ACE deployment considerations

Similar Messages

• Typical/Common large-scale ACE deployment or designs?

  I am deploying several ACE devices and GSS devices to facilitate redundancy and site load balancing at a couple of data centers.  Now that I have a bunch of experience with the ACE and GSS, are there typical or common ACE deployment methods?  Are there reference designs?  I have been looking, and haven't really found any.
  Even if they are not Cisco 'official' methods, I'm wondering how most people, particularily those who deploy a lot of these or deploy them with large-scale systems, typically do it.
  I'm using routed mode (not one-arm mode) and I'm wondering if most people use real server (in my case, web servers) with dual-NICs to support connectivity to back-end systems?  Or do people commonly just route it all through the ACE?
  Also, how many VIPs and real servers have been deployed in a single ACE 4710 device?  I'm trying to deploy about 700 VIPs with about 1800 Real Servers providing content to those VIPs.
  How do people configure VIPs, farms, and sticky?  I'm looking for how someone who wants to put a large ammount of VIPs and real servers into the ACE would succeed at doing it.  I have attempted to add a large number in the 'global' policy-map, but that uses too many PANs.
  I have tried a few methods myself, and have run into the limit on Policy Action Nodes (PANs) in the ACE device.  Has anyone else hit this issue?  Any tips or tricks on how to use PANs more conservitively?
  Any insight you can share would be appreciated.
  - Erik

  As far as i can see from your requirements i suggest you create 1 ear file for your portal and 1 ear file per module.
  The ear file from your portal is the main application and the ear files of your modules are shared libraries that contain the taskflows. These taskflows can be consumed in the portal application.
  This way, you can easily deploy 1 module without needing to deploy the main application or the other application.
  It also let you devide your team of developer so everybody can work on a sepperate module without interfering.
  On a sidenote: when you have deployed your main application, and later you create a new module, than you have to register that module to your application so then you will need to redeploy your portal but if you update an existing module, you won't need to redeploy your portal.
  As for the security, all your modules will inherit the security model of your portal application.

• ACE deploying issue,

  Hi,
  I have question in regards to Deploying configurations to ACE with ANM. I presume it should deploy it in few seconds but for me it takes 8 to 10 minutes. Can anyone suggest why is this taking so much time????
  Thanks in advance.

  Do you have a large config? How many contexts?
  Is there an issue with the connection between the ANM server and the ACE (low bandwidth,...)
  Did you install the ANM on an approved server (meets the min requirements?)
  ACE is well discovered by ANM?
  Keep us posted.

• Application Control Engine (ACE) Deployment

  I am looking at deploying an ACE to load balance some Terminal Servers and some Citrix Servers for a large serverfarm consisting of approximately 6 - 10 realservers. We are currently using DNS round-robin to load balance these services but it is not working properly because of the fact that we cannot detect realserver failure - hence the use of the ACE health monitoring.
  I face the following potential problems:
  1. There is a possibility that we cannot change the IP's on the existing servers that are to be loadbalanced. This imposes a problem for a routed implementation.
  2. Assigning a new VIP for the serverfarm might not be possible as it requires reconfiguration of all client machines, which is a large population.
  Any comments/ideas? I have thought of using a bridged mode implementation (trickier than L3 Routed implementation). Can I still achieve load balancing without using a VIP when using bridged mode?
  Any thoughts on achieving this in bridged mode?
  Thanks in advance for any ideas/pointers.

  what ip address are the clients using to connect right now ?
  I don't see how you could perform loadbalancing without a virtual ip address.
  Bridge mode is definitely the solution to use if you can't readdress the servers.
  It's not really more complex than the routing mode.
  Gilles.

• ACE deployment with two interface for client side

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-fareast-language:EN-US;}
  In a ACE router mode deployment, I have a single context configured with two interface for server side and two interface for client side. In this situation how can we meet the demands of customers arriving from both networks? How can the ACE handle the client request if we configure one default-gateway to each network?
  Regards,
  Egomes

  Enable "mac-sticky" comand under each client inteface.
  It will ensure that ACE sends the response to the MAC address from which the request to the VIP was recieved.
  For more details
  http://cisco.biz/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/command/reference/if.html#wp1033275
  HTH
  Syed Iftekhar AHmed

• ACE not creating session to rserver (sending a RST)

  Having a ACE-Deployed for loadbalancing web-requests which are coming from a reverse-proxy. The session persistency is based on the x-forwarded-for HTTP-header entry.
  The situation works fine but in certain situations it looks like the ACE (172.16.3.200) is sending a RST shortly after an ACK in direction of the reverse-proxy (172.16.2.10).
  Investigating this RST shows me that ACE is not creating a session towards to the real-server, meaning session from reverse-proxy to ACE is there but session from ACE to real-server doesn’t get created (no SYN sent from ACE).
  Example:
  (1) 11:20:07.677541     src:172.16.2.10    dst:172.16.3.200     proto:TCP     info: 38776 > http (SYN)
  (2) 11:20:07.677891     src:172.16.3.200  dst:172.16.2.10       proto:TCP     info: http > 38776 (SYN, ACK)
  (3) 11:20:07.677920     src:172.16.2.10    dst:172.16.3.200     proto:TCP     info: 38776 > http (ACK)
  (4) 11:20:07.677979     src:172.16.2.10    dst:172.16.3.200     proto:HTTP   info: GET /media/global/stylesheets/class.css?v=0.20 HTTP/1.1
  (5) 11:20:07.678553     src:172.16.3.200  dst:172.16.2.10       proto:TCP     info: http > 38776 (ACK)
  (6) 11:20:07.678553     src:172.16.3.200  dst:172.16.2.10       proto:TCP     info: http > 38776 (RST, ACK)
  Normally, for every session from the reverse-proxy to ACE, ACE creates a session to the real-server. In this particular trace, ACE only creates the incoming one but not the outgoing to the real-server. The real-server is alive at this time, requests just some milliseconds before and after packet four (4) are processed to the same real-server correctly.
  Normalization is disabled and we’re running in routed mode.
  Any idea why ACE itself doesn’t creates this new session ?

  I just verified "show stats http" and there is a zero (0) for max parslen errors and static parse errros, so we should be fine on the length and on the value we're expecting.
  Here the relevant snippets from the configuration.
  sticky http-header X-Forwarded-For STICKY_HTTP-HEADER
     timeout 180
     serverfarm SF_FRONTEND
  class-map type http loadbalance match-all CM_STICKY_HTTP-HEADER
     2 match http header X-Forwarded-For header-value ".*"
  class-map match-any CM_VIP_FRONTEND
     description VIP for FRONTEND
     5 match virtual-address 172.16.3.200 tcp eq www
  policy-map type loadbalance first-match PM_LB_FRONTEND
     class CM_STICKY_HTTP-HEADER
       sticky-serverfarm STICKY_HTTP-HEADER
     class class-default
       serverfarm SF_FRONTEND
  I would love to share the broken capture with you (see attached).

• Pull and Push deployment Horizon

  Hello Gurus,
        Please let me know the difference between Pull and Push deployment Horizon with their significance during the deployment run.
  Thanks,
  Siva.

  Hello Siva,
  Using F1 should help answer your question. However, I have put in the following explaination below:
  The Pull Deployment Horizon considers the Fulfillment of Demand from the Distribution Center / Customer. It is that period of time during which the deployment is carried out based on the Distribution Demand. During a Deployment Run, the total Distribution Demand within this Horizon is fulfilled.
  This type of Deployment depends also on the Push Distribution setting. For a value of P (Pull/Push), the demand within the Horizon is Fulfilled immediately. For a value of Pull, the demand is Fulfilled on the due date.
  For Example: at the beginning of a month,
  1. The Pull Deployment Horizon is 15 Days
  2. Two Distribution Demands exist at the 10th and 15th of the month
  The result is, the Deployment considers only that demand confirmed on the 10th (Requirement is fulfilled immediately / on the 10th, based on the Push Distribution Setting)
  The Push Deployment Horizon, in comparison, considers the distribution of the stock on hand from the Manufacturing Plant. This is the period of time, over which the deployment considers receipts that were defined in the ATD Receipt category of the location master.
  For the purposes of Deployment, the date at which the Stock on Hand at the Plant is distributed is determined based on the Push Distribution setting. Only stock on hand within the push deployment horizon is taken into account for push deployment.
  For Example: at the beginning of a month,
  1. The Pull Deployment Horizon is 15 Days
  2. Two confirmed productions (confirmed stock) exist at the 10th and 15th of the month
  3. The ATD Receipt Category considers only categories for confirmed production.
  The result is, during the Deployment run, only the production confirmed on the 10th, is taken into account.
  Let me know if you have any more questions.
  Thanks and Regards,
  Sharath Krishnan

• Screen resolution when PXE boot from WDS vs Install Windows 8.1 from USB

  Hi all
  I own a Lenovo ThinkPad T430s, X230 Tablet, and now have my hands on a T440. All three machines have UEFI Secure Boot enabled properly, i.e. Windows boot screen shows Lenovo logo instead of Windows logo.
  However, if I do a PXE boot (using Windows Deployment Services from Windows Server 2012, not R2) and boot to the same boot.wim provided on a Windows 8.1 ISO image, the boot screen resolution turns crap, and the WinPE environment runs in 640x480. Also, as opposed
  to the Lenovo logo showing on the boot screen, the Windows logo shows up instead, indicating it's not doing a secure boot?
  When booting from a USB stick however, using the same Windows 8.1 boot.wim (copied from ISO), the screen resolution in Windows Setup is detected correctly, and the Lenovo logo shows up.
  This occurs on all three machines since MDT was upgraded to MDT 2013 or when I replaced Windows 8 boot.wim with Windows 8.1 boot.wim (as the Windows ADK 8 --> ADK 8.1).
  Is there a fix for this? Do others have the same problem elsewhere?
  Many thanks 

  Hi,
  When boot UEFI-based computer from PXE you should take more into consideration.
  For some computers, you might have to perform additional steps to make sure that Windows is installed in UEFI mode, and not in legacy BIOS-compatibility mode.
  Some computers might support UEFI. However, they do not support a PXE-initiated boot when in UEFI mode.
  How to Create a PXE-Initiated Windows 8 Deployment for UEFI-Based or BIOS-Based Computers in Configuration Manager
  http://technet.microsoft.com/en-us/library/jj938037.aspx
  Especially for “Pre-Deployment Considerations”
  If you still cannot find a way to make it boot from UEFI mode, you should contact with manufacture to confirm if PXE-initiated boot is supported.
  Hope this helps.

• H-REAP Mode

  Hi,
  Does anyone know the limitations or guidance for large H-REAP deployments.
  Any Cisco documents on Cisco's recommended quantity of access points per remote site using H-Reap mode in either central or local switching instances, H-group limits, deployment considerations that might sway a design to install local WLC's per remote site and not adopt the centralised approach.
  Potentially six remote sites with 60 - 120 H-REAP access points per site.
  Thanks in advance for your replies.
  Jay

  Hi,
  here is the HREAP Design and Deployment guide which may help you..
  http://www.cisco.com/en/US/products/ps6087/products_tech_note09186a0080736123.shtml
  Also.. its a Good design if we dont go more than 50 APs per site.. huge # of hreaps in one location not only means a
  significant amount of management traffic overhead, its also not a very good design.
  lemme know if this answered your question..
  Regards
  Surendra
  ====
  Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

• Do all the weblogic application servers need to share storage in order to implement high availability?

  I would like to understand if a shared storage is required for all application servers that will run weblogic + oracle identity manager.  I've been using the following oracle guides : http://docs.oracle.com/cd/E40329_01/doc.1112/e28391/iam.htm#BABEJGID and http://www.oracle.com/technetwork/database/availability/maa-deployment-blueprint-1735105.pdf and from my interpretation both talk about configuring all the application servers with access to a shared storage.  From an architecture standpoint, does this mean all the application servers need access to an external hard disk?  if shared storage is required what are the steps to implement it?
  Thanks,
  user12107187

  You can do it and it will work. But Fusion Middleware products have EDG to provide guidelines to help you to implement high availability.
  Having a shared storage will help you to recover from storage failure, otherwise this might be a point of failure.
  Enterprise Deployment Overview
  "An Oracle Fusion Middleware enterprise deployment:
  Considers various business service level agreements (SLA) to make high-availability best practices as widely applicable as possible
  Leverages database grid servers and storage grid with low-cost storage to provide highly resilient, lower cost infrastructure
  Uses results from extensive performance impact studies for different configurations to ensure that the high-availability architecture is optimally configured to perform and scale to business needs
  Enables control over the length of time to recover from an outage and the amount of acceptable data loss from a natural disaster
  Evolves with each Oracle version and is completely independent of hardware and operating system "
  Best Regards
  Luz

• AD RMS, the black hole in Microsoft Licensing

  Hello,
  I have read the Product Use Rights from A to Z, I have searched the web everywhere, I have asked the Microsoft Partner Support and some local Microsoftees and I cannot find a single rule about AD RMS Licensing!
  All I found is that AD RMS is an additive CAL to Windows Server. That means it is an additionnal product and does'nt have to be company-wide. Which means we need some rules to decide whether a user/device needs a CAL or not. But there isn't any!
  Well to be honest, there is one rule, applying to Windows Server Essentials, a product I have never seen in production with AD RMS personnally...
  Even if we assume it is a mistake and that "Windows Server Essentials" rule applies to Windows Server Standard and Datacenter, the licensing headache goes further ahead with AD RMS-aware applications. Like Microsoft Office or Microsoft Exchange.
  Licensing AD RMS with Office is somewhat covered by some TechNet articles, where we can guess that only the users/devices creating protected documents need Office Pro Plus licenses when readers/reviewers can use Office Standard or Office Web Apps. Still,
  nothing is said about the undelying AD RMS CALs. Who needs some? Users creating, probably. But what about the others?
  Licensing AD RMS with Exchange is much less documented, as I can only find a table saying some IPM features require the Exchange Enterprise CAL. But who needs the Enterprise CAL? The users creating the protected messages in Outlook? The
  users creating the tranport rules in Exchange? All the users reading the protected messages? And again, nothing is said about the underlying AD RMS CALs.
  Any help on those licensing topics would be much appreciated.
  Thank you.
  Gilles Messinger
  SAM Consultant

  Hi Gilles,
  I am sorry but it's not 100% clear what the center of your concerns entirely or what you are trying to do here. That said, I will try to answer you as best I can.
  The licensing requirements for the ability to protect and consume content using AD RMS in AD RMS-aware applications under Windows operating systems is described here in the following topic on
  AD RMS Client Requirements  http://technet.microsoft.com/en-us/library/dd772753(v=WS.10).aspx:
  The Active Directory Rights Management Services (AD RMS) client is included with the Windows Vista®, Windows® 7, Windows Server® 2008, and Windows Server® 2008 R2 operating systems. If you are using Windows XP, Windows 2000, or Windows Server 2003
  as your client operating system, a compatible version of the AD RMS client is available for download from the Microsoft Download Center Web site.
  The AD RMS client can be used with the AD RMS server role included in Windows Server 2008 and Windows Server 2008 R2 or with previous versions of RMS running on Windows Server 2003.
  I should also mention that the AD RMS Client is also included and supported for Windows 8 and the AD RMS server role is also available in Windows Server 2012 as well.
  To licensing and ability to protect and consume content using IRM features (which are typically enabled using an AD RMS deployment but can also use Windows Azure AD Rights Management) in other products such as Microsoft Office or Microsoft Exchange does
  require specific versions of those products. For more information, the following links may be helpful:
  Support for IRM in Office
  http://technet.microsoft.com/en-us/library/dd772650(v=WS.10).aspx
  AD RMS and Microsoft Office Deployment Considerations
  http://technet.microsoft.com/en-us/library/dd772697(WS.10).aspx
  There is not an additional need to specifically license AD RMS for use in supporting IRM in Exchange. The specific requirements for deployment in Exchange are covered in the Exchange documentation:
  http://technet.microsoft.com/en-us/library/dd638140.aspx#reqs
  Also, this roadmap for implementing IRM features in Exchange may also be helpful to you:
  http://social.technet.microsoft.com/wiki/contents/articles/1902.roadmap-for-implementing-irm-features-in-microsoft-exchange.aspx
  Hope that helps,
  Brad Mahugh
  Microsoft Corporation
  This post is provided "AS IS" and confers no promises of current or future technical support for a specific support issue. Please use Microsoft product support if you need a service commitment for your current support case or issue.

• Does wIPS mode Access point utilize more Bandwidth?

  Hi all,
  I have around six number of Cisco 1252 Access Points on HReap mode and wIPS submode in one particular location. This was implemented more than six months and it was working fine. Suddenly, I faced Network conjestion and more bandwidth utilization in that location in particular. But, after disabling the wIPS in the AP, The bandwidth got stable and working fine. Not sure, if wIPS will utilize more bandwidth.. Please clarify on the same..
  Also please let me know if this will be anywhere related to the RF Heat maps that Cisco NCS will generate? As there is no map uploaded for that location, Will this cause an issue? Need more understanding on this. Please share if any document or information is available.

  Here you go
  Deployment Considerations for ELM
  Cisco recommends that by enabling ELM on every AP on the network meet most customer security needs when a network overlay and/or costs are part of consideration. ELM primary feature operates effectively for on-channel attacks, without any compromise to the performance on data, voice and video clients, and services.
  http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080b82504.shtml
  Sent from Cisco Technical Support iPhone App

• Anybody implements CRM On Demand in Japanese?

  Are there any potential issues when implementing? like Japanese character storing...
  Hope someone can help me if you you have such experiences
  Thanks
  Amanda

  Amanda, I would recommend taking the “Global Deployment Considerations” CRM On Demand webinar.

• Querying in coherence cache configured with persistence layer

  Since querying in Coherence takes into account only those objects that are already in cache, are there any commonly used techniques for improving query performance in scenarios where Coherence is used with database as persistent layer (to cache more data than it can fit in the memory)?

  Hi User,
  From the look of the error I'd guess you are running on Windows. Windows has a rather odd behavior of dropping your IP address if it detects a physical disconnection on the NIC, which ultimately results in a local cluster becoming unusable. Please see http://wiki.tangosol.com/display/COH35UG/Deployment+Considerations+-+Windows for details on how to address this.  Also considering that you are running everything on a single machine you may wish to explicitly bind to 127.0.0.1 (not localhost), to avoid issue entirely.  Note that binding to 127.0.0.1 is only supported starting with Coherence version 3.4, and you will also need to configure Coherence with a TTL of 0 to enable the loopback based cluster. See http://wiki.tangosol.com/display/COH35UG/unicast-listener#address, and http://wiki.tangosol.com/display/COH35UG/multicast-listener#time-to-live for details on these settings.
  thanks,
  Mark | Oracle Coherence

• Setting 802.11b Only mode for WAIR-AP1252AG-A-K9

  I am using Cisco AP " WAIR-AP1252AG-A-K9".
  Please inform me how to Set the Below modes to this AP using (a) GUI (b) CLI commands
  (1)802.11b Only
  (2)802.11g
  (3)802.11b/g
  (4)802.11b/g/n
  Thank You
  Pramod Ganigi

  I am using this WAP in our Wi-Fi LAB as part of WI-Fi Alliance certification.
  You are using the wrong model of WAP then.  For Indian Regulatory Domain, you need "-N".  The WAP you have is "-A".  
  1.  If you want 802.11b ONLY then you CANNOT enable 802.11 b and n.  802.11n requires you to use 802.11a radio and bonded.  It doesn't make any practical sense to have 802.11b and you want to run 802.11n because 802.11b only has three channels.
  2.  If you want 802.11b ONLY, then you only allow the data rates for 802.11b, and they are:  1-, 2-, 5.5-, and 11 Mbps.
  Read this document:  Capacity Coverage & Deployment Considerations for IEEE 802.11g and look at Table 4.  This will guide you which are the data rates for 802.11b and 802.11g.