brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From drigodwin <...@git.apache.org>
Subject [GitHub] brooklyn-docs pull request #129: Update: winrm connectivity limitations
Date Thu, 19 Jan 2017 13:00:06 GMT
Github user drigodwin commented on a diff in the pull request:

    https://github.com/apache/brooklyn-docs/pull/129#discussion_r96854401
  
    --- Diff: guide/yaml/winrm/index.md ---
    @@ -513,13 +513,14 @@ Additional logs may be created by some Windows programs. For example,
MSSQL crea
     Known Limitations
     -----------------
     
    -### Use of Unencrypted HTTP
    +WinRM 2.0 supports encryption mechanisms on top of HTTP. However those are not supported
in Apache Brooklyn.
    +For production adoptions please make sure you follow Microsoft Guidelines https://msdn.microsoft.com/en-us/library/ee309366(v=vs.85).aspx
     
    -Brooklyn is currently using unencrypted HTTP for WinRM communication. This means that
the login credentials will be
    -transmitted in clear text.
    +### Apache Brooklyn limitations on using WinRM over HTTP and HTTPS
     
    -In future we aim to improve Brooklyn to support HTTPS. However this requires adding support
to the underlying 
    -WinRM library, and also involves certificate creation and verification.
    +By default Apache Brooklyn is currently using unencrypted HTTP for WinRM communication.
It does not support encrypted HTTP for WinRM.
    +
    +HTTPS is supported but there is no mechanism of specifying certificates to trust to.
    --- End diff --
    
    I would remove the line - It does not support encrypted HTTP for WinRM.
    
    and change this to - HTTPS is supported but there is no mechanism of specifying which
certificates to trust. Currently Apache Brooklyn will accept any certificate used in a HTTPS
WinRM connection.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message