15 lines
4.6 KiB
JSON
15 lines
4.6 KiB
JSON
[
|
|
{"timestamp": "0:22", "title": "AS2 Certificate Authentication Setup", "summary": "AS2 inbound connections require enabling SSL and client certificate settings on the protocol listener, not the site. Set client certificate to optional or required. Use login certificate store for the public certificate. Multiple AS2 servers on different ports enable different certificate policies per user."},
|
|
{"timestamp": "5:05", "title": "AS2 Transfer Protocol Headers in Logs", "summary": "HTTP/HTTPS headers from AS2 transfers are included in the tracking table, not in standard logs. Access complete protocol communication through transfer tracking. Open support ticket if headers appear missing from tracking data."},
|
|
{"timestamp": "8:21", "title": "Cloud Deployment Edge Server Strategy", "summary": "Edges are technically required in cloud (AWS) deployments despite support documentation suggesting otherwise. Primary function: intelligent session-level load balancing across servers from single IP. Edges detect server load via TM and route additional sessions to least-loaded instances. Separate protocol pods from TM provides resource isolation and protects database."},
|
|
{"timestamp": "13:53", "title": "Transfer Efficiency: Folder Monitors vs SMB", "summary": "Folder monitors significantly outperform SMB for efficiency. SMB creates dynamic in-memory mounts per file without reuse. Folder monitors require local attached storage. Cloud migration requires redesign: cannot monitor external folders remotely. Alternative: use SMB, CFT behind on-prem, or cloud-native folder monitor."},
|
|
{"timestamp": "16:19", "title": "Routing and Subscription Event Processing", "summary": "Routing triggers on file arrival, not during pull. Works event-based regardless of input method (inbound connection or pull). Folder monitor is first step to get files into routing for processing (encryption, delivery, transformation). Newer ST versions don't require folder monitor listeners for inbound—automatic."},
|
|
{"timestamp": "22:04", "title": "Admin Password Policy Change Failures", "summary": "Password policy validation fails silently without listing broken rules. Workaround: test user password policy separately to see actual rules. Future integration with external repositories (vaults, AD, PasswordState) planned within next year. S3 and other modern sites will gain signature validation priority."},
|
|
{"timestamp": "27:47", "title": "OAuth2 Admin Authorization and External Directory", "summary": "New OAuth2 plugin enables admin users authorized outside ST for first time in 19 years. Eliminates requirement for local admin accounts. Assigns roles from external directories. Superior to password-only integration for SOC audit compliance."},
|
|
{"timestamp": "31:42", "title": "SSH Connection Pool for File Batching", "summary": "SSH connection pool parameter reuses connections across multiple files. Configurable: minimum eviction time and inter-eviction checks. Enables 10,000-file transfers to reuse connections instead of open-close cycles. Works for pulls and pushes. Global setting applies to all transfer sites. Best for small file volumes."},
|
|
{"timestamp": "38:22", "title": "MDN Certificate for Transfer Tracking", "summary": "Create certificate named 'mdn' (lowercase) to force ST to generate MDN for every transfer. Certificate can be self-signed or imported. Control toggle: exists = generate MDN, absent = no MDN. MDN generation required for complete audit trails."},
|
|
{"timestamp": "40:19", "title": "Large Folder Monitor Pulls and Server Overload", "summary": "10,000+ files from single folder monitor poll overwhelms ST: creates database event for each file, logs processing for each file, connection overhead on small files. ST designed for speed, not self-protection during massive pulls. Risk: TM crash from PGP processing saturation."},
|
|
{"timestamp": "42:06", "title": "Mitigating Folder Monitor Overload", "summary": "Solutions: schedule folder monitor to pull chunks at different times, use CFT or Secure Client to push files inbound (throttles intake), split folder monitors by file mask. Single large pull paralyzes server; redesign to inbound push. Edges reduce load only for multi-session scenarios, not single greedy pulls."},
|
|
{"timestamp": "46:15", "title": "Server Resilience Under Heavy Load", "summary": "Modern ST versions self-protect from crashes under mass file events but go into single-purpose mode (only handles transfers). Cluster nodes in Sept/Oct versions auto-join post-restart. Scale: million-file pulls historically caused crash on older versions. TM can choose controlled restart over OOM failure."}
|
|
]
|