Troubleshooting
Problem
A high-security site wishes to configure a Network Appliance (NetApp) SnapLock Fixed Content Device (FCD) to communicate with P8 Content Engine (CE) via Secure Socket Layer (SSL), using https. Typically SnapLock storage systems communicate over two separate network connections. Content is transferred over a secure (https) connection while administrative functions are performed by the NetApp OnTap application software interface (API), over non-secure http port 80. In this instance, the site has a security requirement to disable port 80.
Diagnosing The Problem
Exclusive use of SSL connections between CE and SnapLock is not supported. The CE code does not have logic to use SSL for OnTap API calls, therefore does not support administrative operations via SSL. The OnTap API also requires port 80 to be open.
The OnTap API is not used to send or receive content of any kind. OnTap API, calls are used to perform a minimal set of administrative operations including, for example, setting the retention time on a file, or clearing the read-only bit on a file.
Resolving The Problem
In order to enable exclusive use of secure communications to a SnapLock FCD, one alternative is to use Network Attached Storage (NAS) with a NetApp disk as back end. In this configuration, encryption and retention are managed by the CE instead of using SnapLock.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21690575