I know this has been talked about much on this forum. But this is bit different this time.
We know historically an SSL session can not be statefully failed-over to a CSS or to any device for that matter.
Technically not completely true as there was an unhealthy way of doing this, just by duplicating the rsa/cert pair of one CSS to any number of devices as you like, but it was bit of unethical plus few security related issues that might arise in future like what if a duplicated cert is compromised at one place.
However, Verisign has now(?) started issuing SSL certs meant for multi installations, meaning you can actually/legally duplicate the same rsa key & cert pair across to a failover CSS with in a site. This move has open the doors wherein you can statefullly faiolver an SSL sessions.
I am wondering what Cisco's version on this technical possibility.
To copy SSL certs and key export the certs and keys off then import them to the second CSS.This can be done by the commands copy ssl ftp your-ftp-record export yourcert.pem ?password? and copy ssl ftp your-ftp-record import yourcert.pem ?password?.
You CAN currently replicate cert/key to the standby CSS. This is legal. This not a security issue.
This has to be done manually so.
From an external user point of view, the 2 CSS form a single unit anyway. This is why it is ok to use the same cert on both.
However, that does not mean that failover is stateful. It just guarantees that upon failover, the new active CSS can accept NEW SSL connections. But the active connections will be dropped because the CSS does not have mechanism to continue an encrypted session in the middle.
This is because an SSL session start by negotiating a shared key and other parameters that the standby is not aware of.
So, your new verisign cert does not apply to this case.
Usually, we can access ESXi Shell by pressing Alt+F1 from ESXi DCUI (Direct Console User Interface).
But on HyperFlex system, it just shows black window.
This is expected behavior because HyperFlex redirects ESXi Shell output to SoL...
Configuring an Export Policy Using the GUI
This procedure explains how to configure an Export policy using the APIC GUI. Follow these steps to trigger a backup of your data:
On the menu bar, choose Admi...
RBAC users like email@example.com may fail HX Connect login. At that time, "Incorrect user name or password(100005)" is shown as a failure reason.
RBAC users can login to vCenter server. So, RBAC username and passwo...