mccleld
ADSM.ORG Senior Member
Hi Guys,
I wanted to share for posterity my understanding/experience of the FastBack DR Replication mechanism so and encryption lest anyone else be caught out.
o - By default, the FastBack DR mechanism uses FTP to send its data to the FastBack DR Hub.
o - FastBack uses FTP over SSL (aka FTPS, not to be confused with SFTP) when the 'Encryption' check box is selected in the DR Parameters section of the DR Configuration tab in the FastBack Server's General Configuration window.
The FTP Server component of IIS 6.0 that is shipped with Windows 2003 does *not* support FTPS (FTP over SSL). However, 3rd party FTP Server tools *do* provide FTP over SSL capabilities, as well as IIS 7.0 and 7.5 version shipped with Windows 2008 and Windows 2008 R2.
The error that I'm seeing (which has prompted this) is where DR fails once Encryption is checked and the FTP Server (IIS on Win2K3) doesn't support FTPS - the "c:\Documents and Settings\All Users\Application Data\Tivoli\TSM\FastBack\dr\FAST_BACK_DR_PH1_040.sf" file reveals AFS::FTP CONNECTION ERROR: address:'x.x.x.x', port:21, user:'x', err='Unable to establish security context for this session' - there is nothing further in the FastBack Server Log itself other than the undescriptive 'DR Policy ... failed'.
I found this to be remarkably unclear in the FastBack Deployment Redbook, the suggestion being that the Windows FTP Server would support encrypted replication. The FastBack Installation and User Guide does make general statements that the FTP Server must support encryption, but doesn't anywhere mention FTPS (instead using its longer name FTP over SSL).
_________________
David McClelland
London, UK
I wanted to share for posterity my understanding/experience of the FastBack DR Replication mechanism so and encryption lest anyone else be caught out.
o - By default, the FastBack DR mechanism uses FTP to send its data to the FastBack DR Hub.
o - FastBack uses FTP over SSL (aka FTPS, not to be confused with SFTP) when the 'Encryption' check box is selected in the DR Parameters section of the DR Configuration tab in the FastBack Server's General Configuration window.
The FTP Server component of IIS 6.0 that is shipped with Windows 2003 does *not* support FTPS (FTP over SSL). However, 3rd party FTP Server tools *do* provide FTP over SSL capabilities, as well as IIS 7.0 and 7.5 version shipped with Windows 2008 and Windows 2008 R2.
The error that I'm seeing (which has prompted this) is where DR fails once Encryption is checked and the FTP Server (IIS on Win2K3) doesn't support FTPS - the "c:\Documents and Settings\All Users\Application Data\Tivoli\TSM\FastBack\dr\FAST_BACK_DR_PH1_040.sf" file reveals AFS::FTP CONNECTION ERROR: address:'x.x.x.x', port:21, user:'x', err='Unable to establish security context for this session' - there is nothing further in the FastBack Server Log itself other than the undescriptive 'DR Policy ... failed'.
I found this to be remarkably unclear in the FastBack Deployment Redbook, the suggestion being that the Windows FTP Server would support encrypted replication. The FastBack Installation and User Guide does make general statements that the FTP Server must support encryption, but doesn't anywhere mention FTPS (instead using its longer name FTP over SSL).
_________________
David McClelland
London, UK