While removing newer version of Java and installing older versions probably fixes this in most cases, do you really want to run version of software that have known vulnerabilities in them?
I think that companies like NETAPP, EMC, DELL, HP, etc, etc., need to be accountable for staying current. They need to upgrade the applications regularly to stay compatible with the platforms they develop in. The days of write it once and forget it are long gone. The threat vectors have changed and continue to change on a daily basis.
If I had machine that was dedicated to doing nothing other managing storage, network and servers, that never saw any portion of the production network and was isolated 100% from the internet, perhaps leaving archaic versions of depreciated software out there would be an option. The days of doing business this way are also long gone.
Cannot speak for everyone of course, but I don’t have the real-estate on my desk and have no desire to run up down the hall to my MDF every time I want to manage something in the environment.
To clarify, I am 100% in agreement with Chuck. There is no excuse for NetApp not supporting Java 8 when it has been out for this long. In our organization, running outdated versions of Java is unacceptable. Following the steps above, I was able to install the System Manager, then install Java 8, and remove 7--and the entire thing works fine. The big key I believe is that our filers did not have TLS enabled. We removed SSL support from our environment when the Poodle vulnerability was made known. Unfortunately, we did not realize this until going through these steps. We couldn't get it to work no matter what version of Java was installed.
Also--our complex password works just fine 🙂 No reason to use a simple password.
I am running 8.31 64-bit and using the steps I provided in my earlier post, I have everything work with SSL/TLS.
Now, granted, there is no 100% garuntee that it works for 100% of everyone. There are other considerations such as individula security settings in the JAVA. I have all of my filers (both by IP address and by host name) as trusted sites in my browser and in JAVA.
That's odd--I am running it just fine with 8u31. I only needed to have 7 present to get through the System Manager installation, which will stop if you do not have 7 installed. After installation, I removed 7 completely and it is still running.
The steps to turn off unsecure http admin, reset the certificate setup, and enable TLS made the difference for us.
I think what the industry should have learned a long time ago is that Java on the client side is an absolute mess for many of the reasons already stated here. It is not a system to be able to allow any device any software to be able to work. I would have to have 5-10 vm's just for the different software that requires different versions. Netapp and others please upgrade to other tech. One that comes to mind would be HTML 5 .net or just pick something beside the proven to fail java! Don't care if this is what you call "political". It's not its a call for using tech that works.