> Software > CommCell Configuration > Network > Network Configurations

Enabling and Encrypting Automatic Tunneling

You can enable, disable, and encrypt automatic tunneling for a client computer or client group.

Note the following:

  • Automatic tunneling is enabled by default.

  • Automatic tunneling uses HTTPS tunnel protocol encryption by default. To change the tunnel protocol, use the nAUTO_TUNNEL_PROTO additional setting (described below).

  • All control traffic uses tunnel.

  • If the MediaAgent CVD is open in the network (port 8400), pipeline/data traffic uses a direct connection. On failure, it uses tunnel.

  • To force automatic tunneling to route all traffic via tunnel, use the nCLNT_FORCE_TUNNEL additional setting (described below). With nCLNT_FORCE_TUNNEL set to 1, all traffic will always use the tunnel by default, whether a direct connection is available or not.

  • The nCLNT_FORCE_TUNNEL additional setting forces network traffic to go through a single tunnel port. The tunnel port is equal to the port number of the CVD plus 3. For example, if the port number of the CVD is 8400, then the tunnel port equals 8403.

  • When network routes are not explicitly defined, automatic tunneling (or forced tunneling via the nCLNT_FORCE_TUNNEL additional setting) is used.

Before You Begin

Verify that the tunnel port is reachable from both sides.

Procedure

  1. To disable automatic tunneling, add the nCLNT_FORCE_TUNNEL additional setting (with a value of 0) to a client computer or to a client group as shown in the following table.

    For information about adding an additional setting from the CommCell Console, see Adding an Additional Setting from the CommCell Console.

    Additional setting

    Category

    Type

    Value

    nCLNT_FORCE_TUNNEL

    Firewall

    Integer

    • 0: Do not enforce automatic tunneling

    • 1: (Default) Enforce automatic tunneling

    Note

    If you upgrade a client that is at Feature Release 11.21 or earlier to Feature Release 11.22 or later, the default value of the nCLNT_FORCE_TUNNEL additional setting is 0. To enforce automatic tunneling on upgraded clients, delete this key.

  2. To change automatic tunneling encryption, add the nAUTO_TUNNEL_PROTO additional setting to a client or to a client group as shown in the following table.

    For information about adding an additional setting from the CommCell Console, see Adding an Additional Setting from the CommCell Console.

    Additional setting

    Category

    Type

    Value

    nAUTO_TUNNEL_PROTO

    Firewall

    String

    • HTTP (Regular): This is the standard application protocol. It optimizes data transfer performance.

    • HTTPS (Encrypted): (Default) This protocol encrypts and authenticates the connections between CommCell components through Secure Socket Layer (SSL).

    • HTTPSA (Authenticated): In this configuration, the HTTPS protocol is used to encrypt the initial communication between CommCell components. Once the communication is authenticated, the tunnel connection switches to HTTP, to optimize data transfer performance.

    • Raw: Use this option to transmit data and control traffic using TCP packets without any form of encapsulation.

Page contents

×

Loading...