san
11 Topicsmulti-domain with client-ssl profile set using SNI option
Hello, Currently, we are using SNI successfully, with single certificates. Now, we have a requirements which I don't know how to address : using multi-domains certificates (SAN) So, i have my default SNI multi-domain, which is easy to set, how can I set secondary SNI option? How can I configurred the server-name parameter with the extra URL inside the second multi-domain cert? VIP default SNI - multi-domain.cert second SNI cert - multi-domain2 server-name = ????? third SNI cert - multi-domain3 server-name = ????? thank you and be safe JSolved874Views0likes1CommentAuthentication name in server ssl profile and SAN field
Hello In a SSL server profile, the FQDN name in the field 'Authenticate Name' is compare only to the CN field of the certificate ? Or the SAN (Subject Alternative Names) field of the certificate is also compared ? We have exchanges with a company actually presenting a certificate " *.company.com ". So actually, we authenticate the server with " *.company.com " in the Authenticate Name field of the SSL server profile. They will soon modify their certificate with CN " company.com " and put " *.company.com " in the SAN part of the certificate. How the SSL server profile will handle this ? SSL will fail because the CN of the certificate is not equal to the Authenticate Name field in the profile ? Or SSL will be ok because the SAN field handle a name equal to the Authenticate Name field of the profile ? Thank you. Fred327Views0likes1CommentHow can I configure Server SSL Profiles to connect to different URLs on the same server?
Hi, We have a web server which has two sites published on it via a single Virtual Server on the BIG-IP: site1.domain.uk site2.domain.uk Our security policy dictates that we must encrypt the connections between the user and the BIG-IP and between the BIG-IP and the web server. We initially purchased a SAN certificate with site1.domain.uk and site2.domain.uk on it (site1.domain.uk is the default name). We have tried various methods of getting the end to end connectivity working with a user connecting using both URLs but all have failed. Can anyone provide any guidance on how to achieve this?Solved2.2KViews0likes19CommentsSAN Certificate Troubleshooting
Hello, I have a SAN Certificate and installed to BIG IP TL2000.The certificate was imported as pfx but i also tried to convert and installed as .pem file to BIG IP. The problem is i can not use the Client SSL profile for this certificate. The certificate has 3 sundomains as 1.xyz.com,2.xyz.com,3.xyz.com Any help appreciated. Thank You207Views0likes1Commentcharacter limit f5 subject alternative name
Guys I am having issue creating .csr in f5. Do we have limit on character for Subject Alternative names? we have 1111 characters including spaces on Subject alternative name however it has an error " error occurred while processing your request". But when I delete few domains about 2 it was successful :( Please help Thanks440Views0likes5CommentsIn D&D Parlance, Your Network is Already Converged.
For decades now, the game Dungeons and Dragons has suffered from what is commonly called “Edition Wars”. When the publisher of the game releases a new version, they of course want to sell the new version and stop talking about the old – they’re a business, and it certainly does make the ability to be profitable tough if people don’t make the jump from version X to version Y. Problem is that people become heavily invested in whatever version they’re playing. When Fourth Edition was released, the MSRP on just the three books required to play the game was $150 or thereabout. The price has come down, and a careful shopper can get it delivered to their home for about half of that now… But that’s still expensive considering that there is only enough to play with those books if you invest a significant amount of time in preparing the game before-hand. So those who have spent hundreds or even thousands of dollars on reference material for the immediately previous edition are loath to change, and this manifests as sniping at the new edition. This immediately raises the ire of those who have made the switch, and they begin sniping about your preferred edition. Since “best” is relative in any game, and more so in a Role Playing Game, it is easy to pick pieces you don’t like out of any given edition and talk about how much better your chosen edition of the game is. And this has gone on for so long that it’s nearly a ritual. New version comes out, people put up their banners and begin nit-picking all other versions. I have a friend (who goes by DungeonDelver in most of his gaming interactions) who is certain that nothing worthy has come out since the release of the original Tactical Studies Rules box set in the early seventies, and other friends who can’t understand why anyone would play those “older versions” of the game. For those not familiar with the industry, “threetard” was coined to talk about those who loved third Edition, for example. While not the worst flame that’s coursed through these conversations, for a while there it was pervasive. And they all seem to miss the point. Each Edition has had good stuff in it, all you have to do is determine what is best for you and your players, and go play. Picking apart someone else’s version might be an entertaining passtime, but it is nowhere near the fun that actually playing the game is. Whatever version of the game. Because in the end, they all are the same thing… games designed to allow you to take on the persona of a character in a fantastical world and go forth to right the wrongs of that world. A similar problem happens almost daily in storage, and though it is a bit more complex than the simple “edition wars” of D&D, it is also more constant. We have different types of storage – NAS, SAN, DAS – different protocols and even networks – iSCSI, FCoE, FC, CIFS, etc – different vendors trying to convince you that their chosen infrastructure is “best”, and a whole lot of storage/systems admins that are heavily invested in whatever their organization uses for primary storage. But, like the edition wars, there is no “right” answer. I for one would love to see a reduction in options, but that is highly unlikely unless and until customers vote definitively with their dollars. The most recent example is the marketing push for “converged networking”. That’s interesting, I could have sworn we were already sending both data (NAS/iSCSI/FCoE) and communications over our IP connections? Apparently I was wrong and I need this new expensive gizmo to put data on my network… And that’s just the most recent example. Some simple advice I’ve picked up in my years watching the edition wars… Look at your environment, look at your needs, and continue to choose the storage that makes sense for the application. Not all environments and not all applications are the same, so that’s a determination you need to make. And you should make it vendor-free. Sure some vendors would rather sell you a multi-million dollar SAN with redundancy and high availability, and sure some other vendors want to drop a NAS box into your network and then walk away with your money. They’re in the business of selling you what they make, not necessarily what you need. The what you need part is your job, and if you’re buying a Mercedes where a Hyundai would do, you’re doing your organization a dis-service. Make sure you’re familiar with what’s going on out there, how it fits into your org, and how you can make the most out of what you have. RAID makes cheaper disk more appealing, iSCSI makes connecting to a SAN more user-friendly, but both have limits in how much they improve things. Know what your options are, then make a best fit analysis. Me? I chose a Dell NX3000 for my last storage – with iSCSI host. All converged, and not terribly expensive compared to the other similar performing options. But that was for my specific network, with characteristics that show nowhere near the traffic you’re showing right now on your enterprise network, so my solution is likely not your best solution. Oh, you meant the edition wars? I play a little of everything, though AD&D First edition is my favorite and Third Edition is my least favorite. I’m currently playing nearly 100% Castles and Crusades, with a switch soon to AD&D 2nd Edition. Again, they suit what our needs are, your needs are likely to vary. Don’t base your decision upon my opinion, base it on your analysis of your needs. And buy an ARX. They can’t be beat. No, I really believe that, but I only added that in here because I think it’s funny, after telling you to make your decisions vendor-free. ARX only does NAS ;-).171Views0likes0CommentsStore Storing Stored? Or Blocked?
Now that Lori has her new HP TouchSmart for an upcoming holiday gift, we are finally digitizing our DVD collection. You would think that since our tastes are somewhat similar, we’d be good to go with a relatively small number of DVDs… We’re not. I’m a huge fan of well-done war movies and documentaries, we share history and fantasy interests, and she likes a pretty eclectic list of pop-culture movies, so the pile is pretty big. I’m working out how to store them all on the NAS such that we can play them on any TV on the network, and that got me to pondering the nature of storage access these days. We own a SAN, it never occurred to me to put these shows on it – that would limit access to those devices with an FC card… Or we’d end up creating a share to run them all through one machine with an FC card as a NAS head of sorts. In the long litany of different ways that we store things – direct attached or networked, cloud or WAN, Object store or hierarchical – the one that stands out as the most glaring, and the one that has traditionally gotten the most attention is file versus block. For at least a decade the argument has raged between which is more suited to enterprise use, while most of us have watched from the sidelines and been somewhat bemused by the conversation because the enterprise is using both. As a rule of thumb, if you need to boot from it or write sectors of data to it, you need block. Everything else is generally file. And that’s where I’m starting to wonder. I know there was a movement not too many years ago to make databases file based instead of block based, and that the big vendors were going in that direction, but I do wonder if maybe it’s time for block to retire at the OS level. Of course for old disks to be compatible, the OS would still have to handle block, but setting it to only allow OS-level calls (I know, it’s harder with each release, that’s death by a thousand cuts though) to read/write sectors would resolve much of the problem. Then a VMWare style boot-from-file-structure would resolve the last bit. Soon we could cut our file protocols in half. Seriously, at this point in time, what does block give us? Not much, actually. thin/auto provisioning is available on NAS, high-end performance tweaks are available on NAS, and the extensive secondary network (be it FC or IP) is not necessary for NAS, though there are some cases where throughput may demand it, those are not your everyday case in a world of 1 Gig networks with multi-Gig backplanes on most devices. And 10 Gig is available pretty readily these days. SAN has been slowly dying, I’m just pondering the question of whether it should be finished off. Seriously, people say “SAN is the only thing for high-performance!” but I can guarantee you that I can find plenty of NAS boxes that perform better than plenty of SAN networks – just a question of vendor and connectivity. I’m a big fan of iSCSI, but am no longer sure there’s a need for it out there. Our storage environment, as I’ve blogged before, has become horribly complex, with choices at every turn, many of which are more tied to vendor and profits than needs and customer desires. Strip away the marketing and I wonder if SAN has a use in the future of enterprise. I’m starting to think not, but I won’t declare it dead, as I am still laughing at those who declared tape dead for the last 20 years – and still are, regardless of what tape vendors’ sales look like. It would be hypocritical of me to laugh at them and make the same type of pronouncement. SAN will be dead when customers stop buying it, not before. Block will end when vendors stop supporting it, not before… So I really am just pondering the state of the market, playing devil’s advocate a bit. I have heard people proclaim that block is much faster for database access. I have written and optimized B-Tree code, and yeah, it is. But that’s because we write databases to work on blocks. If we used a different mechanism, we’d get a different result. It is no trivial thing to move to a different storage method, but if the DB already supports file access, the work is half done, only optimizing for the new method or introducing shims to make chunks of files look like blocks would be required. If you think about it, if your DB is running in a VM, this is already essentially the case. The VM is in a file, the DB is in that file… So though the DB might think it’s directly accessing disk blocks, it is not. Food for thought.196Views0likes0CommentsGiven Enough Standards, Define Anarchy
If a given nation independently developed twelve or fourteen governmental systems that all sat side-by-side and attempted to cooperate but never inter-operate, then anarchy would result. Not necessarily overnight, but issues about who is responsible for what, where a given function is best handled, and more would spring up nearly every day. Related Articles and Blogs: NEC’s New I/O Technology Enables Simultaneous Sharing of I/O Storage Area Networking Network Attached Storage SNIA (website) HP Flexfabric Gets Raves from Storage Networking Vendors178Views0likes0CommentsTaking the Final Server Virtualization Steps
There is a trend in the high-tech industry to jump from one hot technology to another, without waiting for customers to catch up. We’re certainly seeing it with Cloud, there are people out there pushing the “everyone else is doing it and gaining agility!” button every day. But you’re not there yet. Part of the reason you’re not there yet is that virtualization is still growing up. Between VM sprawl, resource over-utilization, virtual versus physical infrastructure, and the inherent task of IT to continue to support the business as it sits today, there isn’t a ton of time left for hopping on the Cloud bandwagon. And some of these things – VM Sprawl and resource over-utilization for example – counter-indicate a move to Cloud, simply because they are situations that will cost you money if you do them on a platform that charges you by the rate of transfer or number of VMs. As Lori so aptly put it in one of her blogs, if you can’t manage it internally, you can’t manage it externally either. Related Articles and Blogs Virtual Sprawl is Not the Real Problem The Virtual Virtualization Case Studay Is VM Stall The Next Big Virtualization Challenge The Best Virtualization Joke Ever (no, it really is a joke) Virtualization’s Downsides Virtualization Planning: 4 Systems Management Keys to Success163Views0likes0CommentsThe Problem With Storage Growth is That No One Is Minding the Store
In late 2008, IDC predicted more than 61% Annual Growth Rate for unstructured data in traditional data centers through 2012. The numbers appear to hold up thus far, perhaps were even conservative. This was one of the first reports to include the growth from cloud storage providers in their numbers, and that particular group was showing a much higher rate of growth – understandable since they have to turn up the storage they’re going to resell. The update to this document titled World Wide Enterprise Systems Storage Forecast published in April of this year shows that even in light of the recent financial troubles, storage space is continuing to grow. Related Articles and Blogs Unstructured Data Will Become the Primary Task for Storage Our Storage Growth (good example of someone who can’t do the above) Tiered Storage Tames Data Storage Growth says Construction CIO Data Deduplication Market Driven by Storage Growth Tiering is Like Tables or Storing in the Cloud Tier177Views0likes0Comments