From cc054f3a9324e8a1db659ac05734de82f1aa7213 Mon Sep 17 00:00:00 2001 From: Conan Scott Date: Tue, 24 Mar 2026 10:04:18 +0000 Subject: [PATCH] Add chapters for session 880858572 (Haiku) --- chapters/880858572.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 chapters/880858572.json diff --git a/chapters/880858572.json b/chapters/880858572.json new file mode 100644 index 0000000..c520205 --- /dev/null +++ b/chapters/880858572.json @@ -0,0 +1,18 @@ +[ + {"timestamp": "1:05", "title": "RedHat 7 End of Life Migration Strategy", "summary": "Standard on-premise installation on Red Hat 8 is the fastest, cleanest migration path. Container/Cloud Edition remains restricted availability and is not suitable for current migration timelines. Active-passive is the older approach; most new deployments are active-active."}, + {"timestamp": "8:33", "title": "Account Export/Import and XML Migration", "summary": "XML export/import is reliable in version 5.5 with fewer issues than older versions. System export not supported between environments; only account XML export works. Disable audit logs during XML import to prevent slowdown. Scheduler and folder monitor now have disable buttons for easier testing before go-live."}, + {"timestamp": "11:22", "title": "Hardware Sizing Recommendations", "summary": "Minimum 16GB RAM per server for ST 5.5; recommend 24-32GB for growth capacity. Red Hat 8 requires more memory than Red Hat 7. Don't underprovision machines; both CPU and memory matter for throughput."}, + {"timestamp": "14:05", "title": "SSH Key Handling During Migration", "summary": "SSH keys stored in ST database, not OS-level. XML export preserves keys without regeneration. If ST initiates outbound connections, firewall allowlisting required. If client initiates inbound, they may need to re-accept key after IP/DNS changes."}, + {"timestamp": "16:42", "title": "API vs XML for Account Migration", "summary": "Account XML export/import is faster and better than piece-by-piece API approach. For advanced routing migrations, template routes must be moved first with matching IDs; routes connect by ID not by name."}, + {"timestamp": "19:32", "title": "Legacy Script Migration Anti-Pattern", "summary": "Do not replicate Linux shell scripts into ST external scripts — performance is abysmal, credentials are exposed, no connection pooling. Instead analyze workflows and build natively using transfer sites and advanced routing. External scripts are a last resort for unmigrateable logic."}, + {"timestamp": "22:11", "title": "Advanced Routing Best Practices", "summary": "Build native solutions in ST first before using external scripts. Pluggable framework available via Java for better performance. Past migrations show external scripts become permanent technical debt. University offers paid advanced routing class; documentation available."}, + {"timestamp": "25:14", "title": "Expression Language and Regex Learning", "summary": "Expression language uses Java JSP with a few hundred built-in variables. Learn from community examples and older APAC workshop recordings on advanced routing. Expression language supports regex for string manipulation."}, + {"timestamp": "27:21", "title": "Pulling Multiple Files from Different Directories", "summary": "Use 'pull from partner' step to override download folder for each source. Older versions require multiple transfer sites each pulling to separate folders, then publish to account consolidates to single subscription folder."}, + {"timestamp": "30:31", "title": "Version Upgrade Path Requirements", "summary": "ST only supports 12-month rolling update window. Cannot update directly from very old versions; must jump through intermediate releases. Recommend updating twice yearly minimum. Check release notes in both main docs and patch README (source of truth for accumulated changes)."}, + {"timestamp": "35:39", "title": "HSM Certificate Management Support", "summary": "ST supports two HSMs (Thales Luna 7 and one other) for server certificates only. User certificate management for SSH keys on accounts not yet supported but is on roadmap. Submit enhancement requests via ideas portal."}, + {"timestamp": "38:10", "title": "Cipher Removal Documentation Oversight", "summary": "August patch removed ciphers (HmacSha256AtSSHDotCom512, Diffie-Hellman Group 14) without documentation notice. Consult both main release notes and patch README which contain accumulated changes. Annie committed to check with R&D on the documentation gap."}, + {"timestamp": "42:40", "title": "Release Notes and YouTube Resources", "summary": "Two sets of release notes: shorter ones in main docs, longer ones in patch README (source of truth). R&D publishes 4-5 minute 'What's New' videos monthly a few weeks after releases. Search 'Axway MFT videos' on YouTube for the ST and CFT channel."}, + {"timestamp": "44:02", "title": "Weak Cipher Signing Concerns and SHA-1", "summary": "Certificate signing dropdown has only four hardcoded options, all SHA-1. This list is not parameterized; changing requires JSP modification (discouraged). Submit ideas portal request for enhancement. Currently not a security team concern but will be revisited."}, + {"timestamp": "47:31", "title": "Encryption Performance Impact Analysis", "summary": "Larger ciphers cause millisecond delays, not linear with file size. Channel encryption (SSH/SSL) affected by concurrent connection count, not file size. Repository encryption and PGP impact both CPU and memory. Unless running millions of files/hour, performance hit is unnoticeable."}, + {"timestamp": "51:54", "title": "Maximum File Size and Advanced Routing Limitations", "summary": "No hardcoded upper limit on file transfer size; largest observed was terabytes. Storage capacity is the bottleneck, not ST. Older 5.5 versions don't support large files through advanced routing; newer releases do. S3 and iCap have configurable size limits."} +]