5 0 0:Disabling unsecure transport modes
To protect your data traffic against theft and other threats it is highly recommended to use the HTTPS protocol for transferring data over the network.
SEP sesam now supports HTTPS protocol for all control commands and network traffic. The HTTP and FTP interfaces can be switched off and all data traffic is performed over HTTPS interfaces.
Before you can disable HTTP and FTP interfaces, make sure to check existing tasks and events (backups, restores or migrations) and move them to HTTPS interfaces if necessary. You cannot remove an interface that is still in use.
|On Windows systems with a CPU that does not support AVX, the Sesam Transfer Protocol Server (STPD) automatically disables the HTTPS port. Consequently, the TLS key and certificate cannot be created. For more information refer to Known issues and limitations in version 5.0.0 Jaglion.|
Deactivating the unsecure interfaces
To deactivate the HTTP and FTP interfaces and move the traffic to HTTPS, you need to disable the ports on the SEP sesam Server and all RDS and then remove the interfaces in SEP sesam configuration.
Disable the HTTP and FTP ports
- Locate the <sesam_var>/ini/stpd.ini file on the SEP sesam Server and on each RDS.
- Open the stpd.ini file using a text editor and comment out the unsecure ports (add the # symbol at the beggining of the row):
[STPD_Server] # STPD_PORT=11001 # STPD_HTTP_PORT=11000 STPD_HTTPS_PORT=11443Only HTTPS port 11443 remains active.
- Save your changes and restart the server for the changes to take effect.
Remove the HTTP and FTP interfaces
On SEP sesam Server and all RDS you can remove all unsecure interfaces that use HTTP or FTP protocols.
- In the Main selection -> Components -> Topology, locate and right-click your SEP sesam Server and select Properties.
- In the list of configured interfaces delete the unsecure interfaces you no longer want to use.
- Click Apply to save the changes.
- Repeat this procedure also for all RDS as required.
If an existing task or event (backup, restore or migration) still uses the interface you want to remove, a warning is displayed and SEP sesam does not delete the interface.
In this case find the task or event using this interface and switch it to a secure interface. You can also empty the Interface field (select blank value) to use any of available interfaces configured on the SEP sesam Server.
Setting HTTPS as default when aborting active data transfer
By default, SEP sesam always aborts data transfer (backup, restore, migration) over FTP. When you disable the port 11001, which is used for FTP traffic, these commands no longer work. You can set a global variable to use the HTTPS transport mode to abort an active data transfer.
- In the menu bar, click Configuration -> Defaults -> Settings.
- Click [+] to add the following key to the global settings (or modify the key value, if it already exists): gv_conf_use_com_stpd_kill|https|sesam
where value=https means that the HTTPS protocol is used for aborting active data transfers and sesam is the user name.