Tarun Pamu to Everyone: Hello Everyone...Welcome to Spectrum Office Hours
Tarun Pamu to Everyone: please free to ask any question
Widjaja Sangtoki to Everyone: Nagesh can you explore more about DeXchange?
Jiangang to Everyone: 1st is spectrum 10.2 already available?
Nagesh Jaiswal to Everyone: @Widjaja It is an event which happens every year. We invite all the customers in Europe region who are using IM products. We do demos and roadmap sessions. Gives an opportunity to customers to ask questions and understand our strategy.
Nagesh Jaiswal to Everyone: @Jiangang, It will be available by end of the year
Nagesh Jaiswal to Everyone: We will start Beta Trail for 10.2 in month of August
Jiangang to Everyone: we use now Spectrum10.1.1 which use the Apache, can I use our old https certificate without to make new key paar?
Nagesh Jaiswal to Everyone: @Jiangang, I have made a note of your question. I will have to check with Architects. And then will get back to you.
Jiangang to Everyone: The old certificate was generated from the old tomcat access
Widjaja Sangtoki to Everyone: @Jiangang, I believe if you reuse the keystore file, you still can reuse that
Andy to Everyone: potentially looking at upgrading a customer from an older 9.x to version 10.1 .. what would you say are the key factors to be aware of when planning an upgrade?
andy to Everyone: what are the main challenges (if any) are other people facing when upgrading ?
Jiangang to Everyone: The upgrade from 9.x to 10.1 and to 10.1.1 was successful, but we lose the https access
Mohammed Alfakhrany to Everyone: @Andy, I would say that you would need to ensure that you're on a 64-bit OS
Mohammed Alfakhrany to Everyone: @Andy, since 10.x is 64 bit only
Jiangang to Everyone: Yes, Windows2008R2 64Bit
andy to Everyone: aware of that one which is a given
Jiangang to Everyone: The certificate works well if I do not use and activate the Apache
Mohammed Alfakhrany to Everyone: @Andy, 10.1 supports direct upgrad e from 9.4.2.1 or higher versions. If you are on 9.3.x or 9.4.x, first upgrade to 9.4.2.1 or 9.4.3 or 10.0
Widjaja Sangtoki to Everyone: @Jiangang, are you refering to Apache Web Server or Apache Tomcat? Spectrum uses Apache Tomcat
Jiangang to Everyone: The Apache was inbeded to OneClick-Install for MODSecurity-Activation since version 10.0.
Nagesh Jaiswal to Everyone: @ Andy Some helpful links of Upgrade. CA Spectrum Upgrade Content: https://communities.ca.com/docs/DOC-231165637, Upgrade Documentation: https://docops.ca.com/ca-spectrum/10-1/en/installing-and-upgrading/upgrading-ca-spectrum
Mohammed Alfakhrany to Everyone: @Andy, what version are you upgrading from?
Widjaja Sangtoki to Everyone: @Jiangang, I think you are talking Apache Webserver..and you use MODSecurity to integrate with Apache Tomcat. Am I right?
Widjaja Sangtoki to Everyone: @Jiangang Spectrum is not coming with Apache WebServer
Widjaja Sangtoki to Everyone: @Jiangang but only Apache Tomcat
Jiangang to Everyone: from 9.3 HotFix03 to Version 10.1
andy to Everyone: No sure currently .. i'm yet to get that info from the customer, so not sure what version, or whether they have a distributed scenario or whether they are looking to consolidate and reduce SS's .. how easy is it to
merge data .. would it be using the import export tool ?
Mohammed Alfakhrany to Everyone: @Andy, You can use Modelling Gateway to import from multiple SpectroSERVERs and then export to a single Spectro SERVER
Widjaja Sangtoki to Everyone: @Jiangang, if you have both Apache WebServer and Apache Tomcat on Spectrum machine, somebody has installed Apache WebServer and integrated to Apache Tomcat.. That means
somebody has customized this environment
Jiangang to Everyone: Thanks for Document-Link, I red it about the Modsecurity parts
andy to Everyone: cool - cheers
Mohammed Alfakhrany to Everyone: @Andy, rule of thumb is that previous 32bit versions supported up to 200k models, but now 10.x supports up to 1million models
Jiangang to Everyone: No, till version9 there was only tomcat. After version 10 there is a Apache inbeded.
Jiangang to Everyone: I am sure no one has touch the apache in our system.
Widjaja Sangtoki to Everyone: @Jiangang, so you have installed Apache HTTP server 2.4.12 package?
Nagesh Jaiswal to Everyone: @Andy Link to YouTube video which explains how to use Modelling Gateway to export and import for Spectrum 10.0: https://www.youtube.com/watch?v=bob_upL-aog&list=PLynEdQRJawmwSUZ9YRddVw61DgsGTvEdj&index=11
Jiangang to Everyone: It is auto installed with the version 10.1 with apache ultilities, there is no need to install extra 2.4.12
Jiangang to Everyone: Thanks for the video link. Yes this is the new feature after version 10
Widjaja Sangtoki to Everyone: @Jiangang, better to raise a call ticket with us so we can address this issue you have. I believe we need to know more details
about the environment you have set up.
Jiangang to Everyone: I am not sure whether this is an issue. I just want to know whether I should generate the new ssl key if I use the apache?
Jiangang to Everyone: As said, we can still use the old tomcat with the key, no problem.
Jiangang to Everyone: The apache server usage in version 10 is only for more security
Jiangang to Everyone: The new features as you show in the video presentation is to realize the modsecurity to improve the security.
Jiangang to Everyone: Similar question about the new apache server in version 10 as following:
Jiangang to Everyone: The apache is inbeded in OneClick after version 10. Can we use our own apache on separated server?
Widjaja Sangtoki to Everyone: @Jiangang, I don't think that is supported, but we need to confirm
Jiangang to Everyone: It means we do not use the inbeded apache in OneClick, but build our own extra apache server for one click access?
Widjaja Sangtoki to Everyone: Technically if you use the Apache version it should be possible, but we will need to confirm if this has been fully ceritified
Widjaja Sangtoki to Everyone: if you use the same Apache version
Widjaja Sangtoki to Everyone: @Jiangang, if you can give me your email address.. we will communicate further to address your questions
Jiangang to Everyone : jiangang.yan@ts.fujitsu.com
Widjaja Sangtoki to Everyone: @Jiangang Thanks.. I will contact you via the email to discuss more about ModSecurity
Jiangang to Everyone: It is important to know whether w should generate new keys.
Widjaja Sangtoki to Everyone: I realized Tomcat use java keytool to generate the key, which Apache uses openssl
Jiangang to Everyone: because our old tomcat key works well.
Widjaja Sangtoki to Everyone: we will confirm internally to address your question
Jiangang to Everyone: Yes, the java keytool generate the key
Widjaja Sangtoki to Everyone: Apache uses openssl to create the key
Jiangang to Everyone: if we generate new key we should have two keys. The question is whether it is allowed and whether it is so constructed from actual Spectrum architecture
Jiangang to Everyone: actually the keytool are all from openssl.
Widjaja Sangtoki to Everyone: @Jiangang, I believe if we activate Apache HTTP server, we just need SSL certificate implemented on Apache HTTP server only. So you don't need the Tomcat SSL cert
Jiangang to Everyone: In fact the keytool are all from open ssl.
Widjaja Sangtoki to Everyone: Apache HTTP server will be the front end of OneClick Console as client
Widjaja Sangtoki to Everyone: Apache HTTP and Tomcat communicates locally (in the same machine)
Jiangang to Everyone: Of course there will be a plenty of confihuration possibilities with the apache security configuration, but at first it deals with the key usages which i asked for.
Widjaja Sangtoki to Everyone: @Jiangang, do you have plan to implement the Apache HTTP modsecurity in your production enviroment?
Widjaja Sangtoki to Everyone: Or currently you are at stage of testing?
Jiangang to Everyone: Yes, the new feature after version 10 is the communication in the same maschine as described in the CA Version 10.
Jiangang to Everyone: Yes, this is our goal to implement the modsecurity in version 10
Widjaja Sangtoki to Everyone: @Jiangang, thanks for your input.
Jiangang to Everyone: The security of the web access must be improved because the use has now possibilitie to use only html to access the spectrum directly, in old version the use must have JAVA Runtime.
Widjaja Sangtoki to Everyone: @Jiangang, so you are refering to Web Client, right?
Widjaja Sangtoki to Everyone: Do you have security features in your mind that you expect Spectrum to have in the future?
Jiangang to Everyone: Because the user can now use the html to spectrum, it has much more security attack possibilities, therefore we should use the modsecurity to improve the security of Spectrum Access.
Widjaja Sangtoki to Everyone: Yes, I agree
Jiangang to Everyone: Yes, the modsecurity implement many security with which the security can be improved just as a normal apche server can do.
Jiangang to Everyone:Therefore I asked the question whether we can use our own apache server, it means, with separated apache server, and separated mod security configuration for version 10.x.
Nagesh Jaiswal to Everyone: @Jiangang, Web client is just some REST calls to the back end SS and showing in HTML client. Wanted to understand more what kind of Security Risk you think could be using Web Client.
Jiangang to Everyone: Time is over, many thanks for this webex time
Nagesh Jaiswal to Everyone: Your feedback on this will be helpful and we will try to incorporate
Widjaja Sangtoki to Everyone: Thanks Jiangang
Mohammed Alfakhrany to Everyone: Thanks Andy
Tarun Pamu to Everyone: @Jiangang...we will reach out to your for more details..
Jiangang to Everyone: many thanks.
Nagesh Jaiswal to Everyone: Thanks everyone for participation
Tarun Pamu to Everyone: Thanks everyone. for attneding this session.