewX → VM → Firewall/Proxy/NAT Gateway → Fortanix HSM

Note: This guidance is specifically applicable to Fortanix HSM integrations.

Post-upgrade steps for CC in SaaS Environments

  1. Navigate to the tools directory.
    1. Open the Cloud Connector installation directory.
    2. Navigate to deps/tools.
  2. List all pods in the cc namespace to identify the relevant pod. 
    ./k3s kubectl get pods -n cc
  3. Identify and Edit the Relevant Pod:
    1. Identify the pod that starts with "avx-mid-server-platform".
    2. Run the following command to open the deployment for editing. 
      ./k3s kubectl edit deploy avx-mid-server-platform -n cc
  4. Modify the Configuration:
    1. In the opened file, locate the following line. 
      -Davx_property_file_path=/appviewx/dependencies/properties/appviewx.properties
    2. Immediately after that line, add the following line. Do not include quotation marks. 
      -DHSM_SESSION_POOL_ENABLED=TRUE
  5. Save the changes.
    1. Press I to enter insert mode and make the required changes.
    2. Press Esc, type :wq, and then press Enter to save and exit.
  6. Verify that the pod restarts and comes back online.

    Run the following command to watch the pod status in real time.

    ./k3s kubectl get pods -n cc -w

    Wait until the pod status returns to Running before continuing.

Post-upgrade steps for Plugins/Installation of AppViewX in On-Prem Environments

  1. Navigate to the AppViewX installation directory.
  2. List all pods in your configured namespace to identify the relevant pod.

    Replace <namespace> with your AppViewX namespace.

    kubectl get pods -n <namespace>
  3. Edit the avx-platform-hsm deployment.
    1. In the output from the previous step, identify the pod whose name starts with avx-platform-hsm.
    2. Run the following command to open the deployment for editing. Replace <namespace> with your AppViewX namespace. 
      kubectl edit deploy avx-platform-hsm -n <namespace>
  4. Add the HSM parallelism JVM argument to the deployment configuration.
    1. In the opened file, locate the following line. 
      -Davx_property_file_path=/appviewx/dependencies/properties/appviewx.properties
    2. Immediately after that line, add the following line. Do not include quotation marks. 
      -DHSM_SESSION_POOL_ENABLED=TRUE
  5. Save the changes.
    1. Press I to enter insert mode and make the required changes.
    2. Press Esc, type :wq, and then press Enter to save and exit.
  6. Verify that the pod restarts and comes back online.

    Run the following command to watch the pod status in real time. Replace <namespace> with your AppViewX namespace.

    kubectl get pods -n <namespace> -w

    Wait until the pod status returns to Running before continuing.