Best Practice for Operations Masters physical vs. virtual.

Similar Messages

• (Request for:) Best practices for setting up a new Windows Server 2012 r2 Hyper-V Virtualized AD DC

  Could you please share your best practices for setting up a new Windows Server 2012 r2 Hyper-V Virtualized AD DC, that will be running on a new WinSrv 2012 r2 host server.   (This
  will be for a brand new network setup, new forest, domain, etc.)
  Specifically, your best practices regarding:
  the sizing of non virtual and virtual volumes/partitions/drives,  
  the use of sysvol, logs, & data volumes/drives on hosts & guests,
  RAID levels for the host and the guest(s),  
  IDE vs SCSI and drivers both non virtual and virtual and the booting there of,  
  disk caching settings on both host and guests.  
  Thanks so much for any information you can share.

  A bit of non essential additional info:
  We are small to midrange school district who, after close to 20 years on Novell networks, have decided to design and create a new Microsoft network and migrate all of our data and services
  over to the new infrastructure .   We are planning on rolling out 2012 r2 servers with as much Hyper-v virtualization as possible.
  During the last few weeks we have been able to find most of the information we need to undergo this project, and most of the information was pretty solid with little ambiguity, except for
  information regarding virtualizing the DCs, which as been a bit inconsistent.
  Yes, we have read all the documents that most of these posts tend point to, but found some, if not most are still are referring to performing this under Srvr 2008 r2, and haven’t really
  seen all that much on Srvr2012 r2.
  We have read these and others:
  Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100), 
  Virtualized Domain Controller Technical Reference (Level 300),
  Virtualized Domain Controller Cloning Test Guidance for Application Vendors,
  Support for using Hyper-V Replica for virtualized domain controllers.
  Again, thanks for any information, best practices, cookie cutter or otherwise that you can share.
  Chas.

• Best practice for use of spatial operators

  Hi All,
  I'm trying to build a .NET toolkit to interact with Oracles spatial operators. The most common use of this toolkit will be to find results which are within a given geometry - for example select parish boundaries within a county.
  Our boundary data is high detail, commonly containing upwards of 50'000 vertices for a county sized polygon.
  I've currently been experimenting with queries such as:
  select
  from
  uk_ward a,
  uk_county b
  where
  UPPER(b.name) = 'DORSET COUNTY' and
  sdo_relate(a.geoloc, b.geoloc, 'mask=coveredby+inside') = 'TRUE';
  However the speed is unacceptable, especially as most of the implementations of the toolkit will be web based. The query above takes around a minute to return.
  Any comments or thoughts on the best practice for use of Oracle spatial in this way will be warmly welcomed. I'm looking for a solution which is as quick and efficient as possible.

  Thanks again for the reply... the query currently takes just under 90 seconds to return. Here are the results from the execution plan ran in sql*:
  Elapsed: 00:01:24.81
  Execution Plan
  Plan hash value: 598052089
  | Id | Operation | Name | Rows | Bytes | Cost (%CPU)| Time |
  | 0 | SELECT STATEMENT | | 156 | 46956 | 76 (0)| 00:00:01 |
  | 1 | NESTED LOOPS | | 156 | 46956 | 76 (0)| 00:00:01 |
  |* 2 | TABLE ACCESS FULL | UK_COUNTY | 2 | 262 | 5 (0)| 00:00:01 |
  | 3 | TABLE ACCESS BY INDEX ROWID| UK_WARD | 75 | 12750 | 76 (0)| 00:00:01 |
  |* 4 | DOMAIN INDEX | UK_WARD_SX | | | | |
  Predicate Information (identified by operation id):
  2 - filter(UPPER("B"."NAME")='DORSET COUNTY')
  4 - access("MDSYS"."SDO_INT2_RELATE"("A"."GEOLOC","B"."GEOLOC",'mask=coveredby+i
  nside')='TRUE')
  Statistics
  20431 recursive calls
  60 db block gets
  22432 consistent gets
  1156 physical reads
  0 redo size
  2998369 bytes sent via SQL*Net to client
  1158 bytes received via SQL*Net from client
  17 SQL*Net roundtrips to/from client
  452 sorts (memory)
  0 sorts (disk)
  125 rows processed
  The wards table has 7545 rows, the county table has 207.
  We are currently on release 10.2.0.3.
  All i want to do with this is generate results which fall in a particular geometry. Most of my testing has been successful i just seem to run into issues when querying against a county sized polygon - i guess due to the amount of vertices.
  Also looking through the forums now for tuning topics...

• Best practices for implementing OIM

  We plan on putting OIM servers behind LB (hardware). When I develop OIM client I am required to specify OIM endpoint(s) via property java.naming.provider.url. In case of LB I'd specify a virtual host there. The question is what is the best practice for configuring LB - timeout, persistence, monitoring? I don think LB vendor is relevant, but just in case, I have a choice of F5 BigIP and Citrix Netscaler.
  My understanding is that Java class tcUtilityFactory is supposed to be instantiated once (in a web client) and maintain the connection, but LB will close the connection after timeout is exceeded. So another question is if I want to use LB I have to take care of rebuilding connection when it is expired, or open/close connection every time tcUtilityFactory is needed. Any advice will be appreciated.
  Thanks,
  Alex

  No i was not going to sync timeouts - just let it close connections after say, 5 min of inactivity. The reason is that performance data is horrible - from my desktop environment, initialization takes almost 9 sec, while reading data from OIM - only 150 milliseconds. I can't afford more than .5 sec on the whole OIM operation, as we are talking about customer experience.
  Thanks,
  Alex

• Best Practices for Implementing Cryptographic VPN

  With Marcin Latosiewicz
  Welcome to the Cisco Support Community Ask the Expert conversation.  This  is an opportunity to learn and ask questions about implementing cryptographic VPN and how to prepare it for the future with expert Marcin Latosiewicz. 
  Marcin will share his best practices for implementing cryptographic VPN as well as advise those customers who are looking to build a new or update their existing setups how to maximize their potential.  Additionally, Marcin will provide insight into which technologies could be applicable for new deployments and exciting new technologies that will be available in the next few months. 
  Marcin Latosiewicz is a customer support engineer at the Cisco®  Technical Assistance Center in Belgium, with more than 6 years of  experience with Cisco Security products and technologies including  IPsec, VPN, internetworking appliances, network and system security,  Internet services, and  Cisco networking equipment. Prior to joining Cisco, he operated, administered, and ran UNIX and Microsoft networks for 14 years. Latosiewicz holds bachelors and masters degrees in engineering from Warsaw University of Technology. He also holds CCIE® certification in Security (No. 25784) and CCDP® certification.
  Remember to use the rating system to let Marcin know if you've received an adequate response. 
  Because of the volume expected during this event, Marcin might not be able to answer every question. Remember that you can continue the conversation in the Security community, subcommunity, VPN, shortly after the event. This event lasts through September 20, 2013. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.

  Jouni,
  Good question. And answer is complex, there is in depth and there is in depth.
  Most people would be satisfied by reading a summary of all the different components - encryption, hashing, signing, PKI, how IPsec and SSL/TLS work. This group also counts most of security CCIEs.
  To this extent CCIE Security Study Guide (by Henry Benjamin) was a good read, if a bit outdated today.
  Most people who are in depth will look first into specification.
  RFC 4301 (IPsec architecture)
  RFC 2246 (TLS 1.0)
  Are a good start and contain references to other documents worth reading.
  This is where the good folks will base their knowledge of off.
  The really in depth people will look into the math behind it and will conquer topics like
  Elliptic Curve Crypto ( http://en.wikipedia.org/wiki/Elliptic_curve_cryptography ) and difference between CCM, GCM and CCB, to which you have really good materials published by universities.
  There are relatively a few who know this.
  To start with I can suggest:
  - http://www.cl.cam.ac.uk/~rja14/book.html (Ross' Anderson book is free, informative and suprisngly entertaining, this is a definitely a must-read for security/VPN).
  - Have a look at books recommended by Richard Bejtlich or Bruce Scheiner - while they might not be VPN specific it's a good security read most of the time.
  I'll have a look at the books at home see which one can be interesting to read, and edit this post.
  M.

• Best Practice for Securing Web Services in the BPEL Workflow

  What is the best practice for securing web services which are part of a larger service (a business process) and are defined through BPEL?
  They are all deployed on the same oracle application server.
  Defining agent for each?
  Gateway for all?
  BPEL security extension?
  The top level service that is defined as business process is secure itself through OWSM and username and passwords, but what is the best practice for security establishment for each low level services?
  Regards
  Farbod

  It doesnt matter whether the service is invoked as part of your larger process or not, if it is performing any business critical operation then it should be secured.
  The idea of SOA / designing services is to have the services available so that it can be orchestrated as part of any other business process.
  Today you may have secured your parent services and tomorrow you could come up with a new service which may use one of the existing lower level services.
  If all the services are in one Application server you can make the configuration/development environment lot easier by securing them using the Gateway.
  Typical probelm with any gateway architecture is that the service is available without any security enforcement when accessed directly.
  You can enforce rules at your network layer to allow access to the App server only from Gateway.
  When you have the liberty to use OWSM or any other WS-Security products, i would stay away from any extensions. Two things to consider
  The next BPEL developer in your project may not be aware of Security extensions
  Centralizing Security enforcement will make your development and security operations as loosely coupled and addresses scalability.
  Thanks
  Ram

• Best practice for integrating a 3 point metro-e in to our network.

  Hello,
  We have just started to integrate a new 3 point metro-e wan connection to our main school office. We are moving from point to point T-1?s to 10 MB metro-e. At the main office we have a 50 MB going out to 3 other sites at 10 MB each. For two of the remote sites we have purchase new routers ? which should be straight up configurations. We are having an issue connecting the main office with the 3rd site.
  At the main office we have a Catalyst 4006 and at the 3rd site we are trying to connect to a catalyst 4503.
  I have attached configurations from both the main office and 3rd remote site as well as a basic diagram of how everything physically connects. These configurations are not working ? we feel that it is a gateway type problem ? but have reached no great solutions. We have tried posting to a different forum ? but so far unable to find the a solution that helps.
  The problem I am having is on the remote side. I can reach the remote catalyst from the main site, but I cannot reach the devices on the other side of the remote catalyst however the remote catalyst can see devices on it's side as well as devices at the main site.
  We have also tried trunking the ports on both sides and using encapsulation dot10q ? but when we do this the 3rd site is able to pick up a DHCP address from the main office ? and we do not feel that is correct. But it works ? is this not causing a large broad cast domain?
  If you have any questions or need further configuration data please let me know.
  The previous connection was a T1 connection through a 2620 but this is not compatible with metro-e so we are trying to connect directly through the catalysts.
  The other two connection points will be connecting through cisco routers that are compatible with metro-e so i don't think I'll have problems with those sites.
  Any and all help is greatly welcome ? as this is our 1st metro e project and want to make sure we are following best practices for this type of integration.
  Thank you in advance for your help.
  Jeff

  Jeff, form your config it seems you main site and remote site are not adjacent in eigrp.
  Try adding a network statement for the 171.0 link and form a neighbourship between main and remote site for the L3 routing to work.
  Upon this you should be able to reach the remote site hosts.
  HTH-Cheers,
  Swaroop

• Best Practices for new iMac

  I posted a few days ago re failing HDD on mid-2007 iMac. Long story short, took it into Apple store, Genius worked on it for 45 mins before decreeing it in need of new HDD. After considering the expenses of adding memory, new drive, hardware and installation costs, I got a brand new iMac entry level (21.5" screen,
  2.7 GHz Intel Core i5, 8 GB 1600 MHz DDR3 memory, 1TB HDD running Mavericks). Also got a Superdrive. I am not needing to migrate anything from the old iMac.
  I was surprised that a physical disc for the OS was not included. So I am looking for any Best Practices for setting up this iMac, specifically in the area of backup and recovery. Do I need to make a boot DVD? Would that be in addition to making a Time Machine full backup (using external G-drive)? I have searched this community and the Help topics on Apple Support and have not found any "checklist" of recommended actions. I realize the value of everyone's time, so any feedback is very appreciated.

  OS X has not been officially issued on physical media since OS X 10.6 (arguably 10.7 was issued on some USB drives, but this was a non-standard approach for purchasing and installing it).
  To reinstall the OS, your system comes with a recovery partition that can be booted to by holding the Command-R keys immediately after hearing the boot chimes sound. This partition boots to the OS X tools window, where you can select options to restore from backup or reinstall the OS. If you choose the option to reinstall, then the OS installation files will be downloaded from Apple's servers.
  If for some reason your entire hard drive is damaged and even the recovery partition is not accessible, then your system supports the ability to use Internet Recovery, which is the same thing except instead of accessing the recovery boot drive from your hard drive, the system will download it as a disk image (again from Apple's servers) and then boot from that image.
  Both of these options will require you have broadband internet access, as you will ultimately need to download several gigabytes of installation data to proceed with the reinstallation.
  There are some options available for creating your own boot and installation DVD or external hard drive, but for most intents and purposes this is not necessary.
  The only "checklist" option I would recommend for anyone with a new Mac system, is to get a 1TB external drive (or a drive that is at least as big as your internal boot drive) and set it up as a Time Machine backup. This will ensure you have a fully restorable backup of your entire system, which you can access via the recovery partition for restoring if needed, or for migrating data to a fresh OS installation.

• Networking "best practice" for setting up a farm

  Hi all.
  We would like to set an OracleVM farm, and I have a question about "best practice" for
  configuring the network. Some background:
  - The hardware I have is comprised of machines with 4 gig-eth NICs each.
  - The storage will be coming primarily from a backend NAS appliance (Netapp, FWIW).
  - We have already allocated a separate VLAN for management.
  - We would like to have HA capable VMs using OCFS2 (on top of NFS.)
  I'm trying to decide between 2 possible configurations. The first would keep physical separation
  between the mgt/storage networks and the DomU networks. The second would just trunk
  everything together across all 4 NICs, something like:
  Config 1:
  - eth0 - management/cluster-interconnect
  - eth1 - storage
  - eth2/eth3 => bond0 - 8021q trunked, bonded interfaces for DomUs
  Config 2:
  - eth0/1/2/3 => bond0
  Do people have experience or recommendation about the best configuration?
  I'm attracted to the first option (perhaps naively) because CI/storage would benefit
  from dedicated bandwidth and this configuration might also be more secure.
  Regards,
  Robert.

  user1070509 wrote:
  Option #4 (802.3ad) looks promising, but I don't know if this can be made to work across
  separate switches.It can, if your switches support cross-switch trunking. Essentially, 802.3ad (also known as LACP or EtherChannel on Cisco devices) requires your switch to be properly configured to allow trunking across the interfaces used for the bond. I know that the high-end Cisco and Juniper switches do support LACP across multiple switches. In the Cisco world, this is called MEC (Multichassis EtherChannel).
  If you're using low-end commodity-grade gear, you'll probably need to use active/passive bonds if you want to span switches. Alternatively, you could use one of the balance algorithms for some bandwitch increase. You'd have to run your own testing to determine which algorithm is best suited for your workload.
  The Linux Foundation's Net:Bonding article has some great information on bonding in general, particularly on the various bonding methods for high availability:
  http://www.linuxfoundation.org/en/Net:Bonding

• Best practice for integrating oracle atg with external web service

  Hi All
  What is the best practice for integrating oracle atg with external web service? Is it using integration repository or calling the web service directly from the java class using a WS client?
  With Thanks & Regards
  Abhishek

  Using Integration Repository might cause performance overhead based on the operation you are doing, I have never used Integration Repository for 3rd Party integration therefore I am not able to make any comment on this.
  Calling directly as a Java Client is an easy approach and you can use ATG component framework to support that by making the endpoint, security credentials etc as configurable properties.
  Cheers
  R
  Edited by: Rajeev_R on Apr 29, 2013 3:49 AM

• Best practice for PK and indexes?

  Dear All,
  What is the best practice for making Primary Key and indexes? Should we keep them in the same tablespace as table or should we create a seperate tableapce for all indexes and Primary Key? Please note I am talking about a table that has 21milion rows at the moment and increasing 10k to 20k rows daily. This table is also heavily involved in daily reports and causing slow performance. Currently the complete table with all associated objects such as indexes and PK is stored in one seperate tablespace. If my way is right then please advise me how can I improve the performance of retrival or DML operation on this table?
  Thanks in advance..
  Zia Shareef

  Well, thanks for valueable advices... I am using Oracle 8i and let me tell you exact problem...
  My billing database has two major tables having almost 21 millions rows each... one has collection data and other one for invoices... many reports are showing the data with the joining of Customer + Collection + Invoices tables.
  There are 5 common fields in between invoices(reading) and collection tables
  YEAR, MONTH, AREA_CODE, CONS_CODE, BILL_TYPE(adtl)
  My one of batch process has following update and it is VERY VERY SLOW:
  UPDATE reading r
  SET bamount (SELECT sum(camount)
  FROM collection cl
  WHERE r.ryear = cl.byear
  AND r.rmonth = cl.bmonth
  AND r.area_code = cl.area_code
  AND r.cons_code = cl.cons_code
  AND r.adtl = cl.adtl)
  WHERE area_code = 1
  tentatively area_code(1) is having 20,000 consumers
  each consuemr may have 72 invoices and against these invoices it may have 200 rows in collection tables (system have provision to record partial payment against one invoice)
  NOTE: Please note presently my process is based on cursors so the above query runs for one consumer at one time but just for giving an idea I have made it for whole area.
  Mr. Yingkuan, can you please tell me how can I check that the table' statistics is not current and how can I make it current. Is it really effect performance?

• What is the best practice for inserting (unique) rows into a table containing key columns constraint where source may contain duplicate (already existing) rows?

  My final data table contains a two key columns unique key constraint.  I insert data into this table from a daily capture table (which also contains the two columns that make up the key in the final data table but are not constrained
  (not unique) in the daily capture table).  I don't want to insert rows from daily capture which already exists in final data table (based on the two key columns).  Currently, what I do is to select * into a #temp table from the join
  of daily capture and final data tables on these two key columns.  Then I delete the rows in the daily capture table which match the #temp table.  Then I insert the remaining rows from daily capture into the final data table. 
  Would it be possible to simplify this process by using an Instead Of trigger in the final table and just insert directly from the daily capture table?  How would this look?
  What is the best practice for inserting unique (new) rows and ignoring duplicate rows (rows that already exist in both the daily capture and final data tables) in my particular operation?
  Rich P

  Please follow basic Netiquette and post the DDL we need to answer this. Follow industry and ANSI/ISO standards in your data. You should follow ISO-11179 rules for naming data elements. You should follow ISO-8601 rules for displaying temporal data. We need
  to know the data types, keys and constraints on the table. Avoid dialect in favor of ANSI/ISO Standard SQL. And you need to read and download the PDF for: 
  https://www.simple-talk.com/books/sql-books/119-sql-code-smells/
  >> My final data table contains a two key columns unique key constraint. [unh? one two-column key or two one column keys? Sure wish you posted DDL] I insert data into this table from a daily capture table (which also contains the two columns that make
  up the key in the final data table but are not constrained (not unique) in the daily capture table). <<
  Then the "capture table" is not a table at all! Remember the fist day of your RDBMS class? A table has to have a key.  You need to fix this error. What ETL tool do you use? 
  >> I don't want to insert rows from daily capture which already exists in final data table (based on the two key columns). <<
  MERGE statement; Google it. And do not use temp tables. 
  --CELKO-- Books in Celko Series for Morgan-Kaufmann Publishing: Analytics and OLAP in SQL / Data and Databases: Concepts in Practice Data / Measurements and Standards in SQL SQL for Smarties / SQL Programming Style / SQL Puzzles and Answers / Thinking
  in Sets / Trees and Hierarchies in SQL

• Best Practice for Conversion Workflow

  Hello,
  I'm converting video files from our "home grown" virtual media reserve to iTunes U. Some of the files are in RM format, some are already compressed .mov's (not H.264) and some I have the original DV files for.
  Anyone out there have a best practice for converting these file types for posting to iTunes U? I have Final Cut Studio (Compressor), QT Pro and Squeeze available to me.
  Any experience you have with this would be helpful.
  Thanks,
  Jeana

  For converting old files to a podcast compatible video and based on the machine you have, consider elgato turbo.264. It is a fairly priced "co-processor" for video conversion. It is comprised of an application and a small USB device with a encoder chip in it. In my experience, it is the fastest way to create podcast video files. The amount of time that you will save will pay for the device quickly (about $100). Plus it does batch conversion of any video that your system currently plays through QuickTime. it has all the necessary presets and you can create your own. It has a few minor limitations such as not supporting (at this moment) enhanced podcasting features such as chapter markers and closed-captions but since you have old files for conversion, that won't matter.
  For creating new content, the workflow varies a lot. Since you mention MP3s, I guess you are also interested in audio files. I would stick with GarageBand, especially if you are a beginner plus it supports enhanced podcasts.
  In any case the most important goal is to have the simplest and fastest way to go from recording to publication. The less editing the better. To attain that, the best methods will require the largest investments. For example, for video production the best way is to produce the content live so when you finish recording it is only a matter of encoding and publishing. that will require the use of a video switcher that can ingest at least one video camera and a computer output to properly capture presentation material. That's the minimum. there are several devices that can do this for you. Some are disguised PCs and some connect to a PC for tapeless recording. You can check the Tricaster, which I like but wish it was a Mac and not a Windows Xp PC. Other routes may include video mixers from manufacturers like Edirol, Pansonic or Sony connected to a VTR or directly to a Mac for direct-ti-disc capture. I f you look at some of the content available in iTunes U, you will see what I explain here. This workflow requires preparation and sufficient live support but you will have your material ready for delivery almost immediately after the recorded event. No editing required. Finally, the most intensive workflow is to record everything separately and edit it later, which is extremely time consuming.

• Best practice for loading config params for web services in BEA

  Hello all.
  I have deployed a web service using a java class as back end.
  I want to read in config values (like init-params for servlets in web.xml). What
  is the best practice for doing this in BEA framework? I am not sure how to use
  the web.xml file in WAR file since I do not know how the name of the underlying
  servlet.
  Any useful pointers will be very much appreciated.
  Thank you.

  It doesnt matter whether the service is invoked as part of your larger process or not, if it is performing any business critical operation then it should be secured.
  The idea of SOA / designing services is to have the services available so that it can be orchestrated as part of any other business process.
  Today you may have secured your parent services and tomorrow you could come up with a new service which may use one of the existing lower level services.
  If all the services are in one Application server you can make the configuration/development environment lot easier by securing them using the Gateway.
  Typical probelm with any gateway architecture is that the service is available without any security enforcement when accessed directly.
  You can enforce rules at your network layer to allow access to the App server only from Gateway.
  When you have the liberty to use OWSM or any other WS-Security products, i would stay away from any extensions. Two things to consider
  The next BPEL developer in your project may not be aware of Security extensions
  Centralizing Security enforcement will make your development and security operations as loosely coupled and addresses scalability.
  Thanks
  Ram

• Best practice for keeping a mail session open in web application?

  Hello,
  We have a webmail like application where users login with their IMAP credentials, then are taken to an authenticated area of the site where they can manage different things about their email account.
  Right now the application is opening and closing a mail store connection (via a new javax.mail.Session) for each page load based on the current logged in user credentials. To me this seems like it would be a bad practice to keep opening and closing a connection each page load.
  Are there any best practices for this situation? It would be nice to be able to open the connection to the mail server on login, then keep that connection open until the person logs out, session expires, etc.
  I can probably put the javax.mail.Session into the HTTP session, but that seems like it would break any clustering functionality of tomcat. This would be fine if the machine the user is on didn't fail, but id assume if they failed over to another the mail session would be gone. Maybe keeping the mail session in the http session, checking for a connection, then first attempting to reconnect with the logged in credentials before giving up would be a possiblity?
  Any pointers would be appreciated

  If you keep the connection open across pages, you're going to need to deal with
  timeouts - from the http session and from the mail server.
  If you don't keep the connection open, you're going to need to "resynchronize"
  your view of the store/folder with each operation, in case the folder is modified
  by another session.
  The former is easier in the common cases, especially if you don't care how gracefully
  you handle failures. The latter is more difficult in the common cases, but handles
  failure better, and in particular handles clustering better. You'll need to measure it to
  see if it meets your performance and scalability requirements. You may need to mix
  the two approaches to get acceptable performance.