# Transcript: 946343310
# URL: https://vimeo.com/946343310
# Duration: 4728s (78.8 min)

[0:03] It's coming. It's coming. It's
[0:05] coming. There we go. Okay. And with
[0:08] further ado, here's Annie.
[0:12] Good morning. Good afternoon,
[0:14] everyone.
[0:15] So I'm Aniyatuva. I'm an MFT architect in Xway for the last nineteen years at this point
[0:21] and mess mainly ST, but that doesn't mean that I don't work across the whole MFT portfolio.
[0:27] So if you have a question that touches on something else, feel free to ask. I might not be able to answer, but
[0:34] we'll see what we can do. But that meeting is mainly about SD.
[0:39] If you had not been on one of those before or not for a while,
[0:44] it's an open forum. Anyone questions go, and I really don't mind if you're asking about a checkbox somewhere or if you're asking about architectural question.
[0:54] I have a live server that I can bring up so we can look into things.
[0:58] If I don't know the answer, I'm not afraid to say I don't know. If we can work it out, we'll work it out. If not, we'll connect later.
[1:05] I don't know everything,
[1:07] unfortunately.
[1:08] No one does.
[1:09] And that's about it. As Lucy said, unmute yourself and talk if you cannot or if you rather not talk or if you have audio problems. Chat is also open.
[1:20] I'm keeping an eye on it as much as I can. Lucy is also keeping an eye on it, so she'll ping me if I forget people, and we'll take people in some order.
[1:29] If you
[1:30] have a question and we're in the middle of another question, just raise your hand. Teams is very good with that to tell me who had raised their hand first.
[1:37] So we can follow some order, but the idea is to get to all of the questions in some order.
[1:44] One, you know, courtesy request, if someone needs to leave early for whatever reason, please let us know in the chat. We'll try to prioritize the question, get you earlier so you can get your question answered. So with all that said,
[2:00] let's get started. I have one question
[2:03] on that arrived on mail, and I think I saw in the meeting.
[2:09] Yes. I'm here.
[2:11] Hey, Hans. So we'll start with yours Everybody. Because you did your homework and sent homework. So for future meetings,
[2:19] if you know
[2:20] that you have a question, you want to send it beforehand,
[2:23] feel free to. It's not mandatory.
[2:26] It
[2:28] helps sometimes to prepare, although
[2:30] not it's, again, not mandatory, but we'll usually start with those. So, Hans, go ahead. Do you want to
[2:37] talk about your question? Do you want me to summarize what you sent? How do you want to handle that?
[2:44] Yeah. We have,
[2:45] ST as a as enterprise cluster,
[2:48] with two edges.
[2:50] Mhmm. And this is running actually on Red Hat, 8.8.
[2:55] And we have to migrate to Red Hat nine.
[3:00] So,
[3:01] the Linux system engineer told me, they will install for new service for me in,
[3:08] with Red Hat nine. And Yep. My my question is how how
[3:15] do I the the, integration,
[3:18] can I install a secure transport on the new server
[3:22] and just add it to the cluster, for example?
[3:25] And that. Yep. Understood. And that and the answer to that will be, it really depends. One quick question.
[3:34] What database do you use for your enterprise cluster?
[3:37] Oracle.
[3:38] Oracle.
[3:39] Okay. Yeah. And okay.
[3:42] And
[3:43] does your license allows you to have more than two servers in the cluster?
[3:48] Yeah.
[3:49] Yeah. Okay.
[3:50] Do you have a Doctor system already configured?
[3:53] You have to recover.
[3:57] Yes. Yes. We have. Yes. We have. Yep.
[4:00] You do. Okay. Because so here is the answer. Can you just install the servers into the cluster?
[4:07] Technically,
[4:08] yes. As long as your database can handle the connections from the additional servers
[4:14] Mhmm. You can install them, add them, and then just retarg the old ones.
[4:18] The
[4:19] what you will lose with this approach is that the old ones have local configuration that will go nowhere,
[4:27] because your new servers will not match the old servers, because they'll have separate IDs. And because you have a Doctor server,
[4:34] Doctor setup, and that's one of the reasons I asked, you're remember when you built Doctor,
[4:39] we match the IDs of the production server so that they can replicate clean.
[4:44] Now on the Doctor side, your servers will carry the old IDs, not the new IDs.
[4:50] Yep.
[4:51] So your Doctor,
[4:53] it will keep replicating, but will be replicating with the for the wrong IDs that will be removed now.
[4:59] So the other servers will not pick up anymore. So your Doctor will need either to be redone the same way
[5:05] or reinstalled from scratch. So that's the challenge in trying to add the servers that way. Because you have ID one and two on the product now you have ID one and two on production, ID one on two on Doctor.
[5:16] So when you switch to Doctor, everyone matches. They're happy. Right? That that's how Doctor works.
[5:22] But now when you add the new servers, they will have ID three and four.
[5:26] And you cannot
[5:28] reuse one and two because they're still in the cluster.
[5:32] So
[5:33] that basically knocks off your whole Doctor. So you'll need to redo Doctor. You'll run without Doctor for a while. So that's one problem.
[5:40] The database connections is what usually worries me in this case. As you know, ST is very greedy. We open gazillion connections down to the databases.
[5:51] Mhmm. So
[5:52] having four nodes into the cluster,
[5:55] if your Oracle is not ready to handle Oracle can handle if it's configured properly, but I suspect your sizing is down for two servers, not for four.
[6:04] Mhmm. And in addition,
[6:06] the other thing that would worry me
[6:09] is that
[6:12] you actually
[6:13] have
[6:16] there is no way to isolate those servers. If they start, they'll start processing immediately,
[6:22] and there is no way to protect the production environment from them.
[6:26] So I don't like doing it that way, and that's why I started with technically, you can,
[6:32] but you're opening yourself to a lot of troubles.
[6:35] So there are I do it in a couple of different ways if I'm in your shoes. Number one,
[6:41] build it as a second Doctor system. Disconnect the current Doctor system and connect to a you know, build the brand new environment,
[6:50] replicate the ideas. How you do it the way you'd have built a Doctor,
[6:55] and then just replicate the database,
[6:58] another database, another Oracle temporary. Then you can even repoint this new environment to the old database
[7:04] once everything is ready to go.
[7:07] But that way, you don't influence the current environment.
[7:11] Another option is to play on the Doctor side. Disconnect the Doctor side because you already have it over there and work over there. It if you want, you can even add servers there. But, again, you have the same problem with IDs and how we'll bring them back.
[7:24] And, of course, there is the classical solution. Forget about any of those interesting ways,
[7:29] especially if you are ready if you're okay with dropping the tracking table or audit log and so on. Just build a brand new environment as if it is brand new against a new Oracle database, you know, as if you're building brand new, and then import export accounts.
[7:43] Okay.
[7:44] That's maybe the the easiest way. That's the cleanest. That's the cleanest.
[7:49] Yeah.
[7:50] That will you will lose the audit lock. You will lose the tracking table. You will lose the server lock that is in the database.
[7:57] You can keep one of the old admin UIs up and running for,
[8:01] I don't know, a few weeks until that clears, so you can still have access over there. So you can see what had been happening,
[8:08] but you will not be able to resubmit and so on. So
[8:12] that's why I started with technical and depends Mhmm. Because you need to evaluate
[8:17] your own risks and figure out what works best for you. If you didn't have a Doctor system already,
[8:24] what I would have done would have been to build the new system as a Doctor system of the current one,
[8:30] and then just either swap them or repoint the Doctor into the production
[8:35] at the very end as the last step. You still can do that.
[8:39] You'll just get to disconnect what you have now as a Doctor system and just build a separate one.
[8:44] Right? Mhmm. Which depending again, risk aversion.
[8:49] Can you
[8:50] the moment you disconnected the Doctor, this Doctor is basically frozen in your space in in time and space. Right? So if you disconnect at 5PM on a Friday and something happened on a Sunday, when you recover from there, you'll be on Friday
[9:03] with all the changes.
[9:05] If you can live through that, through a weekend that you want to build, that will allow you to bring in all of the these locks that otherwise will be lost.
[9:14] And because our servers will be the same and probably in the same data center where production is, at the very end, you can actually connect them to the live database.
[9:23] All of that requires you to be on the same update. I I I suspect you don't need to mention that. Right? Mhmm. Whatever update you are, you need to stay on it. But that's
[9:34] that's what it is. We don't really have a good way to migrate the whole configuration over to the new servers.
[9:41] Yeah. But
[9:42] all of those will work. It's just Yeah. Figure out what is best for you. If I'm in your shoes, and I had the capability to bring a new Oracle into the picture for a few days, I would go to build a new Doctor route.
[9:57] Yeah.
[9:58] Just to preserve a tracking table, the ability to resubmit,
[10:01] the ability to look at the audit log, which is six months old usually, you know, all of that. But if you're okay losing that, import export is the classic solution.
[10:11] And Yeah. Cap a warning. XML import export will work between the old and the new. System import export will not. So if you have system configurations,
[10:20] you know Mhmm. Under system configuration or user classes and stuff like that, you will need to move them either to the API or manually.
[10:29] Okay. So
[10:31] it's
[10:31] again,
[10:32] I don't know your environment, so look through it, figure it out. So that's on the servers. On the edges,
[10:38] don't even think about moving anything. Just build the new edges Yeah. Yeah. And just recreate the configuration and forget about anything called. There is no point at trying to get the edges to sync in any way. Plus,
[10:51] while an enterprise cluster having
[10:54] servers that are on slightly different machines is not forbidden per se in a standard cluster configuration,
[11:03] which is what the edges run,
[11:06] you cannot do that. The machines need to be the same. So Okay. They they will sync, but by the time you get it around to sync from the the live servers,
[11:16] you'll have configured the edges clean.
[11:19] As I keep telling with the edges, if you need more than fifteen minutes to do anything, just reinstall them, honestly. Yeah. They have nothing. Right?
[11:27] Export your locks if you have locks in the database up there because that's the only thing you care about, and just
[11:35] get there.
[11:36] So Yeah. Yeah. And once you move, I suspect your guys will also you want you to move the Doctor system. Right?
[11:44] So you'll need to follow a similar process on the Doctor side. And that's where it might be worth going to Doctor part simply because it will show you how to do it, and then you can repeat it again to build actual new Doctor
[11:56] and just drop the old one. Right? Yeah. Yeah. So that's that's one option.
[12:02] Okay. Yep.
[12:03] I Or even yeah. Or even start from the Doctor. You know, drop the current Doctor because, you know, it's on Red Hat eight.
[12:11] Build a new Doctor on Red Hat nine
[12:14] as actual Red Hat actual Doctor,
[12:17] and then switch into it while you're playing with the props. You know? Mhmm. Whatever.
[12:22] Something like that, because that's the database replication help over there.
[12:27] But it will be in a different data center, so I it depends on where your Doctor is. So, yeah, that's that's about it. I know it's not a definitive answer, but that's the best I can give you. And you need to make choices based on your environment.
[12:42] And Yeah. At risk at risk aversion. Sorry.
[12:45] Yeah. Yeah. It helped me it helped me a lot because,
[12:50] we can we can do a dress rehearsal on a on a test environment. It's the same environment. So Yeah. It's maybe a good way to to build up the
[12:59] the whole, four service as a new,
[13:02] and then to to export and to import and to
[13:05] to have a look if you have all the stuff. Because also the certificates you used
[13:11] You can so the name on it Yeah.
[13:14] Certificate will come with you, but you are in a cluster. You are behind the load balancer. The name on the certificate is the load balancer, not your server,
[13:23] usually.
[13:24] Yeah. But in in the subject alternative name, normally, you have the server name all as well.
[13:29] Which is okay. In the cluster, are using only the one from the primary anyway.
[13:34] Yeah. So the secondary is already running. So certificates
[13:37] will be okay.
[13:39] That's the list of your problem because you're not going to be changing DNS name in front of the server in front of the whole tank.
[13:46] Your customers won't even realize something happened.
[13:48] Yeah. Yeah. That's Because you can Yeah. That that's the whole point. Right? Yeah. Yeah. Yeah. And I will put something else here, because what I think for people I had seen missed in these cases, it will not be SQL that will trip you. Make sure your storage is mounted the same way on the new service. Make sure all the storages are mounted if you're using more than one. If you have folder monitors into mounted folders, make sure all of them are mounted everywhere. Make sure your DNS works the same, you know, the around SD situation. Situation. If If you're you're using using LDAP LDAP or SSO, make sure that the new server IPs are actually whitelisted
[14:23] over there, say, for antivirus and so on. If you're using a mail notification for for things or
[14:30] anything like that,
[14:32] Make sure that you are white listed with the new servers because you have set new IPs.
[14:37] You know, all of that around you that the Linux people will give you the servers and they'll do their best, but there are things that, historically, you had been adding through the years.
[14:48] All of that just make sure that everything is re added.
[14:52] And that's why, again, I like using the t r route because that allows you to test the environment in a set kinda safe way in the new servers
[15:00] before you switch that back as opposed to trying to bring additional servers in or
[15:07] anything like that. So
[15:10] Yeah.
[15:12] Okay? Okay.
[15:14] I dropped I dropped the the
[15:17] the way to add the new server to the cluster.
[15:22] Yeah.
[15:23] Thank you very much for your answer. Absolutely.
[15:26] And, as you know, we have this meeting monthly.
[15:29] So if you think about it, if you have additional questions, feel free to ping me before the next meeting, obviously, or posting community.
[15:37] But, also, feel free to show up next month and just we can talk more about that, or you can share what happened.
[15:43] You know? It's it's not the
[15:47] migration is about this this year, but it
[15:50] in August, in September, in October, it doesn't matter, actually. So we have time. That's not the problem.
[15:57] Well,
[15:58] then think to it. And if you if you are on the next month's call, we can talk more about that. Yeah.
[16:05] So okay. Yeah. Okay. Thank you very much. Lin
[16:10] you're anytime.
[16:11] Lina, I can see
[16:13] you up, but there is a follow-up question on this one in the chat. So I want to take one that one first, and then you it's your
[16:22] it's
[16:23] I cannot pronounce your name. I think you're going by Sala, something like that. I'm sorry. Yes. Yes.
[16:30] We've talked before, and, you know, my name recognition is not very good.
[16:35] So
[16:37] the question from the chat, so everyone don't need to read it. The thanks for the process for the Red Hat upgrade. Seems similar to the new zero downtime.
[16:45] It's not.
[16:47] So in the new zero zero down well, it is in GitHub.
[16:51] In the new zero downtime,
[16:53] we stay in the same database at all times.
[16:56] We just replicate the schema two three times inside of the same database.
[17:01] So we're just switching the server dynamically between the different schemas in the same database.
[17:07] With the Red Hat upgrade we just talked about,
[17:10] we are switching to a separate database, separate servers, and everything. So we are going out, like, it's not dynamic.
[17:16] What we're using is the Doctor model,
[17:19] where we replicate the database, which basically
[17:22] so you you build the cluster as a new cluster, and then you replicate the database on top of it. So now you have a replica of the database in a different database server
[17:33] as opposed to being a schema inside of the same one.
[17:38] Okay? Okay. And it's fully disconnected, and there is no dynamic anything. You basically now at this point, you have two separate databases with two separate clusters on the same level, essentially,
[17:50] and that's it.
[17:52] It's a lot cruder,
[17:54] and it's also doesn't change the SD version itself. While with the zero downtime,
[18:00] the whole point is that you have one or two servers still on the old update, while the other ones are slowly migrating into the new ones without having a disruption of service.
[18:11] With the OS upgrade,
[18:13] you will have a disruption of the service we thought we just talked about.
[18:17] Unless you want to do something very risky, like,
[18:21] discontinue the use of one server reinstalled
[18:24] with the same ID in the same cluster, but then what we talked about applies where,
[18:29] we might have a problem here.
[18:32] Okay.
[18:33] So, technically,
[18:35] can the new ZGU, when fully finished and done, as we know it's still better, be used for the Red Hat update?
[18:42] Maybe.
[18:44] It will require some heavy lifting, and I'll need to and because
[18:51] notes are getting kicked off from the cluster and added, it might be doable,
[18:57] but
[18:58] not at this point. I wouldn't go that way at the moment.
[19:02] Okay. I just I have just one question about this one. Yeah. So just to confirm, we cannot have
[19:09] notes on on secure transport with
[19:12] different versions of of OS?
[19:15] No.
[19:16] Yeah. So for the database OS,
[19:18] it could be we we can have this a different version without an issue on that. Oh, the database, we don't care what OS it's running on.
[19:27] If you want.
[19:30] We can, let's say, duplicate the schema
[19:34] on the database and focus on the Secure Transport nodes,
[19:40] can upgrade the version without
[19:44] well, without impacting
[19:45] the the service, which means, like, we we keep one node alive,
[19:51] one back end, one front end, and
[19:54] play with the rest. So upgrade the rest. Then
[19:58] update the The video.
[20:00] Yeah. Yes. Like we did in the video. And then for the database, we upgrade it
[20:05] later.
[20:06] We can use
[20:08] we can upgrade the Doctor
[20:10] with the data guard if as we well, in our case, we have one.
[20:15] So so if you have Doctor Is it possible to have this one? Yeah. This kind of approach.
[20:21] So
[20:22] updating upgrading the database itself
[20:26] will always require an outage.
[20:28] However,
[20:29] if you have a Doctor, you have a replicated database.
[20:33] So technically speaking, you can just switch into Doctor,
[20:36] stay there for a while. Of course, coming back, you'll lose some of the changes
[20:41] or something like that. But there is no ZGU.
[20:44] There is no way to not have an outage while upgrading the database,
[20:50] either database
[20:51] hardware or database OS,
[20:53] or database
[20:54] database hardware, database OS, database version.
[20:58] All of those upgrades will require us to be disconnected from that database.
[21:04] That means outage for us. Yeah. That's that's answered the question. Yeah. So there is no way, for now to to do that. Yeah. But if you have the ability to replicate the database locally so you can actually upgrade the local copy,
[21:18] You can take just the
[21:20] the only outage will be repointing
[21:22] from the live copy to the now upgraded copy.
[21:26] And but you will lose everything that happens in this database between the time you made the replica and the time you upgrade it.
[21:36] Won't be easy. Yeah.
[21:38] I see. Which might
[21:40] you will not lose the files there in the file system, but you'll lose the tracking table. You'll lose the audit log, and you change password, last login dates. You know everything that changed.
[21:48] So
[21:49] in my experience,
[21:51] and I know that people say that you need to be twenty four seven and so on, but talk to your database admins, talk to your DNS admins, and your networking admins.
[22:01] I can guarantee you they're taking an outage somewhere for DNSs,
[22:04] for example. And when that happens, ST is better off to be shut down anyway,
[22:09] so you don't run into troubles with the DNS caching.
[22:13] So you usually, people use that time. Or if you really cannot take an outage, that's where Doctor come into play.
[22:20] Go all the way into Doctor.
[22:22] You know? You say we'll be upgrading this data center, go into Doctor, switch over there. If you can, depend on your back end applications,
[22:30] and then come back. And then your only outages are coming in and out. So DNS time, not SD time.
[22:37] So
[22:38] Oh, okay. Yeah. That's, that's a good good approach. I will, yeah, take notes on this one. Yeah. If you go
[22:46] if you go that way,
[22:48] make sure what I talked about a little earlier. Make sure your DNSSL
[22:52] dApps, storages, and so are properly connected on the Doctor side or and access to back ends. If you talk to a mainframe, for example, it's on production side, you need to make sure that the Doctor can get to it.
[23:03] So
[23:04] I see. I see. So we can play with the c name.
[23:08] Yeah. We we do the the registry on
[23:11] this one. Internally, and for for the external part, we can
[23:15] we can
[23:17] yeah. We can switch everything to the d r and then
[23:23] yeah. And then upgrade the rest and get back.
[23:28] Okay?
[23:30] K.
[23:30] Thank thank you. Absolutely.
[23:33] Okay. Lina, thanks for waiting.
[23:35] It was just a follow-up on the first one, so I got a little out further.
[23:40] Up to you now.
[23:47] Lina?
[23:53] You are on mute.
[24:01] Live transmission. Always fun.
[24:04] Okay. Lina, I don't know if you're trying to talk or if you have voice troubles or you stepped away for a second. I'll try you in a second again.
[24:12] There also question is what is the SMB connector?
[24:16] I'm sorry. I'm not even trying to pronounce this name without messing it up, so I apologize for that.
[24:23] Oh, Lina. Okay. Do you if you want to put it in the chat or if you want to just go grab another mic,
[24:29] and I'll get
[24:30] and as soon as you can, just chime in. So the question from the chat is about what is the SMB connector?
[24:36] And
[24:39] what is the SMB connector? Was that it? And how does it works? So
[24:43] SMB connector is essential
[24:46] I got I got the answer
[24:48] through the link, but my my only question is which port it's using?
[24:54] The transfer would be through which port?
[24:58] Whichever you specify.
[25:00] When you
[25:01] when you select select when you create a transfer site, you tell us which port to use to go to the Samba server, wherever your Samba server is running.
[25:10] Okay. We are on cloud.
[25:13] Okay.
[25:14] So is the Samba server in your environment,
[25:17] or is it in the cloud?
[25:20] It's in cloud.
[25:23] Well, in are you in our cloud or your own cloud?
[25:27] Your cloud. Actually, cloud.
[25:30] Okay. So if you're in our cloud, I don't think that we're providing Samba servers
[25:35] in the cloud per se for standard implementation.
[25:39] So you'll need to talk to your
[25:43] your implementation people. Usually, in the cloud, what we use Samba for is when you have files on the ground in your own environment,
[25:52] and there is only a few of them.
[25:55] Is a very expensive protocol in terms of resources because of how it's implemented. We basically create the connection for each file, grab the file, or put the file, and go away.
[26:05] So if we have a lot of traffic like that, Samba is not a good protocol for that. But if you usually, from our cloud, they're using it for smaller
[26:14] sets of data, one file per day, 10 files per day, things like that.
[26:18] And then the Samba server will actually be in your environment,
[26:21] not in the cloud.
[26:23] And this is the way how
[26:26] we can go into your environment to either deliver a file or get a file from it.
[26:32] It's like any other transfer site. So it's built all of those connectors are built as a transfer site, which is how we build SSH, FTP, and so on. And the idea is that ST serves as a client, so we connect to someone's server and code there.
[26:47] Okay. Basically, what I'm trying trying to bring fires
[26:51] from our internal
[26:53] network
[26:54] to the server
[26:55] to the,
[26:57] SFT and transfer it from SFT environment
[27:00] to s three bucket.
[27:03] Yep.
[27:04] Yes. That's what you can use Samba for to connect into your environment,
[27:09] in which case
[27:10] it is your server, so the port will be on your side.
[27:15] Okay. So talk to your admins internally
[27:19] where they're running the Samba servers.
[27:21] Okay.
[27:23] So now,
[27:24] again, careful about volume and number of files. If you have a lot of data,
[27:30] number of files, not if it is three gigabyte file to one file, I don't care. It works fine. But if you have more than 100 files per hour or something like that, I don't have exact numbers, but if there is a lot of data,
[27:43] SMB is not a good protocol for that. It will be slow.
[27:47] Oh, okay.
[27:49] Because the file I'm trying to transfer,
[27:52] it's large files and it's picture files.
[27:56] Okay. How many files do you have per day?
[28:01] I'm not exactly
[28:03] sure,
[28:05] but the files
[28:06] are big.
[28:08] And I don't know how often we will transfer,
[28:12] but it
[28:14] is a lot.
[28:16] For one time transfer, it will be a lot. But I can divide it to into the chunks
[28:22] to transfer it slowly. But No. No. No. No. That's even worse. For ST, it's actually better to be big bigger. But the what you need find out how many files you have. Again, if you're talking about 10 files per hour, a few files per day,
[28:38] assemble will work.
[28:40] But if not
[28:42] if not, then I would strongly recommend you to look into CFT or
[28:47] something else.
[28:48] It doesn't need to be our solution.
[28:51] CFT is
[28:52] the secure is is I call it the secure transport small brother. It basically is another server from Axway
[29:00] that runs on pretty much any platform. It's a very small one, and on cloud to ground and ground to cloud, we'll usually put it in the customer environment
[29:09] so that everyone can use it as a think of that as a hop server.
[29:13] All the files go through it into ST and vice versa, and it has a lot more abilities and the ability to do guaranteed delivery and so on, as opposed to just opening a channel and grabbing the files.
[29:27] Okay. Okay. Makes sense?
[29:29] Yes. Yes. Yeah. But the big question again is how many files.
[29:34] Of of course, how big they are is important.
[29:37] But for I know that you say big, but if there are pictures there, what, five megabytes,
[29:42] 10 megabytes, 100 megabytes?
[29:46] Right.
[29:46] And right now, I don't have access to that drive. Yeah. I Where?
[29:53] Yeah. Go ahead. Sorry.
[29:55] You said it, it means the size of the size of the data is bigger or the file is big, then the rate of the transfer would be slow.
[30:06] That's true. But also, if you have a lot of files,
[30:10] that will be really slow because we'll be connecting for each file individually. We will not just open a channel and treat all of them. We'll just connect, grab one, connect, grab another, and so on.
[30:21] Okay. Okay. And we can and we can go in parallel.
[30:25] We can open multiple connections,
[30:28] but they'll still be one file per connection.
[30:31] And that's why the total number of files is important.
[30:34] SMB is just
[30:36] so SMB historically was built as a replacement for a folder monitor. So if you're on the ground, you use folder monitor
[30:43] because,
[30:43] you know, you just, attach the system, and we just read from it. But if you are in the cloud or a different data center, you cannot attach the store. So that's what Samba replaces.
[30:53] And what Samba is is
[30:56] the protocol itself is mounting on the fly.
[30:59] We're not mounting mounting,
[31:01] but the protocol you see inside of it is the same that mounting uses.
[31:06] So we'll go and almost do an a dynamic mount and grab the file and dismount, and that's slow.
[31:13] It's just the nature of the protocol.
[31:16] Okay. Okay. Thank you so much.
[31:19] Mhmm. Yes.
[31:21] Okay.
[31:24] Andy,
[31:25] Ryan O'Connor had a question in the chat for you. Yep. I'm getting there.
[31:31] Ryan,
[31:32] is there an SFTP login authentication timeout setting somewhere insecure some so, Ryan, is that for users logging to you or you logging out to a server?
[31:42] Oh, I need to keep reading the question. Sorry. It was it was a lot to throw in the chat there. But that that's for reaching out to an external server.
[31:51] You know what?
[31:54] We have a live server.
[31:56] Let me know when you can see my browser.
[31:59] I can.
[32:01] Okay. So let's go fish out what we can find.
[32:05] I think we do have one.
[32:08] And I think it's actually for each transfer site individually,
[32:12] but let's go check it. If not, we'll go check-in a different place.
[32:16] So
[32:17] see those things over here?
[32:19] Yep. Connection rate, right time out. Connection idle time out. Connection rate buffer and so on. So those two time outs at the top is basically what you want.
[32:27] Just Yeah.
[32:29] And so Change that for the partner. Sorry.
[32:32] We doubled those. No. And it looks like we're still hitting that
[32:37] public
[32:38] key authentication,
[32:39] cancellation
[32:40] after roughly five minutes. And I don't know if that's happening
[32:44] on on the server that we're connecting to or or what.
[32:49] I I I have a guess for you. It has nothing to do with secure transport. This is their either a load balancer or firewall
[32:56] that is just closing
[32:58] every connection without thinking without checking if it is it's doing something.
[33:04] Okay. And would that be on on the client side or the server side in that case? It will be on this
[33:11] most likely on the server side, but I will talk to your firewall people as well just to make sure they are not doing it on outbound.
[33:18] Okay.
[33:19] Especially when you said five minutes,
[33:22] especially if it's always on five minutes or close to it,
[33:25] that's
[33:26] that that's a network before you between you and them. Sorry.
[33:31] Okay. Yeah. It it looks like it goes a little past five minutes, like five minutes up to ten seconds after that.
[33:38] And it it seems like for the most part, it's under that
[33:43] and the connection successful. But once it hits that roughly five minute mark,
[33:47] that's when it starts to go south.
[33:50] So Yeah. I I I would start looking at the networking between you and them. And if that doesn't work, try to get the networking people to catch the packets and see who is actually showing it. From the ST perspective, those are your time outs.
[34:04] Okay. And we usually are good with them. And if we're pushing or pulling, we are moving data to it. So there is nothing to keep alive, really, because we keep it it's chain. It's SSH.
[34:15] But the reason I'm going to start with firewalls and load balancers is because I've seen that happening
[34:21] where
[34:22] people
[34:23] don't configure for five minutes in activity, but configure for five minutes altogether.
[34:29] And this was this is worse on FTP. So an SSH with a single channel, it's okay,
[34:35] and I don't know how they mess it up. Are you running on are they running on a nonstandard port by any chance? No. No.
[34:43] And it it seems to be only them that are having this issue. I mean, all of our other Yeah. External partners, you know, we authenticate within seconds.
[34:52] Is
[34:53] it unusual? I mean, it seems pretty unusual that it would take five minutes to authenticate
[34:58] through SSH. Yeah.
[35:00] That tells me that their server is either overloaded
[35:03] or is older than me, and they're not yet that young anymore,
[35:07] or
[35:08] something is going on in the environment between you and them. It should so authentication
[35:14] that takes more than thirty seconds
[35:18] should be investigated. I'm sorry, but that shouldn't be happening. And even thirty seconds is excess is
[35:24] excessive.
[35:25] Now some servers might have some authorization pieces that might take up to the thirty seconds, or they have a long list or something.
[35:33] But if the authentication
[35:34] itself is failing,
[35:37] that
[35:39] that's the problem. Right? So start they they need to figure out what's going on on their system. Also,
[35:45] if you can
[35:48] test directly from is this connection going through the server or through the edges?
[35:52] Through the edges.
[35:54] So if you can go on the edge and open the connection to them manually
[35:59] from the common front, because you'll be coming from the correct IP this way Mhmm. See if see what you will see. It's also possible that they're using a nonstandard SSH server, noncompliant
[36:12] one,
[36:13] which is doing something weird.
[36:17] Okay.
[36:18] Not that we can solve it, but at least you can talk to them. So if it is not the firewall, and I didn't read the whole question, obviously,
[36:25] because my I I thought it's stopping in the middle of a transfer. But if it is during authentication,
[36:31] then I again, it's prob might be the firewall, but also talk to them and figure out what exactly they are running, how they are running it, and see if you see the same slowness if you are just going with a direct connection.
[36:43] Okay.
[36:44] No. That sounds great. That's helpful. Yeah. In case they ask you, our server is built based on the Maverick libraries. We are not an open SSH based server.
[36:55] And the reason I'm bringing that up is because if you go on the edge into the connection, this will be an open SSH client connecting,
[37:02] and it may behave differently.
[37:04] If that's the case,
[37:05] I can guarantee you there is something in whatever server they are using that just doesn't pay well with Maverick, which means noncompliant for the most part.
[37:13] Yeah. And I actually turned the debug on inside the
[37:18] the transaction manager for the Maverick libraries.
[37:21] And it Mhmm. It gave me
[37:24] that public key signing
[37:26] as the last event
[37:29] that was processing before it set an off off success.
[37:33] Yep. And that's the part that took the longest was actually signing that
[37:39] signing that public key with
[37:42] the RSA SHA 2512
[37:46] signature.
[37:46] I mean, as as much as I hate proposing
[37:50] that, why don't you lower the security on that on that prod on on that site as well? You use smaller Cyphers and smaller Texas and so on.
[38:01] You know, instead the five twelve go all the way down to whatever you and them can negotiate on, the smallest one, and see if that will help.
[38:09] Yeah. I tried that too, and it didn't.
[38:11] Well,
[38:12] I I mean,
[38:15] it it's it's just, you know, my gut feeling is it's on your ad on the other side. I it's not the SD, especially because it's single partner. And because of everything I'm hearing, I'm starting to wonder what exactly they're running.
[38:28] So I will go to them and just ask them what server they're running
[38:31] Okay.
[38:32] And start from there. And if you cannot figure anything else, just talk to our support, see if they might know something about this specific server, which is why I'm asking you. Because that will be the first question they'll ask you. I can guarantee. So
[38:45] ST is fully compliant on the RFCS,
[38:48] which means that noncompliant
[38:50] servers occasionally don't play well with us. There was a case about ten years ago where TechTEA had a version that basically decided to do something interesting,
[39:00] but against
[39:02] RFCs.
[39:03] We couldn't talk to them. They just didn't respond properly to us. So
[39:08] but yeah.
[39:09] And the and, yeah, that's the other thing. It might be a Maverick person open SSH. Open SSH implementations tend to be a lot more
[39:17] flexible on the RFCs. Let's say it like that. So they can accept a lot more use cases and a lot more sometimes,
[39:24] a lot more
[39:26] wig link. Let's call it like that.
[39:29] Maverick is more strict
[39:31] as it should be.
[39:33] That's what RFCs are for. But yeah. So good luck.
[39:38] Alright. Thank you so much, Annie. I appreciate it.
[39:41] Absolutely. Elena, how is your mic doing?
[39:46] Can you hear me now?
[39:48] I can hear Yes.
[39:51] Perfect. Thank you. So my question is about transfer site, and I'm gonna do my best to describe the scenario. But we received data from a partner, which needs to be directed
[40:02] to two different destination on the SCS.
[40:04] So first, it should be routed to, like, another partner, and then second, to an internal division within our organization.
[40:10] And to facilitate this, we created under transfer site an SSH
[40:15] transfer port protocol
[40:17] and then a folder monitor transfer protocol.
[40:19] And then within our description for retrieving the file, we have it sending,
[40:24] so it uploads to our partner's designated folder folder,
[40:27] and then this is successful.
[40:29] The file goes where it's supposed to. Mhmm. And the next part is to be uploading, you know, to an internal network path. But we encounter an issue. It's it's saying that the network path cannot be found.
[40:41] But we're able to access the path from our desktop. So so why is it saying it can't find the the network path? It's like Okay. The servers have been able to detect it, or is is our current setup wrong?
[40:53] So are you,
[40:55] on Windows?
[40:57] Yes.
[40:58] Okay.
[40:59] And the path is,
[41:01] a UNC path, dash dash, and so on. Right?
[41:05] Yes.
[41:07] So and you set it up on the folder monitor upload folder. Correct?
[41:12] Yes.
[41:14] Okay.
[41:15] What
[41:16] what credentials
[41:17] are used to get to that
[41:20] path.
[41:21] Remember that when you go from your desktop
[41:25] so there are two options here. So one of them is I I don't know what the error is exactly. So read your error. If it is saying that the network path cannot be found
[41:35] Uh-huh.
[41:36] That means that the server
[41:39] does not see this part. So
[41:41] go on to the
[41:43] server itself on the OS level on the server and try to ping or reach or connect or something
[41:49] to the
[41:52] your own window. So you should be able to just open a browser for that and go to that path and see if it will let you, and it will and if it can see it.
[42:03] Okay.
[42:04] So,
[42:05] also,
[42:06] look very carefully at the path. Make sure you don't have weird typos. And the other thing is, don't forget that even though we're on Windows and you're going to a Windows path,
[42:16] ST is really a Linux server.
[42:19] So small and capital letters might be a problem here.
[42:25] So Oh, okay.
[42:46] Annie, you still there?
[42:51] Goodness. I thought it was me that
[42:53] stopped everything.
[42:55] That's okay. Laina, you can you hear us?
[42:59] Yeah.
[43:00] I can hear you. I thought it was me. I was like, oh That's okay. I was gonna drop and then get back on.
[43:05] Annie may have lost something, but she'll be back on, I'm sure, quickly. So
[43:10] Okay. Thank you.
[43:20] Well, now I'm curious about Lina's issue, though.
[43:24] We're all in the HR seat. Okay.
[43:30] Can you hear Yes.
[43:32] Yes. We can hear about it. I I swear it's on the hour. It's Teams and VPN not liking each other.
[43:40] I'm sorry about that. So Okay. What
[43:44] was the last thing that you heard, Lina?
[43:49] Checking
[43:50] you you mentioned something about Linux and not just Windows.
[43:53] Yes. So on when you go from your brow from from your desktop to the destination,
[43:59] it's a Windows talking to what is essentially a Windows share,
[44:02] which might or not via Linux behind.
[44:05] When you go from ST, it's a Linux application reaching to a Windows share.
[44:10] So it's possible that there is some discrepancy
[44:13] on
[44:14] capital small letters, especially if the store itself is Linux,
[44:18] which I don't know if it is the case in your case.
[44:23] But the short version is, for whatever reason,
[44:29] ST just cannot see the place.
[44:31] So get on the SD server, not on your desktop, on the SD server itself, or get the admin to get there and to try to reach the store and see what to reach the space and see what happens.
[44:43] Perfect. Thank you so much.
[44:46] Yeah. And,
[44:47] if that doesn't help, if you can get there,
[44:51] they need to look at what kind of credentials are used for logging in, although that's a later situation.
[44:57] If if it tells you it cannot find the networking part, it literally just cannot. And, you know, the usual. Make sure you don't have a typo somewhere,
[45:06] and make sure you don't have a space somewhere that it doesn't belong.
[45:09] That's my biggest problem. The other thing,
[45:13] DNS.
[45:15] If you are using short names
[45:17] for the server, you know, when you're doing the EONC path, what you're getting is, you know, dash dash server name dash and then folders. Right?
[45:29] Short things might work from the desktop,
[45:31] but not from the server because it's in a different network. So you might need to put
[45:35] not just the host name, you know, server, but server.organization.org
[45:40] or go where wherever that is
[45:45] for the DNS resolution.
[45:48] Perfect. Thank you. Or or even go to IP. I mean, if you know, brute force it. If that doesn't work either, try IP. See if it as you will see it by IP.
[45:58] Depending on how your DNS is set up,
[46:02] who knows?
[46:05] So, yeah, that's the best I can say. Got it. Thank you. Thank you. It's it's access. And the stupidest way,
[46:13] I was sure that they haven't closed the ports
[46:16] to win any server and whatever the story is.
[46:23] Just think.
[46:24] I don't know. Yeah. We'll check it, though.
[46:27] Yep. Just go to all of those and see what you can find.
[46:33] Okay.
[46:35] Sounds good. Thank you. Yep. I know I had a couple of questions
[46:40] in the chat,
[46:43] and I have at least one raised hand.
[46:46] So let me see the chat. Mark, I saw the question about
[46:50] Mark, Bill, I saw a question about
[46:53] one of the maintenance application.
[46:55] Yep. Account maintenance.
[46:58] We're using it in QA for key expiration warnings.
[47:02] I wondered if it's possible since that you can only pick one one date.
[47:07] Can we run multiple account maintenance apps with different thresholds for the warning?
[47:14] No. Unfortunately
[47:15] well, no. But hold on a second.
[47:18] I lost my connection
[47:21] on the laptop, so I cannot show you a server. But let me go over there. So you cannot run multiple applications
[47:27] because the application is just used to do a,
[47:33] the scheduling part of it.
[47:35] That what it is used for. But some of the elements
[47:38] are actually
[47:40] configurable
[47:41] on account and business unit level, and I don't remember if those were.
[47:46] Okay.
[47:47] So
[47:48] let me give me a second
[47:51] to try to
[47:53] reconnect to my VPN on the laptop
[47:58] and to get back into my server.
[48:01] And the second force is a chance of action on account. We close disabled and set the criteria to ninety nine and ninety nine. Is there a better way? Nope. That's the only way. So
[48:10] the way it's built, it it just forces an action. So that's the workaround.
[48:15] Put a number of days up there that will never be reached.
[48:19] Yeah. And just from experience, don't use a thousand. That's not big enough. We all will be here in three years and have this conversation and why you're disabling the accounts out of the blue.
[48:29] Right. Yeah. That would just be a time bomb for the next administrator to suffer through.
[48:34] Accounts getting randomly disabled and they wouldn't know why.
[48:37] Yeah. But if you put something like 9,000
[48:40] higher, and if the server is still alive in twenty seven years and still running, I'm sorry, but, you know, they can do some archaeology.
[48:49] Right. I'm just gonna perfectly calculate it out to my retirement date and set it to that value.
[48:54] That's how you do it. Okay. I think I'm back. So just, back as in on the my VPN. So let me try to rejoin so I can
[49:03] okay.
[49:10] Let's see.
[49:13] Okay. That looks better. Blake, I can see your hand up. I have one more question before before that.
[49:19] Let's see. Share.
[49:23] Okay.
[49:24] That's my server. You can see it. Right?
[49:27] I can.
[49:29] But
[49:30] let me
[49:31] let's
[49:32] go to the
[49:34] application.
[49:35] Actually, let's go to the account because I really don't remember what is red redoubled on an account or not. So
[49:43] edit account settings.
[49:50] But, what is account maintenance now?
[49:53] It's up a little higher.
[49:55] Right there. It's grayed out for yours.
[50:00] And because I haven't I don't have it enabled.
[50:06] Yeah. Okay.
[50:08] We'll and do some archaeology here.
[50:11] It's because I don't have an application set up.
[50:18] Out maintenance.
[50:26] K. Big numbers.
[50:28] Always good.
[50:33] So the so if you see a schedule around those, that means you can have only one in the system. That's That's basically how it works with these applications,
[50:41] just so you know.
[50:43] Yeah. Yeah.
[50:50] Then on the account level,
[51:00] if you go to custom,
[51:04] the only custom action, unfortunately, is the disabling itself, but not the notifications
[51:09] on the certificates.
[51:11] That's what I was looking for. So,
[51:14] yeah, that's the only way. But you know that you can have multiple
[51:18] numbers inside of the same one. Right?
[51:21] No. I didn't know that.
[51:23] Yeah. Okay. Let me then show you a tick because it's actually I don't think we advertise it a lot, but
[51:29] where did my account can go?
[51:32] I think it had s's in the name.
[51:35] When I named things weirdly, I cannot find them. So when you go into one of those with the number of days, Kingis?
[51:43] Yep. Down down little farther.
[51:45] Yeah.
[51:46] Doesn't matter all of them. You can do like this. Oh, perfect. Yep. That covers it then. I did didn't know that that field would accept multiple values. Oh, yeah. It will. And it also
[51:58] and yeah. It's I don't know if this one actually does, but the ones that you're asking for do. Thank you for
[52:05] tips.
[52:05] The the one this one doesn't does. And also, in mind that if your server is down on day thirteenth, we will not send it. So you might want to double up. So I would usually do something like 03:30,
[52:18] sixty, maybe fifty five, throw some additional ones because we don't make it up. So if you're completely down when it's supposed to run on day 30, it will not send notifications to those people until day number three.
[52:30] Okay. So along those lines, is there a maximum length on that field or a maximum number of values you can put in that I would need to be conscious of?
[52:39] I the biggest one I've seen is about six, but that's because it's the biggest I needed to test with. So I don't know how big that field is. Okay. Feel free to tell us.
[52:49] Okay. Sounds good. I don't know. But those fields are basically unable to do it that way. They didn't use to. So maybe when you started using it, you was not able to or someone talked to can't. It's not very if you read the documentation,
[53:02] it will tell you, but there is no one of those thing is here. Right? So it's not very logical,
[53:10] let's say it like that, but they work that way. And
[53:14] it it will basically send on day 60, day 30, and day three
[53:19] for everyone.
[53:20] And that's about it, I guess. Okay. Thank you.
[53:24] Okay. And that also is valid, double for the certificate or both for
[53:29] no action for the certificate,
[53:31] for the password expiration.
[53:32] Basically, everywhere where we have something
[53:36] user password and for certificates,
[53:38] both of them can be done that way. And I usually recommend people to set up at least two separate ones. Even if you want to see one notification, I would set it on seven and five, for example.
[53:49] Because chances of you being down on both days are slim to none. Right? Right.
[53:55] But it allows you to be down because, again, we don't make up the days,
[54:00] which is important to actually account for.
[54:04] Okay. We feel good. And when you say down, it's down at the time when the application was supposed to run.
[54:10] Gotcha. Okay. Thank you. Yep. And that's the other thing. If you know you are going to be under maintenance at this date, just go and change this schedule or to move it a little later in that day and then retore it restore it the next day.
[54:22] Right? So
[54:25] if you are if you know you will be a maintenance exactly when all of those are running on Sunday,
[54:30] move them on Sunday to run actually a little late
[54:34] for the year.
[54:35] Okay.
[54:36] Okay.
[54:38] Okay.
[54:38] Let me go back to the chat.
[54:42] Sorry
[54:43] about that.
[54:45] I need more screens.
[54:46] Rick,
[54:47] new to Axway,
[54:49] first SaaS hosted environment hours.
[54:52] Particularly in our cloud. Right?
[54:57] That's correct.
[54:59] Okay. So we have the community board that have a lot of question answers.
[55:04] We have the doc portal,
[55:06] which has the admin guide and
[55:09] getting started guide and so on, which are you fully managed,
[55:13] or are you going to create your own accounts? What kind of,
[55:18] call do you have? So are we hosting just hosting for you, or are we also managing for you?
[55:24] I
[55:25] think just hosting.
[55:29] Okay. In this case,
[55:31] the community board, community.accessway.com,
[55:37] where you also will find you will find their links to all of those meetings beforehand,
[55:41] but also it's a question answer form.
[55:44] And there is a lot of questions there that you can ask your own. But if
[55:49] but most of them are pretty technical, and if you don't know SD, they don't make much much sense yet.
[55:54] So the
[55:55] docs the documentation portal,
[55:58] and Lucy actually has a
[56:00] slide at the variant that will go through all of them. But
[56:04] that it has the admin guide. It has all of the guides. And then the support portal. You should already have a support
[56:11] what's the word?
[56:13] A support ID.
[56:15] And then we have a lot of KB articles over there as well.
[56:21] Very good. Thank you.
[56:22] Addition, we have university.taxway.com.
[56:25] There are a few free classes over there that you can just watch, including introduction classes and a couple more, usually the introductory class. But also there is paid training,
[56:35] which is live training
[56:37] online
[56:38] with the instructor.
[56:40] So if you're going to manage your own servers, I strongly recommend you to see if you can get your management to pay for some classes.
[56:47] The basic admin class and any of the advanced classes are always good
[56:52] because they'll teach you how not to kill your server in the first five minutes for the most part.
[56:58] Yeah. We've actually that's part of the project included training on all the tools, ST, FM,
[57:04] Sentinel,
[57:05] and CFT. Awesome. Yes.
[57:09] So that that's what we have at the moment.
[57:12] They are all reachable from each other. If you go to community, for example, or for to support, they also they have links all over the place.
[57:20] And this meeting is happening every month,
[57:24] pretty pretty much. So feel free to look and register.
[57:28] Where are you based physically?
[57:31] In Massachusetts,
[57:33] US.
[57:34] Yeah.
[57:35] That's a little further away. We also have in person user groups
[57:39] where we just go to a location and
[57:42] people come and we meet for a full day and talk about Esky and best practices and road maps and meet other customers. You know? It's a nice meeting.
[57:51] The the reason I asked is because we are just planning the next one in New Jersey early in June.
[57:56] So but it's a little further away for you. But so for now, just
[58:00] Yeah. New Jersey is not bad. We could do that.
[58:03] If you want to come, it's a free meeting. All you pay is your own way in. So if you low so if you want to pick up I think Jeff is still on the meeting. He can give you more details.
[58:14] But also, all you need to do is to go to community and register.
[58:18] And then it's a six hour meeting, nine to three, and you get to talk to me for six hours,
[58:24] which may or may But not may not be
[58:28] yeah. It's it's
[58:30] the afternoon is basically similar to this meeting, question answers. The morning is more of presentations about road maps and best practices and usually a feature topic and monitoring and but
[58:43] also you meet other customers using the products.
[58:46] So Per perfect. That sounds great. And that's, by the way, applies to everyone on the phone. If you're in the New Jersey area, we're setting up the meeting. We're going there the June,
[58:56] and then we'll have another one in the Phoenix area towards the June.
[59:01] You can register from community.
[59:03] Okay.
[59:04] And someone is very patient with me. Blake?
[59:08] Hello.
[59:10] So we have an internal,
[59:12] trading partner that
[59:15] transport to see if they have any files to download.
[59:19] And
[59:20] the current way they set up there have about five,
[59:23] you know, and maybe six or seven subscriptions.
[59:27] And, unfortunately, on each subscription,
[59:29] they set up their
[59:33] timing
[59:34] to their schedule to check every five seconds.
[59:38] Are they egift? So Sorry. I should have said that. Yes. Yes. They And they refuse to change. So and so we get a better
[59:46] setup where we can either push the files to them as soon as they're available
[59:50] or
[59:51] find a different route.
[59:54] They
[59:55] are averaging a login every one second
[59:59] of every minute of every day. So it adds up to tens of thousands of lines in the server log per hour,
[60:06] which makes a log fairly
[60:08] unusable.
[60:09] So question,
[60:11] until we get a better solution,
[60:13] is there any type of filtering that can be put on the server logs that say, exclude this user's
[60:18] login, logout info, something like that?
[60:23] No. Unfortunately,
[60:25] because that will
[60:27] make it impossible
[60:29] for
[60:30] any auditing to be taken into consideration.
[60:32] We can exclude them. We can exclude uploads, downloads
[60:37] from logging or not logging as much,
[60:40] but not just logins.
[60:43] Just the login.
[60:44] You know, the fastest way to solve this problem might be to just get your load balancer to kick them out after the third attempt for ten minutes or something. They'll scream bloody murder at your party.
[60:55] Yeah. No. That's unfortunately not an option.
[60:58] I know.
[61:00] You know, I like proposing those because they work. We know they think we can never do them, but that doesn't mean we cannot dream. Right?
[61:08] Yeah.
[61:08] But Yeah. Talk to them.
[61:11] Unfortunately do
[61:13] you have edges?
[61:15] Have an idea.
[61:16] Mhmm.
[61:17] So,
[61:19] mean,
[61:20] not that it will solve the problem in the cam lock, but at least it might solve the problem up on the edges.
[61:27] On
[61:28] the edges lock for access,
[61:30] spin them a separate edge and send them on their own edge.
[61:36] That way, they will not eat both your connections, at least.
[61:41] Okay. So just
[61:42] yep. I understand.
[61:44] You know, they are coming from the same IP.
[61:47] So get the load balancer to forward this IP to a separate edge. This will not solve the transaction manager lock, so you will still have the TM lock and all that fun and so on. Right? But
[62:00] but at least upon the edges,
[62:03] you will be able to troubleshoot easier when it's someone has actual connection problems.
[62:08] Yeah.
[62:11] I that's the only thing I can think of.
[62:13] Yeah. You know, it's also a lot easier to
[62:17] switch off the edge by mistake for a couple of hours.
[62:22] Yeah. Unfortunately, there's you know, can't disrupt the the We're on a recorded line, and I shouldn't be saying that. But
[62:29] it's
[62:30] the
[62:31] fact that they don't work with you is kinda,
[62:35] you know, their own fault.
[62:36] Yeah. Well, I yeah. We try to get them to change it to, you know, even sixty seconds or even thirty seconds because that would make a huge difference. But
[62:44] and I know they expect it to be, like, a real a real time. How how often do they find the file?
[62:52] You know, every five minutes, every twenty minutes or something during the day. So You know what I'll tell you. Right? So technically speaking, anyone that is coming more often than five every five minutes to you needs to think about the different channel to get to you. I'm sorry, but SSH is not built for the constant pinging of, do I have a file? Do I have a file? Do I have file? Do I have a Yep.
[63:16] I I I understand them. They want to file immediately because they are kinda used to having it probably that way. But the only protocol that is built to support that kind of frequency is folder monitor because it's local.
[63:29] Right? We're just monitoring a folder.
[63:31] Anything outside the folder monitor, anyone asking me for a schedule more than five every five minutes, my usual question is why?
[63:40] How often do you get that file? And if it turns out they have a file every few seconds, we start talking about high performance pro protocols, such as the SIP or something like that.
[63:50] Right. Or reversing the connection or something like that because it's killing your server. And forget about the login. You'll have a bigger problem when your server grows and you have more and more partners.
[64:01] Remember that for SSH,
[64:04] once the connection is taken, until it get released, we cannot reuse it. So if you have a 100 connections allowed on this edge,
[64:11] and they have a delay in logging out because their own software doesn't handle things, they might be
[64:17] tying up fifty, hundred connections of yours just for their PINK.
[64:23] Sure. Okay.
[64:25] Good point.
[64:26] Yeah. I definitely I wanna I prefer to be able, you know, just push the file to them and then actually get it faster. So we're gonna aim for that route if they have a SFTP server or Oh, get a CFT there.
[64:38] Talk to them, figure out a different way to handle that because
[64:43] it will get worse because sooner or later, their machine will get into trouble. They will not be logging out on time because they can't book or they have a problem.
[64:51] And then you have every other single partner screaming bloody murder at you because they cannot connect.
[64:56] That's why I'm talking about getting a separate edge for them because this will isolate them on the SSH layer.
[65:02] So, yes, your PM will be tight and yes, you'll still have the locks to deal with, but your other partners will not have denial of service because this partner doesn't know what they're doing.
[65:14] Gotcha.
[65:15] And you know what? If you can charge them for the server, that will be even more awesome. Even better. Yeah. At this point, they'll realize they're doing something stupid.
[65:25] We actually had a a partner, a vendor partner like that for a while. And what we talked them into doing is not logging out.
[65:33] So they stay logged in, and they just refresh the directory listing every ten seconds or whatever it was. That way, we didn't have all the login logout traffic, they still got the frequency they that they wanted to check to see if a file was there. So they just stay logged in.
[65:49] That works. Interesting.
[65:51] It it it sounds counterintuitive,
[65:53] but with SSH, it will work because of the way stay alive is.
[65:57] You know, it's
[66:00] not solving your problem, but they're eating a single connection, and thanks for that, Mark. I usually wouldn't recommend that because it can cause a lot of tie ups. But, yes, it's a single connection now, but you don't care too much about those.
[66:14] Alright. Good idea. And then one
[66:17] separate question.
[66:18] Is there anywhere that I can find
[66:21] all the available
[66:23] secure transport variables?
[66:25] So, like, anything file related, path directory related variables,
[66:29] all the stuff I need when setting up routing. Because in the admin manual, I find there's all the functions, and they happen to list some variables when they're describing the functions. But I only see a couple of variables. So
[66:42] let
[66:43] me let
[66:45] me show the my server. Okay. Hold on a second. Many screens.
[66:49] Let me show my server. So
[66:51] yes and no. So for the ones inside of advanced routing, the answer is yes.
[66:58] And let me open the documentation
[67:00] and show you where they're hiding.
[67:04] Nope.
[67:06] That's not what I want.
[67:13] So if you go to the
[67:17] expression language
[67:19] Mhmm.
[67:20] And then you go to the
[67:24] advanced routing EL functions and variables
[67:28] Right.
[67:30] And you click through a few. This list over here contains
[67:34] all of the variables that are available during routing,
[67:38] unless you do something very specific. For example,
[67:41] if you go to the account ones, that's how you get the account ones.
[67:47] Okay. If you go to the transfer one, so depending on what you're looking for under transfer are very little. They're just the core idea, the target here, and so on. And the reason there is only a few of them is because most of them are just not transfer. When we say transfer, those are the transfer dots.
[68:03] They're not really just transfer related.
[68:05] So you look through those. So these are for AR.
[68:08] Outside of advanced routing, we don't have a list yet.
[68:12] So stay tuned for the next few months because I'm actually reworking the documentation to add the missing pieces and add examples and descriptions and so on on those things. There will be this section will be revamped. But in the meantime,
[68:26] the rule for advanced routing, if it's not on this list, it's not available directly.
[68:32] Okay. So this is complete?
[68:34] Yes. This is for advanced routing is complete, and the reason is so basically, server has its own map. We what we call the DX agent map. That's why you see the first thing here. This is the old events
[68:45] variables. They're still there. When advanced routing was created, they created the new map, pop it from the big map. So for advanced routing, it's a predefined list. It's not all the variables. It's just a subset.
[68:59] Okay. So that was my next question. You the first two columns, are those so there's old variable and new variable? Is that what I'm looking at here? Or
[69:08] So the agent environment variable is the name of the variable outside of advanced routing.
[69:13] What we want inside of routing is the second column, which is routing TL expression. It basically is the name of how to reach this value from inside of advanced routing.
[69:22] Route or step or anything like that.
[69:26] Okay.
[69:28] And there is also another one you'll see in a different place called stmdot.
[69:32] This is so for example, just the transfer target folder and so transfer dot target, for example, contains the file name.
[69:40] Mhmm. S t m dot target also contains the file name, but it is used on the subscription page.
[69:46] So we have different maps in different places.
[69:49] Okay. And that's one of the things I'm working with documentation to make it a little clearer. But for the time being
[69:56] Mhmm. So yeah. You're making it clear on
[69:59] where to use each one of these variables. Is that what you're saying? What they do and yeah. And careful apps and so on. So we're we're working I'm working on a documentation. That's my project Alright. Quarter.
[70:10] But for the meantime, if you are inside of a route or step or anything on the routing menu,
[70:16] you use Mhmm. Dots,
[70:18] transfer dot account dot, and so on. If you're on the subscription page,
[70:23] for example,
[70:25] over here
[70:29] I'm not very creative. My account is called Annie.
[70:32] But for example, on the on on the subscription page, when you go over here, put a name on success or something. This is the STM set. If you click on this question mark, it actually will show you which of the maps you need to use.
[70:49] Okay. Yeah. It's And that's all that's why I've found the best
[70:54] example of variables is just when there's when I'm fortunate enough to have that little question mark thing on the field, but they're not always there.
[71:01] Again,
[71:03] a work in progress. While over here
[71:09] and I'll just stay
[71:11] where
[71:12] am I? What am I doing?
[71:16] Oh,
[71:17] well.
[71:20] Over here on the expression language and then here and see how here the example station dot, the seat dot, and so on, the different variables that tells you that this is the advanced routing set.
[71:31] So not the ones that started with SDNs.
[71:34] Okay. And then you go to the page I showed you in the documentation, which is basically listing all of them.
[71:42] Okay. Thank you.
[71:44] And then one last thing. Is is there a specific
[71:48] or a predefined function or variable
[71:51] for
[71:52] subfolder one, subfolder two? The only way I found it is to use a function that grab
[71:57] if you tell it like a slash delimited and grab the third
[72:02] delimited section of this
[72:04] No.
[72:05] You need a parser for parts until you give me the third step folder.
[72:10] No. But you can do it two ways. Either you do
[72:14] split on that slash with one of the functions of strings, whatever. I usually will do it with match
[72:21] just because I do reg x a lot. I You say you do it with match?
[72:26] Yeah. Standard reg x.
[72:30] Say it again. Sorry. RegEx.
[72:33] Sorry. Oh, RegEx. Okay. Yeah. You can do it either way. There's a lot of ways. Plate is usually easier inside of AR. It works. It doesn't work everywhere on the server. So I have other methods from way back when. Mhmm. But
[72:48] we don't have a special function.
[72:52] We have a function to get to the parent of a folder.
[72:55] Right. So you can go so depending on how many you have,
[72:59] you can do parent of a parent of a parent and get to where you need to go. But if you're trying to find the third
[73:05] element in a five element set,
[73:08] you know Mhmm. Slash a slash b slash c slash d slash d and you need c only,
[73:14] just I'll do regex for that or split and just grab the third element or something like that depending on what multiple time in for the most part.
[73:24] Alright. Sounds good. Thank you. Mhmm. Okay.
[73:27] Okay. I don't see any raised hands, and I don't have any questions in the chat that I might have missed. Or I I don't think so.
[73:35] So
[73:36] okay.
[73:37] Other questions? And we're almost at time. We have ten more minutes.
[73:41] So
[73:42] last call for questions.
[73:52] Silence?
[73:55] Okay. Jean, you're okay with what we talked about last week? I know it's little cryptic for everyone, but I know you had the question and we kind of talked before.
[74:03] Yeah. That was that was perfect. I I just didn't check the documents, and
[74:08] and that was perfect for what my
[74:12] network I will use that for yep. Good. I will use that to actually say something to everyone because we turned out that to be a problem everywhere.
[74:21] So
[74:23] please make sure that if you are on a Linux ST, Unix ST,
[74:28] that either user running ST is local and in your password file.
[74:33] ST will not warn you if it is not, but you will have
[74:38] weird failures.
[74:39] That's the daily
[74:41] public service announcement.
[74:44] I've
[74:45] been chasing a lot of those in the last couple of months, unfortunately,
[74:49] with people using AD accounts and all kinds of held up accounts instead of local accounts to run SD.
[74:56] Yes. So so just to back up on that, our our security and network team wants to
[75:02] not have any local admin accounts
[75:07] on our Linux servers.
[75:09] So they want to vault
[75:11] all all passwords.
[75:15] And and so we run
[75:18] our secure transport with an admin account on our Linux servers. It's a non root install.
[75:25] So it's just a local account. And so I was like, well, we can vault passwords,
[75:30] but then I was trying to figure out how
[75:33] secure transport
[75:35] was affected by changing the password and where I had to change that in secure transport. So
[75:41] that's why Annie Yeah.
[75:42] And, yes, there is nowhere. ST doesn't care about the password. We just need the account to be in the password file in the ATC pass w d x. All we need well,
[75:52] plus
[75:53] passion, plus, you know, all the requirements. The requirements are in the install guide for anyone curious.
[76:02] So thanks for the question, Jean.
[76:04] Allow to go Thanks for the answer. Absolutely.
[76:08] And it reminded me to come and tell people to go check on their servers and make sure their admins are their OS admins and security admins are not making them do something that makes their asking not supported.
[76:20] So
[76:21] okay.
[76:22] Well,
[76:23] if no one else have anything else, back to Lucy who will show you a couple of links and or
[76:30] if she wants me to, I can as well keep talking. Lucy? Thank
[76:34] you. Thanks, Annie, and thank you everybody for these wonderful questions.
[76:39] Really
[76:40] helpful, think, everybody to have those in there and have this discussion.
[76:45] Just a couple things.
[76:47] Just a reminder when we talked earlier about the Axewy community,
[76:51] feel free to go on
[76:53] Axewy community and and check any of the links because then there might be some information in there that might be helpful to you. So
[77:03] feel free. And, of course, Annie is always available to answer questions for you and
[77:09] help you out there.
[77:10] And then
[77:12] there's, you know, videos
[77:14] on YouTube that you're welcome to access.
[77:17] And lastly,
[77:19] there's if you ever wanna do a we we've had peer reviews,
[77:24] that have been really successful
[77:27] for us. And so if you would like to go on and and,
[77:31] post a review,
[77:33] you will be compensated for that.
[77:35] Nice little gift card for you. So feel free to go to the website here. And this, of course, will be in the presentation that you'll get soon here after this call.
[77:45] So,
[77:46] thank you everybody for attending,
[77:48] and, we look forward to the next one. And as mentioned, if you ever do wanna host
[77:54] a,
[77:55] secure transport with Annie in your office,
[77:59] feel free to reach out to myself or Annie and let us know because we'd love to do that. And
[78:06] we've done these before, and it's always nice to be in person and not always online. So thank you all very much for attending, and have a great day and rest of your week.
[78:18] Thanks, everyone.
[78:20] Have a good rest of the day and the week, and I'll talk to you next month unless you catch me up in community for something.
[78:28] Thanks, all. Thanks, Annie. Thank you. See you. Bye. Thank you.
[78:32] Thank you.