Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Need Premium Support?

ScaleOut Software offers customers several options for support and maintenance plans on a subscription basis for an annual fee.

Topics:

x5
x1
x1
x1

asked: Feb 01 at 04:59 AM

Seen: 45 times

Last Updated: Feb 06 at 09:25 PM

How to establish secure connection between Remote client and the server

Hi All, I would like to know what is required to establish secure communcation between remote client and the server?

Few things that I know is we need to make configuration changes in the soss_params.txt as follows:

  1. Setting "accept_secure" to "1"
  2. Setting "use_secure_conn" to "1"
  3. Configuring to make use of the "secure_svr_port" and "secure_mgt_port" at the client end.

I would like to know do we need to create any certificates for the communication between client and the server? If yes, how to provide certificate location to the cleint and server to make use of the same? Please advise.

more ▼

asked Feb 01 at 04:59 AM in Support

nithin gravatar image

nithin
2 1

(comments are locked)
10|5000 characters needed characters left

3 answers: sort voted first

Hi nithin,

The ScaleOut service will automatically generate a self-signed certificate (generated by OpenSSL) when it starts up if accept_secure is set to 1 and there isn't already a key pair in the product's installation folder. The generated certificate is then automatically deployed to the other hosts in the cluster.

When you look in the folder you should find soss_key.pem (private key) and soss_cert.pem (public certificate). You're welcome to manually replace these two files on all the hosts with your own key pair if you'd like--restart the services for the change to take effect.
more ▼

answered Feb 01 at 05:57 PM

Support gravatar image

ScaleOut Support Team ♦
1.9k 19 20 20

nithin gravatar image nithin Feb 01 at 06:46 PM
Thank you for answering the query. It really helps. Can I know folder location where the certificates soss_key.pem and soss_cert.pem will be present?
Support gravatar image ScaleOut Support Team ♦ Feb 01 at 09:17 PM
You should find them in C:\Program Files\ScaleOut_Software\StateServer on Windows and /usr/local/soss on Linux.
nithin gravatar image nithin Feb 05 at 06:16 AM

Thank you for the information.

I have another question: Can I make use of the SSL connection between the client and the server residing on the same machine? I mean to ask not a remote client, but the client and server residing on the same machine.
Support gravatar image ScaleOut Support Team ♦ Feb 06 at 07:30 PM
Addressing this follow-up question in the answer below.
(comments are locked)
10|5000 characters needed characters left

Thank you for the information.

I have another question: Can I make use of the SSL connection between the client and the server residing on the same machine? I mean to ask not a remote client, but the client and server residing on the same machine.
more ▼

answered Feb 06 at 05:21 AM

nithin gravatar image

nithin
2 1

Support gravatar image ScaleOut Support Team ♦ Feb 06 at 07:30 PM
Addressing this follow-up question in the answer below.
(comments are locked)
10|5000 characters needed characters left

Yes, it's possible to make local clients use a secure connection. This is an unusual configuration, though, so you'll have to manually edit the soss_client_params.txt file to make local client processes think that they're running as remote clients. Add the runas_remcli field (set to 1) as shown below, and add your local host's IP address as a rem_gw (substituing 10.0.0.42 with your own local IP):

update_time       0
max_lcl_retries   30
max_rem_retries   2
max_access_time   0
max_svr_conn      4
br_timeout        60
stats_interval    6
runas_remcli      1
rem_gw            __SOSS_remote_client_access, 723, 10.0.0.42, 724
use_secure_conn   __SOSS_remote_client_access, 1

Do not use 127.0.0.1 as your rem_gw IP.

Also, note that this configuration will require using a license key in the server that allows one or more remote client connections.

more ▼

answered Feb 06 at 07:29 PM

Support gravatar image

ScaleOut Support Team ♦
1.9k 19 20 20

(comments are locked)
10|5000 characters needed characters left