On Jul 17, 2020, at 11:01 AM, Rupert St John Webster <[email protected]> wrote: Jake & Anthony thanks for the comments, much appreciated. We are going to work on the “defense in depth” approach in the long run. Can you elaborate on this? Meanwhile can I ask do you know if the native client will support the SNI proxy approach? I known there is a group working on a solution, though I think they are hung up on trying to fix some other things prior to and if proxy support. It’s unlikely it will make the 1.13 cut. Finally, I guess an answer to the stack overflow question<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstackoverflow.com%2Fquestions%2F62921394%2Fusing-stunnel-for-apache-geode-net-client-ssl-connection-to-server&data=02%7C01%7Cjabarrett%40vmware.com%7Cbc9286bfe7664e4188fa08d82a7b5ca5%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C1%7C637306056625106704&sdata=RJ8sj20g49P3urHECepZXNgfE1MZCvB0AhqS7itS7XY%3D&reserved=0> is it’s possible using DNS entries, but not recommended as a robust solution. I shall have a go later and update. Yes split horizon DNS can solve this. Your lan1 would have all the locator and server names resolve to the stunnel ip. The stunnel would need to listen on all the ports for locators and severs. This also means that locators and servers in lan2 must use unique ports across the cluster, not just their ip. By the way, what’s the UML tool you have there?! I’ve been looking for one for some time ☺ It’s a crusty but functional tool. It is supported by a few IDEs and document rendering engines. https://plantuml.com/ -Jake
