SPS connection policies

Hello,

I configured two different SPS connections under "SSH Control". Is it possible to make them both work using SPP initiated workflow? This question because when I create the ARP on the SPP, the only options showed under SPS connection policy are "safeguard_default" and "SPS initiated workflow". How is it possible to add the connection created on the SPS to the SPP?

Thank you

Parents
  • Hi,

    When you join SPP and SPS, the SSH connection policy (safeguard_default) is auto generated and used by default for SSH sessions on port 22

    SPS checks connection policies from top in order and so if the first connection policy matches then it wins the session and no other connection policies will be used if assigned the same port.

    Therefore, it would not be possible to use two SPS connection policies with the same port as only the first one would win always.

    Not clear on the use-case you are looking to implement with two connection policies for SSH sessions but i would suggest consulting with PSO team on new configurations for a solution based on what you are looking to accomplish.

    Thanks!

  • Hello Tawfiq,

    let me explain better the use case! 

    My aim is to create and test a new channel policy that is connected to a new content policy (the term "new" means that it is not part of the safeguard_default connection). So, I created a different SSH connection, test_connection, and I inserted the same info as the safeguard_default one, except for the content policy.

    The problem now is that as I try to connect to a target (using SPP initiated workflow), safeguard default is always the chosen connection. Even though I moved up the lastly created row on the SPS connections portal, I'm not able to let this connection be taken. 

    So I wondered if is it necessary to make same change on the SPP side, maybe changing the "Entitlement > ARP > Security tab > SPS connection policy" but I only see the safeguard_default one.

    Hope I was clear enough, thank you!

Reply
  • Hello Tawfiq,

    let me explain better the use case! 

    My aim is to create and test a new channel policy that is connected to a new content policy (the term "new" means that it is not part of the safeguard_default connection). So, I created a different SSH connection, test_connection, and I inserted the same info as the safeguard_default one, except for the content policy.

    The problem now is that as I try to connect to a target (using SPP initiated workflow), safeguard default is always the chosen connection. Even though I moved up the lastly created row on the SPS connections portal, I'm not able to let this connection be taken. 

    So I wondered if is it necessary to make same change on the SPP side, maybe changing the "Entitlement > ARP > Security tab > SPS connection policy" but I only see the safeguard_default one.

    Hope I was clear enough, thank you!

Children
  • If the SPS connection policy does not appear on the SPP side then there is possibly some missing configuration on the SPS side > SPS connection policy.

    Did you enable the checkbox "Share connection policy with SPP" inside of the new SPS connection policy?

    Are you planning on using both connection policies at the same time? if so that would not work if both are using the same port number.

    Thanks!