Hi Andrew,
This is really helpful thanks. Innovative has a habit of upgrading to whatever version is current even when a prior agreement to test a specific version is in place. It happened to us
in 2014 and caused major issues with patron records and WAM which lasted for several days.
Quick question - are you going to use the Innovative solution for the SDA or will you continue with your own?
Cheers,
Ed
Ed Kirkland
Data Services & Digital Production Manager
The Library, University of Warwick, Coventry, CV4 7AL
Email:
[log in to unmask] | Telephone: 02476 575789
From: This list is for current and potential users of the Innopac system [mailto:[log in to unmask]]
On Behalf Of Andrew Wilson
Sent: 18 October 2018 09:10
To: [log in to unmask]
Subject: Re: Sierra 4.1 Security & Stunnel
Morning!
After Innovative accidentally migrated our Millennium to Sierra 4.1 on Tuesday (nullifying 3 months of UAT, pen testing, and dev testing on the 4.0 test system in process…but that’s another
story!), I’ve been looking into this to make sure it’s not going to clash with our current ssh tunnel wrapper for the SDA. Received the below this morning:
“Yes, with Sierra 4.1 the stunnel is incorporated into the SDA, so that if the library requests Innovative enable the feature that all SDA communications be encrypted then the SDA to Sierra
App communication is automatically stunneled on subsequent connections with no other local changes needed, other than to be sure that all SDA users have a clear network path for the “new to Sierra when stunnel is enabled” TCP port 64100 when the feature is
enabled. The SDA stunnel capability is enabled or disabled system-wide in Sierra, but this should not be an issue since your comment indicates the plan for the locally managed SSH tunnel targeted “all users”. We agree that this Sierra-integrated solution is
likely easier than managing a local deployment of an SSH tunnel wrapper if all users are targeted for tunneling and the TCP port is open.”
Hope that helps
J
Andrew
Andrew Wilson
Application Services Manager (Library & Museum)
IT Services
University of St Andrews
Butts Wynd
St Andrews
Tel: +44 (0)1334 462796
The University of St Andrews is a charity registered in Scotland: No SC013532
From: This list is for current and potential users of the Innopac system [mailto:[log in to unmask]]
On Behalf Of Checkley, Caroline R
Sent: 16 October 2018 08:35
To: [log in to unmask]
Subject: Sierra 4.1 Security & Stunnel
Hi all
We have enabled stunnel with our Bibliotheca kiosks for SIP2 communications and it seems to be working and encrypting. It took a couple of calls with the helpdesk and probably about a week to
get the port 4550 actually opened.
I have also got the SDA stunnel solution enabled:
“Innovative can configure the Sierra Desktop Application to use stunnel for full strength encrypted communications with Sierra App server rather than simpler built-in encryption that is part of the SDA's native communication. Enabling
secure communications requires TCP port 64100 to be open between all SDA locations and the Sierra App server”
but have been unable to test it yet (I have looked at the traffic with Wireshark and haven’t discovered anything alarming) but…
When looking at this with our Cyber Security Manager, he thought we would require stunnel on our PC’s as well for this to work but there are no instructions to say this is required.
Can anyone explain how the SDA configuration works? Do I need install stunnel on all our staff PC’s for this (in which case I’ll probably move to the web version!)?
I have a call open with the helpdesk but if anyone has any expertise to share it would be welcome!
All the best
Caroline
Caroline Checkley
Digital Systems and Services Librarian
Library Services
University of Essex
T
01206 873176
WE ARE ESSEX
TOP 20 FOR RESEARCH EXCELLENCE
TEF GOLD 2017
QAP WINNER 2017
To unsubscribe from the LIS-EUR-IUG list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=LIS-EUR-IUG&A=1
To unsubscribe from the LIS-EUR-IUG list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=LIS-EUR-IUG&A=1
To unsubscribe from the LIS-EUR-IUG list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=LIS-EUR-IUG&A=1