Known issues and limitations

This topic lists some of the known issues and limitations of IBM Hyper Protect Virtual Servers.

Known issues and limitations with IBM Hyper Protect Virtual Servers Versions,, 1.2.7,, or 1.2.6

  • If the image is signed by Docker Content Trust and is present in ICR, then the verification of it's signature is not supported.
  • When you are running applications on virtual servers that are using non-passthrough quotagroups, it is recommended that you monitor the available datapool size by using the hpvs quotagroup show command, and update the size by 5 GB when the size of the datapool is less than 1 GB. You can use the hpvs quotagroup update command to increase the size of the datapool.
  • The snapshots of a Hyper Protect Virtual Server container can be created only on the same Secure Service Container partition that the server instance resides.
  • You can use IBM Hyper Protect Virtual Servers only with Docker Hub or IBM Cloud Container Registry.
  • IBM Cloud Container Registry (ICR) supports only Red Hat signing of the images.
  • You must restart the Hyper Protect Virtual Server container after you revert a snapshot of the Hyper Protect Virtual Server container.
  • Secure Build requires that the private key, used to secure access to the source Github repository, does not have a passphrase.
  • IBM Cloud Object Storage service is supported only for archiving application manifest files.
  • Backup and restore of encrypted credentials used by the Secure Build container can only be supported by using Hosting Appliance snapshots.
  • The monitoring infrastructure collects metrics only from the Hyper Protect hosting appliance and Secure Service Container partition.
  • When using ep11 for text file encryption, the text file size architectural limit is 4MB.
  • You must not delete the contents of the installation directory after you have run the script. The creates a working directory that contains images which are symbolic links pointing to the images in the extracted directory. If you delete the contents of the installation directory, you cannot run the hpvs commands and must repeat the process of downloading and extracting the images.
  • You cannot create a snapshot of virtual servers that are configured with passthrough quotagroups.
  • You cannot retrieve snapshots from virtual servers that have been deleted.
  • You cannot create snapshots of a virtual server that has multiple quotagroups attached when any of them is a passthrough quotagroup.
  • If you create a snapshot for a virtual server with passthrough and non-passthrough quotagroups, that results in an error, then you cannot delete the snapshot and the virtual server.
  • When specifying the size for the quotagroup, you must not use decimal notation. For example, use 1800 MB instead of 1.8GB.
  • If you had used quotagroup parameters when creating a virtual server, then you must provide those values as parameters when you want to update the virtual server.
  • If you update a virtual server without specifying the volume details, those volumes are detached from the virtual server that was used during virtual server creation and the virtual server will be in the restarting state. You can delete the virtual server but you cannot delete the quotagroup, from which the volumes were assigned to the virtual server.
  • The snapshots of a Hyper Protect virtual server container can be created only on the same Secure Service Container partition that the server instance resides in.