Code Signing Hanging Issues Due to TCP Connection Failures

AppViewX is installed on an Azure Virtual Machine (VM) and communicates with a Fortanix Hardware Security Module (HSM) through an Azure Firewall.

In this architecture, the Azure Firewall may terminate idle TCP sessions based on its TCP connection timeout configuration. If there is no continuous traffic between AppViewX and the HSM, the firewall can disconnect the active TCP connection. This behavior may result in intermittent code signing hangs, session interruptions, or communication failures during signing operations.

The troubleshooting steps help identify and resolve TCP connection timeout-related issues affecting connectivity between AppViewX and the Fortanix HSM.

Deployment Flow

AppViewX → Azure VM → Azure Firewall → Fortanix HSM

Note:
  • This deployment model is recommended only for low-volume signing operations.
  • For high-volume or continuous signing workloads, contact the support team for architecture recommendations and performance optimization.
  • This guidance is specifically applicable to Fortanix HSM integrations.

Post-upgrade steps for CC in SaaS Environments

  1. Navigate to the tools directory.
    1. Open the Cloud Connector installation directory.
    2. Navigate to deps/tools.
  2. List all pods in the cc namespace to identify the relevant pod. 
    ./k3s kubectl get pods -n cc
  3. Identify and Edit the Relevant Pod:
    1. Identify the pod that starts with "avx-mid-server-platform".
    2. Run the following command to open the deployment for editing. 
      ./k3s kubectl edit deploy avx-mid-server-platform -n cc
  4. Modify the Configuration:
    1. In the opened file, locate the following line. 
      -Davx_property_file_path=/appviewx/dependencies/properties/appviewx.properties
    2. Immediately after that line, add the following line. Do not include quotation marks. 
      -DHSM_PER_OPERATION_SESSION_ENABLED=TRUE
  5. Save the changes.
    1. Press I to enter insert mode and make the required changes.
    2. Press Esc, type :wq, and then press Enter to save and exit.
  6. Verify that the pod restarts and comes back online.

    Run the following command to watch the pod status in real time.

    ./k3s kubectl get pods -n cc -w

    Wait until the pod status returns to Running before continuing.

Post-upgrade steps for Plugins/Installation of AppViewX in On-Prem Environments

  1. Navigate to the AppViewX installation directory.
  2. List all pods in your configured namespace to identify the relevant pod.

    Replace <namespace> with your AppViewX namespace.

    kubectl get pods -n <namespace>
  3. Edit the avx-platform-hsm deployment.
    1. In the output from the previous step, identify the pod whose name starts with avx-platform-hsm.
    2. Run the following command to open the deployment for editing. Replace <namespace> with your AppViewX namespace. 
      kubectl edit deploy avx-platform-hsm -n <namespace>
  4. Add the HSM parallelism JVM argument to the deployment configuration.
    1. In the opened file, locate the following line. 
      -Davx_property_file_path=/appviewx/dependencies/properties/appviewx.properties
    2. Immediately after that line, add the following line. Do not include quotation marks. 
      -DHSM_PER_OPERATION_SESSION_ENABLED=TRUE
  5. Save the changes.
    1. Press I to enter insert mode and make the required changes.
    2. Press Esc, type :wq, and then press Enter to save and exit.
  6. Verify that the pod restarts and comes back online.

    Run the following command to watch the pod status in real time. Replace <namespace> with your AppViewX namespace.

    kubectl get pods -n <namespace> -w

    Wait until the pod status returns to Running before continuing.