ACS v5 IP pool feature

Similar Messages

• ACS server with NAC feature

  Hi,
  I have ACS 3.3 version and i have seen the it has network admission control feature in it. I have cisco switches 3750G and windows servers 2003. Currently i am running machine/user authentication over EAP-PEAP and it seems running ok in my network. I have now a new requirement. we want to authorize the machine only when the machine has latest antivirus running on it. we have symantic antivirus on our machines.
  I am new to network admission control and don't know much.
  Can i do it with cisco ACS server? is we have to buy any equipment/software to accomplish this?  your help in this matter will be highly appriciated.
  Regards

  This is called NAC framework, and as far as I know this might be possible but you might find some limitations, see the following link for guides:
  http://www.cisco.com/en/US/netsol/ns617/networking_solutions_sub_solution_home.html
  On the other hand the current NAC solution "Cisco Clean Access" Will allow you to play with it as desired, see:
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/product_data_sheet0900aecd802da1b5.html
  hth
  Ivan

• Multiple Buffer Pools Feature

  Have somebody used it and what are your comments?
  I have very high activity for specific tables growing over 15-20 mnl of records. Many inserts and few select. very optimized SQL but still slower then the same code on DB2.
  I would like to separate may be temp tablespace, and a few tables I never select from - like log and audit tables.
  Will multiple Buffer Pools be beneficiary for me?
  Thanks,

  Thanks a lot - Yes, your assumption is absolutely right - the application always reports much higher time then I could see from the Oracle side even when I add all SQLNet waits. The same time on Db2 is approximatelly equal - again, the app reported time is a little bit higher, but it's not 250 times difference like in Oracle.
  The app is 3rd party and get a lot of data in and out. The app structure is: Reading XML file and inserting the values in common tables like Address, Name, etc. As a next step the application will check if these records already exist and will perform specific logic if previous entries are found. From Oracle point these are multiple selects and few possible updates and/or inserts. After all processing is done a record in a log table will be inserted and the transaction is commited. Then the app gets the next XML record. This is single threaded process repeating over and over again. The capacity is about 25,000 records inserted per minute with about 40 application instances running simultaneously. if I increase the number of app instances running against DB2 to 100, the insert rate jumps to 60-65,000/min. In Oracle is the opposite - the increase of the app processes more then 45-50 do not change the insert rate at all. Even on SQL server I can run about 70 processes... So, something is wrong with the way Oracle process runs. These results are not new and have been run on at least 30 different hardware setups for months -AIX, linux, Solaris, windows, and on differnet type of hardware. This is the result for all of them. Everybody who tried the app reports the same case. Most of this cases though do not have well tuned environment... That's why I'm trying to make it work better - could not be "just doesn't run!!!" - Oracle is a great scalable system!
  I've already thought to run the app locally on the server, but it's very hard as the usual set up takes about 3-4 hours and the app is very CPU consuming. But for a single app instance it'll work.
  I think your idea is great and I must do it. Let me do that first thing on Monday and I'll post the results.
  Thanks a lot,
  mj

• IP address Pool in ACS 5.1

  Hi,
  Does anyone knows if it is possible to configure IP Pools on ACS 5.1 so that we can assign those addresses to VPN users using the Policy Elements/Access Policies?
  I managed to configure static addresses for single users, but not a pool of addresses to a group of them
  Thanks

  Hi,
  Unfortunately, In ACS 5.1, IP pool feature is not supported, please refer to the release notes, under the section 'Features Not Supported':
  Relaese Notes
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/release/notes/acs_51_rn.html#wp122068
  HTH
  JK
  Plz rate helpful posts-

• ACS 5.3 Radius authentication with ASA and DACL

  Hi,
  I am trying to do Radius authentication on the ACS 5.3 for VPN access (cisco client) using a downloadable ACL with AD identity
  Clients are connecting to an ASA 5510 with image asa843-K8.bin
  I followed the configuration example on the Cisco site, but I am having some problems
  First : AD identity is not triggered, I put a profile  :
  Status
  Name
  Conditions
  Results
  Hit Count
  NDG:Location
  Time And   Date
  AD1:memberOf
  Authorization   Profiles
  1
  TestVPNDACL
  -ANY-
  -ANY-
  equals Network Admin
  TEST DACL
  0
  But if I am getting no hits on it, Default Access is being used (Permit Access)
  So I tried putting the DACL in the default profile, but when connecting I am immediately disconnected.
  I can see the DACL/ASA being authenticated in the ACS log but no success
  I am using my user which is member of the Network Admin Group.
  Am I missing something?
  Any help greatly appreciated!
  Wim

  Hello Stephen,
  As per the IP Pools feature, the ACS 5.x does not include such functionality. It is not on the ACS 5.x roadmap either as the recommended scenario would be to use a dedicated DHCP server.
  ACS 4.x included that functionality, however, it was not the best solution as the ACS returned the IP Address value as a RADIUS Attribute instead of acting as a real DCHP server.
  As per the IMEI and MISDN I am assuming you are referring to International Mobile Equipment Identity and Mobile Subscriber ISDN. Correct me if I am wrong.
  In that case it seems that the ACS 5.x should be able to Allow or Deny access based on Radius Attribute 30 (Called-Station-Id) and 31 (Calling-Station-Id).
  In that case you might want to use the End-Station Filters feature and use it as the condition for the Rule. The End-Station Filter feature uses CLI/DNIS where CLI is Radius Attribute 31 and DNIS is Attribute 30.
  I am assuming a Generic Username will be embedded on the devices request. In that case you will define which end-user devices will be granted access based on the above attributes.
  Here is a snapshot of the section:

• Create A Connection Pool In the ServletContextListener

  The Specification says that we should create the connection pool in the ServletContextListener. I have the code for creating a connection pool (see below). How do I create it in the ServletContextListener?
  import java.sql.Connection;
  import java.sql.SQLException;
  import javax.naming.InitialContext;
  import javax.naming.NamingException;
  import javax.sql.DataSource;
  public class DBConnection
     public static Connection getDBConnection() throws SQLException
        Connection conn = null;
        try
           InitialContext ctx = new InitialContext();
           DataSource ds = ( DataSource ) ctx.lookup( "java:comp/env/jdbc/MySQLDB" );
           try
              conn = ds.getConnection();
           catch( SQLException e )
              System.out.println( "Open connection failure: " + e.getMessage() );
        catch( NamingException nEx )
           nEx.printStackTrace();
        return conn;

  I use the connection pool feature provide by the server I use. Is this what I should do? Please confirm.
  import java.sql.Connection;
  import java.sql.SQLException;
  import javax.naming.InitialContext;
  import javax.naming.NamingException;
  import javax.sql.DataSource;
  import javax.servlet.*;
  public class CreateResources implements javax.servlet.ServletContextListener
       public void contextInitialized(ServletContextEvent sce)
            public static Connection getDBConnection() throws SQLException
                 Connection conn = null;
                 try
                      InitialContext ctx = new InitialContext();
                      DataSource ds = ( DataSource ) ctx.lookup( "java:comp/env/jdbc/MySQLDB" );
                      try
                           conn = ds.getConnection();
                      catch( SQLException e )
                           System.out.println( "Open connection failure: " + e.getMessage() );
                catch( NamingException nEx )
                      nEx.printStackTrace();
                return conn;
       public void contextDestroyed(ServletCotnextEvent sce)
  }

• Jolt client vs. jolt connection pooling

  We are porting our app to weblogic. We are current users of jolt but since we weren't
  using weblogic
  we are currently using jolt client out of the app server. We are examining the merits
  of converting to use
  the jolt connection pool.
  I have been told that jolt client is multi-threaded so the question is: if we convert
  to jolt connection pooling
  will we see a performance improvement, and if so, why? Or is the advantage purely
  from an administrative
  standpoint, and if so, what are the advantages there?

  Connections are resources that the application uses and a fewer connections can be used by multiple threads if the threads are not always busy with the database activity only, and are doing other work too. This sharing (pooling) can be implemented by the application or the application can leverage the connection pooling features offered by OCI/OCCI (recommended).
  Be aware of connections vs sessions and sharing them (refer to :
  OCI Programming Advanced Topics
  OCCIConnectionPool is to pool connections and OCCIStatelessConnectionPool is to pool sessions. Please see the differences in the above link and apply as appropriate.

• Connection Pooling in OCCI Vs Multi-Threading.

  Hi,
  I am working on an application in which I am using OCCI( Oracle C++ Call Interface)  and multi-threading concepts.
  My application is having different clients( Ex: Client-A, Client-B) and I am offering a set of operations( functions that trigger the Stored Procedures of DataBase ) which are common to all the clients.Each Client can send asynchronous requests of any number.So, is there any chance of using single connection( not connection pooling) to the Data Base for all the clients to manage their requests ?
  Note: Multi-threaded requests are also allowed from each client.
  How can I co-relate multithreading and Connection Pooling in OCCI?
  Can I you multi-threading without Connection Pooling? If so how?
  Will the connection pooling is needed if there is no multi threading concept in my application?
  Please help me on this. Very urgent.
  Thanks in Advance..:)

  Connections are resources that the application uses and a fewer connections can be used by multiple threads if the threads are not always busy with the database activity only, and are doing other work too. This sharing (pooling) can be implemented by the application or the application can leverage the connection pooling features offered by OCI/OCCI (recommended).
  Be aware of connections vs sessions and sharing them (refer to :
  OCI Programming Advanced Topics
  OCCIConnectionPool is to pool connections and OCCIStatelessConnectionPool is to pool sessions. Please see the differences in the above link and apply as appropriate.

• Ask about the Service Pooling in OSB

  Hi all,
      I read the Service Pooling feature in OSB. It said that: "OSB support load balancing of service endpoints through service pooling technique." --> It's mean I can create multi instances of a service that a provider exposed, and when business service have some problems (maybe network, ...) when connect to this service, OSB will automatically detect live service and connect to other instance of this service, am I right ?
      And I need configure to enable this function when create a business service ?
  Regards,

  Yes, you can configure it in OSB's business service resource.
  If backend service is deployed on 3 endpoints, then in OSB business service add three end point URLs. You can select load balancing algorithm as per requirements.
  You can also configure Offline URL settings (in Business Service Operational Settings tab). Once enabled OSB will mark the unavailable endpoints as offline for a preconfigured time and no requests will be sent to this offline endpoint during this time.

• Project 2013 with Shared Resources(resource pool) stored in O365 SharePoint

  I am trying to use both a resource pool and storing all projects files in Office 365 document library. I have 3 project files, one with resources only and 2 for project scheduling. If I store the files on the local machine, when I open both resource project
  and the task project and use shared resources, it works as expected.
  I then copied the project files to a SharePoint library and attempt to do the same thing, project does not seem to know that there are multiple project files open and the shared resource option is disabled.  
  How does project determine that multiple project files are open to enable the resource pool feature?  I have tried faking it out my mapping a drive letter, etc to the SharePoint library.   Does project/WebDAV have issues?

  Yep I'm pretty sure that resource pools and linked master files don't work with SharePoint. Pools and linked masters should only ever be very carefully used on local drives (physically within same building) as the links use DDE (developed way before SharePoint
  was even thought of) which are very fragile and prone to file corruptions.
  Rod Gill
  Author of the one and only Project VBA Book
  www.project-systems.co.nz

• When String instances in Constant Pool will be GC'ed?

  Hi all,
  I'm involved in an application development; where we are storing numerous string objects into multiple HashMaps. Since the string objects created/placed in HashMap may have duplicate values; we're calling String::intern() method to make use of String Constant Pool feature in Java. But, my concern is - When the Constant String instance will be removed from Pool? Is it follow the same behaviour that if no references are presentm it is eligible for GC; i.e., removal of an instance from all HashMaps?
  Please help.
  Thanks & regards,
  R Kaja Mohideen

  EJP wrote:
  How do you figure?Doesn't say so in the Javadoc. It talks about another pool ...You're taking "A pool of strings, initially empty, is maintained privately by the class String." as meaning it's not "the constant pool"? I wouldn't interpret it that way. And based on the JVM spec, I don't see anything saying the intern()ed Strings go to a different pool than "the constant pool". And if it is a separate pool, then what does go into "the constant pool"?
  http://java.sun.com/docs/books/jvms/second_edition/html/Overview.doc.html#22972
  "A runtime constant pool is a per-class or per-interface runtime representation of the constant_pool table in a class file (§4.4). It contains several kinds of constants, ranging from numeric literals known at compile time to method and field references that must be resolved at run time. "
  "Each runtime constant pool is allocated from the Java virtual machine's method area (§3.5.4)."
  http://java.sun.com/docs/books/jvms/second_edition/html/Overview.doc.html#6656
  "The Java virtual machine has a method area that is shared among all Java virtual machine threads. [...] It stores per-class structures such as the runtime constant pool, field and method data, and the code for methods and constructors [...]"
  http://java.sun.com/docs/books/jvms/second_edition/html/ConstantPool.doc.html#73272
  "The Java virtual machine maintains a per-type constant pool (§3.5.5),"
  "A string literal (§2.3) is derived from a CONSTANT_String_info structure (§4.4.3) in the binary representation of a class or interface. The CONSTANT_String_info structure gives the sequence of Unicode characters constituting the string literal.
  The Java programming language requires that identical string literals (that is, literals that contain the same sequence of characters) must refer to the same instance of class String. In addition, if the method String.intern is called on any string, the result is a reference to the same class instance that would be returned if that string appeared as a literal. Thus,
  ("a" + "b" + "c").intern() == "abc"
  must have the value true.
  To derive a string literal, the Java virtual machine examines the sequence of characters given by the CONSTANT_String_info structure.
  If the method String.intern has previously been called on an instance of class String containing a sequence of Unicode characters identical to that given by the CONSTANT_String_info structure, then the result of string literal derivation is a reference to that same instance of class String.
  Otherwise, a new instance of class String is created containing the sequence of Unicode characters given by the CONSTANT_String_info structure; that class instance is the result of string literal derivation. Finally, the intern method of the new String instance is invoked."
  Edited by: jverd on Jan 23, 2012 8:09 AM

• Captivate 4 Simulation in Question Pool

  Hello all,
  I have created quizes using some simulation slides.  One slide, click where type questions.
  Example.  With one click, print the Excel spreadsheet.
  I looked through the forum and have found nothing relating to putting simulation slides into a Question Pool.  I guess the first question is; is it possible.
  Second question: if it is possible, how?
  Does anyone have experience with this?
  Thanks in advance
  Terry Dicken

  Hi Terry
  To my knowledge only Question Slides may be part of a Pool. As you are talking about Animations, my guess is that it won't be possible because of the way the developers have structured Captivate and the Question Pooling feature.
  Perhaps others have a different viewpoint.
  Cheers... Rick
  Helpful and Handy Links
  Captivate Wish Form/Bug Reporting Form
  Adobe Certified Captivate Training
  SorcerStone Blog
  Captivate eBooks

• Lync backup pool - Enterprise pool to Standard pool

  Can I use backup pool feature (voice resiliency) between Lync Ent pool and Lync STD pool ?

  Best Practice/Supported scenarios: Pair pools of the same edition, as well as matching physical to physical or virtual to virtual: 
  http://technet.microsoft.com/en-us/library/jj204697.aspx
  "keep in mind that only the following pairings are supported:
  Enterprise Edition pools can be paired only with other Enterprise Edition pools. Similarly, Standard Edition pools can be paired only with other Standard Edition pools.
  Physical pools can be paired only with other physical pools. Similarly, virtual pools can be paired only with other virtual pools.
  Neither Topology Builder nor topology validation will prohibit pairing two pools in a way that does not follow these recommendations. For example, Topology Builder allows you to pair an Enterprise Edition pool with a Standard Edition pool. However, these types
  of pairings are not supported."
  Please mark posts as answers/helpful if it answers your question.
  Blog
  Lync Validator (BETA) - Used to assist in the validation and documentation of Lync Server 2013.

• ACS load balancing

  if i have CSS and i want to load balance between 2 ACS . do i have to make one of them active and seoncde backup or i can load balance between bother server .
  if yes is this will not effect the authentication and databse .
  if there is any artical it wile be more better

  Hi,
  Cisco ACS has a replication feature that allows you to have more than one (1) ACS servers/appliances to provide high-availability/ redundancy. In this case, you will have one primary and more than one secondary (backup) servers.
  The database replication creates mirror systems of ACSs by duplicating parts of the primary ACS setup to one or more secondary ACSs. Without load-balancer, you need to add both primary and secondary ACSs in all AAA clients as backup if the primary ACS fails or is unreachable. With a secondary ACS whose ACS internal database is a replica of the ACS internal database on the primary ACS, if the primary ACS goes out of service, incoming requests are authenticated without network downtime, provided that your AAA clients are configured to fail over to the secondary ACS.
  The following url provides you with details on how the ACS replication is performed:
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs40/user/sad.htm#wp756102
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs40/user/index.htm
  I am not sure about load-balancing two ACSs, but you probably can try this. Behind a load-balancer, maintain the primary/secondary server setup to enable replication (selected items only) from primary to secondary ACS. But pls bear in mind, in replication, only the Primary ACS can send update to backup server, not bidirectional. Backup/secondary ACS can only receive updates. Use the replication features as an update tool between the servers. All changes/updates must be made in your primary ACS only.
  In normal ACS replication, all AAA clients need to specify primary and secondary ACS server as backup. With load-balancer, only one (1) IP need is required, which is the virtual IP assigned by load-balancer to represent the two ACSs.
  Rgds,
  AK

• Object pool for DTO objects

  Hi,
  I am using BlazeDS to (de)serialize many identical small objects between a Flex client and a Java Servlet. For efficiency, I would like to create object pools on both sides. Is this possible with BlazeDS?
  Thank you,
  Andrej van der Zee

  Hi,
  Thanks for your reply.
  Are there any thoughts how I can do this on the client? As far as I can see, deserialization of DTOs is hidden in the remote object. How can I tell a remote object to use a factory method for creating certain DTOs? 
  Cheers,
  Andrej
  On Sat, Jan 17, 2009 at 3:37 AM, Alex Glosband
  <
  [email protected]> wrote:
  A new message was posted by Alex Glosband in
  General Discussion --
    Object pool for DTO objects
  Hi Andrej,
  The answer is no. There aren't any object pooling features in BlazeDS for pooling DTOs, either on the client or the server. If there are any third party object pooling solutions for DTOs on the server though you could maybe hook one of them in. . . either in your Java servlet or a RemoteObject. . . but I think anything on the client you would have to write yourself.
  -Alex
  View/reply at
  Object pool for DTO objects
  Replies by email are OK.
  Use the
  unsubscribe form to cancel your email subscription.
  Andrej van der Zee
  2-40-19 Koenji-minami
  Suginami-ku, Tokyo
  166-0003 JAPAN
  Mobile: +81-(0)80-65251092
  Phone/Fax: +81-(0)3-3318-3155