Best approrach for authorization clean up in GRC implemetation project

Similar Messages

• Best practice for the Update of SAP GRC CC Rule Set

  Hi GRC experts,
  We have in a CC production system a SoD matrix that we would like to modified extensively. Basically by activating many permissions.
  Which is a best practice for accomplish our goal?
  Many thanks in advance. Best regards,
    Imanol

  Hi Simon and Amir
  My name is Connie and I work at Accenture GRC practice (and a colleague of Imanolu2019s). I have been reading this thread and I would like to ask you a question that is related to this topic. We have a case where a Global Rule Set u201CLogic Systemu201D and we may also require to create a Specific Rule Set. Is there a document (from SAP or from best practices) that indicate the potential impact (regarding risk analysis, system performance, process execution time, etc) caused by implementing both type of rule sets in a production environment? Are there any special considerations to be aware? Have you ever implemented this type of scenario?
  I would really appreciate your help and if you could point me to specific documentation could be of great assistance. Thanks in advance and best regards,
  Connie

• Best Practice for Using Static Data in PDPs or Project Plan

  Hi There,
  I want to make custom reports using PDPs & Project Plan data.
  What is the Best Practice for using "Static/Random Data" (which is not available in MS Project 2013 columns) in PDPs & MS Project 2013?
  Should I add that data in Custom Field (in MS Project 2013) or make PDPs?
  Thanks,
  EPM Consultant
  Noman Sohail

  Hi Dale,
  I have a Project Level custom field "Supervisor Name" that is used for Project Information.
  For the purpose of viewing that "Project Level custom field Data" in
  Project views , I have made Task Level custom field
  "SupName" and used Formula:
  [SupName] = [Supervisor Name]
  That shows Supervisor Name in Schedule.aspx
  ============
  Question: I want that Project Level custom field "Supervisor Name" in
  My Work views (Tasks.aspx).
  The field is enabled in Task.aspx BUT Data is not present / blank column.
  How can I get the data in "My Work views" ?
  Noman Sohail

• Best practice for putting together scenes in a Flash project?

  Hi, I'm currently working on a flash project with the following characteristics:
  using a PC
  2048x1080 pixels
  30 fps
  One audio file that plays (once) continuously across the whole project
  there are actions that relate to the audio, so the timing is important
  at least 10 scenes
  about 7 minutes long total
  current intent is for it to be played in a modern theater as a surprise
  What is the best practice for working on this project and then compiling it together?
  Do it all in one project file?
  Split the work into different project (xfl) files for each scene and then put it together when all the scenes are finalized?
  Use one project file but create different "scenes" for each respective scene?  I think this is the "classic" way (?).
  Make the scenes "movie clips" and then insert them into the timeline with the audio as its own layer?
  Other?
  I'm currently working on it by having it all in one project file.  But I've noticed that there's some lag (or it gets choppy) at certain parts during playback and the SWF history shows 3.1 MB with a yellow triangle with exclamation point symbol.  Thanks in advance. 

  you would only do that if it makes your job easier.  generally speaking, it would not.
  when trying to sync sound and animation i think most authors find it easiest to use graphic symbols because you can see their animation when scrubbing the main timeline.  with movieclips you only see their animation when testing.
  however, if you're going to use actionscript to control some of your symbols, those symbols should be movieclips.

• Best accessories for uMBP -- Cleaning and Protecting

  Hey guys,
  Just wondering what you guys use to clean your uMBP -- I've been using iKlear with the cloth they give us and I have no problem with that. Is there anything else that you guys use to clean the keys and casing? I only use the iKlear to clean the screen.
  Do you guys recommend keyboard protectors? I was looking at the Radtech Screensavrz and wondering if they were worth it -- I don't want the keyboard scuffing up my screen!! Will the laptop close fine with that keyboard guard in there?
  I also have an incase neoprene sleeve which I like (I've had it for 3 years from when I got my '06 MBP...but I'm not too fond of the zippers because they can easily scratch the casing when opening and closing it. Anybody found any cases that protect against this? I want something small -- not really in the market for a case with handles or extra pockets -- just something small that can easily fit into a backpack. Any suggestions on your favorite cases?
  Basically I just want to keep my uMBP in the best shape possible. Any suggestions are GREATLY appreciated!!

  COHagan wrote:
  +I wouldn't recommend using a keyboard cover while using your MBP because the space underneath the keys are part of the cooling system.. Moshi makes a nice keyboard cover, but Apple clearly says in the manual not to use these covers.. A microfiber cloth over the keyboard is fine when the MBP is off and closed, but probably not necessary.+
  I'm glad you posted this comment solsun but it raises a basic question - *Why does Apple sell the Moshi (and other) keyboard cover(s) as a MBP accessory through the Online (and I believe Retail) Apple Store?*
  Who knows? I'm not sure that Apple endorses everything they sell by third parties . If they did, why would they sell certain cases that scratch and leave marks on their products, or why would they sell notebook locks that damage the MBP frame?
  I'm not going to argue with someone who says that they haven't had any problems with the Moshi cover, but I do know that the space under the keys are definitely part of the MBP's cooling system. And the quote above about never covering the keyboard during operation is not something I made up, it is copied verbatim, directly from the MBP user manual..
  Message was edited by: solsun

• Best Solution for a Clean Screen.

  I've ran a couple searches but found answers that weren't really relevant to my question. I just wanted to know the best and easiest way to clean the Macbook Alu's screen. I have oil on my screen from finger prints and such and its really hard to get off.
  I just want a simple method to reduce and polish it, I'm not looking into using vinegar and all that stuff, for one because I have none and secondly I think there are way less smellier methods.
  Thanks!

  w7ox wrote:
  I use a cotton cloth (worn bandanna) or a micro-fiber cloth. I use only warm water, and not much of it -- no chemicals. Wipe the screen with the damp part of the cloth then wipe it dry with a dry part or a second cloth.
  Worked fine with my 2006 black MB and now with the new one.
  Phil
  Same here, water and micro-fibre. No chemicals at all.
  NOTE: DO NOT USE EYEGLASS CLEANING SOLUTIONS, THEY WILL DAMAGE YOUR SCREEN.
  deltatux

• Best practice for adding images to a RH8 HTML project?

  I'm working on a Word to RH8 HTML conversion. The images in Word are SNAG images but the resolution is poor and some of the images may need to be recreated from scratch again. Going forward I imagine I should work on getting them right in Snagit9. Any suggestions?

  For example, installation help topics dealing with install/uninstall screenshots for an application's client and server:
  client_dir_sum.gif
  client_dot_net.gif
  client_uninst_wlcm.gif
  server_wlcm.gif
  server_cfg_tomcat.gif
  server_success.gif
  server_uninst_wlcm.gif
  ...or, screenshots dealing with an Accounts window:
  acct_groups.gif
  acct_lookup.gif
  acct_lookup_btn.gif
  acct_templates.gif
  In other words, use cfg for configuration, dir for directory, btn for button, etc., and use either a function or application window as your lead, allowing you to see all related graphics in sequential order. If you've ever done any manual book indexing, think of this as Index entries/subentries, only the "entry" in file naming is your leading prefix (client_, acct_, etc.), and your subentries are the rest of each file name. Such as:
  Accounts
  configuring groups
  using lookup feature
  lookup button
  templates
  Use the same naming conventions for your topic file names as well; using this method eliminates the need for virtual folders. Many users on this forum use the folder structure, but editing/renaming/adding/deleting folders seems to very often create all sorts of grief. I find this naming structure to be less stressful.
  Good luck,
  Leon

• Best practice for how to access a set of wsdl and xsd files

  I've recently beeing poking around with the Oracle ESB, which requires a bunch of wsdl and xsd files from HOME/bpel/system/xmllib. What is the best practice for including these files in a BPEL project? It seems like a bad idea to copy all these files into every project that uses the ESB, especially if there are quite a few consumers of the bus. Is there a way I can reference this directory from the project so that the files can just stay in a common place for all the projects that use them?
  Bret

  Hi,
  I created a project (JDeveloper) with local xsd-files and tried to delete and recreate them in the structure pane with references to a version on the application server. After reopening the project I deployed it successfully to the bpel server. The process is working fine, but in the structure pane there is no information about any of the xsds anymore and the payload in the variables there is an exception (problem building schema).
  How does bpel know where to look for the xsd-files and how does the mapping still work?
  This cannot be the way to do it correctly. Do I have a chance to rework an existing project or do I have to rebuild it from scratch in order to have all the references right?
  Thanks for any clue.
  Bette

• What is the best program for cleaning MacBook Pro?, What is the best program for cleaning MacBook Pro?

  What is the best free program to clean MacBook Pro? One I can set for automatic clean-up

  Kappy's Personal Suggestions for OS X Maintenance
  For disk repairs use Disk Utility.  For situations DU cannot handle the best third-party utilities are: Disk Warrior;  DW only fixes problems with the disk directory, but most disk problems are caused by directory corruption; Disk Warrior 4.x is now Intel Mac compatible. Drive Genius provides additional tools not found in Disk Warrior.  Versions 1.5.1 and later are Intel Mac compatible. An outstanding source of information is OS X Maintenance - MacAttorney.
  OS X performs certain maintenance functions that are scheduled to occur on a daily, weekly, or monthly period. The maintenance scripts run in the early AM only if the computer is turned on 24/7 (no sleep.)
  If you are using a pre-Leopard version of OS X, then an excellent solution is to download and install a shareware utility such as Macaroni, JAW PseudoAnacron, or Anacron that will automate the maintenance activity regardless of whether the computer is turned off or asleep.  Dependence upon third-party utilities to run the periodic maintenance scripts was significantly reduced since Tiger.  (These utilities have limited or no functionality with Snow Leopard, Lion, or Mountain Lion and should not be installed.)
  OS X automatically defragments files less than 20 MBs in size, so unless you have a disk full of very large files there's little need for defragmenting the hard drive. As for virus protection there are few if any such animals affecting OS X. You can protect the computer easily using the freeware Open Source virus protection software ClamXAV. Personally I would avoid most commercial anti-virus software because of their potential for causing problems. For more about malware see Macintosh Virus Guide.
  I would also recommend downloading a utility such as TinkerTool System, OnyX 2.4.3, or Cocktail 5.1.1 that you can use for periodic maintenance such as removing old log files and archives, clearing caches, etc.
  For emergency repairs install the freeware utility Applejack.  If you cannot start up in OS X, you may be able to start in single-user mode from which you can run Applejack to do a whole set of repair and maintenance routines from the command line.  Note that AppleJack 1.5 is required for Leopard. AppleJack 1.6 is compatible with Snow Leopard. (There is no confirmation that this version also works with Lion or later.)
  When you install any new system software or updates be sure to repair the hard drive and permissions beforehand. I also recommend booting into safe mode before doing system software updates.
  Get an external Firewire drive at least equal in size to the internal hard drive and make (and maintain) a bootable clone/backup. You can make a bootable clone using the Restore option of Disk Utility. You can also make and maintain clones with good backup software. My personal recommendations are (order is not significant):
    1. Carbon Copy Cloner.
    2. Data Backup
    3. Deja Vu
    4. SuperDuper!
    5. SyncTwoFolders
    6. Synk Pro
    7. Synk Standard
    8. Tri-Backup
  Visit The XLab FAQs and read the FAQs on maintenance, optimization, virus protection, and backup and restore.
  Always have a current backup before performing any system updates or upgrades.
  Additional suggestions will be found in:    
        1. Mac Maintenance Quick Assist,
        2. Mac OS X speed FAQ,
        3. Speeding up Macs,
        4. Macintosh OS X Routine Maintenance,
        5. Essential Mac Maintenance: Get set up,
        6. Essential Mac Maintenance: Rev up your routines,
        7. Maintaining OS X, 
        8. Five Mac maintenance myths,
        9. How to Speed up Macs, and
      10. Myths of required versus not required maintenance for Mac OS X.
  Referenced software can be found at CNet Downloads or MacUpdate.
  Be sure you have an adequate amount of RAM installed for the number of applications you run concurrently. Be sure you leave a minimum of 10% of the hard drive's capacity or 20 GBs, whichever is greater, as free space.

• Where to find the best application for cleaning out my MacBook Air with OS X 10.7.5? I've been using MacKeeper but believe it's slowing down my laptop considerable.

  where to find the best application for cleaning out my MacBook Air with OS X 10.7.5? I've been using MacKeeper but believe it's slowing down my laptop considerable. Thank you.

  How to maintain a Mac
  1. Make redundant backups, keeping at least one off site at all times. One backup is not enough. Don’t back up your backups; make them independent of each other. Don’t rely completely on any single backup method, such as Time Machine. If you get an indication that a backup has failed, don't ignore it.
  2. Keep your software up to date. In the Software Update preference pane, you can configure automatic notifications of updates to OS X and other Mac App Store products. Some third-party applications from other sources have a similar feature, if you don’t mind letting them phone home. Otherwise you have to check yourself on a regular basis. This is especially important for complex software that modifies the operating system, such as device drivers. Before installing any Apple update, you must check that all such modifications that you use are compatible.
  3. Don't install crapware, such as “themes,” "haxies," “add-ons,” “toolbars,” “enhancers," “optimizers,” “accelerators,” "boosters," “extenders,” “cleaners,” "doctors," "tune-ups," “defragmenters,” “firewalls,” "barriers," “guardians,” “defenders,” “protectors,” most “plugins,” commercial "virus scanners,” "disk tools," or "utilities." With very few exceptions, this stuff is useless, or worse than useless. Above all, avoid any software that purports to change the look and feel of the user interface.
  The more actively promoted the product, the more likely it is to be garbage. The most extreme example is the “MacKeeper” scam.
  As a rule, the only software you should install is that which directly enables you to do the things you use a computer for — such as creating, communicating, and playing — and does not modify the way other software works. Use your computer; don't fuss with it.
  Safari extensions, and perhaps the equivalent for other web browsers, are a partial exception to the above rule. Most are safe, and they're easy to get rid of if they don't work. Some may cause the browser to crash or otherwise malfunction.  Some are malicious. Use with caution, and install only well-known extensions from relatively trustworthy sources, such as the Safari Extensions Gallery.
  Never install any third-party software unless you know how to uninstall it. Otherwise you may create problems that are very hard to solve.
  4. Beware of trojans. A trojan is malicious software (“malware”) that the user is duped into installing voluntarily. Such attacks were rare on the Mac platform until sometime in 2011, but are now increasingly common, and increasingly dangerous.
  There is some built-in protection against downloading malware, but you can’t rely on it — the attackers are always at least one day ahead of the defense. You can’t rely on third-party protection either. What you can rely on is common-sense awareness — not paranoia, which only makes you more vulnerable.
  Never install software from an untrustworthy or unknown source. If in doubt, do some research. Any website that prompts you to install a “codec” or “plugin” that comes from the same site, or an unknown site, is untrustworthy. Software with a corporate brand, such as Adobe Flash Player, must be acquired directly from the developer. No intermediary is acceptable, and don’t trust links unless you know how to parse them. Any file that is automatically downloaded from a web page without your having requested it should go straight into the Trash. A website that claims you have a “virus,” or that anything else is wrong with your computer, is rogue.
  In OS X 10.7.5 or later, downloaded applications and Installer packages that have not been digitally signed by a developer registered with Apple are blocked from loading by default. The block can be overridden, but think carefully before you do so.
  Because of recurring security issues in Java, it’s best to disable it in your web browsers, if it’s installed. Few websites have Java content nowadays, so you won’t be missing much. This action is mandatory if you’re running any version of OS X older than 10.6.8 with the latest Java update. Note: Java has nothing to do with JavaScript, despite the similar names. Don't install Java unless you're sure you need it. Most people don't.
  5. Don't fill up your boot volume. A common mistake is adding more and more large files to your home folder until you start to get warnings that you're out of space, which may be followed in short order by a boot failure. This is more prone to happen on the newer Macs that come with an internal SSD instead of the traditional hard drive. The drive can be very nearly full before you become aware of the problem. While it's not true that you should or must keep any particular percentage of space free, you should monitor your storage consumption and make sure you're not in immediate danger of using it up. According to Apple documentation, you need at least 9 GB of free space on the startup volume for normal operation.
  If storage space is running low, use a tool such as the free application OmniDiskSweeper to explore your volume and find out what's taking up the most space. Move rarely-used large files to secondary storage.
  6. Relax, don’t do it. Besides the above, no routine maintenance is necessary or beneficial for the vast majority of users; specifically not “cleaning caches,” “zapping the PRAM,” "resetting the SMC," “rebuilding the directory,” "defragmenting the drive," “running periodic scripts,” “dumping logs,” "deleting temp files," “scanning for viruses,” "purging memory," "checking for bad blocks," "testing the hardware," or “repairing permissions.” Such measures are either completely pointless or are useful only for solving problems, not for prevention.
  The very height of futility is running an expensive third-party application called “Disk Warrior” when nothing is wrong, or even when something is wrong and you have backups, which you must have. Disk Warrior is a data-salvage tool, not a maintenance tool, and you will never need it if your backups are adequate. Don’t waste money on it or anything like it.

• Best application for cleaning my files

  Best application for cleaning my files?

  How to maintain a Mac
  1. Make redundant backups, keeping at least one off site at all times. One backup is not enough. Don’t back up your backups; make them independent of each other. Don’t rely completely on any single backup method, such as Time Machine. If you get an indication that a backup has failed, don't ignore it.
  2. Keep your software up to date. In the Software Update preference pane, you can configure automatic notifications of updates to OS X and other Mac App Store products. Some third-party applications from other sources have a similar feature, if you don’t mind letting them phone home. Otherwise you have to check yourself on a regular basis. This is especially important for complex software that modifies the operating system, such as device drivers. Before installing any Apple update, you must check that all such modifications that you use are compatible.
  3. Don't install crapware, such as “themes,” "haxies," “add-ons,” “toolbars,” “enhancers," “optimizers,” “accelerators,” “extenders,” “cleaners,” "doctors," "tune-ups," “defragmenters,” “firewalls,” "barriers," “guardians,” “defenders,” “protectors,” most “plugins,” commercial "virus scanners,” "disk tools," or "utilities." With very few exceptions, this stuff is useless, or worse than useless.
  The more actively promoted the product, the more likely it is to be garbage. The most extreme example is the “MacKeeper” scam.
  As a rule, the only software you should install is that which directly enables you to do the things you use a computer for — such as creating, communicating, and playing — and does not modify the way other software works. Use your computer; don't fuss with it.
  Never install any third-party software unless you know how to uninstall it. Otherwise you may create problems that are very hard to solve.
  The free anti-malware application ClamXav is not crap, and although it’s not routinely needed, it may be useful in some environments, such as a mixed Mac-Windows enterprise network.
  4. Beware of trojans. A trojan is malicious software (“malware”) that the user is duped into installing voluntarily. Such attacks were rare on the Mac platform until sometime in 2011, but are now increasingly common, and increasingly dangerous.
  There is some built-in protection against downloading malware, but you can’t rely on it — the attackers are always at least one day ahead of the defense. You can’t rely on third-party protection either. What you can rely on is common-sense awareness — not paranoia, which only makes you more vulnerable.
  Never install software from an untrustworthy or unknown source. If in doubt, do some research. Any website that prompts you to install a “codec” or “plugin” that comes from the same site, or an unknown site, is untrustworthy. Software with a corporate brand, such as Adobe Flash Player, must be acquired directly from the developer. No intermediary is acceptable, and don’t trust links unless you know how to parse them. Any file that is automatically downloaded from a web page without your having requested it should go straight into the Trash. A website that claims you have a “virus,” or that anything else is wrong with your computer, is rogue.
  In OS X 10.7.5 or later, downloaded applications and Installer packages that have not been digitally signed by a developer registered with Apple are blocked from loading by default. The block can be overridden, but think carefully before you do so.
  Because of recurring security issues in Java, it’s best to disable it in your web browsers, if it’s installed. Few websites have Java content nowadays, so you won’t be missing much. This action is mandatory if you’re running any version of OS X older than 10.6.8 with the latest Java update. Note: Java has nothing to do with JavaScript, despite the similar names. Don't install Java unless you're sure you need it. Most users don't.
  5. Don't fill up your boot volume. A common mistake is adding more and more large files to your home folder until you start to get warnings that you're out of space, which may be followed in short order by a boot failure. This is more prone to happen on the newer Macs that come with an internal SSD instead of the traditional hard drive. The drive can be very nearly full before you become aware of the problem. While it's not true that you should or must keep any particular percentage of space free, you should monitor your storage consumption and make sure you're not in immediate danger of using it up. According to Apple documentation, you need at least 9 GB of free space on the startup volume for normal operation.
  If storage space is running low, use a tool such as the free application OmniDiskSweeper to explore your volume and find out what's taking up the most space. Move rarely-used large files to secondary storage.
  6. Relax, don’t do it. Besides the above, no routine maintenance is necessary or beneficial for the vast majority of users; specifically not “cleaning caches,” “zapping the PRAM,” "resetting the SMC," “rebuilding the directory,” "defragmenting the drive," “running periodic scripts,” “dumping logs,” "deleting temp files," “scanning for viruses,” "purging memory," "checking for bad blocks," or “repairing permissions.” Such measures are either completely pointless or are useful only for solving problems, not for prevention.
  The very height of futility is running an expensive third-party application called “Disk Warrior” when nothing is wrong, or even when something is wrong and you have backups, which you must have. Disk Warrior is a data-salvage tool, not a maintenance tool, and you will never need it if your backups are adequate. Don’t waste money on it or anything like it.

• What is the best app for cleaning up the hard drive?

  What is the best app for cleaning up the hard drive?

  No such application needed.
  Leave 10 to 15% disk space free.
  Restart once in a while.
  Keep a backup, clone preferably.
  If there is any problem with the disk, repair disk.
      Repair Disk
      Steps 1 through 7
      http://support.apple.com/kb/PH5836
  Best.

• Best practices for ARM - please help!!!

  Hi all,
  Can you please help with any pointers / links to documents describing best practices for "who should be creating" the GRC request in below workflow of ARM in GRC 10.0??
  Create GRC request -> role approver -> risk manager -> security team
  options are : end user / Manager / Functional super users / security team.
  End user and manager not possible- we can not train so many people. Functional team is refusing since its a lot of work. Please help me with pointers to any best practices documents.
  Thanks!!!!

  In this case, I recommend proposing that the department managers create GRC Access Requests.  In order for the managers to comprehend the new process, you should create a separate "Role Catalog" that describes what abilities each role enables.  This Role Catalog needs to be taught to the department Managers, and they need to fully understand what tcodes and abilities are inside of each role.  From your workflow design, it looks like Role Owners should be brought into these workshops.
  You might consider a Role Catalog that the manager could filter on and make selections from.  For example, an AP manager could select "Accounts Payable" roles, and then choose from a smaller list of AP-related roles.  You could map business functions or tasks to specific technical roles.  The design flaw here, of course, is the way your technical roles have been designed.
  The point being, GRC AC 10 is not business-user friendly, so using an intuitive "Role Catalog" really helps the managers understand which technical roles they should be selecting in GRC ARs.  They can use this catalog to spit out a list of technical role names that they can then search for within the GRC Access Request.
  At all costs, avoid having end-users create ARs.  They usually select the wrong access, and the process then becomes very long and drawn out because the role owners or security stages need to mix and match the access after the fact.  You should choose a Requestor who has the highest chance of requesting the correct access.  This is usually the user's Manager, but you need to propose this solution in a way that won't scare off the manager - at the end of the day, they do NOT want to take on more work.
  If you are using SAP HR, then you can attempt HR Triggers for New User Access Requests, which automatically fill out and submit the GRC AR upon a specific HR action (New Hire, or Termination).  I do not recommend going down this path, however.  It is very confusing, time consuming, and difficult to integrate properly.
  Good luck!
  -Ken

• What are best practice for packaging and deploying j2EE apps to iAS?

  We've been running a set of J2EE applications on a pair of iAS SP1b for about a year and it has been quite stable.
  Recently however we have had a number of LDAP issues, particularly when registering and unregistering applications (registering ear files sometimes fails 1st time but may work 2nd time). Also We've noticed very occasionally that old versions of classes sometimes find their way onto our machines.
  What is considered to be best practice in terms of packaging and deployment, specifically:
  1) Packaging - using the deployTool that comes with iAS6 SP1b to package is a big manual task, especially when you have 200+ jsp files. Are people out there using this or are they scripting it with a build tool such as Ant?
  2) Deploying an existing application to multiple iAS's. Are you guys unregistering old application then reregistering new application? Are you shutting down iAS whilst doing the deployment?
  3) Deploying ear files can take 5 to 10 mins, is this normal?
  4) In a clustered scenario where HTTPSession is shared what are the consequences of doing deployments to data stored in session?
  thanks in asvance for your replies
  Owen

  You may want to consider upgrading your application server environment to a newer service pack. There are numerous enhancements involving the deployment tool and run time layout of your application that make clear where you're application is loading its files from.
  If you've at a long running application server environment, with lots of deployments under your belt, you might start to notice slow downs in deployment and kjs start time. Generally this is due to garbage collecting in your iAS registry.
  You can do several things to resolve this. The most complete solution is to reinstall the application server. This will guarantee a clean ldap registry. Of course you've got to restablish your configurations and redeploy your applications. When done, backup your application server install space with the application server and directory server off. You can use this backup to return to a known configuation at some future time.
  For the second method: <B>BE CAREFUL - BACKUP FIRST</B>
  There is a more exhaustive solution that involves examining your deployed components to determine the active GUIDS. You then search the NameTrans section of the registry searching for Applogic Servlet *, and Bean * entries that represent your previously deployed components but are represented in the set of deployed GUIDs. Record these older GUIDs, remove them from ClassImp and ClassDef. Finally remove the older entries from NameTrans.
  Best practices for deployment depend on your particular environmental needs. Many people utilize ANT as a build tool. In later versions of the application server, complete ANT scripts are included that address compiling, assembly and deployment. Ant 1.4 includes iAS specific targets and general J2EE targets. There are iAS specific targets that can be utilized with the 1.3 version. Specialized build targets are not required however to deploy to iAS.
  Newer versions of the deployment tool allow you to specify that JSPs are not to be registered automatically. This can be significant if deployment times lag. Registered JSP's however benefit more fully from the services that iAS offers.
  2) In general it is better to undeploy then redeploy. However, if you know that you're not changing GUIDs, recreating an existing application with new GUIDs, or removing registered components, you may avoid the undeploy phase.
  If you shut down the KJS processes during deployment you can eliminate some addition workload on the LDAP server which really gets pounded during deployment. This is because the KJS processes detect changes and do registry loads to repopulate their caches. This can happen many times during a deployment and does not provide any benefit.
  3) Deploying can be a lengthy process. There have been improvements in that performance from service pack to service pack but unfortunately you wont see dramatic drops in deployment times.
  One thing you can do to reduce deployment times is to understand the type of deployment. If you have not manipulated your deployment descriptors in any way, then there is no need to deploy. Simply drop your newer bits in to the run time space of the application server. In later service packs this means exploding the package (ear,war, or jar) in to the appropriate subdirectory of the APPS directory.
  4) If you've changed the classes of objects that have been placed in HTTPSession, you may find that you can no longer utilize those objects. For that reason, it is suggested that objects placed in session be kept as simple as possible in order to minimize this effect. In general however, is not a good idea to change a web application during the life span of a session.

• Best practice for a deplomyent (EAR containing WAR/EJB) in a productive environment

  Hi there,
  I'm looking for some hints regarding to the best practice deployment in a productive
  environment (currently we are not using a WLS-cluster);
  We are using ANT for buildung, packaging and (dynamic) deployment (via weblogic.Deployer)
  on the development environment and this works fine (in the meantime);
  For my point of view, I would like to prefere this kind of Deploment not only
  for the development, also for the productive system.
  But I found some hints in some books, and this guys prefere the static deployment
  for the p-system.
  My question now:
  Could anybody provide me with some links to some whitepapers regarding best practice
  for a deployment into a p-system ??
  What is your experiance with the new two-phase-deploment coming up with WLS 7.0
  Is it really a good idea to use the static deployment (what is the advantage of
  this kind of deployment ???
  THX in advanced
  -Martin

  Hi Siva,
  What best practise are you looking for ? If you can be specific on your question we could provide appropriate response.
  From my basis experience some of the best practices.
  1) Productive landscape should have high availability to business. For this you may setup DR or HA or both.
  2) It should have backup configured for which restore has been already tested
  3) It should have all the monitoring setup viz application, OS and DB
  4) Productive client should not be modifiable
  5) Users in Production landscape should have appropriate authorization based on SOD. There should not be any SOD conflicts
  6) Transport to Production should be highly controlled. Any transport to Production should be moved only with appropriate Change Board approvals.
  7) Relevant Database and OS security parameters should be tested before golive and enabled
  8) Pre-Golive , Post Golive should have been performed on Production system
  9) EWA should be configured atleast for Production system
  10) Production system availability using DR should have been tested
  Hope this helps.
  Regards,
  Deepak Kori