SSL cannot be switched off on the Storage Platform but you can enable an additional port that does not use SSL. Only some Backup Client commands will use this additional port to connect to the StorageServer to stream data without the overhead of SSL security. This setting does not affect any inter-server communication between the AccountServer, StorageServer and MirrorServers.
To enable this feature on the StorageServer:
- Stop your StorageServer service and edit the relevant settings.xml file.
- Change the NonSecurePublicPort setting from 0 to an available port that you wish to host the non-secure server. Port 80 is recommended if you do not use a proxy, because most fire walls are configured to allow http.
If you would like to host your non-secure port on a specific IP, you can configure it with the NonSecurePublicIp setting. If this setting is not configured, the non-secure port will be hosted on the same bindings as the PublicIp settings.
- Start the StorageServer service. You should see the following line logged in the log:
Info: Non-secure Listener started on 10.0.0.10:80
The setting above will only host the non-secure server on 10.0.0.10:80, while your public SSL server can be set to bind on a public IP.
Note: Using a non-secure port for communications will cause user data and encryption keys to be passed in the clear between the Backup Client and Storage Platform.
Old Article ID: 35
Previous Views: 2047
Posted: 23 Aug, 2010 by Smit F.
Updated: 05 Jan, 2011 by -- .