cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to Enable / Disable Encryption (for HP NonStop, AIX and HP-UX only)

Support_Sydney
Moderator
Moderator
‎07-26-2018 10:20 PM
‎07-26-2018 10:20 PM

How to Enable / Disable Encryption (for HP NonStop, AIX and HP-UX only)

How to Enable / Disable  Encryption (for HP NonStop, AIX and HP-UX only)

 

Add categories:
0 Likes
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Support_Sydney
Moderator
Moderator
‎08-15-2018 04:53 PM
‎08-15-2018 04:53 PM

Re: How to Enable / Disable Encryption (for HP NonStop, AIX and HP-UX only)

How to Enable / Disable  Encryption (for HP NonStop, AIX and HP-UX only)

By default, all communications between Prognosis servers is encrypted. If required, encryption can be disabled by modifying the NETWORK configuration.

Note:
After Prognosis 11.0 and prior to 11.1 Patch 3 the following tokens FORCE-LEGACY-CONNECTIONS and ALLOW-LEGACY-CONNECTIONS were considered valid syntax but did not have any effect on Prognosis communications. As of Prognosis 11.1 Patch 3, these tokens affect Prognosis communications as described in the following section.

FORCE-LEGACY-CONNECTIONS

Use the FORCE-LEGACY-CONNECTIONS token to force all communication to and from the current Prognosis server to be unencrypted. Prognosis will accept only unencrypted communications, rejecting encrypted connections.

SUBSYS NETWORK
...
FORCE-LEGACY-CONNECTIONS ()

When FORCE-LEGACY-CONNECTIONS is configured, an entry will be entered in the Prognosis audit log: “This node is configured to use unencrypted connections.”

ALLOW-LEGACY-CONNECTIONS

The ALLOW-LEGACY-CONNECTIONS() token configures whether unencrypted connections can be made to a Prognosis server. If required, this statement can be modified using the following syntax:

SUBSYS NETWORK
...
ALLOW-LEGACY-CONNECTIONS ({<server-name>|*})

The statement will accept either a Prognosis server name (IP address is not accepted) or an asterisk (*):
Description Example Syntax
Single Server ALLOW-LEGACY-CONNECTIONS (Svr101)

Multiple Servers: Comma Separated ALLOW-LEGACY-CONNECTIONS (Svr101, Svr102, Svr103, ...)

Multiple Servers: Multi-line ALLOW-LEGACY-CONNECTIONS (Svr101)
ALLOW-LEGACY-CONNECTIONS (Svr102)
ALLOW-LEGACY-CONNECTIONS (Svr103)

A node configured with FORCE-LEGACY-CONNECTIONS will only be able to communicate with a remote Prognosis server if the remote server is configured with either of the following:
a) FORCE-LEGACY-CONNECTIONS() or
b) ALLOW-LEGACY-CONNECTIONS(*)
When an unencrypted connection is established between two Prognosis servers, an entry will be added to the Prognosis audit log for both servers: “Establishing an unencrypted connection to Prognosis node \NODE1.”
Note:
After making configuration changes to the encryption of Prognosis communications, it is recommended to restart Prognosis. This ensures that all communications are established using the desired level of encryption

View solution in original post

0 Likes
Reply
1 REPLY 1
Support_Sydney
Moderator
Moderator
‎08-15-2018 04:53 PM
‎08-15-2018 04:53 PM

Re: How to Enable / Disable Encryption (for HP NonStop, AIX and HP-UX only)

How to Enable / Disable  Encryption (for HP NonStop, AIX and HP-UX only)

By default, all communications between Prognosis servers is encrypted. If required, encryption can be disabled by modifying the NETWORK configuration.

Note:
After Prognosis 11.0 and prior to 11.1 Patch 3 the following tokens FORCE-LEGACY-CONNECTIONS and ALLOW-LEGACY-CONNECTIONS were considered valid syntax but did not have any effect on Prognosis communications. As of Prognosis 11.1 Patch 3, these tokens affect Prognosis communications as described in the following section.

FORCE-LEGACY-CONNECTIONS

Use the FORCE-LEGACY-CONNECTIONS token to force all communication to and from the current Prognosis server to be unencrypted. Prognosis will accept only unencrypted communications, rejecting encrypted connections.

SUBSYS NETWORK
...
FORCE-LEGACY-CONNECTIONS ()

When FORCE-LEGACY-CONNECTIONS is configured, an entry will be entered in the Prognosis audit log: “This node is configured to use unencrypted connections.”

ALLOW-LEGACY-CONNECTIONS

The ALLOW-LEGACY-CONNECTIONS() token configures whether unencrypted connections can be made to a Prognosis server. If required, this statement can be modified using the following syntax:

SUBSYS NETWORK
...
ALLOW-LEGACY-CONNECTIONS ({<server-name>|*})

The statement will accept either a Prognosis server name (IP address is not accepted) or an asterisk (*):
Description Example Syntax
Single Server ALLOW-LEGACY-CONNECTIONS (Svr101)

Multiple Servers: Comma Separated ALLOW-LEGACY-CONNECTIONS (Svr101, Svr102, Svr103, ...)

Multiple Servers: Multi-line ALLOW-LEGACY-CONNECTIONS (Svr101)
ALLOW-LEGACY-CONNECTIONS (Svr102)
ALLOW-LEGACY-CONNECTIONS (Svr103)

A node configured with FORCE-LEGACY-CONNECTIONS will only be able to communicate with a remote Prognosis server if the remote server is configured with either of the following:
a) FORCE-LEGACY-CONNECTIONS() or
b) ALLOW-LEGACY-CONNECTIONS(*)
When an unencrypted connection is established between two Prognosis servers, an entry will be added to the Prognosis audit log for both servers: “Establishing an unencrypted connection to Prognosis node \NODE1.”
Note:
After making configuration changes to the encryption of Prognosis communications, it is recommended to restart Prognosis. This ensures that all communications are established using the desired level of encryption

0 Likes
Reply
Top Liked Members
View All

IR Forums

 General Collaborate Transact & Infrastructure COVID-19 Updates IR Connect