ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] v7.1.8/8.1.2 SSL Upgrade: Rethinking servers first or clients first

2018-03-02 14:47:31
Subject: Re: [ADSM-L] v7.1.8/8.1.2 SSL Upgrade: Rethinking servers first or clients first
From: Fernando Florentino <fernando.florentino AT GMAIL DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Fri, 2 Mar 2018 16:45:37 -0300 
In some cases, I have to copy cert256.arm from Spectrum instance directory
and copy to server client to register manually.

On Thu, Mar 1, 2018 at 9:59 PM, Deschner, Roger Douglas <rogerd AT uic DOT edu>
wrote:

> I've been using our test setup for further testing, and I'm thinking of
> reversing my strategy. I may want to upgrade clients first, and then
> servers.
>
> The basic issue is still how to overcome the roadblock of having an
> Administrator ID automatically switched from TRANSITIONAL to STRICT upon
> first login from a 7.1.8/8.1.2+ dsmadmc client. IBM seems to think we can
> upgrade all servers and all clients to 7.1.8/8.1.2+ simultaneously. That is
> not practical.
>
> In the worst case, this automatic switching could cause the System
> Administrator's worst nightmare - to lose control over a running system.
>
> I am still considering the (very ugly) bypass of an administrative
> schedule that sets it back to TRANSITIONAL for all Admin IDs every 5
> minutes. There will still be some failures.
>
> But I am also considering reversing the strategy I had considered earlier,
> to a different strategy of upgrading all of the clients involved (about 7
> of them, I think, but I'm not sure) to 7.1.8 or 8.1.4 first, while the
> servers are all still running older versions. So far, everything would be
> working.
>
> Then doublecheck that there are not any left behind by scanning activity
> logs, the summary file, etc.
>
> Then once the operation of these clients was stabilized, upgrade our 4
> servers one at a time. As each server is upgraded, the already-updated
> client would cause certificates to be exchanged and that Admin ID to be
> switched to STRICT, which would be OK since all of the client nodes where
> that Admin ID might log in from would already be at V7.1.8/8.1.2+. (At
> least we hope. This may expose those we forgot.)
>
> Unless I'm overlooking something big here, I think this would allow us to
> upgrade each client and each server independently, and iron out any issues
> one at a time. Any comments on this client-first strategy?
>
> Roger Deschner
> University of Illinois at Chicago
> "I have not lost my mind; it is backed up on tape somewhere."
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] [EXTERNAL] v7.1.8/8.1.2 SSL Upgrade: Rethinking servers first or clients first, Rhodes, Richard L.
Next by Date:  [ADSM-L] Operations Center 8.1.4 - Client Package Download using Proxy, Uwe Schreiber
Previous by Thread:  Re: [ADSM-L] [EXTERNAL] v7.1.8/8.1.2 SSL Upgrade: Rethinking servers first or clients first, Rhodes, Richard L.
Next by Thread:  Re: [ADSM-L] v7.1.8/8.1.2 SSL Upgrade: Rethinking servers first or clients first, Loon, Eric van (ITOPT3) - KLM
Indexes:  [Date] [Thread] [Top] [All Lists]
ADSM.ORG Privacy and Data Security by KimLaw, PLLC