Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
4 replies Latest Post - ‏2012-11-20T17:32:54Z by brcowan
SystemAdmin
SystemAdmin
47293 Posts
ACCEPTED ANSWER

Pinned topic ClearCase Multisite on WINDOWS 2008 server with firewalls?

‏2012-11-09T21:02:07Z |
Hi,
Has any been able to get clearcase multisite to work based on windows 2008 server with firewall between two companies?

Regards,
Guv
Updated on 2012-11-20T17:32:54Z at 2012-11-20T17:32:54Z by brcowan
  • brcowan
    brcowan
    726 Posts
    ACCEPTED ANSWER

    Re: ClearCase Multisite on WINDOWS 2008 server with firewalls?

    ‏2012-11-10T01:39:08Z  in response to SystemAdmin
    Guv,

    I'm afraid the answer to your question is another question: What do you mean by "work with firewalls?" What issues are you experiencing? And do you have a PMR yet?

    If you are looking for a shipping-server-only install like we have for Unix, that is not currently available, and may not be any time in the foreseeable future.

    If you are trying to use a VOB server as a port restricted shipping server as well, please be aware that you must not use a portion of the 49152-65535 for shipping server ports. This is because you could then have VOB server processes holding the ports, which would prevent their use for shipping servers. Generally speaking, this is not a best practice, and as such I would recommend against it.

    =================================================================
    Brian Cowan
    Advisory Software Engineer
    ClearCase Software Advisory Team (SWAT)
    Rational Software
    IBM Software Group
    550 King St
    Littleton, MA 01460

    Phone: 1.978.899.5436
    Web: http://www.ibm.com/software/rational/support/
    • SystemAdmin
      SystemAdmin
      47293 Posts
      ACCEPTED ANSWER

      Re: ClearCase Multisite on WINDOWS 2008 server with firewalls?

      ‏2012-11-10T08:40:20Z  in response to brcowan
      Brian,
      We have company "x" and company "z" with firewalls between them.
      Currently we are seeing issue trasmitting packets between sites seamlessly (some packets go through and some fail), note we are using the same windows 2008 servers at both sites as vob and shipping server. So the exposed hosts at both site includes vobs and shipping server with port restriction applied.

      Are you saying for a WINDOWS 2008 server solution we dont use the same server for vob and shipping server since the vob server process may prevent sending packet through portion 49152-65535?

      Please confirm following solution is what you are implying :
      1. only exposed host (shipping server use only) at both sites have portion of ports open between 49152-65535. MSSHP_STRICT set to 1 at both sites shipping server.
      2. at each site have a vob server with no port restritions. at each site the vob server would hop packets to their respective shipping server. Then shipping server would send packet over to other sites shipping server through port restriction?

      By the way i heard the general recommendation is to have 20 ports open between firewall. Any reason why we cant open 200 ports to improve performance when send large amount of data between two sites? My understanding is that the greater the ports opened (the smaller we can break the packets by setting max packet size limit) the better the performance to send multiple packets simulatanously. Is that correct? Note we around 15 vobs replicated only so would opening 200 ports help our situation?

      If you have any technote that explains good practise setup then please share it.

      Thank you very much for your help,
      Guv
      • sdtoop
        sdtoop
        9 Posts
        ACCEPTED ANSWER

        Re: ClearCase Multisite on WINDOWS 2008 server with firewalls?

        ‏2012-11-10T09:05:34Z  in response to SystemAdmin
        Guv,

        As another poster has already mentioned I would like to reiterate that CM-Logic has a solution to this with CM-InSync. Firewall support

        Please look at http://cm-logic.com/software/cm-logic/insync.html

        This has been available for a number of years now and we also support ClearQuest MultiSite.

        Regards
        Stephen Toop
        CM-Logic Ltd
      • brcowan
        brcowan
        726 Posts
        ACCEPTED ANSWER

        Re: ClearCase Multisite on WINDOWS 2008 server with firewalls?

        ‏2012-11-20T17:32:54Z  in response to SystemAdmin
        Guv, Just adding this for documentation purposes that we're currently working together on this as part of a PMR and thes 2 APARs:

        1) APAR PM76505 (Incorrect error information on shipping server socket calls)
        2) APAR PM76509 (Shipping server fails to send due to windows-specific socket API behavior)

        #1 is purely a serviceability issue, but it complicated things by hiding the underlying error.
        #2 involves the bind(), connect(), and listen() Winsock API calls. On Unix, the bind() call will return immediately with an error if it cannot bind the desired port. On the other hand, under certain circumstances Windows will defer the bind until either connect() or listen() are called. The additional errors returned by these calls are not handled within the shipping server.

        References:
        MSDN Winsock listen() function page
        MSDN Winsock connect() function page
        MSDN Winsock bind() function page

        Currently, the workarounds are:
        1) Use dedicated Unix shipping servers, where the bind() socket call will immediately return with an error code if the port is not available.
        or
        2) Disable strict port allocation

        You should also ensure that a scheduled job (via either the CC or OS task scheduler) retries failed sends since connection issues outside of ClearCase may impact your ability to send sync packets.

        =================================================================
        Brian Cowan
        Advisory Software Engineer
        ClearCase Software Advisory Team (SWAT)
        Rational Software
        IBM Software Group
        550 King St
        Littleton, MA 01460

        Phone: 1.978.899.5436
        Web: http://www.ibm.com/software/rational/support/