Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

netapp filer snapmirror tunneling with ssh

Posted on 2008-10-16
10
Medium Priority
?
2,041 Views
Last Modified: 2013-11-05
Hello all,

Can any one please give me some info if snapmirror can be tunneled over ssh? I am trying to do that and then while searching for some info I came across some comments mentioning that it is not possible.

Thanks
0
Comment
Question by:naufal
  • 6
  • 4
10 Comments
 
LVL 30

Expert Comment

by:Duncan Meyers
ID: 22737053
No, it can't. It uses a straight IP connection, so the only way you can send it through an encrypted tunnel is to set up a VPN and send the traffic down that. Having said that, I thought SnapMirror encrypted replication traffic by default - but that may depend on the filer model and version of DataONTAP you're running.
0
 

Author Comment

by:naufal
ID: 22737070
Hi,

Thanks for your reply. Can you please tell me some source from where I can get this documented for my boss!!! Also what exactly do you mean by straight IP conenction? like straight as in straight no tunneling or some thing. I'll check on the netapp website about the filer model and data ontap version to see if encryption is possible in any of the model. Netapp support never mentioned this fact that it might be supoprted on any other filer models or Data ontap version.

Thanks a bunch again! I was trying to do this for days! thought should be pretty straight forward.
0
 
LVL 30

Expert Comment

by:Duncan Meyers
ID: 22737148
My apologies - SnapMirror does not encrypt traffic. See: http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=75206

SnapMirror either uses a Fibre Channel connection or IP - it expects to be able to talk to another NetApp array either via FC or IP. You configure the IP addresses of the other NetApp array when you configure SnapMirror and it uses TCP to communicate.
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 

Author Comment

by:naufal
ID: 22737167
Please correct me if I a wrong but does the SSH tunnel also not use IP. ITs just that the traffic is encrypted beneath no? What Ia am doing is that instead of directly giving the IP of the source filer which would be another private IP I am telling the destination filer the IP of my machine which has SSH tunnel up for the source filer.

Regards
0
 
LVL 30

Expert Comment

by:Duncan Meyers
ID: 22738083
Yes, of course it does - but it has to be invisible to the filers - like a VPN tunnel.
0
 

Author Comment

by:naufal
ID: 22741540
so does is invisible in case of SSH tunnel!? May be is it that source filer makes an arbitrary connection back to destination filer which SSH tunnel cannot handle? But as far as I know, its the destination filer which connects to the source at port 10566 to initiate the transfer.



0
 
LVL 30

Expert Comment

by:Duncan Meyers
ID: 22754377
Perhaps you've got a routing issue or port 10566 isn't going across the tunnel. See http://communities.netapp.com/thread/2171;jsessionid=4FFB40AE0AEAB790753734F98B4C5AE8?tstart=0

0
 
LVL 30

Accepted Solution

by:
Duncan Meyers earned 200 total points
ID: 22754390
0
 

Author Comment

by:naufal
ID: 22761664
Hey,

Thanks, I got it!!! it was not only port 10566 but others as well.

Thanks,

0
 
LVL 30

Expert Comment

by:Duncan Meyers
ID: 22761675
Thanks! Glad I could help.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
The business world is becoming increasingly integrated with tech. It’s not just for a select few anymore — but what about if you have a small business? It may be easier than you think to integrate technology into your small business, and it’s likely…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question