More SSL fun stuff

Mita201

Mita201

ADSM.ORG Senior Member
Joined
Apr 20, 2006
Messages
601
Reaction score
31
Points
0
Location
Beograd, Serbia
I have noticed that since SSL is mandatory for ISP client server communication (8.1.4 or 7.1.8) if you have two ISP servers that replicates, and if you want to shut down primary and to test if (new) client can communicate with other server for restore - it can't. You need to manually import SSL certificate of other server to client keystore first.
Which is not very clever solution.
Not a question, just noticing....
 
Hi Mita201,

Have you tested that scenario with a variety of client versions?

What about clients which are pre- v7.1.8, that communicate to a replicating server environment at v7.1.8 & 8.1.2 and above, which connect via TCP/IP?
 
Older clients are ok, since they are not forced to use SSL. Clients 8.1.2 and newer, and 7.1.8 are clients with problems. Actually, these new clients (at least 8.1.x) will do certificate exchange with primary server without intervention, and they will update their dsm.opt (or dsm.sys) with address of the secondary server as alternative, but once they need to access it, they will not be able to, nor they will import SSL cert of the secondary server automatically.
 
Mita201 said:
Older clients are ok, since they are not forced to use SSL. Clients 8.1.2 and newer, and 7.1.8 are clients with problems. Actually, these new clients (at least 8.1.x) will do certificate exchange with primary server without intervention, and they will update their dsm.opt (or dsm.sys) with address of the secondary server as alternative, but once they need to access it, they will not be able to, nor they will import SSL cert of the secondary server automatically.
Click to expand...

Hmmm, thanks for the info.

That certainly doesn't sound good or has not been thought out very well from a DR standpoint since the intro of 7.1.8 & 8.1.2.

I can see many admins now rushing around their newer client versions, importing the cert for the secondary server to avoid this issue in the event of DR.

Oh, well.. things like this keep us all in a job I guess.. ;0)
 
Mita,
Thanks for the info. Something to look forward to whenever I bite the bullet and go up a level.
 
You must log in or register to reply here.

Data Privacy Impact Assessment

Compliance Assurance in Every Byte: Discover the Impact of Our DPIA Services.

Sponsor ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

Navigation Menu

Forums
   IBM TSM
   EMC Backup and Recovery
   Symantec NetBackup  
   SAN  
   NAS
   Platforms / OS
Mailing List Archives
   ADSM-L
User Groups

NordVPN 3 Months FREE

Help Support ADSM.ORG and Get NordVPN with 64% Off and 3 Months FREE.

NordVPN with 64% off + 3 months FREE

Forum statistics

Threads
31,969
Messages
135,437
Members
21,949
Latest member
tsheli
Back
Top