DMS cluster : gRPC vs Remoting (intra-DMS comms)

Solved1.89K viewsadl2099 DMS
0
0 Comments

Hi Dojo,
Some clarifications needed, please.
I'm comparing the two possible configurations shown in this section of the documentation:

a) gRPC - using 443 between the DMAs

b) .Net remoting via 8004

1) When upgrading to 10.3.0, can a DMS cluster still run without enabling the gRPC port?
2) Once 443 is open at FW level, is there any DMA configuration to be operated to switch to gRPC?
If so, where? Or would 10.3.0 require the gRPC automatically?

I read "recommended" - hence trying to understand what's viable in future.
Thanks

Alberto De Luca [DevOps Enabler] Selected answer as best 12th August 2023

2 Answers

3
4.87K 1 Comment

Hi Alberto,

1) When upgrading to 10.3.0, can a DMS cluster still run without enabling the gRPC port?
Yes, as Seppe mentioned the default communication channel is still .NET Remoting over port 8004. Note that from a DataMiner perspective, the "gRPC port" is enabled by default: the APIGateway service is installed and running, and TCP port 443 is shared by IIS. It's only in the firewall that access to port 443 may be blocked.

2) Once 443 is open at FW level, is there any DMA configuration to be operated to switch to gRPC?
Yes, there are 2 ways to start using gRPC:

  • for clients (e.g. DataMiner Cube) you can enable gRPC by configuring it in the ClientSettings.txt file on each agent:
    * type=GRPCConnection
    see docs
  • for inter-DMA communication you can either
    - configure gRPC in <Redirect> tags in DMS.xml of each agent.
    On a larger cluster this can be a lot of work (adding N-1 tags to N files) so I would recommend doing this with the SLNetClientTest tool which has a UI for that via the menu Advanced > Edit Connection Uris
    see DMS.xml docs and SLNetClientTest docs
    - disable .NET Remoting in MaintenanceSettings.xml
    If .NET Remoting is disabled here, inter-DMA communication will automatically use gRPC without the need of <Redirect> tags in DMS.xml
    see docs
Alberto De Luca [DevOps Enabler] Selected answer as best 12th August 2023
Alberto De Luca [DevOps Enabler] commented

Thanks for the thorough feedback, Bert – much appreciated!
3
2.21K 1 Comment

Hi Alberto,

.NET Remoting is still the default method of communication for all DataMiner versions which are currently supported. However, we recommend switching to gRPC  when running DataMiner 10.3.6/10.3.0 or newer, because gRPC is more secure. gRPC will become the default method of communication in future versions (probably starting from the next main release).

If you would want to switch to using gRPC, I would recommend to have a look at the sections on secure client-server and server-server communication in the DataMiner hardening guide, since these will point you in the right direction on how to switch from .NET Remoting to gRPC.

Alberto De Luca [DevOps Enabler] Posted new comment 12th August 2023
Alberto De Luca [DevOps Enabler] commented

Great, Seppe
that’s the kind of answer I was looking for 😉
So we’ll look into having the gRPC prerequisites specified in time for configuration with improved security.

Kinda hard to select the best answer now (^_^)
You guys are top guns!

Thank you!