UPS management in slave mode

[mathieu]

Well...
According to my reseller and tests i made, i choosed NAS-XSR Entreprise edition to have entreprise features, unfortunately, i missed the UPS management point cause i was thinking it is obvious, but i should have seen that network management was not implemented with MGE models, that's clearly my fault.
But, it sounds reasonnable to implement network UPS management in an "enterprise" product cause entreprise usually have several servers and usually protects them with an UPS where slave/master network mode is used.
Also i've bought Entreprise edtion 2 months ago and i can't upgrade to R3 soon.

Finally, if you can implement network MGE management in XSR edition, please do it ! cause the 2 problem i got actually affecting two major features are enough significant :
- Network management of MGE UPS's
- The NAS-XSR entreprise edition secure FTP server is unreachable by firewall protected clients if Open-e server is firewall protected
And i'm afraid that it will cause my projects leaders to tell me to put the Open-e ROM into the trash bin, as we can't have a production server with 8To of data without a working FTP server and not UPS protected.

Thanks for your attention.
---
Mathieu

[To-M]

Mathieu,

Concerning the MGE UPS issue I understand your level of frustration. We do provide updates for our versions not just everyday as this is not efficient. I would also like to point out that we do provide a 30 day Demo-CD of all our versions for testing to understand how our products work in your environment. If this is still not enough to provide you then please provide your contact information and I will have some one contact you concerning the R-3.

Now SFTP works on SSL encrypted channel and in coming connections are on port 21, but out going is on 1024-65536 ports. If you want to have advantages of SFTP over SSL/TSL, please use a Windows client for example FileZilla, IgloFTP (Windows and Linux)
and SSLFTP (Linux console client).

Again please provide me with your information so that we can contact you.

[mathieu]

You are right i'm quite frustrated
And you are right i didn't do my job by verifying with the demo CD if every features useful for me were in the product i was evaluating.
I feel quite bad about myself on this point... but i still think you are facing an "entreprise" feature problem which should be in an "entreprise" solution.

Concerning the SFTP (maybe we should open a new thread from here...), i'm actually running NAS-XSR Entreprise version 3.08.XE00000000.2145 and have the firewall problem i speak of, maybe it is already corrected in an update, but i haven't seen anything about this in the updates changelog.

The FTP problem is a complex problem (I have already spent many hours studying SFTP with NAT to solve this issue), you are saying that i must open ports 1024 to 65536 on my firewall for the FTP server to answer which is completely crazy for a network administrator. (I'm sure you will agree)
BUT there is also another problem, the NAS FTP server sends its own internal IP address, so the client still cannot connect throught the worldwideweb.

I had a very interesting talk by email with "Bruce" from your mail support team in November (See issue RefID#10004112) and he agree with me about this.
I also ask him about putting the following configuration parameters in your proftpd.conf :

Code:

MasqueradeAddress  ftp.mydomain.com
PassivePorts     65530 65535

Which will allow the FTP server to send his external IP address instead of the intenal one like it is done actually, it also allow the NAS admin to define on which port the FTP server will answer to the clients, such allowing the network admin to open only a few and dedicated ports.

I'm not an FTP expert so tell me if i am wrong.

PS : I'm sure you will find my contact information in my profile on this forum or in the support RefID provided above.

Thanks for your help.

#################################################

You will find below explanation i give by email to your mail support team to explain my understanding of the SFTP problem :

Code:

Case 1 : Client is in passive mode
---------------------------------------------------- 
The client connect and then, receive the following message :
 
    [17:03:30] Command:    PASV
    [17:03:30] Response:    227 Entering Passive Mode (192,168,1,10,136,254).
    [17:03:30] Command:    LIST
    [17:03:51] Error:    Transfer channel can't be opened.
 
We can see here that the NAS server sends its internal IP address and some random TCP port for the client to connect to, but the IP is an internal IP and the TCP port are so random that i can't open them on the firewall.
I guess it would work if i could modify the following proftp server variables :
 
    MasqueradeAddress    ftp.mydomain.com
    PassivePorts         60000 65535
 
Then i could open the 60000-65535 TCP ports onto my firewall, to allow passive communication with the client.
 
Case 2 : Client is in active mode
--------------------------------------------------
The client connect and then, receive the following message :
 
    [17:04:23] Status:    Connected
    [17:04:23] Status:    Retrieving directory listing...
    [17:04:23] Command:    PWD
    [17:04:23] Response:    257 "/" is current directory.
    [17:04:23] Command:    TYPE A
    [17:04:23] Response:    200 Type set to A
    [17:04:23] Command:    PORT 192,168,2,126,16,46
    [17:04:23] Response:    500 Illegal PORT command
    [17:04:23] Error:    Could not retrieve directory listing
 
Here, the message "Illegal PORT command" tells the client to activate "passive mode", and i'm back in case 1.
 
Documentations used :
-------------------------------------
 * http://slacksite.com/other/ftp.html
 * http://www.castaglia.org/proftpd/doc...HOWTO-NAT.html
 * http://www.castaglia.org/proftpd/doc...HOWTO-TLS.html
 * http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
 * http://support.ipswitch.com/kb/WS-19980722-BK01.htm
 * http://support.ipswitch.com/kb/WS-20001228-DM04.htm

[To-M]

Mathieu,

I have reviewed the case from support and Bruce is correct on this matter with sFTP, that we cannot do anything with this issue until plans for our future releases. At this point I would like you to contact our sales person at 49 (89) 800777-0 to possibly resolve your upgrade opportunities for future developments of the UPS issue with R-3. But I do not know when the update for this will be as no set date has been identified.

[jparis]

Hi,

I have the same problem as Mathieu, one brand new big MGE UPS that can communicate with all the equipment in the rack but the XSR Enterprise. And I agree point by point with all Mathieu said. When you buy a "enterprise" product you think on the 'full' thing (This is what I was thinking when I recommended it for my company). I rely on MGE because their basic communication systems works great and easy on PC's, MAC's and so on and it's very reliable, I tried APC some time ago and I find it less reliable.

I beg you to think about implementing the 'server' or the 'client' mode for MGE in your product.

Maybe R-3 is better and so on, it's OK because it's a new product and must be better that the old one, but why abandon XSR Enterprise? It was your flagship only some months ago... I bought it 6 months ago and now you are saying that, maybe, you will never implement the support for MGE ups slave or master mode... It's frustrating...

Thanks in advance.
Jparis

[To-M]

I realize the frustration level, but currently the main developments are in R-3 and as for the NAS XSR Enterprise I have no time table as if there will updates to fix this currently. The reason for R-3 is because it is based on our DSS engine - meaning one update will be for all R-3 updates including SOHO, SMB and iSCSI R-3 family. Instead for each independent update for all products of the XSR family.