 |
 |
Morning! After Innovative accidentally migrated our Millennium to Sierra 4.1 on Tuesday (nullifying 3 months of UAT, pen testing, and dev testing on the 4.0 test system in process…but that’s another story!), I’ve been looking into this to make sure it’s not going to clash with our current ssh tunnel wrapper for the SDA. Received the below this morning: “Yes, with Sierra 4.1 the stunnel is incorporated into the SDA, so that if the library requests Innovative enable the feature that all SDA communications be encrypted then the SDA to Sierra App communication is automatically stunneled on subsequent connections with no other local changes needed, other than to be sure that all SDA users have a clear network path for the “new to Sierra when stunnel is enabled” TCP port 64100 when the feature is enabled. The SDA stunnel capability is enabled or disabled system-wide in Sierra, but this should not be an issue since your comment indicates the plan for the locally managed SSH tunnel targeted “all users”. We agree that this Sierra-integrated solution is likely easier than managing a local deployment of an SSH tunnel wrapper if all users are targeted for tunneling and the TCP port is open.” Hope that helps ☺ Andrew [01-university-of-st-andrews-logo] Andrew Wilson Application Services Manager (Library & Museum) IT Services University of St Andrews Butts Wynd St Andrews Tel: +44 (0)1334 462796 www.st-andrews.ac.uk<http://www.st-andrews.ac.uk/> [02-good-university-guide-logo] The University of St Andrews is a charity registered in Scotland: No SC013532 From: This list is for current and potential users of the Innopac system [mailto:[log in to unmask]] On Behalf Of Checkley, Caroline R Sent: 16 October 2018 08:35 To: [log in to unmask] Subject: Sierra 4.1 Security & Stunnel Hi all We have enabled stunnel with our Bibliotheca kiosks for SIP2 communications and it seems to be working and encrypting. It took a couple of calls with the helpdesk and probably about a week to get the port 4550 actually opened. I have also got the SDA stunnel solution enabled: “Innovative can configure the Sierra Desktop Application to use stunnel for full strength encrypted communications with Sierra App server rather than simpler built-in encryption that is part of the SDA's native communication. Enabling secure communications requires TCP port 64100 to be open between all SDA locations and the Sierra App server” but have been unable to test it yet (I have looked at the traffic with Wireshark and haven’t discovered anything alarming) but… When looking at this with our Cyber Security Manager, he thought we would require stunnel on our PC’s as well for this to work but there are no instructions to say this is required. Can anyone explain how the SDA configuration works? Do I need install stunnel on all our staff PC’s for this (in which case I’ll probably move to the web version!)? I have a call open with the helpdesk but if anyone has any expertise to share it would be welcome! All the best Caroline Caroline Checkley Digital Systems and Services Librarian Library Services University of Essex T 01206 873176 E [log in to unmask]<mailto:[log in to unmask]> ► library.essex.ac.uk<https://library.essex.ac.uk/> WE ARE ESSEX TOP 20 FOR RESEARCH EXCELLENCE TEF GOLD 2017 QAP WINNER 2017 [cid:image006.jpg@01D4297A.665A4D50] [cid:image001.png@01D0D68E.293825B0]<https://www.facebook.com/UniEssexLibrary>[cid:image002.png@01D0D68E.293825B0]<https://twitter.com/UniEssexLibrary>[cid:image008.jpg@01D31670.FBB863F0]<https://www.instagram.com/uniessexlibrary/> ________________________________ To unsubscribe from the LIS-EUR-IUG list, click the following link: https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=LIS-EUR-IUG&A=1 ######################################################################## To unsubscribe from the LIS-EUR-IUG list, click the following link: https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=LIS-EUR-IUG&A=1