Re: 8.1.2 client and 7.1.7 servers

[Stefan Folkerts]

Zoltan,
I'm pretty sure IBM they just want to cover all all the things that could
go wrong with that statement, as long as a downlevel client node isn't used
with a 8.1.2+ client version there shouldn't be any interruption in the
client activity.

There are also potential issues with tooling and scripting of course such
as TSMmanager that need to be upgraded to the current (as of now) release
otherwise it can't connect once your admin goes strict.

People build really crazy things with clients sharing nodes all over the
place, upgrading a part of that or just having a part of that on 8.1.2
already and then upgrading the server will move that node into strict once
the 8.1.2 client connects again, after that the older clients won't connect.

It's basically impossible for IBM to write out every possible scenario so
they don't. It wasn't clear for me for a while but the ISP Symposium of
last week sorted that out nicely.





On Tue, Oct 3, 2017 at 2:29 PM, Zoltan Forray  wrote:

> Thanks for all the feedback. Lots of good information. I did not mention
> that all of my servers are 7.1.7.300 (soon to look at 7.1.8.000 just
> release).  I have no plans or desires to jump to 8.1.2/3 if it is going to
> cause such disruption, especially if I have to run a utility on clients to
> install certs.
>
> That being said, with a big PCI project on the horizon, I am probably going
> to be forced to turn on SSL/TLS communications between SP servers, as a
> minimum.  However, if I install 8.1.2 on the PCI SP server, I won't be able
> to perform replication to my target replica server until I upgrade it to
> 8.1.2/3, which would then disrupt the 5-other SP servers doing replication
>  - What a mess!
>
> So, back to IBM's statement of "*Upgrade your IBM Spectrum Protect™ servers
> to Version 8.1.2 before you upgrade the backup-archive clients. If you do
> not upgrade your servers first, communication between servers and clients
> might be interrupted.*"  Since in many cases, this has not been true, what
> is the mix of client/server/config that might cause communications to be
> disrupted?
>
>
> On Tue, Oct 3, 2017 at 4:41 AM, Stefan Folkerts  >
> wrote:
>
> > A 8.1.2.0 server should work with older clients as long as the node is in
> > transitional mode (q node f=d), when they jump to strict because, for
> > example, a 8.1.2 (or higher) client version restored something from that
> > node it jumps to strict and pre 8.1.2 clients will no longer be able to
> > connect using that nodename.
> > The same goes for admins.
> > The moment an admin uses the 8.1.2 (or higher) dsmadmc it jumps to strict
> > and that specific admin won't be able to connect to the server using a
> pre
> > 8.1.2 dsmadmc anymore.
> >
> > As far as I have seen there are no other reasons why older clients would
> > have issues, just keep them in transitional and don't connect to that
> > nodename with a 8.1.2 or higher client.
> > You can also manually set the nodes to strict using update node but that
> > can't be reversed.
> >
> > That is what I understand about the situation at this point, it's all
> > related to TLS strict mode that is used on a per node and per admin
> basis.
> >
> >
> >
> >
> > On Tue, Oct 3, 2017 at 4:26 AM, J. Pohlmann  wrote:
> >
> > > I have tried an 8.1.2 client on an 8.1.1.0 server, and as in your case,
> > it
> > > worked fine. Then, when I upgraded the server to 8.1.2, the client
> > stopped
> > > working until I ran dsmcert.exe on my Windows client machine to install
> > the
> > > certificate. After that, the client worked. I  have not tried this
> > scenario
> > > with UNIX. If anyone has any experience, please let us know.
> > >
> > > I am also concerned as to what needs to be done with "really old"
> > clients.
> > > I have some installations that are running v5 and v6 clients due to old
> > OS
> > > levels. Again, if anyone has any experience, I would appreciate
> knowing.
> > >
> > > Best regards,
> > > Joerg Pohlmann
> > >
> > > -Original Message-
> > > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf
> Of
> > > Zoltan Forray
> > > Sent: Monday, October 02, 2017 13:21
> > > To: ADSM-L@VM.MARIST.EDU
> > > Subject: Re: [ADSM-L] 8.1.2 client and 7.1.7 servers
> > >
> > > I want to revisit this thread.  Unbeknownst to me, many of my
> co-workers
> > > have installed 8.1.2.0 (both Windows and Linux systems), totally
> ignoring
> > > my email that said not to.   However, we have not experienced any
> > > disruptions in communications, in contradiction to IBM's dire warning
> > that
> > > said not to upgrade clients to 8.1.2.0 before first upgrading the
> servers
> > > to 8.1.2.0 (now 8.1.3.0).
> > >
> > > Can someone from IBM explain the details behind the dire warning and
> > > perhaps explain what combination of server/client will NOT work if
> > someone
> > > installs 8.1.2.x client?
> > >
> > > We aren't running any kind of TLS 

Re: 8.1.2 client and 7.1.7 servers

[Zoltan Forray]

Thanks for all the feedback. Lots of good information. I did not mention
that all of my servers are 7.1.7.300 (soon to look at 7.1.8.000 just
release).  I have no plans or desires to jump to 8.1.2/3 if it is going to
cause such disruption, especially if I have to run a utility on clients to
install certs.

That being said, with a big PCI project on the horizon, I am probably going
to be forced to turn on SSL/TLS communications between SP servers, as a
minimum.  However, if I install 8.1.2 on the PCI SP server, I won't be able
to perform replication to my target replica server until I upgrade it to
8.1.2/3, which would then disrupt the 5-other SP servers doing replication
 - What a mess!

So, back to IBM's statement of "*Upgrade your IBM Spectrum Protect™ servers
to Version 8.1.2 before you upgrade the backup-archive clients. If you do
not upgrade your servers first, communication between servers and clients
might be interrupted.*"  Since in many cases, this has not been true, what
is the mix of client/server/config that might cause communications to be
disrupted?


On Tue, Oct 3, 2017 at 4:41 AM, Stefan Folkerts 
wrote:

> A 8.1.2.0 server should work with older clients as long as the node is in
> transitional mode (q node f=d), when they jump to strict because, for
> example, a 8.1.2 (or higher) client version restored something from that
> node it jumps to strict and pre 8.1.2 clients will no longer be able to
> connect using that nodename.
> The same goes for admins.
> The moment an admin uses the 8.1.2 (or higher) dsmadmc it jumps to strict
> and that specific admin won't be able to connect to the server using a pre
> 8.1.2 dsmadmc anymore.
>
> As far as I have seen there are no other reasons why older clients would
> have issues, just keep them in transitional and don't connect to that
> nodename with a 8.1.2 or higher client.
> You can also manually set the nodes to strict using update node but that
> can't be reversed.
>
> That is what I understand about the situation at this point, it's all
> related to TLS strict mode that is used on a per node and per admin basis.
>
>
>
>
> On Tue, Oct 3, 2017 at 4:26 AM, J. Pohlmann  wrote:
>
> > I have tried an 8.1.2 client on an 8.1.1.0 server, and as in your case,
> it
> > worked fine. Then, when I upgraded the server to 8.1.2, the client
> stopped
> > working until I ran dsmcert.exe on my Windows client machine to install
> the
> > certificate. After that, the client worked. I  have not tried this
> scenario
> > with UNIX. If anyone has any experience, please let us know.
> >
> > I am also concerned as to what needs to be done with "really old"
> clients.
> > I have some installations that are running v5 and v6 clients due to old
> OS
> > levels. Again, if anyone has any experience, I would appreciate knowing.
> >
> > Best regards,
> > Joerg Pohlmann
> >
> > -Original Message-
> > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of
> > Zoltan Forray
> > Sent: Monday, October 02, 2017 13:21
> > To: ADSM-L@VM.MARIST.EDU
> > Subject: Re: [ADSM-L] 8.1.2 client and 7.1.7 servers
> >
> > I want to revisit this thread.  Unbeknownst to me, many of my co-workers
> > have installed 8.1.2.0 (both Windows and Linux systems), totally ignoring
> > my email that said not to.   However, we have not experienced any
> > disruptions in communications, in contradiction to IBM's dire warning
> that
> > said not to upgrade clients to 8.1.2.0 before first upgrading the servers
> > to 8.1.2.0 (now 8.1.3.0).
> >
> > Can someone from IBM explain the details behind the dire warning and
> > perhaps explain what combination of server/client will NOT work if
> someone
> > installs 8.1.2.x client?
> >
> > We aren't running any kind of TLS between our servers, although moving to
> > TLS is on the horizon due to a big PCI projects that will totally isolate
> > such servers and even require me to stand up a lone, isolated SP server
> > within the PCI walled-garden/network.
> >
> > On Tue, Aug 29, 2017 at 6:08 PM, Remco Post  wrote:
> >
> > > What is totally clear to me is that the entire transition to TLS1.2
> > > all the way is potentially messy. We possibly have to remove server
> > > definitions in an enterprise setup, communications might (or might
> > > not) break, and in any case an extra server restart is required after
> > > everything has been upgraded.
> > >
> > > What is not clear to me is what will and will not be encrypted by the
> > > TLS once it is in place? Will that be everything, all server 2 server
> > > and client 2 server comms? And if so, what can we expect the impact on
> > > the CPU load to be? Our servers move a substantial amount of data
> > > every night ( 50
> > > - 100 TB each ) how many CPU’s should we be adding?
> > >
> > > And then the administrators… really, is there no way to guarantee that
> > > an admin can connect to the server using a downlevel client once he
> > 

Re: 8.1.2 client and 7.1.7 servers

[Stefan Folkerts]

A 8.1.2.0 server should work with older clients as long as the node is in
transitional mode (q node f=d), when they jump to strict because, for
example, a 8.1.2 (or higher) client version restored something from that
node it jumps to strict and pre 8.1.2 clients will no longer be able to
connect using that nodename.
The same goes for admins.
The moment an admin uses the 8.1.2 (or higher) dsmadmc it jumps to strict
and that specific admin won't be able to connect to the server using a pre
8.1.2 dsmadmc anymore.

As far as I have seen there are no other reasons why older clients would
have issues, just keep them in transitional and don't connect to that
nodename with a 8.1.2 or higher client.
You can also manually set the nodes to strict using update node but that
can't be reversed.

That is what I understand about the situation at this point, it's all
related to TLS strict mode that is used on a per node and per admin basis.




On Tue, Oct 3, 2017 at 4:26 AM, J. Pohlmann  wrote:

> I have tried an 8.1.2 client on an 8.1.1.0 server, and as in your case, it
> worked fine. Then, when I upgraded the server to 8.1.2, the client stopped
> working until I ran dsmcert.exe on my Windows client machine to install the
> certificate. After that, the client worked. I  have not tried this scenario
> with UNIX. If anyone has any experience, please let us know.
>
> I am also concerned as to what needs to be done with "really old" clients.
> I have some installations that are running v5 and v6 clients due to old OS
> levels. Again, if anyone has any experience, I would appreciate knowing.
>
> Best regards,
> Joerg Pohlmann
>
> -Original Message-
> From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of
> Zoltan Forray
> Sent: Monday, October 02, 2017 13:21
> To: ADSM-L@VM.MARIST.EDU
> Subject: Re: [ADSM-L] 8.1.2 client and 7.1.7 servers
>
> I want to revisit this thread.  Unbeknownst to me, many of my co-workers
> have installed 8.1.2.0 (both Windows and Linux systems), totally ignoring
> my email that said not to.   However, we have not experienced any
> disruptions in communications, in contradiction to IBM's dire warning that
> said not to upgrade clients to 8.1.2.0 before first upgrading the servers
> to 8.1.2.0 (now 8.1.3.0).
>
> Can someone from IBM explain the details behind the dire warning and
> perhaps explain what combination of server/client will NOT work if someone
> installs 8.1.2.x client?
>
> We aren't running any kind of TLS between our servers, although moving to
> TLS is on the horizon due to a big PCI projects that will totally isolate
> such servers and even require me to stand up a lone, isolated SP server
> within the PCI walled-garden/network.
>
> On Tue, Aug 29, 2017 at 6:08 PM, Remco Post  wrote:
>
> > What is totally clear to me is that the entire transition to TLS1.2
> > all the way is potentially messy. We possibly have to remove server
> > definitions in an enterprise setup, communications might (or might
> > not) break, and in any case an extra server restart is required after
> > everything has been upgraded.
> >
> > What is not clear to me is what will and will not be encrypted by the
> > TLS once it is in place? Will that be everything, all server 2 server
> > and client 2 server comms? And if so, what can we expect the impact on
> > the CPU load to be? Our servers move a substantial amount of data
> > every night ( 50
> > - 100 TB each ) how many CPU’s should we be adding?
> >
> > And then the administrators… really, is there no way to guarantee that
> > an admin can connect to the server using a downlevel client once he
> > has used TLS? At least in my world the server and OC get upgraded by
> > one team, while the client is managed by a different team, each at their
> discretion.
> >
> > > On 29 Aug 2017, at 15:24, Mikhail Tolkonyuk 
> > wrote:
> > >
> > > You must update server certificate to SHA-256 before upgrading
> > > clients
> > or disable SSL in dsm.opt on all of them.
> > >
> > > BAC 8.1.2 remembers server certificate and uses TLS by default, it
> > > will
> > work with old 7.1.x SHA-1 (or MD5) certificate until you upgrade
> > server and OC to 8.1.2. During upgrade server generates new SHA-256
> > certificate and clients no more able to connect to "untrusted server"
> with new certificate.
> > > As workaround you can remove dsmcert.idx, dsmcert.kdb, dsmcert.sth
> > > files
> > from client folder and reset transport method for node after server
> > update, but it's much easier to solve the issue in advance.
> > >
> > > Check the default cert with the following command:
> > > gsk8capicmd_64 -cert -list -db C:\tsminst1\cert.kdb -stashed
> > >
> > > For more details watch Tricia's video about TLS 1.2:
> > > https://youtu.be/QVPrxjmo_aU
> > >
> > > And see technote 2004844:
> > > https://www-01.ibm.com/support/docview.wss?uid=swg22004844
> > >
> > >
> > > -Original Message-
> > > From: ADSM: 

Re: 8.1.2 client and 7.1.7 servers

[J. Pohlmann]

I have tried an 8.1.2 client on an 8.1.1.0 server, and as in your case, it 
worked fine. Then, when I upgraded the server to 8.1.2, the client stopped 
working until I ran dsmcert.exe on my Windows client machine to install the 
certificate. After that, the client worked. I  have not tried this scenario 
with UNIX. If anyone has any experience, please let us know.

I am also concerned as to what needs to be done with "really old" clients. I 
have some installations that are running v5 and v6 clients due to old OS 
levels. Again, if anyone has any experience, I would appreciate knowing.

Best regards,
Joerg Pohlmann

-Original Message-
From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Zoltan 
Forray
Sent: Monday, October 02, 2017 13:21
To: ADSM-L@VM.MARIST.EDU
Subject: Re: [ADSM-L] 8.1.2 client and 7.1.7 servers

I want to revisit this thread.  Unbeknownst to me, many of my co-workers have 
installed 8.1.2.0 (both Windows and Linux systems), totally ignoring
my email that said not to.   However, we have not experienced any
disruptions in communications, in contradiction to IBM's dire warning that said 
not to upgrade clients to 8.1.2.0 before first upgrading the servers to 8.1.2.0 
(now 8.1.3.0).

Can someone from IBM explain the details behind the dire warning and perhaps 
explain what combination of server/client will NOT work if someone installs 
8.1.2.x client?

We aren't running any kind of TLS between our servers, although moving to TLS 
is on the horizon due to a big PCI projects that will totally isolate such 
servers and even require me to stand up a lone, isolated SP server within the 
PCI walled-garden/network.

On Tue, Aug 29, 2017 at 6:08 PM, Remco Post  wrote:

> What is totally clear to me is that the entire transition to TLS1.2 
> all the way is potentially messy. We possibly have to remove server 
> definitions in an enterprise setup, communications might (or might 
> not) break, and in any case an extra server restart is required after 
> everything has been upgraded.
>
> What is not clear to me is what will and will not be encrypted by the 
> TLS once it is in place? Will that be everything, all server 2 server 
> and client 2 server comms? And if so, what can we expect the impact on 
> the CPU load to be? Our servers move a substantial amount of data 
> every night ( 50
> - 100 TB each ) how many CPU’s should we be adding?
>
> And then the administrators… really, is there no way to guarantee that 
> an admin can connect to the server using a downlevel client once he 
> has used TLS? At least in my world the server and OC get upgraded by 
> one team, while the client is managed by a different team, each at their 
> discretion.
>
> > On 29 Aug 2017, at 15:24, Mikhail Tolkonyuk 
> wrote:
> >
> > You must update server certificate to SHA-256 before upgrading 
> > clients
> or disable SSL in dsm.opt on all of them.
> >
> > BAC 8.1.2 remembers server certificate and uses TLS by default, it 
> > will
> work with old 7.1.x SHA-1 (or MD5) certificate until you upgrade 
> server and OC to 8.1.2. During upgrade server generates new SHA-256 
> certificate and clients no more able to connect to "untrusted server" with 
> new certificate.
> > As workaround you can remove dsmcert.idx, dsmcert.kdb, dsmcert.sth 
> > files
> from client folder and reset transport method for node after server 
> update, but it's much easier to solve the issue in advance.
> >
> > Check the default cert with the following command:
> > gsk8capicmd_64 -cert -list -db C:\tsminst1\cert.kdb -stashed
> >
> > For more details watch Tricia's video about TLS 1.2:
> > https://youtu.be/QVPrxjmo_aU
> >
> > And see technote 2004844:
> > https://www-01.ibm.com/support/docview.wss?uid=swg22004844
> >
> >
> > -Original Message-
> > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On 
> > Behalf
> Of Zoltan Forray
> > Sent: Tuesday, August 22, 2017 4:03 PM
> > To: ADSM-L@VM.MARIST.EDU
> > Subject: [ADSM-L] 8.1.2 client and 7.1.7 servers
> >
> > Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?  
> > I
> haven't had the chance to test such a configuration (since my lone 
> test server is at 8.1.1) and with the dire-warnings in the readme 
> docs, I made sure everyone on my staff knows to NOT install 8.1.2 clients.
> >
> > From the readme/docs:
> >
> > Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before 
> > you
> upgrade the backup-archive clients.
> >
> >
> >
> > If you do not upgrade your servers first, communication between 
> > servers
> and clients might be interrupted.
> >
> >
> > --
> > *Zoltan Forray*
> > Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator 
> > Xymon
> Monitor Administrator VMware Administrator Virginia Commonwealth 
> University UCC/Office of Technology Services www.ucc.vcu.edu 
> zfor...@vcu.edu -
> 804-828-4807 Don't be a phishing victim - VCU and other reputable 
> organizations 

Re: 8.1.2 client and 7.1.7 servers

[Zoltan Forray]

I want to revisit this thread.  Unbeknownst to me, many of my co-workers
have installed 8.1.2.0 (both Windows and Linux systems), totally ignoring
my email that said not to.   However, we have not experienced any
disruptions in communications, in contradiction to IBM's dire warning that
said not to upgrade clients to 8.1.2.0 before first upgrading the servers
to 8.1.2.0 (now 8.1.3.0).

Can someone from IBM explain the details behind the dire warning and
perhaps explain what combination of server/client will NOT work if someone
installs 8.1.2.x client?

We aren't running any kind of TLS between our servers, although moving to
TLS is on the horizon due to a big PCI projects that will totally isolate
such servers and even require me to stand up a lone, isolated SP server
within the PCI walled-garden/network.

On Tue, Aug 29, 2017 at 6:08 PM, Remco Post  wrote:

> What is totally clear to me is that the entire transition to TLS1.2 all
> the way is potentially messy. We possibly have to remove server definitions
> in an enterprise setup, communications might (or might not) break, and in
> any case an extra server restart is required after everything has been
> upgraded.
>
> What is not clear to me is what will and will not be encrypted by the TLS
> once it is in place? Will that be everything, all server 2 server and
> client 2 server comms? And if so, what can we expect the impact on the CPU
> load to be? Our servers move a substantial amount of data every night ( 50
> - 100 TB each ) how many CPU’s should we be adding?
>
> And then the administrators… really, is there no way to guarantee that an
> admin can connect to the server using a downlevel client once he has used
> TLS? At least in my world the server and OC get upgraded by one team, while
> the client is managed by a different team, each at their discretion.
>
> > On 29 Aug 2017, at 15:24, Mikhail Tolkonyuk 
> wrote:
> >
> > You must update server certificate to SHA-256 before upgrading clients
> or disable SSL in dsm.opt on all of them.
> >
> > BAC 8.1.2 remembers server certificate and uses TLS by default, it will
> work with old 7.1.x SHA-1 (or MD5) certificate until you upgrade server and
> OC to 8.1.2. During upgrade server generates new SHA-256 certificate and
> clients no more able to connect to "untrusted server" with new certificate.
> > As workaround you can remove dsmcert.idx, dsmcert.kdb, dsmcert.sth files
> from client folder and reset transport method for node after server update,
> but it's much easier to solve the issue in advance.
> >
> > Check the default cert with the following command:
> > gsk8capicmd_64 -cert -list -db C:\tsminst1\cert.kdb -stashed
> >
> > For more details watch Tricia's video about TLS 1.2:
> > https://youtu.be/QVPrxjmo_aU
> >
> > And see technote 2004844:
> > https://www-01.ibm.com/support/docview.wss?uid=swg22004844
> >
> >
> > -Original Message-
> > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf
> Of Zoltan Forray
> > Sent: Tuesday, August 22, 2017 4:03 PM
> > To: ADSM-L@VM.MARIST.EDU
> > Subject: [ADSM-L] 8.1.2 client and 7.1.7 servers
> >
> > Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?  I
> haven't had the chance to test such a configuration (since my lone test
> server is at 8.1.1) and with the dire-warnings in the readme docs, I made
> sure everyone on my staff knows to NOT install 8.1.2 clients.
> >
> > From the readme/docs:
> >
> > Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before you
> upgrade the backup-archive clients.
> >
> >
> >
> > If you do not upgrade your servers first, communication between servers
> and clients might be interrupted.
> >
> >
> > --
> > *Zoltan Forray*
> > Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon
> Monitor Administrator VMware Administrator Virginia Commonwealth University
> UCC/Office of Technology Services www.ucc.vcu.edu zfor...@vcu.edu -
> 804-828-4807 Don't be a phishing victim - VCU and other reputable
> organizations will never use email to request that you reply with your
> password, social security number or confidential personal information. For
> more details visit http://infosecurity.vcu.edu/phishing.html
>
> --
>
>  Met vriendelijke groeten/Kind Regards,
>
> Remco Post
> r.p...@plcs.nl
> +31 6 248 21 622
>



-- 
*Zoltan Forray*
Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator
Xymon Monitor Administrator
VMware Administrator
Virginia Commonwealth University
UCC/Office of Technology Services
www.ucc.vcu.edu
zfor...@vcu.edu - 804-828-4807
Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, social
security number or confidential personal information. For more details
visit http://phishing.vcu.edu/

Re: 8.1.2 client and 7.1.7 servers

[Remco Post]

What is totally clear to me is that the entire transition to TLS1.2 all the way 
is potentially messy. We possibly have to remove server definitions in an 
enterprise setup, communications might (or might not) break, and in any case an 
extra server restart is required after everything has been upgraded.

What is not clear to me is what will and will not be encrypted by the TLS once 
it is in place? Will that be everything, all server 2 server and client 2 
server comms? And if so, what can we expect the impact on the CPU load to be? 
Our servers move a substantial amount of data every night ( 50 - 100 TB each ) 
how many CPU’s should we be adding?

And then the administrators… really, is there no way to guarantee that an admin 
can connect to the server using a downlevel client once he has used TLS? At 
least in my world the server and OC get upgraded by one team, while the client 
is managed by a different team, each at their discretion.

> On 29 Aug 2017, at 15:24, Mikhail Tolkonyuk  wrote:
> 
> You must update server certificate to SHA-256 before upgrading clients or 
> disable SSL in dsm.opt on all of them.
> 
> BAC 8.1.2 remembers server certificate and uses TLS by default, it will work 
> with old 7.1.x SHA-1 (or MD5) certificate until you upgrade server and OC to 
> 8.1.2. During upgrade server generates new SHA-256 certificate and clients no 
> more able to connect to "untrusted server" with new certificate.
> As workaround you can remove dsmcert.idx, dsmcert.kdb, dsmcert.sth files from 
> client folder and reset transport method for node after server update, but 
> it's much easier to solve the issue in advance.
> 
> Check the default cert with the following command:
> gsk8capicmd_64 -cert -list -db C:\tsminst1\cert.kdb -stashed
> 
> For more details watch Tricia's video about TLS 1.2:
> https://youtu.be/QVPrxjmo_aU
> 
> And see technote 2004844:
> https://www-01.ibm.com/support/docview.wss?uid=swg22004844
> 
> 
> -Original Message-
> From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of 
> Zoltan Forray
> Sent: Tuesday, August 22, 2017 4:03 PM
> To: ADSM-L@VM.MARIST.EDU
> Subject: [ADSM-L] 8.1.2 client and 7.1.7 servers
> 
> Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?  I 
> haven't had the chance to test such a configuration (since my lone test 
> server is at 8.1.1) and with the dire-warnings in the readme docs, I made 
> sure everyone on my staff knows to NOT install 8.1.2 clients.
> 
> From the readme/docs:
> 
> Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before you 
> upgrade the backup-archive clients.
> 
> 
> 
> If you do not upgrade your servers first, communication between servers and 
> clients might be interrupted.
> 
> 
> --
> *Zoltan Forray*
> Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor 
> Administrator VMware Administrator Virginia Commonwealth University 
> UCC/Office of Technology Services www.ucc.vcu.edu zfor...@vcu.edu - 
> 804-828-4807 Don't be a phishing victim - VCU and other reputable 
> organizations will never use email to request that you reply with your 
> password, social security number or confidential personal information. For 
> more details visit http://infosecurity.vcu.edu/phishing.html

-- 

 Met vriendelijke groeten/Kind Regards,

Remco Post
r.p...@plcs.nl
+31 6 248 21 622

Re: 8.1.2 client and 7.1.7 servers

[Mikhail Tolkonyuk]

Now I am not sure how BAC 8.1.2 works with TSM 7.1.7.
Could you please check your test client with and without "SSL OFF" for 
dsmcert.idx, dsmcert.kdb and dsmcert.sth in baclient folder? And if they exist, 
what's happened when you remove those files and start client?

Sorry if I pointed you in the wrong direction and everything should work 
without any changes.

-Original Message-
From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Zoltan 
Forray
Sent: Tuesday, August 29, 2017 4:43 PM
To: ADSM-L@VM.MARIST.EDU
Subject: Re: [ADSM-L] 8.1.2 client and 7.1.7 servers

Thank you for the information and links.  I did see the YouTube video you refer 
to.

Since we don't use SSL/TLS at all (I suspect we will with a big emphasis on PCI 
security),  do I simply need to add "SSL NO" to the client dsm.opt files so it 
won't try to use SSL?  We finally installed (upgraded) the
8.1.2 client on a Windows test machine and it connected and backed-up without 
any issues.  We haven't tried scheduling since it is a test machine.

On Tue, Aug 29, 2017 at 9:24 AM, Mikhail Tolkonyuk 
wrote:

> You must update server certificate to SHA-256 before upgrading clients 
> or disable SSL in dsm.opt on all of them.
>
> BAC 8.1.2 remembers server certificate and uses TLS by default, it 
> will work with old 7.1.x SHA-1 (or MD5) certificate until you upgrade 
> server and OC to 8.1.2. During upgrade server generates new SHA-256 
> certificate and clients no more able to connect to "untrusted server" with 
> new certificate.
> As workaround you can remove dsmcert.idx, dsmcert.kdb, dsmcert.sth 
> files from client folder and reset transport method for node after 
> server update, but it's much easier to solve the issue in advance.
>
> Check the default cert with the following command:
> gsk8capicmd_64 -cert -list -db C:\tsminst1\cert.kdb -stashed
>
> For more details watch Tricia's video about TLS 1.2:
> https://youtu.be/QVPrxjmo_aU
>
> And see technote 2004844:
> https://www-01.ibm.com/support/docview.wss?uid=swg22004844
>
>
> -Original Message-
> From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf 
> Of Zoltan Forray
> Sent: Tuesday, August 22, 2017 4:03 PM
> To: ADSM-L@VM.MARIST.EDU
> Subject: [ADSM-L] 8.1.2 client and 7.1.7 servers
>
> Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?  I 
> haven't had the chance to test such a configuration (since my lone 
> test server is at 8.1.1) and with the dire-warnings in the readme 
> docs, I made sure everyone on my staff knows to NOT install 8.1.2 clients.
>
> From the readme/docs:
>
> Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before you 
> upgrade the backup-archive clients.
>
>
>
> If you do not upgrade your servers first, communication between 
> servers and clients might be interrupted.
>
>
> --
> *Zoltan Forray*
> Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon 
> Monitor Administrator VMware Administrator Virginia Commonwealth 
> University UCC/Office of Technology Services www.ucc.vcu.edu 
> zfor...@vcu.edu -
> 804-828-4807 Don't be a phishing victim - VCU and other reputable 
> organizations will never use email to request that you reply with your 
> password, social security number or confidential personal information. 
> For more details visit http://infosecurity.vcu.edu/phishing.html
>



--
*Zoltan Forray*
Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor 
Administrator VMware Administrator Virginia Commonwealth University UCC/Office 
of Technology Services www.ucc.vcu.edu zfor...@vcu.edu - 804-828-4807 Don't be 
a phishing victim - VCU and other reputable organizations will never use email 
to request that you reply with your password, social security number or 
confidential personal information. For more details visit 
http://infosecurity.vcu.edu/phishing.html

Re: 8.1.2 client and 7.1.7 servers

[Zoltan Forray]

Thank you for the information and links.  I did see the YouTube video you
refer to.

Since we don't use SSL/TLS at all (I suspect we will with a big emphasis on
PCI security),  do I simply need to add "SSL NO" to the client dsm.opt
files so it won't try to use SSL?  We finally installed (upgraded) the
8.1.2 client on a Windows test machine and it connected and backed-up
without any issues.  We haven't tried scheduling since it is a test machine.

On Tue, Aug 29, 2017 at 9:24 AM, Mikhail Tolkonyuk 
wrote:

> You must update server certificate to SHA-256 before upgrading clients or
> disable SSL in dsm.opt on all of them.
>
> BAC 8.1.2 remembers server certificate and uses TLS by default, it will
> work with old 7.1.x SHA-1 (or MD5) certificate until you upgrade server and
> OC to 8.1.2. During upgrade server generates new SHA-256 certificate and
> clients no more able to connect to "untrusted server" with new certificate.
> As workaround you can remove dsmcert.idx, dsmcert.kdb, dsmcert.sth files
> from client folder and reset transport method for node after server update,
> but it's much easier to solve the issue in advance.
>
> Check the default cert with the following command:
> gsk8capicmd_64 -cert -list -db C:\tsminst1\cert.kdb -stashed
>
> For more details watch Tricia's video about TLS 1.2:
> https://youtu.be/QVPrxjmo_aU
>
> And see technote 2004844:
> https://www-01.ibm.com/support/docview.wss?uid=swg22004844
>
>
> -Original Message-
> From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of
> Zoltan Forray
> Sent: Tuesday, August 22, 2017 4:03 PM
> To: ADSM-L@VM.MARIST.EDU
> Subject: [ADSM-L] 8.1.2 client and 7.1.7 servers
>
> Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?  I
> haven't had the chance to test such a configuration (since my lone test
> server is at 8.1.1) and with the dire-warnings in the readme docs, I made
> sure everyone on my staff knows to NOT install 8.1.2 clients.
>
> From the readme/docs:
>
> Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before you
> upgrade the backup-archive clients.
>
>
>
> If you do not upgrade your servers first, communication between servers
> and clients might be interrupted.
>
>
> --
> *Zoltan Forray*
> Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon
> Monitor Administrator VMware Administrator Virginia Commonwealth University
> UCC/Office of Technology Services www.ucc.vcu.edu zfor...@vcu.edu -
> 804-828-4807 Don't be a phishing victim - VCU and other reputable
> organizations will never use email to request that you reply with your
> password, social security number or confidential personal information. For
> more details visit http://infosecurity.vcu.edu/phishing.html
>



-- 
*Zoltan Forray*
Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator
Xymon Monitor Administrator
VMware Administrator
Virginia Commonwealth University
UCC/Office of Technology Services
www.ucc.vcu.edu
zfor...@vcu.edu - 804-828-4807
Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, social
security number or confidential personal information. For more details
visit http://infosecurity.vcu.edu/phishing.html

Re: 8.1.2 client and 7.1.7 servers

[Mikhail Tolkonyuk]

You must update server certificate to SHA-256 before upgrading clients or 
disable SSL in dsm.opt on all of them.

BAC 8.1.2 remembers server certificate and uses TLS by default, it will work 
with old 7.1.x SHA-1 (or MD5) certificate until you upgrade server and OC to 
8.1.2. During upgrade server generates new SHA-256 certificate and clients no 
more able to connect to "untrusted server" with new certificate.
As workaround you can remove dsmcert.idx, dsmcert.kdb, dsmcert.sth files from 
client folder and reset transport method for node after server update, but it's 
much easier to solve the issue in advance.

Check the default cert with the following command:
gsk8capicmd_64 -cert -list -db C:\tsminst1\cert.kdb -stashed

For more details watch Tricia's video about TLS 1.2:
https://youtu.be/QVPrxjmo_aU

And see technote 2004844:
https://www-01.ibm.com/support/docview.wss?uid=swg22004844


-Original Message-
From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Zoltan 
Forray
Sent: Tuesday, August 22, 2017 4:03 PM
To: ADSM-L@VM.MARIST.EDU
Subject: [ADSM-L] 8.1.2 client and 7.1.7 servers

Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?  I haven't 
had the chance to test such a configuration (since my lone test server is at 
8.1.1) and with the dire-warnings in the readme docs, I made sure everyone on 
my staff knows to NOT install 8.1.2 clients.

From the readme/docs:

Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before you upgrade 
the backup-archive clients.



If you do not upgrade your servers first, communication between servers and 
clients might be interrupted.


--
*Zoltan Forray*
Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor 
Administrator VMware Administrator Virginia Commonwealth University UCC/Office 
of Technology Services www.ucc.vcu.edu zfor...@vcu.edu - 804-828-4807 Don't be 
a phishing victim - VCU and other reputable organizations will never use email 
to request that you reply with your password, social security number or 
confidential personal information. For more details visit 
http://infosecurity.vcu.edu/phishing.html

Re: 8.1.2 client and 7.1.7 servers

[Stefan Folkerts]

>From what I understand so far (pre 8.1) the only thing that totally stopped
working on basically prehistoric clients is the scheduling services on the
client so people that need to backup for instance, an old NT 4.0 server or
something need to use some other scheduler but other than that all basics
still work with version 3 clients from what I heard...no guarantees from
me! :-P


On Wed, Aug 23, 2017 at 2:46 PM, Zoltan Forray <zfor...@vcu.edu> wrote:

> My other concern is really old, unsupported clients.  So far my OS400/BRMS
> 5.5 client is still working with 7.1.7 and we have a smattering of 6.3 and
> older unsupported clients (old Solaris, RHEL x32, Windows 2003 and until
> recently an IRIX box) so 8.1.x is not on any current schedule.
>
> On Wed, Aug 23, 2017 at 8:14 AM, Stefan Folkerts <
> stefan.folke...@gmail.com>
> wrote:
>
> > I agree Zoltan, it's very specific and I too would like for IBM to
> explain
> > what the reasoning behind the warning is.
> > Personally, I suspect it's a cover your *** type of deal, with that many
> > releases of so many different kind of clients floating around I would
> kind
> > of understand the reasoning behind something like that.
> >
> > On Wed, Aug 23, 2017 at 2:04 PM, Zoltan Forray <zfor...@vcu.edu> wrote:
> >
> > > I agree with both of your responses that it should not be an issue and
> > the
> > > "compatibility" page says it should be good as far as server/client
> > levels
> > > go.  But since the docs have the very specific warning about upgrading
> > the
> > > servers to 8.1.2 before clients or *"If you do not upgrade your servers
> > > first, communication between servers and clients might be
> > interrupted."*, I
> > > felt I should ask for empirical evidence that it wont cause problems.
> The
> > > warning was not specific on what kinds of communications problems to
> > expect
> > > or if/how they can be addresses if someone decides to download and
> > upgrade
> > > their client simply based on the "yes, 7.1 servers are compatible with
> > 8.1
> > > clients" document and didn't see the warning I read.
> > >
> > > Perhaps it is due to TLS 1.2 now turned ON by default.  Either way,
> more
> > > details/specifics from IBM would be helpful.
> > >
> > > On Wed, Aug 23, 2017 at 4:21 AM, Stefan Folkerts <
> > > stefan.folke...@gmail.com>
> > > wrote:
> > >
> > > > I agree with Eric and I have 8.2 VE setups connected to 7.1 servers
> at
> > > > multiple sites, i've never seen any issues. I do find the
> documentation
> > > > strange if it say's you need to upgrade your clients before upgrading
> > the
> > > > server. The only thing that makes sense to me is client-side dedup
> with
> > > > compression, for that you want your clients on the latest level
> > otherwise
> > > > the compression isn't compatible with the server compression and you
> > > don't
> > > > get optimal results.
> > > >
> > > > On Wed, Aug 23, 2017 at 9:17 AM, Loon, Eric van (ITOPT3) - KLM <
> > > > eric-van.l...@klm.com> wrote:
> > > >
> > > > > Nor with up-leveled clients by the way, which is the case here.
> > > > > Kind regards,
> > > > > Eric van Loon
> > > > > Air France/KLM Storage Engineering
> > > > >
> > > > >
> > > > > -Original Message-
> > > > > From: Loon, Eric van (ITOPT3) - KLM
> > > > > Sent: woensdag 23 augustus 2017 9:15
> > > > > To: ADSM-L@VM.MARIST.EDU
> > > > > Subject: RE: 8.1.2 client and 7.1.7 servers
> > > > >
> > > > > Hi Zoltan!
> > > > > The page http://www-01.ibm.com/support/docview.wss?uid=swg21053218
> > > shows
> > > > > that the SP 8.1.2 client is supported with all 8.1 and 7.1
> servers. I
> > > > have
> > > > > never encountered issues with down-leveled clients in my 20+ years
> of
> > > TSM
> > > > > history.
> > > > > Kind regards,
> > > > > Eric van Loon
> > > > > Air France/KLM Storage Engineering
> > > > >
> > > > > -Original Message-
> > > > > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On
> > Behalf
> > > Of
> > > > > Zoltan Forray
> > > > > Sent: dinsdag 22 augustus 2017 15:03
> >

Re: 8.1.2 client and 7.1.7 servers

[Zoltan Forray]

My other concern is really old, unsupported clients.  So far my OS400/BRMS
5.5 client is still working with 7.1.7 and we have a smattering of 6.3 and
older unsupported clients (old Solaris, RHEL x32, Windows 2003 and until
recently an IRIX box) so 8.1.x is not on any current schedule.

On Wed, Aug 23, 2017 at 8:14 AM, Stefan Folkerts <stefan.folke...@gmail.com>
wrote:

> I agree Zoltan, it's very specific and I too would like for IBM to explain
> what the reasoning behind the warning is.
> Personally, I suspect it's a cover your *** type of deal, with that many
> releases of so many different kind of clients floating around I would kind
> of understand the reasoning behind something like that.
>
> On Wed, Aug 23, 2017 at 2:04 PM, Zoltan Forray <zfor...@vcu.edu> wrote:
>
> > I agree with both of your responses that it should not be an issue and
> the
> > "compatibility" page says it should be good as far as server/client
> levels
> > go.  But since the docs have the very specific warning about upgrading
> the
> > servers to 8.1.2 before clients or *"If you do not upgrade your servers
> > first, communication between servers and clients might be
> interrupted."*, I
> > felt I should ask for empirical evidence that it wont cause problems. The
> > warning was not specific on what kinds of communications problems to
> expect
> > or if/how they can be addresses if someone decides to download and
> upgrade
> > their client simply based on the "yes, 7.1 servers are compatible with
> 8.1
> > clients" document and didn't see the warning I read.
> >
> > Perhaps it is due to TLS 1.2 now turned ON by default.  Either way, more
> > details/specifics from IBM would be helpful.
> >
> > On Wed, Aug 23, 2017 at 4:21 AM, Stefan Folkerts <
> > stefan.folke...@gmail.com>
> > wrote:
> >
> > > I agree with Eric and I have 8.2 VE setups connected to 7.1 servers at
> > > multiple sites, i've never seen any issues. I do find the documentation
> > > strange if it say's you need to upgrade your clients before upgrading
> the
> > > server. The only thing that makes sense to me is client-side dedup with
> > > compression, for that you want your clients on the latest level
> otherwise
> > > the compression isn't compatible with the server compression and you
> > don't
> > > get optimal results.
> > >
> > > On Wed, Aug 23, 2017 at 9:17 AM, Loon, Eric van (ITOPT3) - KLM <
> > > eric-van.l...@klm.com> wrote:
> > >
> > > > Nor with up-leveled clients by the way, which is the case here.
> > > > Kind regards,
> > > > Eric van Loon
> > > > Air France/KLM Storage Engineering
> > > >
> > > >
> > > > -Original Message-
> > > > From: Loon, Eric van (ITOPT3) - KLM
> > > > Sent: woensdag 23 augustus 2017 9:15
> > > > To: ADSM-L@VM.MARIST.EDU
> > > > Subject: RE: 8.1.2 client and 7.1.7 servers
> > > >
> > > > Hi Zoltan!
> > > > The page http://www-01.ibm.com/support/docview.wss?uid=swg21053218
> > shows
> > > > that the SP 8.1.2 client is supported with all 8.1 and 7.1 servers. I
> > > have
> > > > never encountered issues with down-leveled clients in my 20+ years of
> > TSM
> > > > history.
> > > > Kind regards,
> > > > Eric van Loon
> > > > Air France/KLM Storage Engineering
> > > >
> > > > -Original Message-
> > > > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On
> Behalf
> > Of
> > > > Zoltan Forray
> > > > Sent: dinsdag 22 augustus 2017 15:03
> > > > To: ADSM-L@VM.MARIST.EDU
> > > > Subject: 8.1.2 client and 7.1.7 servers
> > > >
> > > > Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?
> I
> > > > haven't had the chance to test such a configuration (since my lone
> test
> > > > server is at 8.1.1) and with the dire-warnings in the readme docs, I
> > made
> > > > sure everyone on my staff knows to NOT install 8.1.2 clients.
> > > >
> > > > From the readme/docs:
> > > >
> > > > Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before
> you
> > > > upgrade the backup-archive clients.
> > > >
> > > >
> > > >
> > > > If you do not upgrade your servers first, communication between
> servers
> > > > and clients might be interrupted.
&g

Re: 8.1.2 client and 7.1.7 servers

[Stefan Folkerts]

I agree Zoltan, it's very specific and I too would like for IBM to explain
what the reasoning behind the warning is.
Personally, I suspect it's a cover your *** type of deal, with that many
releases of so many different kind of clients floating around I would kind
of understand the reasoning behind something like that.

On Wed, Aug 23, 2017 at 2:04 PM, Zoltan Forray <zfor...@vcu.edu> wrote:

> I agree with both of your responses that it should not be an issue and the
> "compatibility" page says it should be good as far as server/client levels
> go.  But since the docs have the very specific warning about upgrading the
> servers to 8.1.2 before clients or *"If you do not upgrade your servers
> first, communication between servers and clients might be interrupted."*, I
> felt I should ask for empirical evidence that it wont cause problems. The
> warning was not specific on what kinds of communications problems to expect
> or if/how they can be addresses if someone decides to download and upgrade
> their client simply based on the "yes, 7.1 servers are compatible with 8.1
> clients" document and didn't see the warning I read.
>
> Perhaps it is due to TLS 1.2 now turned ON by default.  Either way, more
> details/specifics from IBM would be helpful.
>
> On Wed, Aug 23, 2017 at 4:21 AM, Stefan Folkerts <
> stefan.folke...@gmail.com>
> wrote:
>
> > I agree with Eric and I have 8.2 VE setups connected to 7.1 servers at
> > multiple sites, i've never seen any issues. I do find the documentation
> > strange if it say's you need to upgrade your clients before upgrading the
> > server. The only thing that makes sense to me is client-side dedup with
> > compression, for that you want your clients on the latest level otherwise
> > the compression isn't compatible with the server compression and you
> don't
> > get optimal results.
> >
> > On Wed, Aug 23, 2017 at 9:17 AM, Loon, Eric van (ITOPT3) - KLM <
> > eric-van.l...@klm.com> wrote:
> >
> > > Nor with up-leveled clients by the way, which is the case here.
> > > Kind regards,
> > > Eric van Loon
> > > Air France/KLM Storage Engineering
> > >
> > >
> > > -Original Message-
> > > From: Loon, Eric van (ITOPT3) - KLM
> > > Sent: woensdag 23 augustus 2017 9:15
> > > To: ADSM-L@VM.MARIST.EDU
> > > Subject: RE: 8.1.2 client and 7.1.7 servers
> > >
> > > Hi Zoltan!
> > > The page http://www-01.ibm.com/support/docview.wss?uid=swg21053218
> shows
> > > that the SP 8.1.2 client is supported with all 8.1 and 7.1 servers. I
> > have
> > > never encountered issues with down-leveled clients in my 20+ years of
> TSM
> > > history.
> > > Kind regards,
> > > Eric van Loon
> > > Air France/KLM Storage Engineering
> > >
> > > -Original Message-
> > > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf
> Of
> > > Zoltan Forray
> > > Sent: dinsdag 22 augustus 2017 15:03
> > > To: ADSM-L@VM.MARIST.EDU
> > > Subject: 8.1.2 client and 7.1.7 servers
> > >
> > > Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?  I
> > > haven't had the chance to test such a configuration (since my lone test
> > > server is at 8.1.1) and with the dire-warnings in the readme docs, I
> made
> > > sure everyone on my staff knows to NOT install 8.1.2 clients.
> > >
> > > From the readme/docs:
> > >
> > > Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before you
> > > upgrade the backup-archive clients.
> > >
> > >
> > >
> > > If you do not upgrade your servers first, communication between servers
> > > and clients might be interrupted.
> > >
> > >
> > > --
> > > *Zoltan Forray*
> > > Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon
> > > Monitor Administrator VMware Administrator Virginia Commonwealth
> > University
> > > UCC/Office of Technology Services www.ucc.vcu.edu zfor...@vcu.edu -
> > > 804-828-4807 Don't be a phishing victim - VCU and other reputable
> > > organizations will never use email to request that you reply with your
> > > password, social security number or confidential personal information.
> > For
> > > more details visit http://infosecurity.vcu.edu/phishing.html
> > > 
> > > For information, services and offers, please visit our web site:
> > > http://www

Re: 8.1.2 client and 7.1.7 servers

[Zoltan Forray]

I agree with both of your responses that it should not be an issue and the
"compatibility" page says it should be good as far as server/client levels
go.  But since the docs have the very specific warning about upgrading the
servers to 8.1.2 before clients or *"If you do not upgrade your servers
first, communication between servers and clients might be interrupted."*, I
felt I should ask for empirical evidence that it wont cause problems. The
warning was not specific on what kinds of communications problems to expect
or if/how they can be addresses if someone decides to download and upgrade
their client simply based on the "yes, 7.1 servers are compatible with 8.1
clients" document and didn't see the warning I read.

Perhaps it is due to TLS 1.2 now turned ON by default.  Either way, more
details/specifics from IBM would be helpful.

On Wed, Aug 23, 2017 at 4:21 AM, Stefan Folkerts <stefan.folke...@gmail.com>
wrote:

> I agree with Eric and I have 8.2 VE setups connected to 7.1 servers at
> multiple sites, i've never seen any issues. I do find the documentation
> strange if it say's you need to upgrade your clients before upgrading the
> server. The only thing that makes sense to me is client-side dedup with
> compression, for that you want your clients on the latest level otherwise
> the compression isn't compatible with the server compression and you don't
> get optimal results.
>
> On Wed, Aug 23, 2017 at 9:17 AM, Loon, Eric van (ITOPT3) - KLM <
> eric-van.l...@klm.com> wrote:
>
> > Nor with up-leveled clients by the way, which is the case here.
> > Kind regards,
> > Eric van Loon
> > Air France/KLM Storage Engineering
> >
> >
> > -Original Message-
> > From: Loon, Eric van (ITOPT3) - KLM
> > Sent: woensdag 23 augustus 2017 9:15
> > To: ADSM-L@VM.MARIST.EDU
> > Subject: RE: 8.1.2 client and 7.1.7 servers
> >
> > Hi Zoltan!
> > The page http://www-01.ibm.com/support/docview.wss?uid=swg21053218 shows
> > that the SP 8.1.2 client is supported with all 8.1 and 7.1 servers. I
> have
> > never encountered issues with down-leveled clients in my 20+ years of TSM
> > history.
> > Kind regards,
> > Eric van Loon
> > Air France/KLM Storage Engineering
> >
> > -Original Message-
> > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of
> > Zoltan Forray
> > Sent: dinsdag 22 augustus 2017 15:03
> > To: ADSM-L@VM.MARIST.EDU
> > Subject: 8.1.2 client and 7.1.7 servers
> >
> > Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?  I
> > haven't had the chance to test such a configuration (since my lone test
> > server is at 8.1.1) and with the dire-warnings in the readme docs, I made
> > sure everyone on my staff knows to NOT install 8.1.2 clients.
> >
> > From the readme/docs:
> >
> > Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before you
> > upgrade the backup-archive clients.
> >
> >
> >
> > If you do not upgrade your servers first, communication between servers
> > and clients might be interrupted.
> >
> >
> > --
> > *Zoltan Forray*
> > Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon
> > Monitor Administrator VMware Administrator Virginia Commonwealth
> University
> > UCC/Office of Technology Services www.ucc.vcu.edu zfor...@vcu.edu -
> > 804-828-4807 Don't be a phishing victim - VCU and other reputable
> > organizations will never use email to request that you reply with your
> > password, social security number or confidential personal information.
> For
> > more details visit http://infosecurity.vcu.edu/phishing.html
> > 
> > For information, services and offers, please visit our web site:
> > http://www.klm.com. This e-mail and any attachment may contain
> > confidential and privileged material intended for the addressee only. If
> > you are not the addressee, you are notified that no part of the e-mail or
> > any attachment may be disclosed, copied or distributed, and that any
> other
> > action related to this e-mail or attachment is strictly prohibited, and
> may
> > be unlawful. If you have received this e-mail by error, please notify the
> > sender immediately by return e-mail, and delete this message.
> >
> > Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its
> > employees shall not be liable for the incorrect or incomplete
> transmission
> > of this e-mail or any attachments, nor responsible for any delay in
> receipt.
> > Koninklijke Luchtvaart Ma

Re: 8.1.2 client and 7.1.7 servers

[Stefan Folkerts]

I agree with Eric and I have 8.2 VE setups connected to 7.1 servers at
multiple sites, i've never seen any issues. I do find the documentation
strange if it say's you need to upgrade your clients before upgrading the
server. The only thing that makes sense to me is client-side dedup with
compression, for that you want your clients on the latest level otherwise
the compression isn't compatible with the server compression and you don't
get optimal results.

On Wed, Aug 23, 2017 at 9:17 AM, Loon, Eric van (ITOPT3) - KLM <
eric-van.l...@klm.com> wrote:

> Nor with up-leveled clients by the way, which is the case here.
> Kind regards,
> Eric van Loon
> Air France/KLM Storage Engineering
>
>
> -Original Message-
> From: Loon, Eric van (ITOPT3) - KLM
> Sent: woensdag 23 augustus 2017 9:15
> To: ADSM-L@VM.MARIST.EDU
> Subject: RE: 8.1.2 client and 7.1.7 servers
>
> Hi Zoltan!
> The page http://www-01.ibm.com/support/docview.wss?uid=swg21053218 shows
> that the SP 8.1.2 client is supported with all 8.1 and 7.1 servers. I have
> never encountered issues with down-leveled clients in my 20+ years of TSM
> history.
> Kind regards,
> Eric van Loon
> Air France/KLM Storage Engineering
>
> -Original Message-
> From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of
> Zoltan Forray
> Sent: dinsdag 22 augustus 2017 15:03
> To: ADSM-L@VM.MARIST.EDU
> Subject: 8.1.2 client and 7.1.7 servers
>
> Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?  I
> haven't had the chance to test such a configuration (since my lone test
> server is at 8.1.1) and with the dire-warnings in the readme docs, I made
> sure everyone on my staff knows to NOT install 8.1.2 clients.
>
> From the readme/docs:
>
> Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before you
> upgrade the backup-archive clients.
>
>
>
> If you do not upgrade your servers first, communication between servers
> and clients might be interrupted.
>
>
> --
> *Zoltan Forray*
> Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon
> Monitor Administrator VMware Administrator Virginia Commonwealth University
> UCC/Office of Technology Services www.ucc.vcu.edu zfor...@vcu.edu -
> 804-828-4807 Don't be a phishing victim - VCU and other reputable
> organizations will never use email to request that you reply with your
> password, social security number or confidential personal information. For
> more details visit http://infosecurity.vcu.edu/phishing.html
> 
> For information, services and offers, please visit our web site:
> http://www.klm.com. This e-mail and any attachment may contain
> confidential and privileged material intended for the addressee only. If
> you are not the addressee, you are notified that no part of the e-mail or
> any attachment may be disclosed, copied or distributed, and that any other
> action related to this e-mail or attachment is strictly prohibited, and may
> be unlawful. If you have received this e-mail by error, please notify the
> sender immediately by return e-mail, and delete this message.
>
> Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its
> employees shall not be liable for the incorrect or incomplete transmission
> of this e-mail or any attachments, nor responsible for any delay in receipt.
> Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch
> Airlines) is registered in Amstelveen, The Netherlands, with registered
> number 33014286
> 
>

Re: 8.1.2 client and 7.1.7 servers

[Loon, Eric van (ITOPT3) - KLM]

Nor with up-leveled clients by the way, which is the case here. 
Kind regards,
Eric van Loon
Air France/KLM Storage Engineering


-Original Message-
From: Loon, Eric van (ITOPT3) - KLM 
Sent: woensdag 23 augustus 2017 9:15
To: ADSM-L@VM.MARIST.EDU
Subject: RE: 8.1.2 client and 7.1.7 servers

Hi Zoltan!
The page http://www-01.ibm.com/support/docview.wss?uid=swg21053218 shows that 
the SP 8.1.2 client is supported with all 8.1 and 7.1 servers. I have never 
encountered issues with down-leveled clients in my 20+ years of TSM history.
Kind regards,
Eric van Loon
Air France/KLM Storage Engineering

-Original Message-
From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Zoltan 
Forray
Sent: dinsdag 22 augustus 2017 15:03
To: ADSM-L@VM.MARIST.EDU
Subject: 8.1.2 client and 7.1.7 servers

Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?  I haven't 
had the chance to test such a configuration (since my lone test server is at 
8.1.1) and with the dire-warnings in the readme docs, I made sure everyone on 
my staff knows to NOT install 8.1.2 clients.

From the readme/docs:

Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before you upgrade 
the backup-archive clients.



If you do not upgrade your servers first, communication between servers and 
clients might be interrupted.


--
*Zoltan Forray*
Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor 
Administrator VMware Administrator Virginia Commonwealth University UCC/Office 
of Technology Services www.ucc.vcu.edu zfor...@vcu.edu - 804-828-4807 Don't be 
a phishing victim - VCU and other reputable organizations will never use email 
to request that you reply with your password, social security number or 
confidential personal information. For more details visit 
http://infosecurity.vcu.edu/phishing.html

For information, services and offers, please visit our web site: 
http://www.klm.com. This e-mail and any attachment may contain confidential and 
privileged material intended for the addressee only. If you are not the 
addressee, you are notified that no part of the e-mail or any attachment may be 
disclosed, copied or distributed, and that any other action related to this 
e-mail or attachment is strictly prohibited, and may be unlawful. If you have 
received this e-mail by error, please notify the sender immediately by return 
e-mail, and delete this message. 

Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its 
employees shall not be liable for the incorrect or incomplete transmission of 
this e-mail or any attachments, nor responsible for any delay in receipt. 
Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch 
Airlines) is registered in Amstelveen, The Netherlands, with registered number 
33014286

Re: 8.1.2 client and 7.1.7 servers

[Loon, Eric van (ITOPT3) - KLM]

Hi Zoltan!
The page http://www-01.ibm.com/support/docview.wss?uid=swg21053218 shows that 
the SP 8.1.2 client is supported with all 8.1 and 7.1 servers. I have never 
encountered issues with down-leveled clients in my 20+ years of TSM history.
Kind regards,
Eric van Loon
Air France/KLM Storage Engineering

-Original Message-
From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Zoltan 
Forray
Sent: dinsdag 22 augustus 2017 15:03
To: ADSM-L@VM.MARIST.EDU
Subject: 8.1.2 client and 7.1.7 servers

Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?  I haven't 
had the chance to test such a configuration (since my lone test server is at 
8.1.1) and with the dire-warnings in the readme docs, I made sure everyone on 
my staff knows to NOT install 8.1.2 clients.

From the readme/docs:

Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before you upgrade 
the backup-archive clients.



If you do not upgrade your servers first, communication between servers and 
clients might be interrupted.


--
*Zoltan Forray*
Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor 
Administrator VMware Administrator Virginia Commonwealth University UCC/Office 
of Technology Services www.ucc.vcu.edu zfor...@vcu.edu - 804-828-4807 Don't be 
a phishing victim - VCU and other reputable organizations will never use email 
to request that you reply with your password, social security number or 
confidential personal information. For more details visit 
http://infosecurity.vcu.edu/phishing.html

For information, services and offers, please visit our web site: 
http://www.klm.com. This e-mail and any attachment may contain confidential and 
privileged material intended for the addressee only. If you are not the 
addressee, you are notified that no part of the e-mail or any attachment may be 
disclosed, copied or distributed, and that any other action related to this 
e-mail or attachment is strictly prohibited, and may be unlawful. If you have 
received this e-mail by error, please notify the sender immediately by return 
e-mail, and delete this message. 

Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its 
employees shall not be liable for the incorrect or incomplete transmission of 
this e-mail or any attachments, nor responsible for any delay in receipt. 
Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch 
Airlines) is registered in Amstelveen, The Netherlands, with registered number 
33014286