Hi Andrew,

 

This is really helpful thanks. Innovative has a habit of upgrading to whatever version is current even when a prior agreement to test a specific version is in place. It happened to us in 2014 and caused major issues with patron records and WAM which lasted for several days.

 

Quick question - are you going to use the Innovative solution for the SDA or will you continue with your own?

 

Cheers,

 

Ed

 

Ed Kirkland

Data Services & Digital Production Manager

The Library, University of Warwick, Coventry, CV4 7AL

Email: [log in to unmask] | Telephone: 02476 575789

 

 

Morning!

 

After Innovative accidentally migrated our Millennium to Sierra 4.1 on Tuesday (nullifying 3 months of UAT, pen testing, and dev testing on the 4.0 test system in process…but that’s another story!), I’ve been looking into this to make sure it’s not going to clash with our current ssh tunnel wrapper for the SDA.   Received the below this morning:

 

“Yes, with Sierra 4.1 the stunnel is incorporated into the SDA, so that if the library requests Innovative enable the feature that all SDA communications be encrypted then the SDA to Sierra App communication is automatically stunneled on subsequent connections with no other local changes needed, other than to be sure that all SDA users have a clear network path for the “new to Sierra when stunnel is enabled” TCP port 64100 when the feature is enabled. The SDA stunnel capability is enabled or disabled system-wide in Sierra, but this should not be an issue since your comment indicates the plan for the locally managed SSH tunnel targeted “all users”. We agree that this Sierra-integrated solution is likely easier than managing a local deployment of an SSH tunnel wrapper if all users are targeted for tunneling and the TCP port is open.”

 

Hope that helps J

 

 

Andrew

 

 

 

Andrew Wilson

Application Services Manager (Library & Museum)

IT Services

University of St Andrews

Butts Wynd

St Andrews

 

Tel: +44 (0)1334 462796

 

www.st-andrews.ac.uk

 

The University of St Andrews is a charity registered in Scotland: No SC013532

 

 

 

 

Hi all

 

We have enabled stunnel with our Bibliotheca kiosks for SIP2 communications and it seems to be working and encrypting. It took a couple of calls with the helpdesk and probably about a week to get the port 4550 actually opened.

 

I have also got the SDA stunnel solution enabled:

 

“Innovative can configure the Sierra Desktop Application to use stunnel for full strength encrypted communications with Sierra App server rather than simpler built-in encryption that is part of the SDA's native communication.  Enabling secure communications requires TCP port 64100 to be open between all SDA locations and the Sierra App server”

 

but have been unable to test it yet (I have looked at the traffic with Wireshark and haven’t discovered anything alarming) but…

 

When looking at this with our Cyber Security Manager, he thought we would require stunnel on our PC’s as well for this to work but there are no instructions to say this is required.

 

Can anyone explain how the SDA configuration works? Do I need install stunnel on all our staff PC’s for this (in which case I’ll probably move to the web version!)?

 

I have a call open with the helpdesk but if anyone has any expertise to share it would be welcome!

 

All the best

Caroline

 

Caroline Checkley

Digital Systems and Services Librarian

Library Services

University of Essex

 

T 01206 873176

E [log in to unmask]

► library.essex.ac.uk

 

WE ARE ESSEX

TOP 20 FOR RESEARCH EXCELLENCE

TEF GOLD 2017

QAP WINNER 2017

 

 

To unsubscribe from the LIS-EUR-IUG list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=LIS-EUR-IUG&A=1

 

To unsubscribe from the LIS-EUR-IUG list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=LIS-EUR-IUG&A=1