1119 lines
75 KiB
Plaintext
1119 lines
75 KiB
Plaintext
# Transcript: 891786881
|
|
# URL: https://vimeo.com/891786881
|
|
# Duration: 4935s (82.2 min)
|
|
|
|
[0:02] It's the I did have a question. I am Javier Prado. I'm working here in New Mexico with the human services department,
|
|
[0:10] and we
|
|
[0:11] make use of the software software to control
|
|
[0:14] file transfers across many
|
|
[0:16] partners.
|
|
[0:17] And
|
|
[0:18] we we we don't we we're looking at
|
|
[0:23] several
|
|
[0:24] functionalities
|
|
[0:25] of this system, and I am,
|
|
[0:27] I just started, and I'm, I need to learn a little more about them. One of them that keeps coming up,
|
|
[0:35] that we're in the middle of right now is certificates,
|
|
[0:38] SSL certificates and how to reuse them throughout
|
|
[0:43] the
|
|
[0:44] the the software because
|
|
[0:46] we're we're looking at updating
|
|
[0:48] the SSL certificates for the actual Axway services,
|
|
[0:52] the SSH server, the FTP server. Yep. All these expire
|
|
[0:58] every year, but some of those same certificates
|
|
[1:01] are also used within individual
|
|
[1:04] transfer sites as their configuration
|
|
[1:06] their their connection configuration.
|
|
[1:09] Mhmm.
|
|
[1:10] And so it's like we're reused. Sometimes, like, these certificates
|
|
[1:14] are being reused. They're for individual partners, but we also use them sort of for our system wide type of configuration.
|
|
[1:22] And I was wondering
|
|
[1:23] what good resources there are to to learn more about certificates in Axway.
|
|
[1:30] Ah, okay.
|
|
[1:32] So that will be one of those rambling answers because it actually
|
|
[1:38] it's a little
|
|
[1:39] not complicated completely.
|
|
[1:41] It's actually pretty straightforward,
|
|
[1:43] but there are three things to know about certificate in in in ST
|
|
[1:48] before you start thinking.
|
|
[1:50] No matter what you import and how we import it behind the scenes, we treat them the same way. You probably have noticed that even when you put an SH key, for example, we put expiration date on it, which keys natively don't have.
|
|
[2:04] The reason for that is that behind behind the scenes, certificates are essentially
|
|
[2:08] x five zero Nines
|
|
[2:09] for us. Okay. So whenever you import an SSH key, we'll wrap it using our CA to create an X509
|
|
[2:18] for it, which makes it a lot easier for us to actually manage every tag.
|
|
[2:23] So as you noticed,
|
|
[2:25] probably, we have two different distinct places for certificates.
|
|
[2:29] One of them on
|
|
[2:32] the Mhmm. Configuration,
|
|
[2:34] and I hope everyone can see my browser. And if you don't, just let me know. I'll switch browsers. But
|
|
[2:39] the ones over here are supposed to be for the server certificate,
|
|
[2:43] anything that needs to be shared to a different partner. For example,
|
|
[2:47] a decryption software a decryption certificate that 30 different users need to use. Encryption ones can go elsewhere,
|
|
[2:57] but for decryption purposes already being shared,
|
|
[3:00] they need to be here. And then inside of the account, you have the lock the certificates for the user themselves.
|
|
[3:07] Right?
|
|
[3:08] Okay. And here
|
|
[3:09] yeah. And here is where it comes. So
|
|
[3:13] our documentation has a few sections describing
|
|
[3:17] what certificates are used for and so on. So if you hit the admin guide and go to the relevant session,
|
|
[3:23] there is some information over there.
|
|
[3:25] Mhmm.
|
|
[3:26] But
|
|
[3:27] the and if you go to the API,
|
|
[3:30] we also have a complete certificate API that allows you to generate and import and delete and manage certificates in various ways. So anything you can do from a button, you can do from the API,
|
|
[3:42] which is useful for management.
|
|
[3:45] But we don't have
|
|
[3:47] a real
|
|
[3:49] session section that talks just about certificate per se or how we manage them in in ST.
|
|
[3:55] The assumption is always that whoever reads the guide understands how certificate,
|
|
[4:02] life management works
|
|
[4:04] Mhmm. Outside of us.
|
|
[4:06] And all we're doing is to specify our specific things, the facts that everything is x five zero nine, the fact that everything expires,
|
|
[4:13] and all that funny stuff.
|
|
[4:15] Okay. Thank you.
|
|
[4:18] Sorry.
|
|
[4:19] Yeah. Sorry. I I have to mute myself on
|
|
[4:22] No. No. No. You're fine.
|
|
[4:24] That that's the conversation. Remember? So don't mute yourself. Talk to me. One thing I don't yeah. Yeah. One thing I don't have on this server, because this is the May release, because I haven't updated that one for a while,
|
|
[4:37] is that in October
|
|
[4:39] and no. In October, we added
|
|
[4:43] a
|
|
[4:44] something for master admins that will show expired certificates,
|
|
[4:48] which is new. It's like a tile
|
|
[4:50] that you give you a link to all of the objects that had expired, which might help
|
|
[4:55] in the future with expirations,
|
|
[4:57] including another tile that tells you what will expire in the next sixty days.
|
|
[5:01] So that's, one thing.
|
|
[5:05] And I don't know where to bring that answer from here. So you tell me what else I can help with on that question. I can talk certificates all day long. That's my problem here. So I don't want to
|
|
[5:18] Well and and maybe I I know that I
|
|
[5:22] have have
|
|
[5:23] dug through
|
|
[5:24] just some resources online. In my mind, it does kinda make sense, but it really means a lot coming from someone with your expertise. And I was wondering
|
|
[5:33] if you could give us a quick overview of those tabs up there, like local certificates, and then
|
|
[5:39] for us the internal
|
|
[5:41] Absolutely.
|
|
[5:42] Okay. Things to do. Okay.
|
|
[5:44] Absolutely. So on the global list so this is the global list. This is a certificate.
|
|
[5:48] Any user and the server can use.
|
|
[5:51] The local certificate
|
|
[5:53] is pairs of public and private certificates.
|
|
[5:58] You can also have just private here for the most part, but the idea is that usually these are the pairs.
|
|
[6:03] And local certificates are used for things like the protocol demos. You know, the admin did the HTPD,
|
|
[6:10] every single demo.
|
|
[6:12] It can also be used for shared certificates.
|
|
[6:14] If you have multiple
|
|
[6:16] places that need to reach the same certificate for authentication
|
|
[6:21] to a different site, for example, or for PGP decryption or encryption, instead of putting it into every single account, you can put it here. So if you use PGP,
|
|
[6:31] your encryptions
|
|
[6:33] decryption certificate, the one that belongs to your company,
|
|
[6:37] will go into the global local certificates
|
|
[6:39] because
|
|
[6:40] that way, every single account can use it to decrypt the file that arrived.
|
|
[6:45] Right? Because people will be encrypted with your certificate.
|
|
[6:48] If you have multiple accounts using the same certificate, it can also come here. So this list is available for everyone, and that's why if you can see it, it has an expiration, but it doesn't have usage,
|
|
[6:59] which you'll see under the account.
|
|
[7:02] And
|
|
[7:03] if you need to import the same certificate under two separate accounts, you need to redesign. Either push the certificate here in the global list, or see if you can use it in a different way. That's basically my rule of thumb.
|
|
[7:17] That way, you don't have duplicated items everywhere.
|
|
[7:20] This doesn't contain any user certificate per se. Right? These are your global certificates.
|
|
[7:27] The trusted CAs is the list of your root and intermediate certificates.
|
|
[7:32] The ones so as you know, or if you don't if you haven't worked with text 509,
|
|
[7:37] the whole point, the idea unlike SH keys, which is just key pair. Right?
|
|
[7:42] X five o nines or SSL certificates have a signer,
|
|
[7:46] which is usually a different company that basically says, yep. That certificate is valid and belongs to that company.
|
|
[7:52] Routes and intermediates are in the trusted CAs. One of them is called just CA. This is our local CA. When you create a new certificate in ST, that's what we sign with.
|
|
[8:04] And that's this internal CA. Even though it's on a separate top,
|
|
[8:09] it actually also shows up on the trusted CAs because you're just one of them, but it allows you to generate it.
|
|
[8:16] Trust the CA, the local CA, is what is used for signing all the certificate
|
|
[8:22] inside
|
|
[8:23] when you create or when you import an SHK, for example.
|
|
[8:28] And it is also used
|
|
[8:30] as a white list usually unless you specify something else in streaming and clusters.
|
|
[8:38] The keystone path yeah. Thank you. Thank you. Yeah. Yeah. This makes sense. Yeah. Yeah. I had I was gonna ask that, but you went right over it, which is that internal fee CA
|
|
[8:48] is is one of the trusted CAs. And so trusted CAs,
|
|
[8:52] it's The way I see it is kind of a history of previous sort of, like,
|
|
[8:57] internal CAs that have been No. No. No. Not just internals. It's all the externals. For example, if your partner sent you a certificate
|
|
[9:06] from theirs signed by their certificate authority
|
|
[9:10] or by one of the big ones, big a Goldadee or
|
|
[9:14] Valley VeriSign,
|
|
[9:15] you know, the big guys,
|
|
[9:17] in order for us to be able to work with that one, we need to have it in our trusted store.
|
|
[9:25] So see, this one is SecureSign.
|
|
[9:27] This is the trust core, the Digicert. You know, these are the big providers.
|
|
[9:31] We come preloaded
|
|
[9:33] with all of the commercial ones. But if your partner have their own certificate authority and you and want to use and they want you to use their certificate for logging into your server or to their server, you'll need to import their intermediate and root here.
|
|
[9:50] Okay.
|
|
[9:52] Okay. That's where they go. And if you have edges,
|
|
[9:55] you might need to do the same on the edges if we're talking about the server certificate.
|
|
[10:01] Yep. Yep. Yep. We do have that type of
|
|
[10:04] deployment architecture within Azure Pay. Yeah. It was okay. So so,
|
|
[10:10] from the So from the landing page oh, well, sorry. I cut you off. Sorry. Yeah. Go ahead. No. No.
|
|
[10:16] I was just going so, from the landing page,
|
|
[10:19] if you are already on October as as I said, I don't have it here, so I cannot show it. But if you're already on October from the landing page,
|
|
[10:26] it will show you the list of expired and expiring.
|
|
[10:29] That's what the landing page is doing. But it just filters the list. It doesn't do anything funny with them. It just shows your list. Now in addition to the global certificate,
|
|
[10:40] inside of every single account, you have three diff three additional places for certificate.
|
|
[10:46] The login search
|
|
[10:47] are cases, certificates that are used by end users to log in into ST.
|
|
[10:53] If you enable
|
|
[10:55] certificate or key authentication on one or more of the protocols,
|
|
[10:59] that's where their keys will go. This one will contain only public keys,
|
|
[11:05] because the user need to have the private key so it can match as the public. Right?
|
|
[11:09] So here,
|
|
[11:10] this is public key, so only it's used this is that's why it's called login certificate. It's It's for for logging logging into into ST. It's not for logging on a transfer site. It's basically
|
|
[11:21] like passwords, but with keys. That's I I know it sounds weird, but that's what it is. It's our credentials for our server.
|
|
[11:29] Partner certificates,
|
|
[11:30] the second tab,
|
|
[11:32] is public certificates,
|
|
[11:34] which are used for
|
|
[11:37] encrypting
|
|
[11:38] someone else's data. You know, on PGP, you encrypt with the public data, encrypt with the private, so this is where the public will go.
|
|
[11:45] And for, a s two and other protocols, like, let's say, that require public parts.
|
|
[11:50] So the part of the certificates are always public. A public cert public the public parts of the certificates,
|
|
[11:57] Unlike the local certificates that are usually doubles,
|
|
[12:01] because they can serve as both, here, they are split. So the public part comes here.
|
|
[12:06] And then the last step, the private certificates are certificates you used to log in into someone else's server on the transfer side, or PGP decryption, or any other private elements.
|
|
[12:18] So if you look at the three tabs, the first tab is how to get into our server. The second and the third are how to log in into someone else's server or encrypt, decrypt their data.
|
|
[12:30] I have a question on this here, Annie. Absolutely.
|
|
[12:33] Because I get this from a lot of partners.
|
|
[12:36] They they wanna use a certificate, and we're connecting to them to pull or push files.
|
|
[12:42] So they say, send me your private certificate. I go, no. No. I need your public key
|
|
[12:47] so when we reach out. So, really, the partner certificate
|
|
[12:52] if you're logging in to a partner server, should be their public key. Correct? Private. Private. Oh, their private key. Oh, okay.
|
|
[13:01] You're the client. So the client carries the private part. Right?
|
|
[13:06] When I am connecting
|
|
[13:08] to you, I'm carrying my private part, and you are carrying the public to match it against.
|
|
[13:13] That's the whole point.
|
|
[13:15] Right. Right. So they create the key pair, and they send us the private key.
|
|
[13:19] Or you yeah. Or you create it and send them the public to import on their site or whatever is needed.
|
|
[13:26] Oh, we send them the so that could work reverse. We could right. Okay. We could generate And they put it on their server. So the whole idea is you need to exchange them. One says for you, one goes for them. In order for to authenticate, whoever initiate the connection
|
|
[13:42] is the guy carrying the private key. That's how that's the easiest way to explain to to remember it. That's how I always remember it. Yeah. It confuses the heck out of me every time.
|
|
[13:52] It's like Especially
|
|
[13:54] especially because with PGP, it's kinda sorta sounds the opposite. Because with PGP,
|
|
[14:00] you use a public key to encrypt,
|
|
[14:04] but it's basically the same idea.
|
|
[14:06] It just sounds a little weird. But you so think of that that way.
|
|
[14:12] In order to authenticate, you need a credential.
|
|
[14:15] A public key, when you say the word public, that doesn't sound like credential anymore. Right? It's not a secret thing. So Mhmm.
|
|
[14:23] So yeah. And, of course, if it is SSL, the x five four nine contains both of them plus a lot of other things. So
|
|
[14:29] it's different. But yeah. But if we're talking SSH, it's private on client side, public on and on
|
|
[14:37] server side. And that's why you we have if you look at the screen, we actually have spelled out exactly what goes into those.
|
|
[14:46] And,
|
|
[14:47] it also helps when you open a transfer site. If you don't see it, you put it in the wrong place.
|
|
[14:53] Gotcha.
|
|
[14:54] Right?
|
|
[14:55] But and keep in mind, again,
|
|
[14:58] for the private and partner certificates,
|
|
[15:01] second and third tab here, whenever there is a list of certificates,
|
|
[15:06] like, in an SCH transfer site let's see if I have one. I have one.
|
|
[15:11] So when you open sorry.
|
|
[15:14] Small.
|
|
[15:15] You know? This server is always fun. Over here,
|
|
[15:19] you see how there is the word server or user behind? So the ones from sir that say server comes from the local certificate. If you import something here or if there was something in my private list, they'll show up here with a tech user behind them. It just to tell you which one it is.
|
|
[15:36] So every time when you go to transfer, see, you see all of the server's certificates
|
|
[15:41] and all of the certificates that belong to this user.
|
|
[15:45] So I got one more question on this, if I may.
|
|
[15:48] And
|
|
[15:49] do you know of a reason why
|
|
[15:52] when you create a certificate under the site, when you try to use it, you can't see it? So I've run into that. So what I've done is just I've just created them on the
|
|
[16:04] on the global side, and then it becomes available as the SSH key.
|
|
[16:08] Do you know Did it yeah.
|
|
[16:11] What did I do wrong?
|
|
[16:13] You put it in the wrong place.
|
|
[16:15] Did you put it on the private certificate? No. I put it on our partner certificates.
|
|
[16:20] Yeah. Partner certificate. So and that's your problem, and that's why I came here. Okay. In order to use them in the transfer side, they need to be in the private certificates because we need the private part. The partner certificates,
|
|
[16:33] despite their name, are actually for the public parts of certificates, and they use for PGP encryption,
|
|
[16:39] and inside of a s two where we're doing mutual trust,
|
|
[16:43] because there we need both pieces.
|
|
[16:45] But
|
|
[16:46] so login certificates,
|
|
[16:48] logging into ST. Private certificates, on the other end, logging into someone else's system. That might be the best way to to to remember it.
|
|
[16:56] Excellent. Partner certificates,
|
|
[16:58] unless you're using a s two, partner certificates will be only for PGP when you need to encrypt for them.
|
|
[17:06] If you use a s two, obviously, you need two certificates in both places. That's a different conversation and so on. But that's why you are not seeing. Because where you put it, you put you'd have just a public component. The private got lost unless you saved it. So if you saved it, if you just import it on the private, it will work. The the reason why it worked when you put it under local is because, as I mentioned, the local actually keeps both the private and the public part.
|
|
[17:30] So when you imported both of them, it could use them.
|
|
[17:34] So that so that just shed a light on. If you have a partner
|
|
[17:39] that you log in to with multiple accounts,
|
|
[17:43] you would have to put that on the global.
|
|
[17:46] Because if you try to import that certificate
|
|
[17:49] into a different account,
|
|
[17:51] you might get a warning that that a a certificate with that serial number or something like that already exists. Right? Not not for private certificates. We don't do that check over there because we assume that it might be needed. We do it for our login certificates to ensure that you don't try to use the same key or certificate for multiple users on our system
|
|
[18:12] because this basically is not allowed.
|
|
[18:15] But the private certificate,
|
|
[18:16] you can import the same one on every single account in the world. It will work. But I would strongly advise against, because,
|
|
[18:24] you know, when it expires, you'll forget one of them.
|
|
[18:28] So one thing to say here,
|
|
[18:30] whenever you have the need to do it on multiples, think about two things. Can you do it global?
|
|
[18:36] On the other hand, if you put 3,000 on global, guess what? You know? Management becomes a nightmare.
|
|
[18:42] Or if this is for a push, think about using a secondary account to halt the site only.
|
|
[18:49] Remember that we have the ability to reuse
|
|
[18:54] cert sites
|
|
[18:57] across accounts
|
|
[18:59] for pushes, not for pulls.
|
|
[19:01] And the other thing,
|
|
[19:03] we have an additional level here, the access level,
|
|
[19:06] so that, which is more important for PGP than for login certificate for for for certificates logging to someone else.
|
|
[19:14] But if you when you create an when you create a a a certificate inside of the account or import one, you specify if this can be used only by this account or if someone else's else can use it. So, for example, during during PGP encryption, you can reach out and grab someone else's certificate for encryption.
|
|
[19:36] So you don't need to put it on global. You can put it on a
|
|
[19:40] utility account.
|
|
[19:41] You just need to make sure it's either business unit level or public instead of private.
|
|
[19:46] Gotcha.
|
|
[19:48] I'll be rewatching this several times. Thanks, Annie.
|
|
[19:51] I and you can always reach out with additional questions. Right? And I apologize
|
|
[19:57] because we try not to cover,
|
|
[20:00] and I'm really bad with names if no one had realized. So the gentleman I was talking to earlier,
|
|
[20:06] you all set, or do you have more questions on that?
|
|
[20:10] I apologize again. I forgot the name.
|
|
[20:14] Oh,
|
|
[20:16] yeah. Yeah. Yeah.
|
|
[20:18] The Mexico.
|
|
[20:20] Yep. The New Mexico. Javier.
|
|
[20:23] Thank you. Yep.
|
|
[20:24] Yep. Yep. It should be should be good. Yeah. Yeah. No. I I I don't
|
|
[20:28] I'll wait for the next question for other people to ask. I I can't I know I have more questions, but
|
|
[20:34] Ah. But You know, I don't see a raised hand,
|
|
[20:38] so go ahead and ask your question.
|
|
[20:41] Well, this is something that I wanted to figure out to help our sys admin who couldn't be here today. He was invited he he was busy. And the main thing that we're doing with him is getting
|
|
[20:53] a
|
|
[20:54] certificate from Digicert,
|
|
[20:56] and it's one that we have to apply to our core services in our in in the operations
|
|
[21:02] Okay. Panel.
|
|
[21:05] And, yeah, wondering
|
|
[21:08] if we should, yeah, be importing to the trusted CAs.
|
|
[21:13] So okay. So what Digicert gave you is your own certificate.
|
|
[21:17] Right?
|
|
[21:18] But it also carries
|
|
[21:19] either one or more intermediates and at least one root certificate.
|
|
[21:24] So what you do is step one, import whatever they gave you into the local certificates.
|
|
[21:31] Mhmm.
|
|
[21:32] After that, click on it
|
|
[21:34] and look at
|
|
[21:37] do you see my small window
|
|
[21:40] that's opening now?
|
|
[21:42] Not yet.
|
|
[21:44] On a second. I might need to share it in a different way.
|
|
[21:47] Yeah. I know. Hold on a second. You know what? Let me just share my whole screen.
|
|
[21:52] I don't have anything else going on, so that should,
|
|
[21:58] okay. I did it. And now
|
|
[22:02] okay. Do you see the small window now?
|
|
[22:04] Yeah.
|
|
[22:05] Okay. So
|
|
[22:06] after you import it, look at the very top and see if it of the validation status.
|
|
[22:12] If it say not changed to a truth and truth as mind us, because I haven't, because I've deleted my CA, that tells you that you're missing an intermediate
|
|
[22:21] or a root certificate.
|
|
[22:23] With Digicert, chances are depending on what intermediates you are using. It might snap immediately.
|
|
[22:29] Let me see if I have one that actually is properly chained
|
|
[22:34] to show you the difference.
|
|
[22:36] See how do you say it's valid and chained? That means that we have the whole chain. The certificate is good to go. You don't need to do anything else with it. But if it is one of these, like this one that is not chained, that means that the CA for that is missing from the trusted store.
|
|
[22:54] It can be just the root, or it can be the root and intermediates.
|
|
[22:58] The easiest way to find them, as stupid as it might sound sometimes, is to use a browser.
|
|
[23:04] Import this certificate as a user certificate in your browser, and let the browser
|
|
[23:09] figure out depending on what browser you're using. But, when you go to the certificate in the browser after that, it will show you the chain so you can grab the root and intermediate and import them into ST.
|
|
[23:23] Does this make sense?
|
|
[23:25] So when you import so, you know, for example, when your bank give you the certificate and you import it into your browser, and then you can go to the browser and go to the settings of the browser, when you click on the certificate,
|
|
[23:37] it it has settings or options or root path or whatever. The reason why browsers are good for that is because security
|
|
[23:46] wise browsers get updated a lot more often than anything else, and they carry all of the routes and intermediates.
|
|
[23:52] Now
|
|
[23:53] if,
|
|
[23:54] Digicert sent you the route and intermediate in the same mail as the big cert as the normal certificate, then you have them already. Just import them.
|
|
[24:03] And when you're importing,
|
|
[24:05] if you are worried about,
|
|
[24:07] not importing the same again, don't worry. Even if you have it twice, nothing will break.
|
|
[24:12] But always start that way. Import the certificate here, see if shows up as valid and chained. If it is not, then you need to go chase the intermediate and route.
|
|
[24:22] And
|
|
[24:23] don't forget that you might not have intermediates.
|
|
[24:26] Depends. So usually,
|
|
[24:27] with the
|
|
[24:28] DigiCert and the big guys, there was almost always an intermediate.
|
|
[24:34] Mhmm. With smaller providers, sometimes everything is route early. For example, when we sign, we sign with a single CA, so we never have intermediates.
|
|
[24:43] Mhmm. But when you're coming from a corporate, usually, they have the root is the whole digit CERT,
|
|
[24:48] and then the intermediate is what actually signs for you.
|
|
[24:52] And if your company has a special contractor, you even might have two levels of intermediates
|
|
[24:57] in there. And in order for everything to get valid and chained, all of them needs to be interested.
|
|
[25:02] And the basic rule of ST or any security
|
|
[25:05] until but for ST specifically,
|
|
[25:08] until you see valid and chained,
|
|
[25:11] you keep rooting for more routes and intermediate. Something is still missing from the chain.
|
|
[25:17] Okay. And it'll be it'll be under local certificates.
|
|
[25:21] Yes. That's where you import it. That's where you import what they give you.
|
|
[25:25] Not not internal not trusted
|
|
[25:28] CA? No. Trusted
|
|
[25:30] CA is where you'll put the roots in intermediate
|
|
[25:33] when you get them. But the signed certificate that DigiCert gives you goes into local certificates.
|
|
[25:40] Okay. So the browser can help me get the intermediate ones. And those those would go into trusted CAs, you said? Yes.
|
|
[25:48] All intermediate and routes
|
|
[25:50] go into trusted.
|
|
[25:55] Okay.
|
|
[25:56] Okay. And, again,
|
|
[25:58] depending on how exactly and what exactly you have, they might already be there. As you can see, we have at least one digit CERT. We have more of them. We have 15 pages of those things.
|
|
[26:08] So if you go through the pages, you'll see quite a lot of them.
|
|
[26:13] And pretty much
|
|
[26:14] all of the big roots are here.
|
|
[26:17] And as long as and every time you update your server, we update the list if if new ones had been added.
|
|
[26:25] So
|
|
[26:26] Okay. Okay. So if if if you went up to the to the operations
|
|
[26:30] button top left
|
|
[26:32] Mhmm.
|
|
[26:34] In the
|
|
[26:35] when when I go here and,
|
|
[26:37] I look into
|
|
[26:39] sort of the the the certificates listed
|
|
[26:43] for for these services
|
|
[26:45] Mhmm. Where it says at the the last column, server certificate slash key, that that'll be, like, a that'll be a drop down coming straight from local certificates
|
|
[26:55] maybe. Right? Okay.
|
|
[26:59] Okay.
|
|
[27:00] Okay. Hold on a second. Let me just cancel that. But yes. So these these ones
|
|
[27:06] are only grabbing from local certificates.
|
|
[27:09] Nowhere else.
|
|
[27:10] Got it.
|
|
[27:14] Makes sense? Thank you. Yeah. Yeah. I think this helps a lot. We'll definitely fill in, our SIS admin.
|
|
[27:20] Yep. Thank you. And,
|
|
[27:22] just
|
|
[27:23] don't
|
|
[27:25] as I said, before you assign it anywhere, just make sure it's valid and changed.
|
|
[27:30] That's important. So the valid, basically, check the dates. So, for example, especially
|
|
[27:36] with time zones, if it's if it's too early on your server or if you're running on different time zone, the certificate might not be valid yet. You might need to wait it an hour. You know? But, usually, they are not that fresh.
|
|
[27:48] So valid will check if it is, valid for,
|
|
[27:53] sorry.
|
|
[27:54] Valid will check time times if it's valid from valid to, because each certificate has a valid from valid to. Right? And then the chained to route or not chained will check if we actually can go all the way to a trusted route,
|
|
[28:10] And if we can't, you need to take care of that. And don't forget, you might need to do the same on the edges. If you have server edge, you need to do it on both elements.
|
|
[28:19] Anywhere where you put a local certificate for the daemon, it needs to be trusted and chained.
|
|
[28:26] That's that's what and valid. That's that's what we require.
|
|
[28:30] If it's not,
|
|
[28:31] technically speaking, about half of the services actually will work, but your users will be getting very weird, errors and exceptions and whatnot.
|
|
[28:40] So what's the point of of paying for a certificate if they're going to trust you anyway?
|
|
[28:46] Mhmm. Mhmm.
|
|
[28:48] Totally.
|
|
[28:49] Thank you. Awesome. Awesome. I think my my coworker my my,
|
|
[28:53] yeah, my coworker here, Lina,
|
|
[28:55] wants to ask something.
|
|
[28:57] Okay.
|
|
[29:01] Okay.
|
|
[29:03] I saw a raised hand,
|
|
[29:07] and I lost it. So whoever that was with the hand, please talk. Hey.
|
|
[29:12] Hi. Sorry about that. I was on mute.
|
|
[29:16] So yesterday, when we tried to download the Digicert,
|
|
[29:20] into
|
|
[29:21] the local certificate, it asked for a password,
|
|
[29:24] and that's where we got stuck. It didn't let us proceed.
|
|
[29:27] Would you be able to clarify, like, what password are they asking for so we can let our system admin know, you know, this is the other password they're asking for? Because we couldn't proceed after that point.
|
|
[29:40] Okay.
|
|
[29:41] So I know exactly what you're talking about. So you were importing a certificate here.
|
|
[29:49] Yes. Yes. And it asked for this password here.
|
|
[29:54] Right?
|
|
[29:56] Was this this one, or were you generating? Yes.
|
|
[30:00] This one. No. We we hit import. Yes. Import. Yes.
|
|
[30:04] So when you import an x five zero nine or did you import an SSH?
|
|
[30:09] What did you import?
|
|
[30:11] So We did X509.
|
|
[30:13] So on the x five zero nine, this password here is actually the private key password,
|
|
[30:19] and it either should have so when you got the DigiCert certificate,
|
|
[30:25] did you just request one, or did you send them a CSR first?
|
|
[30:35] Okay.
|
|
[30:36] So, the way it works with certificates, there are two ways to get a certificate from a signing authority.
|
|
[30:42] One of them is you create the private key and send the public key for site and send the whole team for signing.
|
|
[30:49] The other one is you just buy the certificate and give you they give you all the parts.
|
|
[30:54] If you got the first route, then you have the password because you generated the private key.
|
|
[30:59] If you went the second route,
|
|
[31:03] then,
|
|
[31:05] they will need to give you a key unless they created
|
|
[31:08] a
|
|
[31:09] passwordless
|
|
[31:10] certificate.
|
|
[31:11] If this is the case, your browser becomes your best friend. ST requires a password.
|
|
[31:16] If your x 5.9 doesn't have a password,
|
|
[31:20] import
|
|
[31:22] the certificate they gave you into the brow into a browser,
|
|
[31:26] and mark the private key as exportable during the import.
|
|
[31:30] There is a checkbox for that.
|
|
[31:32] Then export it out together with the private key from your browser and apply a password on it.
|
|
[31:44] Lina, does this make sense?
|
|
[31:47] Yes. Yes. Thank you so much. So that's that's the issue. You basically because you went for a certificate, it probably came without protection protection password. So if the paperwork you have from DG server or whoever doesn't have a password on it, chances are they gave you a password less one.
|
|
[32:04] In this case, use the browser. As I said, the browser is very good for SSL work. I can do that with open SSL and all kinds of tools, but it's much, much faster with the browser.
|
|
[32:14] So import it into the browser. Browser allows passwordless.
|
|
[32:18] Make sure the private key stays with you so mark it as exportable. Then when you're exporting out, make sure you pick it up, and just apply a password. And then this is the password of the key, which is used to protect the private key because remember that, as I mentioned, these certificates,
|
|
[32:34] the the
|
|
[32:36] local ones are
|
|
[32:37] doubles,
|
|
[32:38] public and private, and private things should be protected. So there's password on them.
|
|
[32:44] So that that's what got you probably.
|
|
[32:46] So just go to the browser to apply a password on the team. Thank you so much.
|
|
[32:51] Yeah. And if if if the browser cannot import it and ask for a password, go back to wherever you bought it from and ask them for the password.
|
|
[33:00] But the browser will help you to know if it is passwordless or you just don't know the password.
|
|
[33:07] Perfect. Thank you so much. While talking about passwords, if it was an SSH key, and that's, you know, you don't because remember, SSH keys are not something that is signed. They are just key pairs.
|
|
[33:20] That's where this password, the CAC password, is our CA password, the password on the internal CA.
|
|
[33:27] So that we can sign whatever you give us to become a export five zero nine in our database. And that's why I ask you which password, because depending on which part of the screen you are using, we're asking for different passwords.
|
|
[33:38] But, yes, for import and this is not only for here, by the way. If you're doing private certificates, what Joe was asking about for end users to be able to,
|
|
[33:50] to log in into their server, their case might if it is X509,
|
|
[33:54] it also needs to have a password.
|
|
[33:57] So
|
|
[33:59] okay?
|
|
[34:03] And you probably are not seeing that screen because I yeah. Sorry about that. Hold on a second.
|
|
[34:08] Let me share.
|
|
[34:10] Sorry.
|
|
[34:11] We're having sharing issues, apparently. So this is the screen I was showing. Sorry. I forgot I'm showing only one. So, Lina.
|
|
[34:18] Right?
|
|
[34:20] So that's your pass that's your password thing. Yeah. Yes. And that's exactly that. Yep. Into the browser,
|
|
[34:26] import,
|
|
[34:27] mark exportable,
|
|
[34:28] export, apply password, bring it back to ST.
|
|
[34:32] That's it. Wonderful. Thank you so much, Annie.
|
|
[34:35] Yep. Okay. I see raised hands.
|
|
[34:39] So let's see who is first on that one.
|
|
[34:42] Seth.
|
|
[34:45] Hello,
|
|
[34:47] Annie.
|
|
[34:49] I have I have a case. I
|
|
[34:52] get the file from the from the remote site.
|
|
[34:55] And Mhmm. I
|
|
[34:57] want to to
|
|
[34:58] to to trigger an external script
|
|
[35:02] in order to grab the pattern.
|
|
[35:04] If the pattern exists
|
|
[35:06] into the file,
|
|
[35:08] I
|
|
[35:09] send to the partner. If it's not the case, I stop
|
|
[35:13] the routing, and I
|
|
[35:15] I do an exit.
|
|
[35:17] Okay.
|
|
[35:19] How it's possible?
|
|
[35:22] Okay. So
|
|
[35:23] let me share again my
|
|
[35:29] so
|
|
[35:31] you create a route, and I'll just go and open one of my routes and just show you things.
|
|
[35:37] But
|
|
[35:39] you pull the file or whatever you do, you send it into advanced routing. Inside of the advanced routing, you send you send it to a route.
|
|
[35:47] Let me I'll just pick up one of my empty routes.
|
|
[35:51] And in the processing so everything here as usual,
|
|
[35:55] you know, nothing interesting happening.
|
|
[35:59] Just ignore what I have else on the screen because it's just an example. But, basically whoops. No. That's not what I wanted to do. Sorry.
|
|
[36:07] So when you create create a route,
|
|
[36:13] unconditional
|
|
[36:14] come on. Okay. Unconditional,
|
|
[36:16] you know, you always go into that with a first step
|
|
[36:20] external script.
|
|
[36:25] Proceed on real success. Make sure that only this checkbox is enabled.
|
|
[36:30] Here, you put whatever script you want, the path to it. Make sure it's visible from all the servers. It needs to be local. Don't put it on the NFS,
|
|
[36:38] but it needs to be installed on all of your notes.
|
|
[36:41] And developer
|
|
[36:43] guide here some examples for external scripts,
|
|
[36:46] so you can put things in there.
|
|
[36:48] Make sure that it exits with zero one or whatever. So, basically, if it is success, exit with zero. Otherwise, exit with something else.
|
|
[36:59] And there is some options here to execute this route. If your route install, mine is not, so I cannot. But log scripts to the standard output to the server log, that's important. That will put the logs into the server log. Do whatever you need to do with the file. And after that, as a second step, just do publish to account or send to partner. It doesn't matter. Because you proceed only on success, if something goes wrong,
|
|
[37:23] it will stop if the script exits with something different from zero.
|
|
[37:29] That's it.
|
|
[37:35] Right? Okay.
|
|
[37:37] Yes. Makes sense? Okay. So if,
|
|
[37:39] yes. Yes.
|
|
[37:41] Makes sense. So couple of things here. Number one, if you need to do that for a very low large number of files, that will be a big hook on your resources.
|
|
[37:54] External scripts, if you know Java, basically, we're we start a new run time for a run time Java inside of the in the JVM for each of those. So if you have hundreds of those, not a good idea.
|
|
[38:06] So instead of doing an external script, keep in mind, we also have the pluggable steps that you can build in Java.
|
|
[38:14] That if you build a step in Java and the dev guide has a very good guide how to do it, then it will show up as a additional transformation over here.
|
|
[38:24] So you can just pick it and choose it instead of external script.
|
|
[38:28] Of course, more development,
|
|
[38:29] if you don't have Java developers and so on. So think about performance is the only thing I want to say.
|
|
[38:36] And,
|
|
[38:37] then,
|
|
[38:38] one thing you can do after that on the send to partner,
|
|
[38:42] when you go to the second step for the send to partner
|
|
[38:46] one.
|
|
[38:49] Don't use that because external
|
|
[38:52] external
|
|
[38:56] scripts cannot really pass the file to the next step properly. They just leave it in place into the sandbox.
|
|
[39:03] So if you proceed only with result from proceeding step, depending on what exactly else is happening, you might not the this step might not see the file. If you remove it, it will just grab whatever whatever
|
|
[39:14] the previous step left into the sandbox.
|
|
[39:17] So I'll disable
|
|
[39:18] that,
|
|
[39:20] process all files, or if you want only to do it based on file name or whatever, you can do some filtering.
|
|
[39:26] And then whichever checkboxes here, you probably want it this way.
|
|
[39:30] You know? Proceed on success, upon failure.
|
|
[39:33] But that's pretty straightforward.
|
|
[39:35] Just unlike PGP that passes the file properly to the next step, external scripts don't.
|
|
[39:42] So don't rely on, it knowing that it's there.
|
|
[39:50] Any
|
|
[39:51] other questions on that side? We need we need we need to to
|
|
[39:55] we need to uncheck this box. Yeah.
|
|
[39:59] I would, I would uncheck it. Depending on situations,
|
|
[40:02] it's so what this box is saying is
|
|
[40:06] proceed only if the previous step passed passed the file to us. So if the output of the previous step
|
|
[40:13] to be used as an input here. That's not what you want when you work with external scripts.
|
|
[40:18] With external scripts, what you want is basically to tell the server, go and see if I left something in the sandbox.
|
|
[40:25] So
|
|
[40:26] and
|
|
[40:29] that also probably gives you another idea that if you don't want to exit with an error, another thing you can do, it should just delete the file in the sandbox. If the file is not in the sandbox, we'll find nothing to push after that.
|
|
[40:43] But the
|
|
[40:44] error errors work pretty well. But depending on how you want, you can orchestrate.
|
|
[40:49] Right?
|
|
[40:50] So that's and that's another thing. It's not just for after external script. That's why we have this one here.
|
|
[40:56] If you have it checked, it means grab the files only coming from the previous step. If it you don't grab everything from the sandbox. So if you end up with three files in the sandbox somewhere somehow,
|
|
[41:06] you know, you create something
|
|
[41:08] and you uncheck it, then now see multiple files, and we can send all of them.
|
|
[41:16] Okay?
|
|
[41:18] Okay. Thanks, Anne.
|
|
[41:20] Yeah.
|
|
[41:21] If you're on Windows, it gets a little bit more complicated because of permissions,
|
|
[41:25] but it still works.
|
|
[41:27] But, yeah. And that's the other thing. Whenever you write those external script, please, please, please, please make sure you don't have something stupid in them, like, you know, open connections and never closing and stuff like that.
|
|
[41:39] Right?
|
|
[41:41] Because Oh, yes. Your perform
|
|
[41:44] you know, we cannot control. We cannot close anything for you, so your script is on your own. If all you're doing is to just check the top of the file and so on,
|
|
[41:53] then, yeah, that's your only option. The only step that you might be so are you looking for a specific string, or are you looking for a pattern of some type? A pattern pattern.
|
|
[42:07] A specific pattern.
|
|
[42:09] Okay.
|
|
[42:13] Because
|
|
[42:14] the character replace
|
|
[42:16] and the the reason I'm asking, by the way, is, that the character replace actually can replace multi
|
|
[42:24] it can be used for,
|
|
[42:28] not for your scenario,
|
|
[42:30] but it's
|
|
[42:33] depending on what you cannot do conditions based on that is my point. So if you need something based on the contents of the file, you need to build it yourself
|
|
[42:42] as you realized
|
|
[42:43] already. So, yeah, that that's all you need to do. Do the external script.
|
|
[42:48] Make sure your performance doesn't suffer. And, again, if you have if you need to do that for all your files or a huge amount of files,
|
|
[42:56] do it I would do it with a script and not with,
|
|
[43:00] I would do it with a pluggable and not with a script.
|
|
[43:06] Okay.
|
|
[43:07] Okay.
|
|
[43:09] And I can see a lot of raised hands. So, John, you are next.
|
|
[43:14] Yeah. Hi, Amy. Thanks.
|
|
[43:16] Going back to the certificate.
|
|
[43:18] Sorry.
|
|
[43:19] That's okay. We just
|
|
[43:22] replaced our SAN certs on the edges for HTTPS.
|
|
[43:26] And
|
|
[43:27] every year, the team that gets our certs provides me a PFX file.
|
|
[43:32] And for some reason,
|
|
[43:34] whenever I try to directly import the PFX,
|
|
[43:38] Actsway complains, it's it's not it's not
|
|
[43:41] valid and can't do it. So I have to go to oh, okay.
|
|
[43:46] It is, but it's not. It's valid for a browser. They basically gave you something that will work on a web server, and we are not.
|
|
[43:54] So back to what I said earlier about the browser. Remember that part?
|
|
[43:58] Yep. The browsers actually work p o, get PFX just fine.
|
|
[44:02] So importing the browser, export it out as p 12, you're back in business.
|
|
[44:07] Oh, yeah. Okay. Yeah. I I I do the SSL thing. I convert it to a PEM and then to a p 12, and then it's fine. I just wondered why
|
|
[44:15] Xway won't import it now. That that explains Because yeah.
|
|
[44:19] We
|
|
[44:20] just made the choice not to support PFX because it's not a standard,
|
|
[44:26] for certificate. It's literally browser thing. It's it's one of those things. There is too many formats. It's if you want, go to the ideas portal
|
|
[44:35] and open a request for enhancement. We might add it in the future.
|
|
[44:39] But for the most part, it's just
|
|
[44:42] you know, it's the same, like, allowing keys without passwords.
|
|
[44:46] You know? Go to the browser, clear it out. And you can do it again. You can do it with Excel tools if you are on a unique system anyway. You know, you know how to do it. But for the most part, whenever I get the PFX or a passwordless
|
|
[44:59] certificate,
|
|
[45:01] I just go the the the, you know, the easier route.
|
|
[45:05] Into the browser, out of the browser, done. And the browser, on top of everything, it will link with the proper intermediates and routes,
|
|
[45:16] and I can grab them from there as well. So it just does all my work for me. So Yeah. This has a password. So which I reset in the SSL anyway. So to what I want it to be. But, yeah, that explains it. Thank you, Annie. Yep. That that's what this is all about.
|
|
[45:35] Okay.
|
|
[45:36] And we lost a couple of people. I have more people. So let me see. Who is next?
|
|
[45:41] Jack Strenkovsky.
|
|
[45:43] And I apologize if I mangled your name.
|
|
[45:46] No. You did good.
|
|
[45:48] So back on the route,
|
|
[45:50] scenario
|
|
[45:51] where Mhmm. If if you,
|
|
[45:54] if you set it up pretty normal, it'll trigger on every single file.
|
|
[45:59] Yes.
|
|
[46:00] But if you use a
|
|
[46:03] trigger file,
|
|
[46:05] then Uh-huh. Anything that doesn't match the trigger pattern
|
|
[46:09] will just stay in the sandbox until the trigger file comes along,
|
|
[46:15] and then you use that trigger to then,
|
|
[46:18] begin
|
|
[46:20] one job.
|
|
[46:22] Yes and no. Actually, it stays a step earlier. It doesn't even makes it in the sandbox. It stays in the subscription
|
|
[46:28] subscription folder. Okay. Yes. So what it does yeah. So, yeah, what it does is essentially,
|
|
[46:35] oh, I'm a file, but
|
|
[46:37] my subscription is tied to the trigger.
|
|
[46:39] I'm not supposed to go yet.
|
|
[46:41] So it just sits there and wait. Okay.
|
|
[46:45] Right.
|
|
[46:46] So we we do use the trigger file to,
|
|
[46:49] essentially
|
|
[46:51] wait for everything to
|
|
[46:53] show up. And
|
|
[46:55] and then we trigger it, and we run one script so that they can process all the files in one program.
|
|
[47:03] Okay.
|
|
[47:04] Yeah. Good. That's that's why we have the triggers. That's the whole functionality. Well, it has a lot of other options, but the initial use case for triggers was
|
|
[47:15] get all the files in, and then tell me you are ready so I can grab them and zip them together, for example.
|
|
[47:20] Right. Into a single zip. Right? That that was the whole use case for, trigger early on. Now, of course, it gets a lot more things. And as you know, and especially for the newer people on the with ST,
|
|
[47:33] the trigger can worse work based on grab everything, or grab based on pattern, or grab based on the list of file inside of the trigger.
|
|
[47:41] And if you haven't played with that in the last year or so, we actually have a new option that allows you to have. If the trigger file has a list of files,
|
|
[47:50] you can actually tell it to wait until all of the files on the list show up. Literally wait there. So you can send the trigger at any time, and it will wait until all of its files show up.
|
|
[48:03] That we added a couple of months ago. Well, years almost now. You know? It's December 2023. So Yeah. That's a nice option as long as your trigger knows what's supposed to be there.
|
|
[48:15] Yeah. But if you have a partner that knows I'm sending you 10 files, and they're willing to create the trigger file for you,
|
|
[48:22] then you can tie that way. We have customers like that. You know, they have an external process. It produces between one and twenty five files or whatever.
|
|
[48:30] But they know the list of the files, and they can push a trigger file with the correct file list. And then we can wait for as long as we need for all of them to show up before we start processing.
|
|
[48:41] Mhmm.
|
|
[48:43] But in your classic case, it's even easier. You know? Make sure everyone is already in, and then send us the trigger file to tell us to go grab them.
|
|
[48:51] Right. Or Yeah. When I say go grab them, mean grab them from the subscription folder and process them. They're already with us. It makes it easier to process.
|
|
[49:00] That's why we have that.
|
|
[49:02] Yep. Sounds good.
|
|
[49:04] Mhmm.
|
|
[49:06] Okay.
|
|
[49:08] Anything else on you,
|
|
[49:10] Chuck?
|
|
[49:12] No.
|
|
[49:13] I'm good.
|
|
[49:15] Okay.
|
|
[49:16] Daniel Mason.
|
|
[49:18] Again, apologize if I
|
|
[49:21] mess up someone's name. I am bad with names.
|
|
[49:24] Oh, I'm bad with names too, so I'll share that with you.
|
|
[49:29] How are you today?
|
|
[49:30] Okay.
|
|
[49:32] How can we help today?
|
|
[49:34] So basic question. Our
|
|
[49:37] landing area for files our back end storage
|
|
[49:41] is a NetApp appliance.
|
|
[49:43] And Mhmm. We have
|
|
[49:46] two Windows servers. One's a primary, one's a secondary.
|
|
[49:50] And so the NetApp appliance is convenient because it's shared between the two servers as the landing area,
|
|
[49:56] and our users can just simply map a a drive to it to pick up and drop off files.
|
|
[50:03] But we we wanna
|
|
[50:04] we understood that
|
|
[50:06] we're the minority that most of our
|
|
[50:09] most of your clients
|
|
[50:10] use the back end service, use Linux instead of Windows.
|
|
[50:15] And so we'd like to migrate from Windows to Linux.
|
|
[50:19] And
|
|
[50:21] also, what they were we're planning for the possible retirement
|
|
[50:25] in 2025
|
|
[50:27] of our NetApp appliances.
|
|
[50:28] So what are most people using for their their landing area, their storage
|
|
[50:35] if they're back back end servers are Linux?
|
|
[50:39] So use you need so we have a complete a a comprehensive list of what we support
|
|
[50:45] depending on what Linux flavor you go for.
|
|
[50:49] If you are Red Hat, it might be GFS. If you are something different, we have GPFS.
|
|
[50:56] But we also fully support NFS.
|
|
[50:59] And the NetApp can actually get you NFS
|
|
[51:02] mounts
|
|
[51:03] the same way you're used to. The only difference is that on Windows, and that's the only good thing about Windows and DeskTogether,
|
|
[51:10] is that on Windows, you don't need to mount anything because we can reach out, and you can use UNC parts.
|
|
[51:16] When you use Linux, you lose that ability.
|
|
[51:19] But we replace it with two separate things. One of them is for home folders, landing places as you call them. You basically mount your NFS
|
|
[51:27] drive.
|
|
[51:28] So your NetApp appliance can be NetApp appliance storage can be exported as an NFS drive.
|
|
[51:36] And then you just mount it, and it looks like local,
|
|
[51:39] but not exactly. Both servers will be able to see it if you're on Linux. That's how it works.
|
|
[51:45] But, for other storages, if you don't want to mount something
|
|
[51:49] for pushes to a folder monitor or pulls from folder monitor, for example,
|
|
[51:53] that can be then converted to Samba drives. Samba is the protocol that is used in,
|
|
[52:00] for connecting to a server
|
|
[52:02] on Unix the way you do with UNC parts
|
|
[52:06] Okay. In Windows.
|
|
[52:08] So to answer your question, in my experience, about half of our customers are using NFS.
|
|
[52:14] NFS is less performant than GFS or GPFS,
|
|
[52:18] but also a lot cheaper.
|
|
[52:19] Okay. So
|
|
[52:21] if you are going to be retiring your NetApp,
|
|
[52:24] you really need to sit down with your storage admin and our list of supported,
|
|
[52:29] pro supported storage,
|
|
[52:31] protocols
|
|
[52:33] and k. File systems,
|
|
[52:35] and figure out what they want to do. Do they want another NetApp or something similar to to give you NFS?
|
|
[52:43] Or do they want to give you,
|
|
[52:46] or or do they want to spend the money for something
|
|
[52:50] commercial grade, like GFS, GPFS? Those those are clustered systems. They work a lot better, a lot faster. You'll get a lot more performance
|
|
[52:58] depending on how big your your environment
|
|
[53:02] is, how many files per day, what are your peaks, and so on. You might want to also take a look at our capacity guide.
|
|
[53:09] The capacity guide
|
|
[53:11] has,
|
|
[53:12] tables with comparisons
|
|
[53:14] of certain operations and how many files can go to a system if you use NFS
|
|
[53:20] or GPFS or GFS or different plot different file systems, basically.
|
|
[53:26] So
|
|
[53:27] sometimes
|
|
[53:29] and it comes down to
|
|
[53:31] you deciding
|
|
[53:33] what you want to pay for. Let's say it like that. Right. Okay. Perfect. So where would I find the where would I get a hold of those,
|
|
[53:40] the list of supported,
|
|
[53:43] storage
|
|
[53:44] devices and the capacity guide?
|
|
[53:47] The capacity guide can be downloaded from either our doc portal or support portal. I don't know if we put it on the doc portal. You need to be locked in for sure. Yep. The list of supported will be either in the admin guide or the installation guide or both.
|
|
[54:06] So if you,
|
|
[54:08] so, if you look for g the word GPFS
|
|
[54:12] or the word GFS,
|
|
[54:14] it will pop up in one of the two guides. I don't know off the top of my head if we have the prerequisites in the admin guide or in the installation
|
|
[54:22] guide.
|
|
[54:24] Perfect. Thank you so much.
|
|
[54:26] Very helpful. And,
|
|
[54:28] the other thing, if you are thinking about moving to the cloud anytime soon, any of the clouds
|
|
[54:34] Yes.
|
|
[54:35] Then you might want to also look for that, because they have totally different conversation over there.
|
|
[54:42] For example, for AWS,
|
|
[54:44] we support EFS,
|
|
[54:47] and we are changing things. So if if the so, if you're going to be moving to the cloud in the next two years or something,
|
|
[54:54] you might actually go for
|
|
[54:57] and and your environment is not huge as in millions of files per day.
|
|
[55:03] That's awesome. Yeah.
|
|
[55:05] Would would probably probably default to NFS for now with the existing NetApp while figuring out what I'm doing in the cloud. Because if you
|
|
[55:12] buy a expensive system in house,
|
|
[55:16] once you move to the cloud, you cannot use it anymore. Can't use it. Yep.
|
|
[55:20] So, you know, that's why I bring up the cloud because people keep forgetting that. Because whatever you decide and that's the other thing.
|
|
[55:28] As much as I don't like STL on Windows, because we're a Unix application ported on Windows as opposed to being a native Windows application as you probably had realized by now. Yep.
|
|
[55:39] If you are going to more be moving to the cloud in the next, say, two years,
|
|
[55:45] and you are happy enough on Windows,
|
|
[55:48] and you don't have major issues,
|
|
[55:50] I would stay where you are and plan about moving to Unix when I jump to the cloud,
|
|
[55:59] as opposed to doing double migration in two years. Yeah. Right? Because by the time you are done so other things, if you're moving to from Windows to Unix, a couple of things you might not be thinking about because it's not just storages.
|
|
[56:12] Think, for example, if you're PGP encrypting a file. The file on the Windows system is a Windows file. So your PGP encrypt inside of the encryption or the ZIP is a Windows file.
|
|
[56:23] If you're a Unix server, it will become a Unix file if it is a text file,
|
|
[56:27] which means that you might need to add an additional step in your routing to convert it back to a Windows if that's what
|
|
[56:33] your customers are expecting.
|
|
[56:36] Right? Right. So there are a couple of things like that you need to work through. This will take a couple of years to work through anyway.
|
|
[56:44] So just look at your timing. And we support Windows. We are not going anywhere with the Windows.
|
|
[56:51] It's
|
|
[56:52] I
|
|
[56:53] as with most people are on Linux, I much prefer Unix for ST. But if your Windows is working, and if your that's what you're using in your house, just
|
|
[57:02] I'm not saying don't go to Linux. I don't know how to say that. I'm just saying,
|
|
[57:07] don't get into I need to move immediately just to start the same process again two years ago, and you remember you need to go to cloud.
|
|
[57:15] Right. So Good good advice. Just think.
|
|
[57:18] But it's straightforward.
|
|
[57:20] You'll need to obviously reinstall.
|
|
[57:22] You'll need to do some changes. If you are using UNC parts for home folders and so on, it it sounds.
|
|
[57:29] Obviously, you'll need to mount,
|
|
[57:31] but that's pretty much it.
|
|
[57:33] You'll just need to mount them, and that's it. And
|
|
[57:37] keep in mind that you can mount a higher directory and then just build your directory under it so that you can preserve whatever needs to be preserved.
|
|
[57:45] But other from that,
|
|
[57:47] the only thing, as I mentioned, is that because you if you switch from a Windows to a Unix server, the end lines for text files will be changing.
|
|
[57:55] So any binary data, no one cares. It's the same. You know? Data is data.
|
|
[58:01] But for text files, the way it works is that the Windows server pulls the Windows line endings when receiving and sending.
|
|
[58:08] Right? A Unix server will do it Unix style.
|
|
[58:12] So
|
|
[58:14] yep.
|
|
[58:15] Thank you.
|
|
[58:16] Sorry about that. Okay. It's okay.
|
|
[58:19] You're good? Okay. Morita.
|
|
[58:25] Oh, sorry. I was on mute.
|
|
[58:28] Good morning. Any question?
|
|
[58:31] I'll start it with the long statement. So after we migrated with the June 29 patch,
|
|
[58:38] we were
|
|
[58:39] kinda having multiple issues with
|
|
[58:42] or we're having issue with folder monitor.
|
|
[58:45] And
|
|
[58:47] per your, excuse me, per your technical support,
|
|
[58:51] It's a known issue
|
|
[58:53] where
|
|
[58:55] folder monitor now is looking at the root directory
|
|
[58:59] to
|
|
[59:00] to verify
|
|
[59:02] access
|
|
[59:03] to the folder monitor.
|
|
[59:05] The folder monitor, we're having issue right now.
|
|
[59:08] They
|
|
[59:10] they do contain permission
|
|
[59:12] modify permission on the directory. It's trying to retrieve the file.
|
|
[59:17] So with that, my question would be, what
|
|
[59:21] what are your requirements
|
|
[59:24] requirements with folder monitor?
|
|
[59:27] That way, we can we can prevent this.
|
|
[59:31] At the same time, with dispatch,
|
|
[59:33] we are seeing a lot of
|
|
[59:36] an error message, like folder must be readable, writable,
|
|
[59:40] error,
|
|
[59:41] fail to move, and
|
|
[59:44] and
|
|
[59:45] access denied.
|
|
[59:47] So looking at the s t five five, I cannot
|
|
[59:51] other than it needs
|
|
[59:53] it needs a root access
|
|
[59:55] a root a root modify access. But if if our account that
|
|
[60:01] that access the folder monitor
|
|
[60:03] have set permission to to overwrite or to to to modify that file,
|
|
[60:10] we should be able to access
|
|
[60:12] we should be able to access the file the way it was working
|
|
[60:17] before the June 29,
|
|
[60:19] patch.
|
|
[60:23] Yeah. Okay. So, yeah, so there are a couple of things here. One of them is we were always supposed to check for the parent permissions
|
|
[60:33] because that's what it's supposed to be working like, and we didn't. So they just
|
|
[60:40] fixed something.
|
|
[60:42] Can you remind me,
|
|
[60:44] are you on
|
|
[60:45] root or non root install, or were you Windows? I keep forgetting what your server was.
|
|
[60:51] We are on win Windows.
|
|
[60:53] That's what I was thinking. So Windows is
|
|
[60:56] and
|
|
[60:58] now I'll almost contradict myself to what I said to stay there if you don't need to move, but that's one of the weirdnesses with Windows. It's a security thing with Windows.
|
|
[61:08] So the way we
|
|
[61:11] let
|
|
[61:12] me see.
|
|
[61:13] The answer is, unfortunately,
|
|
[61:15] that I don't think that they will reverse the decision,
|
|
[61:19] and you still and
|
|
[61:21] make it work as it used to work because it was kinda breaking a couple of rules in the past.
|
|
[61:29] So you're saying the the the modification
|
|
[61:32] to now
|
|
[61:33] folder monitor
|
|
[61:35] starts looking
|
|
[61:37] through the root
|
|
[61:38] access
|
|
[61:39] is now the new rule for folder monitor?
|
|
[61:43] I am not sure how that will shake out on the Windows, quite honestly. I will
|
|
[61:49] you know what? I'll get back to you later this week. I need to look at look look up something
|
|
[61:54] just to make sure that I'm not misleading you. But on Mhmm. On Unix,
|
|
[62:00] the way Unix permission works based on UADG ID, the parent permission always come into play. If you cannot get to the parent, you cannot go to the child. That is the basics of Unix security.
|
|
[62:13] Mhmm. Windows security works differently
|
|
[62:16] because it's based on accounts,
|
|
[62:18] based on specific
|
|
[62:20] users,
|
|
[62:20] and not based on just some numeric values that just happen too much. Right?
|
|
[62:25] Mhmm. But parents are always supposed to be clear as well.
|
|
[62:30] And my understanding is that we were always supposed to be doing the same we do on Unix, which means clear the parent permission as well.
|
|
[62:39] And we just didn't. But I don't want to mislead you.
|
|
[62:44] So let me just look up. I had I I will admit I haven't looked up on that specific issue on the windows.
|
|
[62:50] So let me look at that and see if I can figure out what is going on and if it's going to change,
|
|
[62:57] and what are the the things going forward. It's very possible that the reason we did it is
|
|
[63:03] that, we realized that we're leaving a security opening for vulnerability over there.
|
|
[63:09] But
|
|
[63:12] it also is possible
|
|
[63:14] that they did something forgetting that Windows works differently.
|
|
[63:18] As I said, what is happening now is what needs to happen on Unix for things to work on Unix at all.
|
|
[63:25] So I don't know if we had an exception for Windows that we lost,
|
|
[63:29] or we had to bring it into default because,
|
|
[63:33] there was a security consideration over there. So I need to look that up. I need to talk to a few people, see what I can discover.
|
|
[63:40] And, you know, that that's one of the things about Unix applications running on your on Windows. Right? We cannot use the full permission of the Windows because we are not a Windows application,
|
|
[63:52] but we are trying.
|
|
[63:54] So sometimes it gets a little dicey.
|
|
[63:57] Yeah. I think with that one yeah. Oh, go ahead, Edi.
|
|
[64:01] Yeah. This is Edi. I'm,
|
|
[64:03] an associate with, Marita. Just wanna wanna add a little bit more information.
|
|
[64:08] So our security,
|
|
[64:10] they
|
|
[64:11] how they use permissions to
|
|
[64:14] folders
|
|
[64:15] is that they give us only
|
|
[64:17] the only the permissions needed to,
|
|
[64:21] you know, access a folder that you have a
|
|
[64:24] right to.
|
|
[64:26] And so, like Marita said, we went from we were we were a year behind, so we went from
|
|
[64:32] June
|
|
[64:33] 2022
|
|
[64:34] patch to June
|
|
[64:36] 2023.
|
|
[64:37] And after we applied that that
|
|
[64:39] patch
|
|
[64:41] and we are a window shop, so we have,
|
|
[64:44] hundreds
|
|
[64:45] of,
|
|
[64:46] folder monitors.
|
|
[64:47] And so after we applied that patch,
|
|
[64:52] I our ST no longer had permissions to push and pull files
|
|
[64:58] on most
|
|
[65:00] of our Windows
|
|
[65:02] folders.
|
|
[65:04] So Yeah.
|
|
[65:05] And so then we're we're we're we're scrambling
|
|
[65:08] to to to to navigate
|
|
[65:11] between what ST now requires
|
|
[65:13] and what our security
|
|
[65:17] security
|
|
[65:18] policy
|
|
[65:20] being in compliance with that.
|
|
[65:23] We we have been working with the support,
|
|
[65:27] and we were told that the September patch
|
|
[65:30] fixes.
|
|
[65:33] But we applied the October patch, and it doesn't. It's still requiring
|
|
[65:38] almost full controlled
|
|
[65:40] up to the parent.
|
|
[65:42] And
|
|
[65:43] so if that's the new
|
|
[65:46] if that's the new requirement, we need to write a justification.
|
|
[65:50] So that's kinda why we're like, is this the new rule? And and or Yeah.
|
|
[65:55] And, Edi, and that's why I'm saying, let me go and dig down and figure out what where we are with that. As I said, I'm not sure if it is just something they carry it on from Unix or
|
|
[66:07] if they had to do it because Windows
|
|
[66:10] screened on them or something. I I don't know. I don't work Windows
|
|
[66:14] as much as Unix.
|
|
[66:17] And Thank you, Annie. Use usually,
|
|
[66:19] Windows is I get Windows when something gets broken.
|
|
[66:24] And that one specifically,
|
|
[66:26] as I said, this sounds like Unix permissions applied on top of Windows,
|
|
[66:31] which we never ever ever do when we can go around it.
|
|
[66:35] So
|
|
[66:37] let me see what the new rules are, especially because support told you if support told you that September fix is fixing it, I want to see what they fixed, actually.
|
|
[66:45] So,
|
|
[66:46] let me see what I can discover. I'll get back to you, and we'll figure out. It's
|
|
[66:51] possible that you might need the justification,
|
|
[66:54] but let's first figure out where the server is going. Because, you know, if we're going to release
|
|
[66:59] something in a couple of months that actually gets you back where you were, it kinda is different conversation with your security team, then we need to stay here forever.
|
|
[67:08] Right? Yeah. We we appreciate that.
|
|
[67:11] Yeah. And see
|
|
[67:12] Mhmm.
|
|
[67:13] Yeah. This is kind of a this is kind of a starting to get on fire for us because we have some IRS
|
|
[67:21] mandates that we have to comply with. So it's really becoming a hot issue for us. So appreciate the Yeah. Is
|
|
[67:29] there any chance your security can give you a waiver for a couple of months until you sort that out so that they can give you better access for now?
|
|
[67:38] Well, right now, we do.
|
|
[67:40] There is a,
|
|
[67:42] process in place. Mhmm. The
|
|
[67:45] expectation that it is temporary
|
|
[67:48] only because
|
|
[67:49] one of the main reasons is because we were told by support that
|
|
[67:53] it is gonna be fixed. And now it's not being fixed, and so we kinda need to know what the bottom line is, how we're gonna justify,
|
|
[68:02] and how we can Yeah. Comply with our security. Yeah.
|
|
[68:06] Yeah. Understood. So let's figure out first what is happening because
|
|
[68:10] chances are they changed
|
|
[68:12] a lot of things at the same time. So they fixed something,
|
|
[68:16] which is what they thought you were asking about.
|
|
[68:18] Right? So there is a chance they actually fixed it, but it was not what was really bothering you. And let me see if I can figure out something, and if I can can catch up with someone and see what's
|
|
[68:30] going on. I have I'll I'll find your ticket number. I'll talk to support as well, see where we are. I just don't know. And as I said at the beginning of the call, when I don't know, I don't know, and I'll admit it. I'll see what I can do.
|
|
[68:43] So let's figure it out. I understand it's frustrating,
|
|
[68:47] and it has to do with how your specific permissions are applied.
|
|
[68:52] And I think it's more because your company your security team is really
|
|
[68:57] getting very narrow permissions.
|
|
[69:00] Mhmm. One level under what we expect.
|
|
[69:03] So,
|
|
[69:04] you know, we might need to reach out to you to get their justification
|
|
[69:08] as well and what exactly they are doing so we can see if we can work around that. Because my good feeling, quite honestly, is we fixed something small that was that needed to be fixed. But in the process, we closed something that you had been using
|
|
[69:23] without knowing that you're using,
|
|
[69:25] basically a buck
|
|
[69:27] Yeah. To the years. Something we forgot over there on the side. But, again,
|
|
[69:31] there is not
|
|
[69:32] small chance that
|
|
[69:34] maybe we just apply forgot that Windows need special handling. I don't know. I need to talk to people. So okay. Okay. I'll get back to you if you you know, if you don't hear an you you know the drill. If you don't hear anything from me in about a week or something, just drop me a mail. Remind me that I was looking at something.
|
|
[69:52] You know how it goes sometimes.
|
|
[69:55] And sometimes I have the answer, and I forget to send it because,
|
|
[70:00] you know, have some mind. Yep.
|
|
[70:03] Oh, or or I get distracted, or I start writing to mail to you and someone else, you have another problem, and my brain just
|
|
[70:09] shortcuts on the left. Anyway Yeah. But yeah. I'll see what I can discover.
|
|
[70:14] And I know we have other, Windows people on the call if whenever we figure out what's going on on the next meeting next year,
|
|
[70:22] remind me. I'll share what we found out.
|
|
[70:25] So because it's important for all the Windowses. Okay.
|
|
[70:29] Okay. Thank you.
|
|
[70:30] And, Joe?
|
|
[70:32] Yes. Back again. I have some folder monitor questions.
|
|
[70:36] Just two. Of course, you do.
|
|
[70:37] But you are on the but you are on Unix. Right?
|
|
[70:41] Yes. I am.
|
|
[70:42] So Okay. Here's what we ran into. We had a a major migration.
|
|
[70:46] One of our servers was a bit down for, like, two or three days. So what I did instead of, you know, shutting off the folder monitor service,
|
|
[70:55] I just rescheduled all the folder monitors to restart after the expected outage, but they fired anyway.
|
|
[71:02] What did I do wrong?
|
|
[71:06] Chances are that
|
|
[71:10] all of them fired
|
|
[71:11] even though they're scheduled.
|
|
[71:13] I just I just did a report of what went to that server so I could I could because they went to the old server instead of the new one because the DNS hadn't changed. We we figured it wouldn't fire. So it it just made more recovery more difficult. But Were were there pulls or pushes?
|
|
[71:31] It was a push
|
|
[71:32] to Yeah. Folder monitor.
|
|
[71:34] Yeah. And here is where
|
|
[71:37] you messed up a little bit,
|
|
[71:39] I think, maybe.
|
|
[71:41] So the push has nothing to do with the service itself. It if if the file arrived,
|
|
[71:47] it will push it to wherever. So and let so and which which schedules did you reset?
|
|
[71:54] On folder the on the folder monitors that would once acts once it was pushed to the folder monitor, it would forward it to the servers that were moving.
|
|
[72:03] Right? So a partner would push it. Right? Yeah.
|
|
[72:06] So so okay. So what you see our scenario, user uploads a file and you push it to a folder monitor, or is this scenario that you pull from a folder monitor and push it out?
|
|
[72:16] They push to a shared drive defined as a folder monitor.
|
|
[72:20] And then you're pulling from this folder monitor?
|
|
[72:23] I yes. I forward it to the receiving server. Yep. Okay. Understood.
|
|
[72:29] If they fired up, that means,
|
|
[72:32] most likely, that you had your caches all messed up so that it never realized you needed to stop it.
|
|
[72:38] What I would have done was to just did you restart TM after you rescheduled everyone?
|
|
[72:44] No. It was, like, only four or five of them. So no. I I didn't. But they were Yeah. Some of our busier ones.
|
|
[72:51] Yeah. So and because and because they are the busier ones, what happens is that ST,
|
|
[72:57] every time when the no scheduled folder monitor works,
|
|
[73:01] it basically gets the list of the
|
|
[73:04] sites that are the list of folder monitors to look at
|
|
[73:09] from the server.
|
|
[73:10] What I had found in the last couple of years is in order to make it more efficient,
|
|
[73:17] we don't go to the database as often as we get.
|
|
[73:20] So
|
|
[73:22] whenever you risk so whenever there is especially if it's a very busy one
|
|
[73:28] that skips attempts because there are files to be pulled and so on, sometimes it might takes hours
|
|
[73:34] to actually stop
|
|
[73:36] looking into this folder until the cache is fully clear.
|
|
[73:41] Well, this is over three days. So
|
|
[73:44] Well Yeah. So so the the other question I had well, on this It should've brought that up. So If I if I had disabled the folder monitor service globally.
|
|
[73:55] Mhmm. Would that have worked?
|
|
[73:57] Yes.
|
|
[73:59] Because
|
|
[74:00] it basically
|
|
[74:02] queues what it does is to put the folder monitor threat into suspension mode
|
|
[74:09] or actually shut it down completely in this case, not even suspended.
|
|
[74:14] But if you had stopped the folder monitor, it would have stopped the threat that actually looks into the folder actively. Because what you did when you removed some of them
|
|
[74:25] was that the process was still working through the lines through through the other ones, and it just never kicked out the ones you removed because it
|
|
[74:35] kinda sorta didn't know it have to.
|
|
[74:37] See. But that makes recovery harder. Because once you restart the folder monitor, what do you do with all the files that have been put there? How do you how do you get them to fire now that they're already in that shared folder?
|
|
[74:50] Right? Well,
|
|
[74:51] that's yeah. No. But you don't have a problem because that's the beauty of folder monitor. It will grab anything that is already there. So when you fire it the first time, it will just grab everything as many as they are. Remember, it's not unlike
|
|
[75:06] when the user when you grab files with the folder monitor as opposed to a subscription. So if someone uploads into a folder and there is subscription waiting for it, if the subscription misfires
|
|
[75:18] or doesn't fire or whatever, the file is basically a lame duck. Nothing can do. You cannot do anything with this file unless you're resubmit
|
|
[75:26] and, you know, the funny stuff. But with folder monitors,
|
|
[75:30] you can have a folder with thousands of files.
|
|
[75:34] The moment when the folder monitor start listening again, it will just grab everything regardless of how old it is, because we don't wait for files to arrive. What we are doing is just listing a directory.
|
|
[75:45] And that's why it's misfiring in the other direction, what you you realize.
|
|
[75:50] Because
|
|
[75:51] in order to do that efficiently,
|
|
[75:53] we cannot keep checking, oh, am I supposed to do that? Am I supposed to do that? No. Yeah. Right. So sometimes that gets delayed. So the
|
|
[76:01] pull from a folder monitor
|
|
[76:04] literally just goes to the space and says, give me all the files that are at least five seconds or thirty seconds old.
|
|
[76:11] It can be a file from last year. We'll still grab it. We don't So it's not event driven. I get you. I get you. Okay. It's not event driven. That's our non event driven part. Right? You drop the files. Whenever we go, we grab them and process them.
|
|
[76:24] And that's why it's possible that it might have misfired just once. It's also possible that remember how it works. When it's not a scheduled one, when it's a no scheduled folder monitor, it goes, it checks. Five seconds later, it goes again, and so on and so forth. Right? Sure. Because it's going that often,
|
|
[76:43] sometimes there is a huge list of files that were found earlier, but are still in the database to be processed.
|
|
[76:49] So it might look like it's still grabbing files, but they might be in the event queue already from earlier, especially if they're older files.
|
|
[76:58] So what you want to do also when something were to happen, check the event queue with the new API. Now we have a UI in November, by the way. The November,
|
|
[77:07] release actually has a new UI for the event queue
|
|
[77:11] that
|
|
[77:12] that, shows the same that we had with the API before, but it can show you, all the events that are in the event queue and see if there are more files in there. Because if the if the folder monitor kicked off once and found 10,000 files, those 10 thousands are in the event queue now. So it looks like we're processing, but we are not. We're just clearing our queue.
|
|
[77:33] Gotcha. Gotcha. Right? So I and and because I don't know what happened in your case, and without those details, I don't know if it was the caches
|
|
[77:41] or simply
|
|
[77:43] you and the put files that were still processing. It appears like they are moving,
|
|
[77:47] and they are, but it was because they are behind. If it was this case, if they were already in the event queue, disabling the folder monitor would have not changed anything because we already were processing the files.
|
|
[77:59] Perfect.
|
|
[78:00] Thanks. Yeah. And, actually, you answered my second question was, you know, it it is a lightweight process. It's just a list command. Yes. It's it right? It doesn't perfect. That's it. Thank you. What it does is goes, get the list, and for every file we find, we re rename it to this underscore process underscore, you know, this special notation. Yep. So so that the next list doesn't see it. That that's why we rename. And we put it in the event queue. And we put it in the event queue. We put it in the event queue. You know, the usual way, how you do it with SSH, but much lighter.
|
|
[78:32] Mhmm. Gotcha. And this was not even a word, but, you know,
|
|
[78:36] in the much
|
|
[78:38] lighter way
|
|
[78:40] is better said. So but that that's what it does. It's basically it's just sitting over there, but it's not event driven in any way or form. It's literally just time based.
|
|
[78:51] Excellent.
|
|
[78:51] Thank you. Mhmm. Okay.
|
|
[78:54] Okay. And we are five minutes before the half hour, which is almost on time for us.
|
|
[79:01] So any last minute questions?
|
|
[79:08] Because if not, Nicole will be very happy because I'm finishing on time for once this year.
|
|
[79:16] If no one has any other questions, thanks to everyone for joining today and for everyone that had been with us this year.
|
|
[79:24] That was the last one for this year.
|
|
[79:27] I'm kinda happy and kinda not happy. I like these sessions, but on the other hand, there we had a lot of them.
|
|
[79:33] And happy holidays to everyone from me, and, I hope to see all of you next year.
|
|
[79:40] And back to Nicole.
|
|
[79:43] Thank you, Anita. Very much, Annie. I just want to
|
|
[79:47] share
|
|
[79:48] some,
|
|
[79:49] last slides.
|
|
[79:51] You might have seen them already, but I just want to remind
|
|
[79:55] you that we have an online
|
|
[79:57] community forum.
|
|
[79:59] You'll have the slides,
|
|
[80:01] on the article.
|
|
[80:03] And there, you can have all the news about the user groups.
|
|
[80:08] You can also
|
|
[80:10] propose improvement
|
|
[80:13] of the product
|
|
[80:15] on
|
|
[80:16] the ideation
|
|
[80:17] part, and you can vote for
|
|
[80:20] other ideas that have been posted
|
|
[80:23] by your peers.
|
|
[80:25] You have the road maps,
|
|
[80:26] and you have the q and a forum.
|
|
[80:30] I'm trying to keep it short.
|
|
[80:33] One thing one thing here, just oh, okay. You have it. Ignore me. I was going to ahead. No. I was going to go to YouTube, but you have another slide that I forgot about it. So my bad.
|
|
[80:43] No worries. So, yeah, we also have a YouTube channel where you can found,
|
|
[80:50] some videos about the new features.
|
|
[80:54] So you might not be aware of those.
|
|
[80:57] So you'll have the link there, and you can consume those.
|
|
[81:02] And the last one is about peer review
|
|
[81:05] on g two.
|
|
[81:07] You can leave reviews
|
|
[81:10] about the product that you are using. It helps
|
|
[81:14] other customers
|
|
[81:17] that are that are looking for a product similar to secure transport.
|
|
[81:23] So and they you get a little reward. So don't hesitate to leave a review.
|
|
[81:29] It's Christmas soon, so it might be helpful.
|
|
[81:33] And with that, as
|
|
[81:36] Annie, I, want to thank you to be there and contribute to those forums.
|
|
[81:42] Thank you very much.
|
|
[81:44] I'm wishing you a a very nice end of the year,
|
|
[81:48] and we will be back next year.
|
|
[81:51] Thank you very much.
|
|
[81:53] Thanks, Nicole.
|
|
[81:55] Bye bye. Bye bye.
|