Chapter 2 Frequently Asked Question
This document provides answers to questions about Sun SFT software.
-
About the Sun™ Secure File Transport
What is the Sun™ Secure File Transport (Sun SFT)?
On what architecture or machines does Sun SFT run?
-
Downloading and Installing Sun SFT
Do I need a Sun Online Account for Sun SFT?
On what system should I install Sun SFT?
Are authenticated proxies or Windows NTLM proxies supported?
How large should the Sun SFT target transfer directory be?
How do I configure Sun SFT to run with a specific Java install?
-
What file types does Sun SFT 2.0 support?
How do I place the Explorer data (and other files) in the transfer directory for Sun SFT transfer?
How do I use the HTTP Listener to receive files from Explorer 5.8 (and higher)?
How do I send core files or other case-data files to the HTTP Listener?
Does Sun SFT run in the background?
Can I archive files that are sent?
Can I be notified of transfer failures?
If transfer of a large file fails part-way through the transfer, what happens?
-
What are the firewall requirements for the Sun SFT software?
How does Sun SFT encrypt the information that it sends to Sun?
-
Support and Contact Information
Where can I find more support about Sun™ Secure File Transport?
Where can I submit my comments and suggestions about Sun Secure File Transport?
Where do I go for support for the Sun™ Secure File Transport software?
Where can I obtain status and outage information about Sun Secure File Transport service?
About the Sun™ Secure File Transport
Question:What is the Sun™ Secure File Transport (Sun SFT)?
Answer:Sun SFT is a configurable and automated method for sending data collected by Sun Explorer software, or other system telemetry data, to Sun Microsystems, Inc.
Question:On what architecture or machines does Sun SFT run?
Answer:Sun SFT runs on Solaris™ versions 9 and 10 on SPARC and Solaris 10 only on x86 architecture. Java 1.5.0 or higher is required on these systems.
Question:What Sun SFT command options are available?
Answer:Run sftransport -h to see a list of acceptable command options. For more information, see the sftransport(1m) man page.
Question:How many Explorer clients can Sun SFT support?
Answer:Sun SFT can support any number of Explorer clients. It might be appropriate to use multiple Sun SFT instances for manageability and to ensure that files are sent to Sun without unreasonable delay. A single Sun SFT instance can support up to 32 concurrent transfers . You need to define the concurrency appropriate to your specific needs and infrastructure. The number of concurrent transfers depends on the volume of Explorer files you need to send, the average size of the files, and your network bandwidth. If a single Sun SFT instance does not satisfy the file transfer volume, then additional Sun SFT instances should be installed on other hosts.
Downloading and Installing Sun SFT
Question:How do I obtain Sun SFT?
Answer:Information and download link for the software are included on the Services Tools Bundle page, located at:http://www.sun.com/service/stb/index.jsp.
Question:Do I need a Sun Online Account for Sun SFT?
Answer:Yes, a Sun Online Account is required to run Sun SFT. If you do not have a Sun Online Account or if you have forgotten your user name or password, go to https://reg.sun.com/register. Your username and password will be requested when running the /opt/SUNWsasm/bin/sasm transport -r command to register Sun Automated Service Manager for data transport.
Note –
Your username is stored in a configuration file, but the given password is used only for a one time registration process and is not stored anywhere by Sun SFT or Sun Automated Service Manager.
Question:
How do I install or upgrade Sun SFT?
Answer:Install it using the Solaris pkgadd command. Full details about the installation are included in Chapter 3, Sun SFT How-To.
Question:On what system should I install Sun SFT?
Answer:Install Sun SFT on a system that has direct or proxied access to the Internet. Sun products running Explorer software need to be able to transfer files to the system where Sun SFT is installed.
Question:Are authenticated proxies or Windows NTLM proxies supported?
Answer:Sun SFT supports basic proxy authentication and Windows NTLM version 1.
When NTLM is in use, it might generate some extra log output. To mask this, in /etc/opt/SUNWsftransport/logging.properties change org.apache.commons.httpclient.level = WARNING to org.apache.commons.httpclient.level = SEVERE and restart the SASM process.
An alternate workaround (not tested, endorsed, or supported by Sun) is the open source "NTLM Authentication Proxy Server" project located at http://ntlmaps.sourceforge.net/.
Question:How large should the Sun SFT target transfer directory be?
Answer:It depends on the number of Explorer files that you choose to send and the average size of your Explorer data. Since Explorer output is the data that will be gathered together in the transfer directory and then sent by Sun SFT, plan the size of the transfer directory accordingly.
By default, Sun SFT saves only the files that failed to be sent; it removes files that were sent successfully unless configured to archive these files.
Question:How do I configure Sun SFT to run with a specific Java install?
Answer:At the top of the /opt/SUNWsftransport/bin/sftransport and /opt/SUNWsasm/bin/sasm files, modify the JAVA= line, for example: JAVA=/usr/jdk/jdk1.5.0_13/bin/java
Using Sun SFT
Question:What file types does Sun SFT 2.0 support?
Answer:Sun SFT 2.0 supports two data types:
-
Sun™ Explorer data packages. These files should retain their filenames as created by Explorer (explorer.{hostid}.*.tar.gz). Sun SFT does some checks to validate the Explorer file before attempting to send it. Any validation failures are logged and the file is moved to the directory for failed transfers.
-
Any files to assist in support case resolution such as core files, log files, configuration files, etc. These files must be named with the case number, optionally preceded by the word "case", and followed by additional file description and an extension. The preferred format is the first one listed below: #-name.ext (Case# hyphen name dot extension). However, several variations are acceptable.
Sample filenames:
12345678-core.gz
case_12345678_messages.Z
CASE-12345678-vmcore.bz2
Case1234567.resolv.conf
If a file in the transfer directory does not match the filename pattern for any active slot, the file simply remains in the transfer directory and no information about that file is logged.
Note –
Only validated files that are awaiting transfer are reported with the sftransport --info command.
Question:
How do I place the Explorer data (and other files) in the transfer directory for Sun SFT transfer?
Answer:Sun SFT does not place restrictions on how you get the files to the transfer directory for Sun SFT to transfer. You can use any appropriate solution to transfer files from the systems running Explorer to the system where Sun SFT is installed. NFS, SCP, FTP, or any other solution may be used. In addition, Sun SFT includes an HTTP Listener that can be used to receive files directly from systems running Sun Explorer 5.8 (and higher) Data Collector.
Question:What is HTTP Listener?
Answer:HTTP Listener is a separate daemon process from the main transfer process that receives data. It can be setup and enabled during the Sun SFT installation procedure.
If you choose to enable the Listener, the Listener port can be verified or changed during the Sun SFT installation.
-
Solaris 9 uses the Sun SFT --start-listener and --stop-listener command line options. Restart is managed via the /etc/rc3.d/S73sftransport and /etc/rc2.d/K27sftransport scripts.
-
Solaris 10 uses svcadm to manage the separate network/sftransport-listener service. The svcadm manages the Listener restart on system reboot if Listener is enabled.
Note –
Make sure that there will be no conflict using port 80 (the default port) on the Sun SFT host. If this port is already being used, then change the listener port to another acceptable value.
Question:
What is HTTPS Listener?
Answer:HTTPS Listener provides the same basic functionality as the HTTP listener, but with added SSL encryption. To enable HTTPS, please follow the Sun SFT installation process to enable the HTTP Listener. In addition, you must complete the following steps to configure and setup the HTTPS Listener:
-
To generate the SSL certificate for the Sun SFT host, please follow the SSL Certificate directions located at: http://docs.codehaus.org/display/JETTY/How+to+configure+SSL
-
Modify the /etc/opt/SUNWsftransport/listener.xml configuration file to enable SSL.
-
The listener.xml file has a section for SslSocketConnector that is commented out by default; un-comment this section and add the appropriate port and key/password configuration.
-
Make sure that there will be no conflict with using port 443, the default port on the Sun SFT host.
If port 443 is already being used, then change the Listener port to another acceptable value.
-
Comment out the jetty.nio.SelectChannelConnector <Item> element, so that jetty.security.SslSocketConnector is the only active connector.
Note –Please consult the Jetty documentation for additional information.
-
How do I use the HTTP Listener to receive files from Explorer 5.8 (and higher)?
Answer:Use one of the following options to send data to the HTTP Listener from Explorer:
Note –
The server:port variables in both options are the Sun SFT server and the port number for the Listener.
-
Set the EXP_TRANSPORT value in /etc/opt/SUNWexplo/default/explorer configuration file to http://server:port and run Explorer with the -P command line option.
Note –This is the recommended method of configuring Sun Explorer to use the Sun SFT Listener. This method ensures that the Sun SFT Listener setting remains constant during future Sun Explorer upgrades.
-
Configure and run Explorer with the -T http://server:port command line option.
How do I send core files or other case-data files to the HTTP Listener?
Answer:If the system has Explorer installed, use this command to transfer a file to the SFT transfer directory: /opt/SUNWexplo/bin/curl.{sparc or i386} -T {file} "{Listener-URL}/?file={filename}"
Example: /opt/SUNWexplo/bin/curl.sparc -T /var/core.gz "http://my-sft-server:8080/?file=12345678-core.gz"
Notes:
-
It is recommended to compress files to reduce the size of the data transfer, as shown in the core.gz example above.
-
The {file} parameter may include a path to the file location on the local system, but {filename} in the target URL must be a filename only (no path).
-
The {filename} in the target URL must use the correct filename format (including case number), but this does not have to match the filename on the local system, as shown in the example above.
Does Sun SFT run in the background?
Answer:Sun SFT is a daemon process. A daemon process runs in the background, rather than under your direct control. The daemon process restarts automatically on system reboots and continues running until it receives a system-wide interrupt command.
Question:Can I archive files that are sent?
Answer:By default, files are deleted after successful transfer. To save files, configure the archivePath setting in the /etc/opt/SUNWsftransport/sftransport.xml file for each slot and restart SFT (for more information, see How-To Edit the Configuration File.
Question:Can I be notified of transfer failures?
Answer:Email notification of log messages can be configured in /etc/opt/SUNWsftransport/logging.properties file. Setup instructions are included in this file.
Question:If transfer of a large file fails part-way through the transfer, what happens?
Answer:There are two attributes in the sftransport.xml file that work together to control how a file is re-sent after a failed attempt:
-
transferTries attribute
This attribute defines the total number of attempts that will be made (including the first attempt). If a transfer fails somewhere in the middle of the transfer (for example, the connection is lost due to a network issue), then Sun SFT will continue the transfer from the point it left off on the next transfer attempt. When transferring large files, this attribute avoids starting over from the beginning. Of course, if the transferTries value is set at 1, there is no retry, and this feature will not be used.
-
secondsBetweenTriesattribute
This attribute defines the wait time, in seconds, before a transfer is re-attempted after a failed attempt. The suggested value is at least 60 to give any network issues causing the original failure some time to clear up before attempting to resume the transfer. (To enable this feature, the transferTries value must be greater than one.)
For more information, see the sftransport(4) man page.
Question:Where can I find log files?
Answer:Log files are located in /var/opt/SUNWsftransport. Information about all transfer attempts and any errors that occur are recorded here. Log files are in XML format. They may be viewed with any text viewer, or see the/opt/SUNWsftransport/logviewer/README.txt file for information about a browser- based log viewer.
The /opt/SUNWsftransport/logviewer/README.txt outlines the following two options for browser-based log viewing:
-
Use of the Sun SFT Listener process, which is included with Sun SFT, to view the logs.
Note –logviewer can be enabled during the Sun SFT installation process, and the logs can be browsed by appending /logviewer/sftransport_log.cgi to the Sun SFT Listener URL. For more information, see What is HTTP Listener?
-
Use of another web server, such as Apache2, to view the logs.
The Apache2 web server is bundled with the Solaris 10 operating system and it can be configured via httpd.conf file. For example, the following can be added to the httpd.conf configuration file to enable the log viewer.
AddHandler cgi-script .cgi <Directory /var/apache2/htdocs/SFT> Options +ExecCGI </Directory>
For more information, see the Apache documentation at: http://httpd.apache.org/docs/2.0/howto/cgi.html
On Solaris 10, you can use svcs -x sftransport-listener command to show the listener log location.
Security
Question:What are the firewall requirements for the Sun SFT software?
Answer:Sun SFT communicates with Sun's servers using HTTPS; therefore, the system where Sun SFT is running requires outbound access to port 443.
If your firewall limits the hostnames that may be contacted, Sun SFT communicates only with transport.sun.com or transport.sun.co.uk. Check your /etc/opt/SUNWsftransport/sftransport.xml file to confirm which is in use for active slots. If your firewall limits communication by target IP address, you might perform a lookup for the addresses of these hostnames; however, keep in mind that Sun reserves the right to change the IP addresses of these hostnames.
Question:How does Sun SFT encrypt the information that it sends to Sun?
Answer:Sun SFT uses 128-bit SSL encryption.
Man Pages
Question:Where are the Sun SFT man pages located?
Answer:Sun SFT man pages are distributed with the Sun SFT Solaris package.
To access the man pages, you can use either of the following commands:
-
man -M sftransport_install_dir/man sftransport
-
man -M sftransport_install_dir/man -s 4 sftransport
Support and Contact Information
Question:Where can I find more support for the Sun™ Secure File Transport software?
Answer:Use SunSolve (http://sunsolve.sun.com) to find patches, application notes, and troubleshooting guides for Sun SFT and other Sun Services tools.
Question:Where can I submit my comments and suggestions about the Sun™ Secure File Transport?
Answer:You can use the following email alias to send your Sun SFT— related comments: sftransport-feedback@sun.com
Question:Where do I go for support for Sun Secure File Transport?
Answer:End users with maintenance contracts can go to the Customer Care Center: http://www.sun.com/contact/support.jsp
Question:Where can I obtain status and outage information about Sun Secure File Transport service?
Answer:You can obtain this type of Sun SFT information at: https://transport.sun.com/
- © 2010, Oracle Corporation and/or its affiliates