• Please help support our sponsors by considering their products and services.
    Our sponsors enable us to serve you with this high-speed Internet connection and fast webservers you are currently using at ADSM.ORG.
    They support this free flow of information and knowledge exchange service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions
  • Community Tip: Please Give Thanks to Those Sharing Their Knowledge.

    If you receive helpful answer on this forum, please show thanks to the poster by clicking "LIKE" link for the answer that you found helpful.

  • Community Tip: Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING)

    Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.

More SSL fun stuff

Mita201

ADSM.ORG Senior Member
#1
I have noticed that since SSL is mandatory for ISP client server communication (8.1.4 or 7.1.8) if you have two ISP servers that replicates, and if you want to shut down primary and to test if (new) client can communicate with other server for restore - it can't. You need to manually import SSL certificate of other server to client keystore first.
Which is not very clever solution.
Not a question, just noticing....
 

ILCattivo

ADSM.ORG Senior Member
#2
Hi Mita201,

Have you tested that scenario with a variety of client versions?

What about clients which are pre- v7.1.8, that communicate to a replicating server environment at v7.1.8 & 8.1.2 and above, which connect via TCP/IP?
 

Mita201

ADSM.ORG Senior Member
#3
Older clients are ok, since they are not forced to use SSL. Clients 8.1.2 and newer, and 7.1.8 are clients with problems. Actually, these new clients (at least 8.1.x) will do certificate exchange with primary server without intervention, and they will update their dsm.opt (or dsm.sys) with address of the secondary server as alternative, but once they need to access it, they will not be able to, nor they will import SSL cert of the secondary server automatically.
 

ILCattivo

ADSM.ORG Senior Member
#4
Older clients are ok, since they are not forced to use SSL. Clients 8.1.2 and newer, and 7.1.8 are clients with problems. Actually, these new clients (at least 8.1.x) will do certificate exchange with primary server without intervention, and they will update their dsm.opt (or dsm.sys) with address of the secondary server as alternative, but once they need to access it, they will not be able to, nor they will import SSL cert of the secondary server automatically.
Hmmm, thanks for the info.

That certainly doesn't sound good or has not been thought out very well from a DR standpoint since the intro of 7.1.8 & 8.1.2.

I can see many admins now rushing around their newer client versions, importing the cert for the secondary server to avoid this issue in the event of DR.

Oh, well.. things like this keep us all in a job I guess.. ;0)
 

Advertise at ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

UpCloud high performance VPS at $5/month

Get started with $25 in credits on Cloud Servers. You must use link below to receive the credit. Use the promo to get upto 5 month of FREE Linux VPS.

The Spectrum Protect TLA (Three-Letter Acronym): ISP or something else?

  • Every product needs a TLA, Let's call it ISP (IBM Spectrum Protect).

    Votes: 9 20.5%
  • Keep using TSM for Spectrum Protect.

    Votes: 23 52.3%
  • Let's be formal and just say Spectrum Protect

    Votes: 8 18.2%
  • Other (please comement)

    Votes: 4 9.1%

Forum statistics

Threads
31,078
Messages
132,323
Members
21,276
Latest member
tion1976
Top