batch transcripts
This commit is contained in:
BIN
out/880858572/audio.mp3
Normal file
BIN
out/880858572/audio.mp3
Normal file
Binary file not shown.
177004
out/880858572/transcript.json
Normal file
177004
out/880858572/transcript.json
Normal file
File diff suppressed because one or more lines are too long
971
out/880858572/transcript.txt
Normal file
971
out/880858572/transcript.txt
Normal file
@@ -0,0 +1,971 @@
|
||||
# Transcript: 880858572
|
||||
# URL: https://vimeo.com/880858572
|
||||
# Duration: 4408s (73.5 min)
|
||||
|
||||
[0:02] Group, and I suspect we'll have another one in a few weeks because it looks like we had some communication issues with this one.
|
||||
[0:10] So
|
||||
[0:13] who wants to start? So if you I don't know if you had been on one of those before, but these are question and answer sessions.
|
||||
[0:20] You basically ask anything you need or want to know about ST,
|
||||
[0:24] and then
|
||||
[0:25] we talk about that.
|
||||
[0:28] If you have
|
||||
[0:30] if we talk about the topic you're interested in, even if you didn't ask the question originally,
|
||||
[0:35] feel free to chime in. Because it's such a small session,
|
||||
[0:42] I'll probably just be calling on both of you all the time to see if we are okay and if something else is needed. And, Ryan, you go first.
|
||||
[0:50] I have only one request. When you ask the question,
|
||||
[0:54] just mention what version of ST you are running and what kind of cluster you are running because it will
|
||||
[1:01] help answer some questions. So go ahead.
|
||||
[1:05] No worries. Thank you. So I'm from
|
||||
[1:09] Queensland shared services.
|
||||
[1:11] We have
|
||||
[1:12] s t 5.5
|
||||
[1:15] with the August patch in sorry,
|
||||
[1:18] with the May patch installed, and we're about to go to the August patch.
|
||||
[1:22] We have a few challenge we're running
|
||||
[1:25] on on premise on Red Hat server with
|
||||
[1:31] cluster
|
||||
[1:32] with two edges and two streaming to two STs
|
||||
[1:37] with active passive
|
||||
[1:39] configuration.
|
||||
[1:41] So one of the challenges we're facing
|
||||
[1:44] in the very near future is the end of support for Red Hat seven. And,
|
||||
[1:49] unfortunately,
|
||||
[1:50] given that approaching timeline,
|
||||
[1:53] we've been
|
||||
[1:55] instructed
|
||||
[1:55] just to go to Red Hat eight on premise rather than looking at other options.
|
||||
[2:02] So I guess,
|
||||
[2:03] you know, we did some training earlier in the year and, you know, the containerized versions of secure transport
|
||||
[2:10] using Too early for that. Isn't too
|
||||
[2:13] early. That's what I was gonna say. It was recommended that it's not being really being considered. Is that still the case?
|
||||
[2:20] It's still restricted availability.
|
||||
[2:23] Let's say it like that.
|
||||
[2:24] So Okay. If you need to go there,
|
||||
[2:29] talk to your account executive.
|
||||
[2:31] We'll need R and D in the loop and so on.
|
||||
[2:34] But for the moment, we
|
||||
[2:37] don't really have installations
|
||||
[2:39] like that on the field.
|
||||
[2:42] Let's say, like So
|
||||
[2:44] yeah. If you how
|
||||
[2:48] do I phrase this?
|
||||
[2:49] If you are looking to build an on premise
|
||||
[2:54] streaming
|
||||
[2:55] active passive
|
||||
[2:57] deployment
|
||||
[2:59] with as robust but simple as possible, what would what sort of platform would you be looking at would be your choice?
|
||||
[3:10] Just for building it or for running? I mean, it's Red Hat. Right? For
|
||||
[3:15] running it. Yeah. For to build a a service that can get us through the next couple of years.
|
||||
[3:21] Okay. K. So
|
||||
[3:23] the standard installation, I have both normal mode and silent mode, so you can easily install and so on. And you said you're active passive store standard cluster. Right?
|
||||
[3:34] Yes.
|
||||
[3:36] So I'd just install it as usual.
|
||||
[3:39] You know, forget about containers.
|
||||
[3:41] Forget about all that modern stuff.
|
||||
[3:44] Just install
|
||||
[3:46] just install the servers clean on the platforms
|
||||
[3:49] on the servers, and then
|
||||
[3:52] export your account from the current environment, import them in the new one, and you're back in business.
|
||||
[3:58] That will be the fastest and the cleanest way to go. And in addition,
|
||||
[4:03] this way, you are going to be on a platform
|
||||
[4:06] that have been tested and used extensively everywhere
|
||||
[4:09] as opposed to going for containers,
|
||||
[4:11] which are restricted availability.
|
||||
[4:14] They're actually changing. They're making something that will be called called the cloud edition of ST, which will be a very different deployment wise.
|
||||
[4:23] So
|
||||
[4:24] if you need to jump now, I would just install on the Red Hat and forget about anything else.
|
||||
[4:30] Sorry.
|
||||
[4:31] So
|
||||
[4:32] CloudST,
|
||||
[4:33] are you are you able to expand on that at all? Or
|
||||
[4:36] Another one, it's too early. Basically, what they are doing is our containerized
|
||||
[4:41] approach will be cloud first, although it will not be just for cloud, obviously.
|
||||
[4:46] But the idea is that they're changing some of the architecture that the the way the server is getting set up. So the biggest issue at at the moment, if you take the container approach, the app, which is restrict availability,
|
||||
[4:58] What would they have done is just to grab the whole server as is with all the pieces including the database and show it into a single container,
|
||||
[5:06] which if you know anything about container, you know that this is not how it's supposed to work. Right?
|
||||
[5:12] Mhmm. So they are actually working
|
||||
[5:15] on a separate edition, a separate installation, but a separate deliverable that will be specifically for containers
|
||||
[5:22] and
|
||||
[5:24] and cloud.
|
||||
[5:26] This will not be ready on time for your migration, though.
|
||||
[5:30] So
|
||||
[5:31] if you are waiting for that,
|
||||
[5:33] you'll need to stay on Linux seven for mid
|
||||
[5:36] next year at the earliest, which is way too late. Right?
|
||||
[5:41] So
|
||||
[5:43] as soon as they have the details, there will be a separate session, probably a separate user group in
|
||||
[5:50] the other in
|
||||
[5:51] the other time zones, but we'll talk on this call probably in a few months
|
||||
[5:56] when we have more details. For now, it's one of the things coming. It's not out yet. It's not even the sixth availability at this point.
|
||||
[6:05] It's in the road map.
|
||||
[6:07] So Thank you very much. It's coming.
|
||||
[6:12] As soon as there is more information,
|
||||
[6:15] there will be enough announcements about that. But if you show up on the next call, which will be well, not the one in a couple of weeks that will be replacing what we do the missing people from this one, but probably early next year, I hope to have more information about it. But to get back to what you are asking, just install it straight. Forget about containers. Forget about anything else.
|
||||
[6:37] Just take installation,
|
||||
[6:39] configure it, and then move the accounts. That's all you need.
|
||||
[6:44] Makes sense? Excellent. Thank you very much. Yes. Thank you.
|
||||
[6:47] Okay.
|
||||
[6:49] Anything else from you?
|
||||
[6:53] No. Thank you. Not at the moment. So just out of curiosity, why active passive?
|
||||
[7:02] That's the decision that was made a long time ago before my time, and
|
||||
[7:08] I believe we're locked in license wise unless we wanna go to a subscription
|
||||
[7:13] license. So that's a that's a whole different
|
||||
[7:17] argument that we're having, and it you know, I've been arguing that for two years, and I don't see an end in sight. So
|
||||
[7:24] we're just gonna address that risk of
|
||||
[7:27] end of support of Red Hat seven. So we'll be maintaining, you know, pretty much at like for like.
|
||||
[7:33] I I understood.
|
||||
[7:34] I was just curious because active passive is kinda a disappearing
|
||||
[7:38] beast, especially in The United States.
|
||||
[7:41] Most people are at least active active. So in anytime I hear active passive, I'm like, okay. That's new. That's surprising.
|
||||
[7:48] So okay. Well, keep in mind that most of the new stuff, including the cloud edition or whatever they keep call whatever they it's called later, will probably be subscription only.
|
||||
[8:00] So
|
||||
[8:02] Yeah. I I I'm I'm aware of that, and and that's the way we're we're nudging people slowly. But, unfortunately, it is a very
|
||||
[8:10] slow process.
|
||||
[8:12] Absolutely.
|
||||
[8:13] Okay. So okay. Just install the clean servers,
|
||||
[8:16] and, you know, that will buy you some time at least. And then
|
||||
[8:22] this will also allow you to wait for whatever comes as containers.
|
||||
[8:26] So,
|
||||
[8:27] you know, you might actually be in a better shape. How many accounts do you have in this server?
|
||||
[8:33] Do you know?
|
||||
[8:35] In production,
|
||||
[8:36] just over 200.
|
||||
[8:38] Okay. Not too bad then.
|
||||
[8:40] Okay. Well,
|
||||
[8:42] export import works beautifully.
|
||||
[8:45] Don't try to do system export import. You will not be able to. So, you know, we have two exports. Right? We have the system export, which is configuration, and we have the account export,
|
||||
[8:55] which is the XML file. Only the XML one will work between the environments.
|
||||
[9:01] You will need to redo the configuration manually.
|
||||
[9:05] We did a fresh build and a migrate when we went from 5.14,
|
||||
[9:09] I think, to 5.4.
|
||||
[9:11] Oh, and, yeah, basically, we built up a a fresh environment
|
||||
[9:17] and had it as, a preproduction
|
||||
[9:19] area for testing in that. And then
|
||||
[9:21] on the day, just, you know, migrated everything across, switched off the old one, reappointed out load balances,
|
||||
[9:28] and switched on the new one. So that's the strategy we'll probably employ this time around too.
|
||||
[9:35] Good. That's what I was going to propose anyway.
|
||||
[9:40] Excellent. Thanks. See there are a few things that will actually be a lot more helpful for you this time. The scheduler and the folder monitor can be kept down a lot easier now. You know, we have the new buttons for them.
|
||||
[9:51] So it will be a lot easier for you to to actually start the whole new environment, including TM, test everything
|
||||
[9:57] without the schedulers and folder monitors and so on, and then just turn them on at the time when you need them.
|
||||
[10:05] Unlike the old servers where you in order to disable them, you have to change configuration, and you always move up to percent. Right?
|
||||
[10:13] So
|
||||
[10:14] what but yeah. Okay. Well, good luck with that. Hopefully, it will run clearly.
|
||||
[10:20] The one thing I can tell you is that the XML import export is a lot better in five five than it used to be. As in, it's a lot less likely to develop issues.
|
||||
[10:31] It still can happen, but, you know,
|
||||
[10:34] but it it shouldn't be a problem. And the other thing is depending on how much do you have a lot of user classes and restrictions,
|
||||
[10:42] upload, download restrictions, stuff like that?
|
||||
[10:46] No. It's a very vanilla install, so it's very straightforward.
|
||||
[10:50] If you were sharing, Jenny, I would have pointed out that now we have an API for them, so you don't need to redo them from scratch and all by hand as it was in the old migration,
|
||||
[11:01] which is usual was usually the pain. But if all you have is 200 accounts and almost nothing else, it should be fine.
|
||||
[11:09] One request,
|
||||
[11:10] if I might, I don't know how much traffic you have and so on. Just make sure you don't underpower those machines. You know? Give them enough memory and enough CPU.
|
||||
[11:22] Just some general principle. Right?
|
||||
[11:24] Thank you. Well, we do have
|
||||
[11:27] the example of, you know, the on premise Red Hat seven running the same thing. So,
|
||||
[11:33] yeah, we would we do have that experience, and we'd leverage that and and monitor it as we go as well. How much memory do you have on the boxes where the server is running?
|
||||
[11:44] Do you know? I can't remember off the top of my head. I think it's
|
||||
[11:48] gig on each Yeah. That's what I expected. Bump it.
|
||||
[11:52] If you want a recommendation,
|
||||
[11:54] bump it up a little bit on the new servers.
|
||||
[11:58] Okay. Thank you. Is that specific to Red Hat eight or just a general performance issue?
|
||||
[12:05] So those servers, when you build them initially, they came from five four and so on. Basically, in my experience with five five, sixteen gigabytes
|
||||
[12:13] is basically the bare minimum to actually get something done.
|
||||
[12:18] So I
|
||||
[12:20] and
|
||||
[12:21] eight
|
||||
[12:22] Red
|
||||
[12:23] Hat eight requires a little bit more memory than seven. You know? It always happens that way. So if you can bump them up a little bit, you'll give yourself space to grow.
|
||||
[12:34] So
|
||||
[12:35] just in general, I don't like seeing sixteens anymore anywhere. I just think that they're not adequate
|
||||
[12:41] at this year.
|
||||
[12:43] K. Thank you. Doesn't doesn't mean it won't work. I'm just saying if you still have any saying in that, get some more memory in there.
|
||||
[12:53] So, you know, '24, '34, something like that.
|
||||
[12:57] Okay?
|
||||
[12:59] Okay.
|
||||
[13:01] Arga.
|
||||
[13:03] And we have new people So hey, guys. We're having a little bit of a weird meeting because we think there was miscommunication on mails.
|
||||
[13:12] So Any?
|
||||
[13:13] I I just sent out a reminder to all the all the all all the who are registered.
|
||||
[13:18] Okay. So we might see new people. So for the newcomers,
|
||||
[13:22] welcome. We're happy to have you. It's a smallish meeting. If you had never been on one of them, it's question and answers. If you have a question, raise your hand so I know you want a question.
|
||||
[13:34] And
|
||||
[13:35] okay. Arga, that's you.
|
||||
[13:38] Yeah.
|
||||
[13:41] I've been working in secure transport for, like, around two years now. I'm working for co op client and
|
||||
[13:49] current employee in the PCS.
|
||||
[13:52] Now I'm working on the development part a lot,
|
||||
[13:55] not the
|
||||
[13:57] back end, like, how the
|
||||
[14:00] secure transport application is installed. Although I know, obviously, the architecture, how they're working now.
|
||||
[14:05] As you were speaking about migration
|
||||
[14:08] of the old,
|
||||
[14:09] you know, ST tool, we are also in the phase where ST is being migrated from on prem
|
||||
[14:15] Linux servers to
|
||||
[14:16] the Azure cloud
|
||||
[14:19] environment. Okay.
|
||||
[14:22] So when you say that
|
||||
[14:24] I have other questions just but but just to add on Ryan's questions I wanted to ask. When you say that XML, when we export an account from
|
||||
[14:34] one environment like ST's
|
||||
[14:36] supposed production environment, we we we export the XML one,
|
||||
[14:41] do you think that there will not be any issues with the SSH keys? So many
|
||||
[14:46] of the user accounts which I have created,
|
||||
[14:49] they are authenticated with the client's SFTP servers or any other server with the SSH key. Yep. Now We do we need to raise again generate a a new
|
||||
[15:02] SSH key pair from we don't need to do that?
|
||||
[15:05] No. So
|
||||
[15:07] use so they will work on our site.
|
||||
[15:10] However, if you're moving them to a different IP or something, they might need to do something on the client side if they are the ones connecting to you.
|
||||
[15:19] If we're the ones connecting to them, all you need is to make sure that they are allowing you into their firewalls.
|
||||
[15:25] Okay. Understood. So our keys are not saved or connected to the OS level at all. They're in our database.
|
||||
[15:34] They're only on the SD. So I can grab an account from your environment and move it into my lab, and it will be still it still will be working
|
||||
[15:43] because it's SD.
|
||||
[15:45] Right?
|
||||
[15:46] Now
|
||||
[15:47] if I am the one connecting if ST is the one connecting out Yes. Obviously, if the firewall is closed, I will not be able to get there. But that's have nothing to do with the key. But just moving the key is not a problem.
|
||||
[16:01] If they are the client, depending on what they're using, they and you are changing the IP or the DNS name and so on, they might need to re add the key for the you know, to accept the key again. You know how it works.
|
||||
[16:14] Yes. Other from that,
|
||||
[16:17] no. You don't need to.
|
||||
[16:19] Okay.
|
||||
[16:20] That is helpful.
|
||||
[16:22] One more thing.
|
||||
[16:24] You were talking about API.
|
||||
[16:26] Like, when you Yep.
|
||||
[16:28] Export the account, we you said that there is an API right now. Can you Not for the API.
|
||||
[16:35] It's
|
||||
[16:36] for the user classes and for
|
||||
[16:42] restrictions. So for the a p for the accounts, there is an API. However,
|
||||
[16:47] you need to export the pieces one by one through the API and preassemble on the other side. The XML export is the better way to move whole whole accounts.
|
||||
[16:57] So if you need to move a single transfer site or if you need to move a single key
|
||||
[17:02] or something else from the server using the API is
|
||||
[17:06] okay.
|
||||
[17:07] But if you're moving whole accounts or all of your accounts,
|
||||
[17:13] use the XML exporting import export. It's faster.
|
||||
[17:17] It's actually better.
|
||||
[17:18] If you are doing that, please make sure you shut down the audit log because otherwise, it will be slow.
|
||||
[17:25] But other from that
|
||||
[17:28] apart from that, it's pretty straightforward. So if you're moving accounts between environments, if you're moving from your on prem to your cloud, that's the cleanest way. Export the accounts, move them up. If you're using advanced routing, don't forget that you need to move all of the template routes first
|
||||
[17:45] because they need to be there with the same ideas. If
|
||||
[17:50] if there is no template for the advanced routing, like, suppose each and every account is made advanced routing.
|
||||
[17:56] You you are you are still using a template. It may be an empty one, but you're using Yeah. Basic template. And you need to move
|
||||
[18:03] yeah. And you need to move the one from this from the old server into the new one because with routes, we connect based on ID, not based on name.
|
||||
[18:13] So you need to export it and move it up first because otherwise, you will not be able to import the accounts.
|
||||
[18:19] The applications,
|
||||
[18:20] you can call them if as long as they're called the same way, we don't care. We will connect because it's name based.
|
||||
[18:27] But routes are connected based on IDs.
|
||||
[18:30] So if you're using advanced routing, even if you don't have absolutely anything in the template, you need the object itself.
|
||||
[18:38] That
|
||||
[18:42] is helpful. I have few more questions, actually.
|
||||
[18:46] See,
|
||||
[18:47] right now, I'm trying to
|
||||
[18:50] so suppose there is a
|
||||
[18:53] server, a staging legacy server where a where a lot of Linux scripts are running.
|
||||
[18:59] And within those Linux scripts, there are logics.
|
||||
[19:03] I mean, the logic is given for to pick up a file, how many
|
||||
[19:07] minute intervals the files the process will run, the job will run-in, and then it will be
|
||||
[19:14] the the particular interface file will be, you know,
|
||||
[19:18] changed to the destination server or or, I mean, destination system.
|
||||
[19:22] Now I want to replicate the whole this this Linux shell scripts into the secure transport environment because we have something around 600
|
||||
[19:32] interfaces that we need to migrate at this point of time.
|
||||
[19:35] And I'm try just trying to figure out a a process, like, using the external script advanced routing section, How I can do that?
|
||||
[19:44] Don't.
|
||||
[19:45] Don't. Okay.
|
||||
[19:46] Okay. So technically speaking, you can run any script you want over there, but you are going to need to leave it exactly as is, which means all credentials and everything will stay in the script.
|
||||
[19:59] Your performance will be abysmal because,
|
||||
[20:02] you know, each script on its own is you're doing whatever it wants. You cannot use pools. You cannot use secure connections. You will need to build every inside.
|
||||
[20:11] You will need to
|
||||
[20:14] you'll end up basically moving all of this spaghetti that you have, the 600 spaghetti scripts, and just moving them into a new server.
|
||||
[20:22] And as I used to say a few years ago, I still like using that. It's like you were driving a bicycle over there. Now you bought your Mercedes or whatever, you know, big carry boat,
|
||||
[20:33] and you just
|
||||
[20:34] started pedaling
|
||||
[20:37] the Mercedes because you don't know how to drive it. Right? Okay. Okay. The better
|
||||
[20:42] approach is analyze each of those and actually build them natively into the server.
|
||||
[20:49] If you're only doing the first one.
|
||||
[20:51] Yep. If
|
||||
[20:53] you're picking up files and then pushing them somewhere,
|
||||
[20:56] this is pull push. SDK can do that out of the box.
|
||||
[20:59] Right? Okay. Okay.
|
||||
[21:01] So you build up the both directions. You go through advanced routing.
|
||||
[21:06] If you haven't been if you had never worked with advanced routing,
|
||||
[21:10] we do have
|
||||
[21:11] actually, university
|
||||
[21:12] has a class about that. It's paid one, but, you know, it's a class.
|
||||
[21:17] But, also, there is some documentation.
|
||||
[21:18] So start small, but build it. Because
|
||||
[21:22] moving things
|
||||
[21:23] from one place to another
|
||||
[21:25] is the worst way to do migrations, and that's different from what Ryan is doing. Ryan is coming from an ST on a new version going to the same version. He just needs he's just changing
|
||||
[21:35] the OS. Right? He he's not trying to migrate anything.
|
||||
[21:38] In your case,
|
||||
[21:41] moving an old system into the new system by using exactly what the old system uses,
|
||||
[21:46] why are you paying for the new system?
|
||||
[21:49] Absolutely. I understand the point. Right. So
|
||||
[21:52] if
|
||||
[21:53] any of those scripts cannot be migrated cleanly,
|
||||
[21:58] then you can use the external script.
|
||||
[22:02] You know, it exists. Or you you can build a plug in. You also have the pluggable framework where you can build the code in Java so it works better.
|
||||
[22:11] And we had the user group about that about a month ago.
|
||||
[22:14] The recording will be on community, so you can download it and listen to it, or at least listen. I don't know if you can download.
|
||||
[22:20] But
|
||||
[22:22] I would strongly advise to analyze what they're trying to achieve and try to build it into the product first before
|
||||
[22:29] you try to move scripts in. Because I've been through those migrations
|
||||
[22:34] a lot of times through the years. And
|
||||
[22:37] I've seen people that say, oh, we'll just moving them for a week.
|
||||
[22:41] Guess what happens?
|
||||
[22:43] Ten years later, the scripts are still running.
|
||||
[22:46] Oh.
|
||||
[22:47] You will never clean it up.
|
||||
[22:50] So
|
||||
[22:51] No. That the first approach from my end was to analyze and I mean, that's what I've been doing for all the other interfaces
|
||||
[22:58] for the past, you know, few years when I've worked in this team. But I was just thinking, let you know, out of the box if we could do that.
|
||||
[23:06] But as you said, it would not be a very good approach. So I'll You can.
|
||||
[23:11] You can, but you shouldn't. So and that's one thing and that's one thing you need to learn about ST the hard way.
|
||||
[23:19] With ST,
|
||||
[23:20] there is very little things that you cannot do,
|
||||
[23:23] but there is quite a big list of things you shouldn't be doing.
|
||||
[23:27] So it's very
|
||||
[23:28] it's very open. It's almost like a platform, and everyone can play into it. And that's the whole point of the platform. And that's why ST is so
|
||||
[23:37] nice sometimes, and that's why it's so powerful in a lot of ways. But you always pay the price at the end. And I
|
||||
[23:44] know it's easier that way, but if you do it that way,
|
||||
[23:48] you're just moving the problem from one place to another. So what happens if they need to change the password?
|
||||
[23:55] Someone needs to change the script?
|
||||
[23:58] Yes. So we would need another resource
|
||||
[24:01] to be available, like, resource there. Yeah. And you're talking yeah. And you're and you're going to Azure. Right? Azure has access over there. You know,
|
||||
[24:11] accessing the cloud for OS
|
||||
[24:13] access is usually more restricted than on prem.
|
||||
[24:17] Yeah. You don't need to have about 75 permissions just to do that. Instead, if you build your transfer sites, your certificates,
|
||||
[24:24] your routes, something needs to change, it's on the admin. Why?
|
||||
[24:27] You go, you change it, you're done. Plus, you have tracking because think about the scripts. What happens if something goes wrong?
|
||||
[24:35] You'll need to go find figure out where the the errors are, and you don't have the tracking table, and you cannot do reports based on that. You know, all of that funny stuff.
|
||||
[24:46] So don't
|
||||
[24:50] step one,
|
||||
[24:51] try to get it into the server. Step two, if you cannot and do you really, really need it, then go for the scripts.
|
||||
[24:57] But don't default on the script. That would be my biggest advice. So
|
||||
[25:02] okay?
|
||||
[25:04] Absolutely.
|
||||
[25:05] That is helpful.
|
||||
[25:08] There is a few more things, like expression language skills. Like, I've been doing some expression language,
|
||||
[25:14] you know,
|
||||
[25:15] coding in the advanced routing section where you publish
|
||||
[25:18] file as, like
|
||||
[25:19] Yep. You know, deleting, truncating the first 21 characters or replacing it with some other characters and doing all those things. But I want to learn more. So can you please tell me where I could go?
|
||||
[25:30] Like, do you have any classes available for expression language? Like, learning, you were saying that there is a class.
|
||||
[25:37] Not not really. So
|
||||
[25:39] so so here is the point.
|
||||
[25:42] The expression language is
|
||||
[25:45] we have a few 100 variables,
|
||||
[25:47] and then it's just the good old Java JSP language. Nothing
|
||||
[25:52] fancy over there. So we don't really have a class about that. But the best way to learn how to do things is, look to community. There had been a lot of questions through the years with people asking how to do things. So if you look at what people are doing, that will give you ideas.
|
||||
[26:09] Right?
|
||||
[26:11] Look through some of the older recordings. For example, the one I did for last time for APAC,
|
||||
[26:17] I did a workshop on advanced routing, advanced settings.
|
||||
[26:21] We did some code, some stuff there. There were quite a lot of expressions in that one as well. So that will give you some ideas.
|
||||
[26:29] But
|
||||
[26:30] it's not something
|
||||
[26:32] it it's all and in addition, expression language allows
|
||||
[26:36] regex.
|
||||
[26:37] Right? So between regex and expression language, you can do a lot of regex.
|
||||
[26:42] And even if someone tries to build the class,
|
||||
[26:47] they'll probably miss what you need anyway. There is way too many things over there.
|
||||
[26:51] The other thing, though, is and that's just a fair warning.
|
||||
[26:54] Don't overthink it. Sometimes
|
||||
[26:57] when people try to be creative,
|
||||
[26:59] they end up creating something that is not maintainable.
|
||||
[27:04] Yeah. I understand.
|
||||
[27:06] So
|
||||
[27:08] yeah.
|
||||
[27:09] Yeah. That is good advice.
|
||||
[27:11] Last
|
||||
[27:13] that would this is the last question from my end. So there is a
|
||||
[27:17] server.
|
||||
[27:18] So how do we pull multiple files
|
||||
[27:21] from different remote directories from a single SFTP server configured in a transfer site? So can we use yeah. Any
|
||||
[27:30] Can we use anything like an advanced routing, or is there any way to do that? Yes. You can. Let me show you something. Let me see where is my server now. Okay. Let me know when you see my server.
|
||||
[27:42] Yeah.
|
||||
[27:43] You can see it. Right? Yes. Yes. So that's something I showed on the last meeting, and I strongly recommend you to go and find the it's called even more advanced routing was what the session was called.
|
||||
[27:55] But basically,
|
||||
[27:56] we do have a step now.
|
||||
[28:00] Mhmm.
|
||||
[28:02] Pull all files.
|
||||
[28:04] We have a pull from partner step.
|
||||
[28:07] So what you can do is you create a site with whatever download folder you set up. So if you want to pull from 10 different download folders or whatever,
|
||||
[28:18] you need to catch it either when you receive a file or when no files are found. One way I like to set that up is I create the transfer site to be pointing to a fault to a
|
||||
[28:30] Mhmm.
|
||||
[28:31] Folder that doesn't exist or that is always empty,
|
||||
[28:34] that will return
|
||||
[28:37] empty. Right? And then you you you catch it on advanced routing on the subscription.
|
||||
[28:43] Hold on. Okay. It doesn't. So on the subscription, you know how we have
|
||||
[28:49] over here.
|
||||
[28:51] I did here.
|
||||
[28:53] Execute
|
||||
[28:55] route when returns no files.
|
||||
[28:58] Right? So if you check this one, you will go into the routing, but not with the file, but with an error condition. And then you do a conditional route that says if no files were found.
|
||||
[29:10] And then inside of the route,
|
||||
[29:13] you use our new
|
||||
[29:15] best friend, which is the on demand pull step,
|
||||
[29:19] which allows you to override the download folder.
|
||||
[29:24] So
|
||||
[29:26] pull from partner, it is a pluggable step. You need to download it from
|
||||
[29:32] was that the pluggable one or is this the one that was getting cut it automatically?
|
||||
[29:36] It's I don't remember.
|
||||
[29:38] If it's not there in your server and you are May or later,
|
||||
[29:42] then you'll need to download it. But what you do basically is that you can set it up to specify from which folder on the server to download. So if you have 10 folders, you just do 10 of those steps, and you specify into which folder in ST to put it. So it can be either in the same where we are pulling initially or on a second separate folder. And when they go here,
|
||||
[30:04] they Uh-huh. They are as if they came from a scheduler.
|
||||
[30:10] Makes sense?
|
||||
[30:11] Makes sense. Makes sense. And, yes, we do not have this
|
||||
[30:15] step installed in in our server. I have to
|
||||
[30:19] So what version
|
||||
[30:20] are you running?
|
||||
[30:22] 5.5.
|
||||
[30:26] Yeah. 5.5.
|
||||
[30:28] Yeah. But which release?
|
||||
[30:31] Which release? Let me just check on that. So see see here on the top, if it is May or later,
|
||||
[30:38] I I so because
|
||||
[30:40] this is something I did for last time. There are set flow attributes and the send and the pull from partner. I don't remember. One of them is pluggable, the other is not, and I forgot which is which. I think pull from partner is not pluggable, so it should be there. If it's not there, you need to update your server to get it first because it's newish. It came out earlier this year.
|
||||
[31:00] Okay.
|
||||
[31:02] So if if you don't have it, you need to update the server first.
|
||||
[31:08] We
|
||||
[31:09] don't have it actually. No. We don't have So
|
||||
[31:13] you're on earlier version then.
|
||||
[31:15] So you don't need to update
|
||||
[31:19] you don't need to update the server,
|
||||
[31:21] and then it will show up. If you cannot update, then your only option will be to use the API from outside and choose on demand pull from the outside,
|
||||
[31:31] which means not run by ST. Or you can run it with the script from ST, which, you know, we talked about scripts earlier. Yeah.
|
||||
[31:39] But those are your options with the tools.
|
||||
[31:44] Your you know, worst case scenario, just create multiple sites and just run them Yeah. Into separate folders.
|
||||
[31:51] And then on the advanced routing, do publish to account and put them in the same folder so all of them end up in the same place.
|
||||
[31:59] And then do the processing from there.
|
||||
[32:02] That's old style. If you don't want to use the ATS and if you don't have this step yet, that was the old way to do it. You create separate site for each of them,
|
||||
[32:11] then you do the scheduling for each of them into their own folder because you can have only one site per folder. Right?
|
||||
[32:18] But then
|
||||
[32:19] on the processing, you do a publish to account and just move everything into a set into a new folder, the actual subscription folder, and trigger the subscription there from there to the processing.
|
||||
[32:33] The version which I'm using is 5.520220224
|
||||
[32:37] in the bracket 3103.
|
||||
[32:40] Yeah.
|
||||
[32:41] So you said 202201?
|
||||
[32:44] 0224.
|
||||
[32:47] 20220224.
|
||||
[32:50] Yeah. You do realize it's almost two years old. Yes. It's almost two almost two years old. That's And you do realize that you cannot even update it with one step. We only support update within twelve months. So I strongly recommend you actually come to something a bit more modern. So five five is kept in around four years now.
|
||||
[33:10] Update yourself. There had been a lot of new stuff and a lot of stuff that will be very, very helpful that when now that you start playing with advanced routing.
|
||||
[33:18] Absolutely.
|
||||
[33:19] I'll talk talk about it with my, you know, management.
|
||||
[33:22] Talk to them.
|
||||
[33:24] Come over
|
||||
[33:26] this what I have is May, simply because that's what I built everything on. The October release just came out last week.
|
||||
[33:33] So
|
||||
[33:34] if you're moving to something, you know, September, October, something like that is what you want.
|
||||
[33:40] Okay. And it will be two steps. Keep that in mind. When you're updating, you will not be able to update from where you are all the way up because it's more than twelve months. You will need to jump through something.
|
||||
[33:51] So because you're on the February release, the cleanest way might be to jump into January 2023 and from there into the newest.
|
||||
[34:00] You know? You need something. And and it's not to test anything in the January. It's because the way our updates are tested is only for the last 12 releases,
|
||||
[34:10] the last year.
|
||||
[34:12] So
|
||||
[34:14] you you need to jump through.
|
||||
[34:16] Understood.
|
||||
[34:17] Yep. And keep those servers a little better up. And I know that's hard sometimes, but
|
||||
[34:25] I would strongly recommend to plan to update them at least twice a year.
|
||||
[34:29] Okay.
|
||||
[34:30] Because a lot of the things that you will see people recommending and how to do things, you will not be able to do. The last two years had been a lot of development in the advanced routing pieces.
|
||||
[34:42] We had improved a lot.
|
||||
[34:44] Yeah.
|
||||
[34:45] So okay?
|
||||
[34:47] Okay.
|
||||
[34:47] Thank you, Fiona.
|
||||
[34:49] That's
|
||||
[34:50] all for my end. And,
|
||||
[34:52] Ho Hung, just put in the chat the link to the even more advanced routing
|
||||
[34:57] recording.
|
||||
[34:58] So that's one of them. There is also another one that was for The US. Same same material, different questions, different scenarios from people.
|
||||
[35:06] So, you know, you can listen to as many as you want. Okay.
|
||||
[35:11] Brian?
|
||||
[35:18] Sorry about that. I was just on mute. Can
|
||||
[35:21] you hear me?
|
||||
[35:22] Now I can. I I mean,
|
||||
[35:24] my my crystal ball is in the shop, so I cannot hear if people don't talk.
|
||||
[35:31] No worries. Okay.
|
||||
[35:32] So one of the challenges we have moving forward is
|
||||
[35:36] revamping the way that we handle
|
||||
[35:39] certificates
|
||||
[35:41] Mhmm. The
|
||||
[35:42] expiry and, and, you know,
|
||||
[35:44] moving to best practice in terms of,
|
||||
[35:48] you know, refreshing certificates and things like that. And I believe that SecureTransport
|
||||
[35:53] now supports two separate HSMs,
|
||||
[35:56] the Talos learner seven and and one other.
|
||||
[35:59] But I can't really find any documentation
|
||||
[36:02] about the user cases for them, like, what functionality
|
||||
[36:05] they provide.
|
||||
[36:08] Always support with them is the server certificates,
|
||||
[36:12] the one then the protocol demos are carrying.
|
||||
[36:15] We do not support user certificates yet.
|
||||
[36:18] Okay. So for SSH
|
||||
[36:21] HSN,
|
||||
[36:22] like, if we wanted to
|
||||
[36:25] to manage user certificates that are used for user accounts, then that's out of scope at the moment. Is that on the road map?
|
||||
[36:32] It is, but I don't know how close it is on the road map.
|
||||
[36:37] I mean, implementation. Yep. So it is. However,
|
||||
[36:40] if you are interested in that, go to the ideas portal if you have never been there. Find
|
||||
[36:46] there is an idea about it or add your own if you cannot find one,
|
||||
[36:50] and mention that you need it as well. The ideas portal is our
|
||||
[36:55] enhancement request system.
|
||||
[36:57] Yeah. I'm familiar with it. And I and I believe there is an idea already there. No worries.
|
||||
[37:03] So no idea on timeline for that or what the functionality will be or anything like that? Nope. Too early.
|
||||
[37:10] One of those. Yeah.
|
||||
[37:12] No worries. Excellent. Thank you for that. And
|
||||
[37:15] when it's my turn again, I have another question. No. Well, no one has their hand raised at the moment, so go ahead.
|
||||
[37:23] I've forgotten what it was. Just give me a moment.
|
||||
[37:26] Oh, okay. I'll give you some time then.
|
||||
[37:29] Sorry. Yeah. I'll come back come back if that's okay. That's okay. Okay.
|
||||
[37:35] Any of our newcomers,
|
||||
[37:37] and welcome.
|
||||
[37:38] If you walked into the middle of explanation, we seem to have had some communication
|
||||
[37:42] issues on this meeting. So we'll probably will have another schedule shortly again in a few weeks. But in the meantime,
|
||||
[37:49] anyone
|
||||
[37:50] else? Any questions before I call on Ryan again?
|
||||
[37:54] I see a few names I recognize. I see a few people I don't see I've seen before. I don't think I've seen before.
|
||||
[38:02] Okay. If no one else wants to say anything, Ryan, back to you.
|
||||
[38:07] Thank you. So with
|
||||
[38:10] our work currently to install the August patch, we noticed that
|
||||
[38:15] some ciphers have been removed, specifically the MAC ones like HedgeMaxShot256AtSSHDotCom512.
|
||||
[38:23] And that was noted in the release documentation,
|
||||
[38:26] but we also,
|
||||
[38:28] after patching, noticed that
|
||||
[38:32] is it Keith's changed? The Diffie Hellman Group 14
|
||||
[38:36] was removed. It's still supported, but it's removed, and a whole bunch of new ones were added.
|
||||
[38:41] So I'm just curious
|
||||
[38:43] about Xway's,
|
||||
[38:44] like, standard around Cypher management.
|
||||
[38:48] Are they meant to be mentioned in the release documentation,
|
||||
[38:51] or is it just a, you know, patch and and monitor kind patch in our test environment and check kind of thing?
|
||||
[38:58] It was an oversight. It should have been mentioned in the documentation, and I'll check with r and d why it wasn't. The idea is that whenever we remove
|
||||
[39:07] something,
|
||||
[39:09] we are not just going we are not just mentioning it into the document, but we're also mentioning it into earlier release notes as a warning so people not prepare for it. Unless it's something security wise that really, really happened weirdly.
|
||||
[39:24] You know, if there if there was a huge escalation
|
||||
[39:27] worldwide,
|
||||
[39:29] and we had to lift through a few of them in the last years. Right?
|
||||
[39:33] Then we need to drop without a warning. But even then, it should be in the documentation.
|
||||
[39:37] If they didn't mention to you the documentation,
|
||||
[39:39] it was on our side.
|
||||
[39:42] Also
|
||||
[39:43] No worries. Thank you. We
|
||||
[39:45] do have a YouTube channel
|
||||
[39:47] where r and d are publishing what's new every month on the new releases.
|
||||
[39:53] And it's some of the things actually might be better off there as well if you're into videos.
|
||||
[39:59] You know, the release notes are short ish. Plus, keep in so
|
||||
[40:03] the one thing if when you say release notes, keep in mind we have two sets of release notes. The shorter ones are the ones that go into the major documentation.
|
||||
[40:11] But when you download the patch itself, it carries its own release note, is usually a little longer.
|
||||
[40:17] Right?
|
||||
[40:18] So make sure it's not hiding there.
|
||||
[40:22] Yeah. So we just the read me that comes with the the patch
|
||||
[40:27] Okay. Which has all accumulated information in it. That's what we've been using as our sort of source of truth.
|
||||
[40:32] That's that's the big one. That's the source of truth. If they missed to mention it, it it was an oversight.
|
||||
[40:39] So adding new ones, not that much. You know? We can add new stuff, new security, but removing should at least we were told that they will always note it. And
|
||||
[40:50] I'll see if I can check, but
|
||||
[40:54] things happen. Also,
|
||||
[40:55] one option might be that they actually removed it before the August release. And that's why it dropped for you in August, but it might have dropped you in July or June. So look to the release notes of all the releases between yours and the previous one yours and the next one. Because, you know, we have them on top of that as a full list,
|
||||
[41:15] but sometimes I've seen things getting missed. So I don't know.
|
||||
[41:19] Yep.
|
||||
[41:20] I have checked,
|
||||
[41:22] also, like,
|
||||
[41:23] are those readmes, if I do a search in the documentation
|
||||
[41:27] portal for a phrase, will they come up in the readmes? Or
|
||||
[41:31] The shorter versions of them, yes.
|
||||
[41:34] The lead meet themselves are not, but they have a what's new section added to the admin guide that is getting updated every time,
|
||||
[41:43] which is supposed to carry the same information,
|
||||
[41:46] but because you know what happens when you have the same piece of information in five different places.
|
||||
[41:51] Things get misplaced.
|
||||
[41:54] So you should be able to find it, but also
|
||||
[41:59] Excellent. Thank you. Okay.
|
||||
[42:04] Okay. We lost one of the people.
|
||||
[42:07] Arga, back to you.
|
||||
[42:12] Yes. Can you share the YouTube channel name, please?
|
||||
[42:16] Can you what? You mentioned you mentioned about the YouTube channel.
|
||||
[42:21] We'll show it to you when we get back to the presentation from HoHong. We put it on the presentation.
|
||||
[42:28] It's
|
||||
[42:29] how can you pull the name of the YouTube channel and put it into the chat for everyone, please?
|
||||
[42:40] That's us.
|
||||
[42:44] If you look for actually MFT videos, you you should be able to find it easy enough.
|
||||
[42:50] Oh,
|
||||
[42:50] thank you.
|
||||
[42:52] They release them so they're usually four, five minutes long,
|
||||
[42:57] and they release them a few weeks after the release.
|
||||
[43:00] So, you know, after they're ready.
|
||||
[43:02] But they're useful. And if you like videos
|
||||
[43:06] more than reading it,
|
||||
[43:08] it's useful. You can see things even if
|
||||
[43:11] you prefer to read.
|
||||
[43:13] But,
|
||||
[43:14] yes, that's why we put in it's not just for ST. So if you have any of our other products, CFT and so on, we also they're also adding it to the whole MFT setup.
|
||||
[43:24] And these are directly from r and d.
|
||||
[43:26] So
|
||||
[43:29] okay.
|
||||
[43:31] Any other questions? Anyone else?
|
||||
[43:43] Ryan?
|
||||
[43:46] Sorry to be hugging all your time. If you want me to stop, I will.
|
||||
[43:51] Not at all. You're the only one that wants to talk to me tonight. So, you know,
|
||||
[43:56] you and Tharga. No worries. We
|
||||
[43:59] we've had an issue come up recently that
|
||||
[44:02] has been targeted has potentially been traced to the use of
|
||||
[44:07] weak ciphers for the signing of of certificates.
|
||||
[44:10] So when
|
||||
[44:13] when
|
||||
[44:15] we create a certificate, it's signed, for example, with RSA
|
||||
[44:20] with chart two five six.
|
||||
[44:22] Mhmm. And and there's only four options in the drop down, which, you know, all appear to be SHA one.
|
||||
[44:30] So just doing some research,
|
||||
[44:33] you know, the the recommendation that I have found is that signing certificates
|
||||
[44:37] with SHA one is not something that should be done,
|
||||
[44:40] you know, given
|
||||
[44:42] that it
|
||||
[44:43] that can be shattered or however you wanna call it.
|
||||
[44:48] So does actually, I have any concern about that. Is there any way that we can increase that to include a SHA two algorithm?
|
||||
[44:55] You know that I will send you to the ideas portal. Right?
|
||||
[45:00] Yeah. So
|
||||
[45:02] I I don't you know, because I'm not an encryption expert, but my research just suggests that
|
||||
[45:08] SHA one shouldn't be used to sign certificates. And it's my understanding that all the ones that
|
||||
[45:13] Understood.
|
||||
[45:14] Yeah. I I was kind of flipped,
|
||||
[45:17] but that that's the only thing. So I
|
||||
[45:20] haven't heard about them changing that in the next release immediately.
|
||||
[45:25] So my recommendation is to go to the ideas portal and just post it as an idea
|
||||
[45:31] and see what they will respond with. Because I know that security wise, we're doing a lot of research. Our security teams signed off on that, and they're not concerned with that yet.
|
||||
[45:44] Otherwise, it would have been added by now. But there is no way to add it into the product at the moment, s s. Those this list is hard collect.
|
||||
[45:54] Unlike
|
||||
[45:55] pretty much anything else, you know, there is a lot of server parameters for pretty much all kinds of Cypress and so on. This one specifically is not parameterized,
|
||||
[46:05] so you cannot do anything with it.
|
||||
[46:08] No. I'm just doing a day looking looking at documentation
|
||||
[46:11] in the database and trying to find if it was parameterized, then I'm it's not No. And and you and you cannot even remove some of them. I mean, short of changing the JSP file, if you start doing that, I'll have some words with you, and they won't be nice ones.
|
||||
[46:25] But there is
|
||||
[46:27] it's not something driven from a parameter,
|
||||
[46:31] and this was done by
|
||||
[46:35] it's an older thing. I don't think they had gotten around to parameterizing
|
||||
[46:39] it. But also, unlike Cypher's foreign users and so on, being able to sign with the Cypher requires specific libraries, and it depends on what our libraries
|
||||
[46:49] can do.
|
||||
[46:52] So this list is kinda hardcoded,
|
||||
[46:54] but do open an idea and let's see what they'll say.
|
||||
[46:58] Most of so our security team is doing a lot of scanning. Our r and d team is also doing a lot of scanning. So whenever something is really, really bad,
|
||||
[47:09] we fix it without prompt prompt.
|
||||
[47:12] This one just haven't really come up.
|
||||
[47:15] So
|
||||
[47:16] Can I can I ask too, as we, like, increase our security stance and look at deploying or utilizing more secure ciphers,
|
||||
[47:24] more complex algorithms,
|
||||
[47:26] is
|
||||
[47:27] is there an honest performance hit in secure transport?
|
||||
[47:31] Of course.
|
||||
[47:32] The bigger the cipher, the slower the encryption, decryption of the channel.
|
||||
[47:37] So you are having milliseconds being cut at pretty much any operation here and there.
|
||||
[47:44] Okay. Thank you. It's the reality of it. The bigger the key, the longer it takes to do something with it. The bigger the encryption key, the slower the encryption process is. Right? That's why it's more secure. How it doesn't get more secure because it's more random. Right? It gets more secure because it's just more date
|
||||
[48:04] more bytes being scrambled. Let's say it like that. It's I know that's over More complex.
|
||||
[48:10] Thank you.
|
||||
[48:12] But but I know it's gross oversimplification
|
||||
[48:15] of the process, but, basically, the bigger
|
||||
[48:18] the scrambling part is, the longer it takes to make it. Right?
|
||||
[48:22] So
|
||||
[48:23] so, yes, there is. That bottleneck they would that bottleneck be processor or memory or both?
|
||||
[48:35] Usually,
|
||||
[48:36] both of them a little bit, although it rarely gets to there.
|
||||
[48:40] It's just time.
|
||||
[48:42] You cannot speed it up much more.
|
||||
[48:45] It's just
|
||||
[48:48] each of the bytes need to do their job. Let's say it like that. It just need to be applied on everything.
|
||||
[48:55] And if it was, like, a large file, would that be a nightmare? Like, a 20 gig file?
|
||||
[49:00] No.
|
||||
[49:01] It's not linear that way. So and it depends on which keys we're talking about. If we're talking about the keys the user key for authentication,
|
||||
[49:10] this only comes to play during authentication itself. Right? Yeah. So your authentication will be a milliseconds shorter or longer, but it you'd it's a blink.
|
||||
[49:20] If we're talking about the key that is carried by our protocol demo, for example, the SSH demo or the HTTP demo, then this is for the channel encryption. And inside of the channel encryption, it doesn't matter how big the file is or whatever it is. If you're talking about repository
|
||||
[49:35] encryption, then it becomes important because this is what is used to to encrypt the file itself. Right?
|
||||
[49:42] So it it's different levels.
|
||||
[49:44] And that's why
|
||||
[49:46] you will see a performance hit, but it won't be based on the file size. It's usually bay will be
|
||||
[49:52] unless you're doing repository encryption,
|
||||
[49:55] it will be based on the number of channels, the number of connections, the number of files going to at the same time, you know, because it's on the channel level. It's not on the data level. We don't encrypt the data inside the channel.
|
||||
[50:07] Excellent.
|
||||
[50:08] That that's a really good insight. Thank you. So it it think so and that's important because I've had that question way too often. Whenever we're talking about the encryption in ST, we're either talking about channel encryption, you know, SSH or SSL,
|
||||
[50:23] or repository encryption, encrypting on our side,
|
||||
[50:26] or
|
||||
[50:27] PGP encryption, which is someone else does and, you know, it will just if you do PGP encryption with a big key, obviously, it will be slower than a small key, and this is CPU and memory for the most part.
|
||||
[50:38] So it depends on which one it is. So is it going to be slower
|
||||
[50:43] as a bunch benchmark? Yes. But unless you are running millions of files per hour, I don't think you even
|
||||
[50:51] notice.
|
||||
[50:53] You know? And your server is small enough, I believe. Do you know how many transfers do you have per hour or per day?
|
||||
[51:03] Brian, you're on mute?
|
||||
[51:10] No. He doesn't want to talk.
|
||||
[51:13] Ryan, still with us?
|
||||
[51:24] Okay. Well,
|
||||
[51:27] Hong Kong put the YouTube channel into the chat window for anyone that wants to grab it from there. If not, you can just look for actually MFTA to pop up immediately.
|
||||
[51:38] Back to Argo again.
|
||||
[51:43] Hi again.
|
||||
[51:44] So
|
||||
[51:45] I have few more questions. I was just looking into those things. So
|
||||
[51:49] first is,
|
||||
[51:51] what is the largest file size, like,
|
||||
[51:54] secure transport and handling transfer? I knew it was eight GB. Is it still the same? Or the the It had never it had never been eight GB.
|
||||
[52:04] Well,
|
||||
[52:05] let me change that. Twenty five years ago, it might have been AGB.
|
||||
[52:09] At the moment,
|
||||
[52:12] the
|
||||
[52:16] your storage
|
||||
[52:18] will have a lower capacity than SD does.
|
||||
[52:23] Your storage will blow before us. Let's say it like that. We don't have an upper limit. The biggest I had ever seen was a couple of terabytes.
|
||||
[52:32] Okay.
|
||||
[52:34] But,
|
||||
[52:35] you know, that doesn't mean I haven't that there haven't been bigger ones. I usually don't get called into situation unless something is grossly wrong.
|
||||
[52:43] So if something is working, we won't even hear of that. ST does not have a limit. We do have a limit in a couple of places.
|
||||
[52:53] If you're doing a s two, there is a limit of the size there. If you do iCap, there is a limit you can specify
|
||||
[52:59] on
|
||||
[53:01] how big files used to stop scan, things like that. But if we're talking about straight files coming in through the system,
|
||||
[53:08] they can be as big as you want. One warning, because you're on an older version of five five.
|
||||
[53:14] If you need to move a big file, don't use advanced routing.
|
||||
[53:18] If you move to the new releases,
|
||||
[53:21] you can. Because, you know, with advanced routing, we create a copy of the file in the sandbox and move it out. Right? So if you're with a big file, we'll create a sandbox to to push the file, you know, another copy of a terabyte file takes a lot of space.
|
||||
[53:36] In the newer versions, we made an improvement that if you don't have a transformation,
|
||||
[53:42] we're not going to form a sandbox,
|
||||
[53:44] which means that the fast can go through. But in the older versions, if you need to move big files, use basic application.
|
||||
[53:52] Yeah. That explains the problem that I had earlier. This this explains a lot.
|
||||
[53:56] Yeah. So so the way advanced routing works is that the moment when a route matches, we create a sandbox and we copy the file into the sandbox, and then all the work happens from inside of the sandbox.
|
||||
[54:08] So the bigger the file, the longer it takes to create the sandbox, the longer it takes until the file starts getting called.
|
||||
[54:14] If we need to do transformations, you cannot bypass that because we need to do transformation somewhere.
|
||||
[54:20] Right?
|
||||
[54:21] But if you don't have one, did an improvement, as I said, it won't work on your server. You're in February 22. That was a long time ago.
|
||||
[54:30] So upgrade your server.
|
||||
[54:32] But if
|
||||
[54:33] you were having troubles with space being taken or things being slow or a big file arriving can do it nothing for a few hours before starting to do things, that's what was going on. Your storage is slow,
|
||||
[54:44] and that's why the sandbox copy was taking forever to make the copy because we are not doing an OS level move. We literally do a copy. We open the file. We read the file, and we write it in the new place.
|
||||
[54:56] Okay.
|
||||
[54:56] And then we start working on that copy to do whatever you need us to do, which might be just to push the file up.
|
||||
[55:03] Yes. Yes.
|
||||
[55:05] This means a lot and really helpful.
|
||||
[55:08] The next thing
|
||||
[55:10] would be, like, suppose there was a problem with FaceTime. Give me a sec. Yeah. Argo, give me a second. Ryan,
|
||||
[55:17] 10 cap per ten ten ten thousand files per day,
|
||||
[55:22] you wouldn't even notice if you doubled all of your keys sizes.
|
||||
[55:27] Just think.
|
||||
[55:28] It's small, small environment.
|
||||
[55:30] So this should be fine.
|
||||
[55:32] But, you know, if you are monitoring up to the millisecond, you'll see the uptick.
|
||||
[55:37] But it will be in connection in creation of connections and stuff like that. So okay.
|
||||
[55:43] Sorry. Back to Argo.
|
||||
[55:48] 10,000 transfers. That's a lot. Okay.
|
||||
[55:51] Should you That's baby that's a baby installation
|
||||
[55:55] in my world.
|
||||
[55:57] If you tell me 10,000 per hour transfer is showing me.
|
||||
[56:03] Ryan?
|
||||
[56:04] Don't try don't transfer, shame me. I can't deal with it.
|
||||
[56:09] Okay.
|
||||
[56:10] Sorry. I'm just mucking around. Sorry.
|
||||
[56:12] I I know. I know. I know.
|
||||
[56:15] No. It's just ST is so versatile that I need to ask with a question about number of files because it matters.
|
||||
[56:22] The answer reads differently if you have 10,000,000 files per hour, you know, or 10,000 per day, and I've seen both cases for the most part. So
|
||||
[56:34] but yeah. Okay.
|
||||
[56:37] Argo, back to you. Yeah. So
|
||||
[56:40] there was a problem last year. Like, I kept a schedule of a number of file transfers within two minutes. Right? I created a subscription folder. Yes.
|
||||
[56:53] That's what I wanted to ask.
|
||||
[56:55] You already answered.
|
||||
[56:57] So I have to keep I
|
||||
[56:59] have to keep it for fifteen minutes at least by,
|
||||
[57:02] you know, other people. Yeah.
|
||||
[57:05] So so here is how it works with the schedule. Whenever you set up a scheduler, we basically create a cron job behind the scenes. And now you can even create a cron job. Right? But behind the scenes, it was always a cron job.
|
||||
[57:17] So what we were doing is,
|
||||
[57:19] the cron job comes out. We know that we need to connect. We go to the server,
|
||||
[57:24] wherever it is. We connect to do a we do a list to get the list of the files that we need to pull, and we put them in our database to start pulling. We can see just the records for the files, and then we start pulling.
|
||||
[57:36] At this time, two minutes later, your next attempt shows up.
|
||||
[57:41] We say, oh, but we're still pulling files.
|
||||
[57:44] So it just gets skipped
|
||||
[57:47] over and over and over again. If we never find the file, what happens is we log in onto the partner server. We don't find anything, so we close immediately. So two minutes later, there is no open connection, so it goes and tries again.
|
||||
[57:59] And we're going to annoy annoy the other guy again two minutes later. Sooner or later, either their firewall or their server is going to mark you as a spammer because you're coming way too often.
|
||||
[58:10] In my experience,
|
||||
[58:12] there is I
|
||||
[58:14] I've been doing ST for eighteen and a half years at this point.
|
||||
[58:18] Am yet
|
||||
[58:19] to find a single use case where going more often than five than five minutes actually makes sense.
|
||||
[58:26] The only case where it makes sense is with the folder monitor, and then you leave it on the standard. It goes every five seconds. You know, that's a different conversation
|
||||
[58:34] it's local. But when you're connecting to someone else's server,
|
||||
[58:38] do you really want to go and knock on their door every minute or two? No. And how often do they put files over there?
|
||||
[58:47] Because
|
||||
[58:48] you if you go every two minutes, either they have a lot of files, which means you are never going to go every two minutes because we'll be skipping attempts because we're still in the middle of moving files.
|
||||
[58:57] Or they don't put files that often, so you are using all the resources of ST to go and find the files over there that are never there. Right?
|
||||
[59:07] So my
|
||||
[59:09] recommendation
|
||||
[59:10] is don't do it more often than five minutes.
|
||||
[59:13] But
|
||||
[59:15] for most scenarios,
|
||||
[59:17] you might actually want to go up to fifteen minutes or ten minutes or something even higher depending on when their data shows up. Right?
|
||||
[59:26] Okay. So
|
||||
[59:27] if they cannot tell you when the data shows up, I usually schedule it every hour.
|
||||
[59:32] And if we see that it's really delayed, then we start playing with it. 99%
|
||||
[59:37] of the hour stay stays stay every hour anyway because the customer is like, yeah. My files will show up. Yeah. You have three files per hour. I don't care. I'll come every hour and just grab it. And if you really and if a partner really need their file to be processed as fast as possible,
|
||||
[59:53] they need to reverse the connection. They need to send the file to us. We will process the file as soon as we get it. But using ST to do empty runs to go and check, do you have files? Do you have files? Do you have files? Do you I have
|
||||
[60:08] mean, you do a 100 of those, and your server doesn't have any power anymore to do what it's supposed to be doing because those are external connections.
|
||||
[60:16] Your firewall people will hate you. Their firewall people will start hating you. Strange. Enough cases where where
|
||||
[60:24] you it works for a couple of days, and then one of their
|
||||
[60:29] spam protection mechanisms on their side of the house, on the partner side, just slams on you and tells you, you're opening connections every two minutes. I think you're a spammer.
|
||||
[60:38] Trying to me.
|
||||
[60:41] Alright.
|
||||
[60:41] So
|
||||
[60:43] yeah. So don't do every two minutes. I I literally had never seen it take needed. We support it. We allow it. Because if you're going to get some internal server where you know that there are there is a file every two minutes, but that is a very small file, you know, it's kinda
|
||||
[61:00] sorta
|
||||
[61:02] usable scenario.
|
||||
[61:03] There is a scenario. That's what I was saying earlier. SD can do so many things, but
|
||||
[61:08] for various reasons. But if you're talking to an external partner outside of your network, please stop spamming them.
|
||||
[61:15] Okay. You know? You you don't want the headache of that, and and you're cheering ST for nothing. How many files do you get from them daily?
|
||||
[61:24] Ten, twenty, 10,000,000?
|
||||
[61:26] Yeah.
|
||||
[61:27] We get something around 30
|
||||
[61:30] to fifty fifty
|
||||
[61:31] files. So okay. So you get 50 files per day,
|
||||
[61:35] and you were running there twenty four hours,
|
||||
[61:39] 30 times per hour. Should I do the math for you?
|
||||
[61:43] No. No. No. I got it. It's
|
||||
[61:46] and that's the point. I know that all the partners will say, yeah, come and get it immediately.
|
||||
[61:52] We don't do listeners.
|
||||
[61:53] We need to connect and use resources.
|
||||
[61:56] Back to what me and Ryan were talking about, the bigger the keys are, they'll get bigger and bigger as time continues to grow, and
|
||||
[62:04] the slower this process will be. And you are I understand. Eating the bandwidth, both of you and them,
|
||||
[62:10] just to go and knock on the door and be annoying. So don't do that. I understand. Don't and that's the other thing.
|
||||
[62:17] If you have 50 files from them, check with them or check your records to see when they arrive. If they're all between eight and five, I would do instead of doing a regular schedule, I would do every
|
||||
[62:28] five minutes during business hours and every hours over the non business hours with the cron job. Yeah.
|
||||
[62:34] You know, design it in a way that actually makes sense for that partner.
|
||||
[62:38] Absolutely.
|
||||
[62:39] I did that already. Was just trying to understand the mechanism
|
||||
[62:42] within
|
||||
[62:44] should do.
|
||||
[62:47] That is very helpful. It means a lot, actually. I mean, I've been trying to get hold of someone like
|
||||
[62:52] you or, you know, an expert in ST. And the last thing I want to ask is
|
||||
[62:57] the
|
||||
[62:58] at first Sentinel.
|
||||
[63:01] Yep. There there is a system where you can,
|
||||
[63:05] you know, you can set up a mail alerting system for the partners.
|
||||
[63:09] Right? Oh, yeah. There is also there is also a mechanism
|
||||
[63:13] within advanced routing
|
||||
[63:15] where you can
|
||||
[63:16] set up the mail alerting system.
|
||||
[63:18] Yep. So,
|
||||
[63:20] I mean, is there any difference between those? Because Yes.
|
||||
[63:25] Okay.
|
||||
[63:26] They run from different servers.
|
||||
[63:28] Okay.
|
||||
[63:30] So
|
||||
[63:32] the once in a well, it was a little flip, and I apologize for that. But basically,
|
||||
[63:38] the Sentinel one is the older one. But in order to set it up, first of all, you need to send the emails of the users, which is we don't send automatically.
|
||||
[63:46] So you need to go on let me share my server again to show you what I'm talking about. Ryan, I saw your hand up a little earlier.
|
||||
[63:53] We'll get back to you in a second.
|
||||
[63:57] Can you see my server again?
|
||||
[63:59] Yeah. Yeah.
|
||||
[64:01] Okay.
|
||||
[64:02] So over here on the Sentinel
|
||||
[64:05] page at the bottom where you can map additional parameters,
|
||||
[64:08] over here, the mapping rules.
|
||||
[64:11] You actually will need to map the email to go with each each of the request because we don't send the email by default.
|
||||
[64:20] So and then Sentinel can do it. The mechanism with Sentinel is through correlation rules, which are a little harder to set up than the template than the routes.
|
||||
[64:30] If you
|
||||
[64:32] but it depends on where your Sentinel lives compared to where your ST lives, who is closer to the exchange server or whatever server you'll be using, the mail server.
|
||||
[64:41] Right?
|
||||
[64:42] And who you want to send them.
|
||||
[64:47] On the second house side,
|
||||
[64:49] you can design it very great as granular as you want to, but you will need to basically build everything from scratch over there
|
||||
[64:57] almost on the correlation rules.
|
||||
[65:00] While in the ST, it's just checkboxes all over the place.
|
||||
[65:04] I personally
|
||||
[65:05] if ST can do it, I would keep that in STs.
|
||||
[65:11] So
|
||||
[65:13] it's
|
||||
[65:13] built for that. It's a lot more intelligent, especially if you have complicated
|
||||
[65:17] route where one fails, another doesn't fail, and you want different mails in both case. You will not be able to design that in Sentinel unless you sent a lot more variables
|
||||
[65:27] out so that it can do the design. Well, in the STS, you know, oh, this route failed. This route started. That's what you want. That's why we built all of that. And you have them on the route level. You have them on the package level.
|
||||
[65:38] So there is a lot of mails going around. Right?
|
||||
[65:42] The reason why we have it in both places,
|
||||
[65:44] historically,
|
||||
[65:45] ST
|
||||
[65:46] was having a different mechanism to send mails through the transaction manager,
|
||||
[65:51] and Sentinel is not only used by ST. So there are other products that you sent, you know, that cannot send their own mails. So and and, again, it comes down to what you're doing. If you have CFT and ST going both to Sentinel,
|
||||
[66:04] then you might want to do notifications in in Sentinel so that they go out for both of them. Right? So it's
|
||||
[66:12] there is no
|
||||
[66:13] that's best.
|
||||
[66:14] In my I personally prefer to use the ST notifications when I can, simply because they're designed around AR.
|
||||
[66:24] Right? So you don't need any
|
||||
[66:26] intelligence. You don't need to correlation at all. You don't need to think about how to set it up.
|
||||
[66:31] But on the other hand, of course, that means that SD is sending mails. One thing to be
|
||||
[66:36] conscious about and the buffer sending our SD,
|
||||
[66:39] we are sending the mail. We don't carry a mail server on the products.
|
||||
[66:45] So what we're doing is to send it to a Relay or to your corporate server. And for us, a successful mail is the one that reaches the corporate server and or whatever relay and doesn't get bounced from there. So you'll need to check with your mail people to see if the mails actually make it out and all that when it's done.
|
||||
[67:02] Right?
|
||||
[67:04] Makes sense?
|
||||
[67:06] Makes sense. Makes sense. Absolutely.
|
||||
[67:08] Okay. Thank you.
|
||||
[67:10] Ryan, I saw your hand up. I know you brought it down, but
|
||||
[67:14] do you have anything?
|
||||
[67:17] I just wanted to comment around
|
||||
[67:19] what you're saying earlier on about
|
||||
[67:22] the number of connections.
|
||||
[67:23] Mhmm. We did some analysis of inbound connections,
|
||||
[67:27] and something like 98%
|
||||
[67:29] of our connections were coming from an internal application
|
||||
[67:32] from the two development
|
||||
[67:34] regions.
|
||||
[67:36] So, basically,
|
||||
[67:38] developers, when they were setting things up, they didn't wanna wait for their files, so they were pulling us, like, every twenty seconds or something. So we got that volume down from over 250,000
|
||||
[67:49] per day to under 2,000
|
||||
[67:51] just by, you know, managing expectations
|
||||
[67:53] around that. So
|
||||
[67:55] it's yeah. It's basically, there was no reason for them to be connecting so often.
|
||||
[68:00] You just need to rationalize those things sometimes.
|
||||
[68:03] It it's just easier when you're building something instead of thinking about modeling. It's like, oh, I'll go every twenty seconds. Who cares? And you go and kill your partner. You have 10 of those, and,
|
||||
[68:14] you know, you get in trouble.
|
||||
[68:17] But yeah. Yep.
|
||||
[68:19] And that's the only way to figure it out, you know. You start looking at connections.
|
||||
[68:24] Okay. Good.
|
||||
[68:26] Okay. Anyone else? Anything else? We have a few more people and no one else is talking to me.
|
||||
[68:42] Any takers? Any other questions? Anyone?
|
||||
[68:53] Not a question as such. If I want to connect with you,
|
||||
[68:57] like, separately,
|
||||
[69:01] should it be through LinkedIn or
|
||||
[69:03] if you can share anything
|
||||
[69:05] with LinkedIn sample?
|
||||
[69:07] You can send me an email.
|
||||
[69:09] Hoagong has the email, and it should be in the invitation as well.
|
||||
[69:13] I'm also easily found in community where I answer questions all the time.
|
||||
[69:19] Okay.
|
||||
[69:20] And I would strongly recommend using community if it's a technical question that doesn't have too many customer details
|
||||
[69:27] simply because there is a lot of people answering both partners
|
||||
[69:31] and customers and X-ray people. And if I'm busy with something or not around or, you know, went on vacation, there is someone to help. Yeah. Feel free to send me an email if you want to, and that's valid for everyone. But
|
||||
[69:44] and I'm happy to help. I'm happy to answer. But, occasionally, I might tell you to go support or to go to community simply either because it's too big of a question or because I'm literally swamped them for under text. Right?
|
||||
[69:57] So
|
||||
[69:58] but,
|
||||
[69:59] yeah, my mail should be somewhere in the invitation, I believe. And if not, just talk to Hohong. He usually knows how to get him to me.
|
||||
[70:07] So
|
||||
[70:08] okay.
|
||||
[70:09] Thank you.
|
||||
[70:11] Mhmm.
|
||||
[70:12] Okay. Last call for questions.
|
||||
[70:16] So
|
||||
[70:17] I'll pass it back to Ho Hong. He has some things to show you and to talk about at the very end.
|
||||
[70:25] One thing, we probably will have another meeting this year for
|
||||
[70:30] Asia Pacific. We were not planning on one, but with apparently something happened with this one.
|
||||
[70:36] So
|
||||
[70:38] we'll probably have another one and everyone. Even though you are on this one, you're welcome to come on the next one as well. So don't feel like you're not supposed to be there if
|
||||
[70:46] we redo it. So, Hong Kong, back to you.
|
||||
[70:50] Thank you, Annie.
|
||||
[70:52] So just a couple more minutes now.
|
||||
[70:55] We do have this something called the g two peer reviews.
|
||||
[70:59] So right now, all our solution are actually in the leaders.
|
||||
[71:04] So
|
||||
[71:05] if you want to, there's a link below that you can
|
||||
[71:10] you can you can you can go to give us a review on the product that you are using from X-ray.
|
||||
[71:15] Right? And then as a thank you, you know, all actually, g two will send you a a gift card, which is about 25 US dollar.
|
||||
[71:24] So feel free to
|
||||
[71:27] to give us a review.
|
||||
[71:32] Makes this our as Annie has spoke has talked about just now, you know, as a community. If you are not on the community, please feel free to go and register yourself.
|
||||
[71:41] And then you can create ideas there. There's a user group, then also
|
||||
[71:45] road maps. And then q and a forum for all the different X-ray solution. If you have any technical question, there is no
|
||||
[71:53] sensitive information. Right? You can actually ask the questions there. So anyone from X-ray will answer or even sometime our customer and partners, if they have the same use case.
|
||||
[72:06] The
|
||||
[72:07] last one,
|
||||
[72:08] I've already posted in the chat group. Like, there is this new X-ray MFT YouTube channel.
|
||||
[72:14] Right?
|
||||
[72:15] Register it, and then you can see that, you know, you you you actually, give you all the technical enablement and what's new in each of the coming each of the ST releases. As you know, ST release
|
||||
[72:27] a new release every month. Right? So this will be a lot easier for all of you.
|
||||
[72:36] If not, thank you for your time. We will send you the link, and then we'll also send you a survey. Please feel free to answer the survey.
|
||||
[72:44] We we really appreciate all your feedback, and then we take your feedback seriously. If anything that you think that we need to improve, let us know.
|
||||
[72:53] If not, thank you, everybody.
|
||||
[72:56] Hope to see all of you soon again.
|
||||
[72:59] Thank you. Thanks, everyone.
|
||||
[73:01] Thank you. Thank you, Annie.
|
||||
[73:04] Bye bye.
|
||||
[73:07] Bye.
|
||||
Reference in New Issue
Block a user