Enabling SSL with the NetApp SRA for VMware SRM

January 12th, 2012 | Posted by admin in NetApp | Tech | VMware - (0 Comments)

There is an option within the NetApp Storage Replication Adapter to enable SSL for secure communications between the SRA and a NetApp storage controller.  Using it requires that some additional Perl modules be added to the default Perl distribution installed with SRM.

Some have managed to install these libraries by first installing a second instance of ActivePerl and using the graphical package management software to add the libraries there.  Next, the libraries would be copied over to the official SRM Perl directories.  This method is a bit cumbersome.  It’s also made a little more difficult by the fact that older ActivePerl distributions are only available with a paid subscription.  Although things seem to work using a newer version than what’s installed with SRM, I’d prefer to not have a version mismatch.

Luckily, there’s a better way that’s a lot easier to implement.  Thanks to Jancy Joseph for pulling the procedure together.  As you can see, it’s pretty simple:

 

  1. On the SRM server, open a command window.
  2. Change the working directory to the location of the Perl binaries included with the SRM distribution:
    cd \Program Files (x86)\VMware\VMware vCenter Site Recovery Manager\external\perl-5.8.8\bin
  3. Launch the Perl package manager:
    ppm
  4. From the PPM> prompt, add the Bribes package repository:
    ppm> rep add Bribes http://www.bribes.org/perl/ppm
    PPM will indicate that the new repository has been installed:

    Repositories:
    [1]ActiveState Package Repository
    [2]Bribes
  5. Install the “Tree-DAG_Node” Perl module:
    ppm> install “Tree-DAG_Node”PPM will indicate that the module has been installed:
    Successfully installed Tree-DAG_Node version 1.05 in ActivePerl 5.8.8.817.
  6. Install the “Net-SSLeay” Perl module:
    ppm> install “Net-SSLeay”PPM will indicate that the module has been installed:
    Successfully installed Net-SSLeay version 1.41 in ActivePerl 5.8.8.817.
  7. Type “exit” to leave PPM and then close the command window.
  8. If not already configured, enable SSL on the NetApp storage controller:
    secureadmin setup ssl
    secureadmin enable ssl
  9. Verify that SSL is turned on:
    options ssl.enable
  10. Using a text editor on the SRM server, edit the SRA configuration file and change the default option “ssl = off” to “ssl = on”.  The default location for the config file is:

    SRM5: <install drive>:\Program Files (x86)\VMware\VMware vCenter Site Recovery Manager\ storage\sra\ONTAP\ontap_config.txt

    SRM4: <install drive>:\Program Files\VMware\VMware vCenter Site Recovery Manager\ scripts\SAN\ONTAP\ontap_config.txt

And that’s all there is to it! I should note that this is a global setting per SRA instance, so if the SRA communicates with multiple storage controllers, they will each need to have SSL enabled. And if you have more one SRM server (and of course, you have at least two…) and want them all to use SSL, you’ll need to do this on each server individually.

Be Sociable, Share!

Better get blogging, buddy.

October 27th, 2011 | Posted by admin in Personal | Racing | Tech - (0 Comments)

Yikes!  So I fired up this new blog site yesterday, and already folks are mentioning me.  So… uh… I suppose I’d better get some content up, eh?

First of all, thanks to the Datacenter Dude, Nick Howell, for the mention and the kind words in his post on the VMworld 2011 Hands On Labs.

So, I’ll offer a quick note about myself so you know a little bit more about me other than the fact that I’ve said “Hello” to the world.

I’ve been a computer guy all my life.  Starting back in the days of programming BASIC on the Commodore Pets at school and the VIC-20 at home, saving all the hard work on those cassette tape data recorders.  For the last 14 years I’ve been doing it professionally, and the last 8 years have been with the data storage company NetApp, where I’m part of the vTME team.  In a nutshell, I’m a storage/virtualization/Unix/scripting/OSX kinda guy.  I’ll be posting here primarily about topics along those lines.  It’s important to note that this is my blog, not my company’s.  My worldview is certainly shaped by my years at NetApp, but I don’t have blinders on and I’ll be approaching things with an open mind.

That’s partly where the name of the blog is derived from. A skeptic is someone who takes the position that anything which cannot be proven by facts and reason should not be believed.  Where possible, we’re going to be digging in and looking at supporting data to back up discussion points presented here.  That, and I’m also one of those capital-S Skeptics, and there may be some missives on that topic from time to time under the “Personal” category.

I also like to go fast. When I’m not working or spending time with my wife and three daughters, it’s very likely that you’ll find me out on a racetrack somewhere carving corners.  So there’s likely to be a lot of posts there, especially once the racing season starts up next Spring here on the East Coast.

So without further ado, let the blogging begin.

 

Cheers,

Julian

 

Be Sociable, Share!

Hello world!

August 1st, 2011 | Posted by admin in Uncategorized - (0 Comments)

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

Be Sociable, Share!