Best practice dns in a small environment

Similar Messages

• Best Practice for Managing a BPC Environment?

  My company is currently running a BPC 5.1 MS environment and will soon be upgrading to version 7.0 MS.  I was wondering if there is a white paper or some guidance that anyone can give with regard to the best practice for managing a BPC environment.  Which brings to light several questions in my mind:
  1.  Which department(s) in a company should u201Cownu201D the BPC application? 
  2. If both, whatu2019s SAPu2019s recommendation for segregation of duties?
  3. What roles should exist within our company to manage BPC?
  4. What type(s) of change control is SAPu2019s u201CBest Practiceu201D?
  We are currently evaluating the best way to manage the system across multiple departments, however there is no real business ownership in the system, which seems to be counter to the reason for having BPC as a solution in the first place.
  Any guidance on this would be very much appreciated.

  My company is currently running a BPC 5.1 MS environment and will soon be upgrading to version 7.0 MS.  I was wondering if there is a white paper or some guidance that anyone can give with regard to the best practice for managing a BPC environment.  Which brings to light several questions in my mind:
  1.  Which department(s) in a company should u201Cownu201D the BPC application? 
  2. If both, whatu2019s SAPu2019s recommendation for segregation of duties?
  3. What roles should exist within our company to manage BPC?
  4. What type(s) of change control is SAPu2019s u201CBest Practiceu201D?
  We are currently evaluating the best way to manage the system across multiple departments, however there is no real business ownership in the system, which seems to be counter to the reason for having BPC as a solution in the first place.
  Any guidance on this would be very much appreciated.

• Best practice DNS in VPN environment for Lync2013 clients

  So I do have those site2site VPNs to connect the small branch offices to the main office. Internal DNS makes sure, that the branch offices can acess all the servers/services in the main office with their domain.local namespace.
  In such a scenario will the Lync2013 clients connect through the VPN to the internal sites due to both lyncdiscover and lyncdiscoverinternal being available?
  Wouldn't it cause way less burden on the VPN routers if clients would simply go out to the internet and connect from the external side so all the Lync traffic does not have to be stuffed through the VPN pipe? I dont see the point to encrypt the traffice
  once more.
  Thanks for your suggestions about best practices!
  HST

    Hi,
  When users connect to the corporate network using a VPN client, Lync media traffic is sent through the VPN tunnel. This configuration can create additional latency and jitter because media traffic must pass through an additional layer of encryption and
  decryption. The issue is compounded when the VPN concentrator is busy.
  If you want to connect Lync server from public network you need to deploy an Edge server.
  The solution to force VPN traffic through the Edge Servers must allow external Lync clients connected through VPN, you can refer to the part of "Solution Configuration" in the link below:
   http://blogs.technet.com/b/nexthop/archive/2011/11/15/enabling-lync-media-to-bypass-a-vpn-tunnel.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Best Practices for AD and Windows Environment

  Hello Everyone,
  I need to create a document having the best practices for AD containing best practices for DNS, DHCP, AD Structure, Group Policy, Trust Etc.
  I just need the best practices irrespective of what is implemented in our company.
  I just need to create a document for analysis as of now. I searched over the internet but could not find much. I would request you all to pour in your suggestions from where i can find those.
  If anyone could send me or point me the link. I am pretty new to the technology, so need your help.
  Thanks in Advance

  I have an article where I shared the best practices to use to avoid known AD/DNS issues: http://www.ahmedmalek.com/web/fr/articles.asp?artid=23
  However, you need first to identify your requirements and based on these requirements, you can identify what should be implemented on your environment and how to manage it. The basics here is that you need to have at least two DC/DNS/GC servers per AD domain
  for the High Availability. You need also to take a system state backup of at least one DC/DNS/GC server in your domain. As for DHCP, you can use 50/50 or 80/20 DHCP rule depending on your setup.
  You can also refer to that: https://technet.microsoft.com/en-us/library/cc754678%28v=ws.10%29.aspx
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Best practice: Deployment plan for cluster environment

  Hi All,
  I want to know, which way is the best practice for preparing and deploying new configuration for WLS-cluster environment. How can I plan a simultan deployment of ALL of nodes, with out single point of failure?
  Regards,
  Moh

  Hi All,
  I get the Answer as followed:
  When you deploy an application OR redeploy an application, the deployment is initiated from the Admin Server and it it initiated on all targets (managed servers in the cluster) at the same time based on targets (which is expected to be cluster).
  We recommend that applications should be targeted to a cluster instead of individual servers whenever a cluster configuration is available.
  So, as long as you target the application to the cluster, the admin server will initiate the deployment on all the servers in a cluster at the same type, so application is in sync on all servers.
  Hope that answers your queries. If not, please let me know what exactly you mean by synchronization.
  Regards,
  Moh

• Best Practices for zVM/SLES10/zDB2 environment for dialog instances.

  Hi,  I am a zSeries system programmer who has just completed an IBM led Proof of Concept which demonstrated the viability of running SAP instances on SUSE SLES10 Linux booted in zVM guests and accessing zDB2 data via hipersockets. Before we build a Linux infrastructure using the 62 IFLs we just procured, we are wondering if any best practices for this environment have been developed as an OSS note or something else by SAP.    Below you will find an email which was sent and responded to by IBM and Novell on these topics...
  "As you may know, Home Depot has embarked on an IBM led proof of concept using SUSE SLES10 running in zVM guests on IBM zSeries hardware to host SAP server instances.  The Home Depot IT organization is currently in the midst of a large scale push to modernize our merchandising and people systems on SAP platforms.  The zVM/SUSE/SAP POC is part of that effort, as is a parallel POC of an Intel Blade/Red Hat/SAP platform.  For our production financial systems we now use a pSeries/AIX/SAP platform.
        So far in the zVM/SUSE/SAP POC, we have been able to create four zVM LPARS on IBM z9 hardware, create twelve zVM guests on those LPARS, boot SLES10 in those guests, install and run SAP instances in those guests using hipersockets for access to our DB2 SAP databases running on zOS, and direct user workloads to the SAP instances with good results.  We have also successfully developed cloning scripts that have made it possible to create new SLES10 instances, configured and ready for SAP installs, in about 10 seconds using FLASHCOPY and IBM DASD.
        I am writing in the hope that you can direct us to technical resources at IBM/Novell/SAP who may be able to field a few questions that have arisen.  In our discussions about optimization of the zVM/SUSE/SAP platform, we wondered if any wisdom about the appropriateness of and support for using zVM capabilities to virtualize SAP has ever been developed or any best practices drafted.  Attached you will find an IBM Redbook and a PowerPoint presentation which describes the use of the zVM discontiguous shared segments and the zVM named saved system features for the sharing of reentrant code and other  elements of Linux and its applications, thereby conserving storage and disk resources allocated to guest machines.   The specific question of the hour is, can any SAP code be handled similarly?  Have specific SAP elements eligible for this treatment been identified? 
        I've searched the SUSE Knowledgebase for articles on this topic to no avail.  Any similar techniques that might help us reduce the total cost of ownership of a zVM/SUSE/SAP platform as we compare it to Intel Blade/Red Hat/SAP and pSeries/AIX/SAP platforms are of great interest as we approach the end of our POC.  Can you help?
        Greg McKelvey is a Client I/T Architect at IBM.  He found the attached IBM documents and could give a fuller account of our POC.  Pat Downs, IBM zSeries IT Architect, has also worked to guide our POC. Akshay Rao, IBM Systems IT Specialist - Linux | Virtualization | SOA, is acting as project manager for the POC.  Jim Hawkins is the Home Depot Architect directing the POC.  I've CC:ed their email addresses.  I am sure they would be pleased to hear from you if there are the likely questions about what the heck I am asking about here.  And while writing, I thought of yet another question that I hoping somebody at SAP might weigh in on; are there any performance or operational benefits to using Linux LVM to apportion disk to filesystems vs. using zVM to create appropriately sized minidisks for filesystems without LVM getting involved?"
  As you can see, implementation questions need to be resolved.  We have heard from Novell that the SLES10 Kernel and other SUSE artifacts can reside in memory and be shared by multiple operating system images.  Does SAP support this configuration?  Also, has SAP identified SAP components which are eligible for similar treatment?  We would like to make sure that any decisions we make about the SAP platforms we are building will be supportable.  Any help you can provide will be greatly appreciated.  I will supply the documents referenced above if they are not known to any answerer.  Thanks,  Al Brasher 770-433-8211 x11895 [email protected]

  Hello AL ,
  first, let me welcome you on board,  I am sure you won't be disapointed with your choice to run SAP on ZOS.
  as for your questions,
  it wan't easy to find them in this long post , so i suggest you take the time to write a short summary that contains a very short list of questions.
  as for answers.
  here are a few usefull sources of information :
  1. the sap on db2 for Z/os sdn page :
  SAP on DB2 for z/OS
  in it you can find 2 relevant docs :
  a. best practices for ...
  b. database administration for db2 udb for z/os .
  this second publication is excellent , apart from db2 specific info , it contains information on all the components of the sap on db2 for z/os like zlinux,z/vm and so on ...
  2. I can see that you are already familiar with the ibm redbooks , but it seems that you haven't taken the time to get the most out of that resource.
  from you post it is clear that you have found one usefull publication , but I know there are several.
  3. a few months ago I wrote a short post on a similar subject ,
  I'm sure its not exactly what you are looking for at this moment , but its a good start , and with some patience you may be able to get some answers.
  here's a link
  http://blogs.ittoolbox.com/sap/db2/archives/index-of-free-documentation-on-sap-db2-administration-14245
  good luck.
  omer brandis.

• Best practice for a deplomyent (EAR containing WAR/EJB) in a productive environment

  Hi there,
  I'm looking for some hints regarding to the best practice deployment in a productive
  environment (currently we are not using a WLS-cluster);
  We are using ANT for buildung, packaging and (dynamic) deployment (via weblogic.Deployer)
  on the development environment and this works fine (in the meantime);
  For my point of view, I would like to prefere this kind of Deploment not only
  for the development, also for the productive system.
  But I found some hints in some books, and this guys prefere the static deployment
  for the p-system.
  My question now:
  Could anybody provide me with some links to some whitepapers regarding best practice
  for a deployment into a p-system ??
  What is your experiance with the new two-phase-deploment coming up with WLS 7.0
  Is it really a good idea to use the static deployment (what is the advantage of
  this kind of deployment ???
  THX in advanced
  -Martin

  Hi Siva,
  What best practise are you looking for ? If you can be specific on your question we could provide appropriate response.
  From my basis experience some of the best practices.
  1) Productive landscape should have high availability to business. For this you may setup DR or HA or both.
  2) It should have backup configured for which restore has been already tested
  3) It should have all the monitoring setup viz application, OS and DB
  4) Productive client should not be modifiable
  5) Users in Production landscape should have appropriate authorization based on SOD. There should not be any SOD conflicts
  6) Transport to Production should be highly controlled. Any transport to Production should be moved only with appropriate Change Board approvals.
  7) Relevant Database and OS security parameters should be tested before golive and enabled
  8) Pre-Golive , Post Golive should have been performed on Production system
  9) EWA should be configured atleast for Production system
  10) Production system availability using DR should have been tested
  Hope this helps.
  Regards,
  Deepak Kori

• Best Practice for SUP and WSUS Installation on Same Server

  Hi Folks,
  I have a question, I am in process of deploying SCCM 2012 R2... I was in process of deploying Software Update Point on SCCM with one of the existing WSUS server installed on a separate server from SCCM.
  A debate has started with of the colleague who says that the using remote WSUS server is recommended by Microsoft because of the scalability security  that WSUS will be downloading the updates from Microsoft and SCCM should be working as downstream
  server to fetch updates from WSUS server.
  but according to my consideration it is recommended to install WSUS server on the same server where SCCM is installed... actually it is recommended to install WSUS on a site system and you can used the same SCCM server to deploy WSUS.
  please advice me the best practices for deploying SCCM and WSUS ... what Microsoft says about WSUS to be installed on same SCCM server OR WSUS should be on a separate server then the SCCM server ???
  awaiting your advices ASAP :)
  Regards, Owais

  Hi Don,
  thanks for the information, another quick one...
  the above mentioned configuration I did is correct in terms of planning and best practices?
  I agree with Jorgen, it's ok to have WSUS/SUP on the same server as your site server, or you can have WSUS/SUP on a dedicated server if you wish.
  The "best practice" is whatever suits your environment, and is a supported-by-MS way of doing it.
  One thing to note, is that if WSUS ever becomes "corrupt" it can be difficult to repair and sometimes it's simplest to rebuild the WSUS Windows OS. If this is on your site server, that's a big deal.
  Sometimes, WSUS goes wrong (not because of ConfigMgr)..
  Note that if you have a very large estate, or multiple primary site servers, you might have a CAS, and you would need a SUP on the CAS. (this is not a recommendation for a CAS, just to be aware)
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Skinning Best Practice

  I'm using JDeveloper 11g 11.1.1.2.0
  I've read both skinning documents on Building RIA and Webcenter with regards to skinning.
  But i'm wondering what is the best practice in an multi-application environment.
  To have a good picture of it, basically i have let's say 5 applications, and all of them uses the same skin. So what i did so far, is that i made a skin and have its images all packaged in a .jar file.
  This jar file, i add in EACH application in the WEB-INF\lib directory.
  My question is, is there a better way or what is the best way to handle skins in a multi-app scenario? Is the way i'm doing it, which is copy-pasting the .jar file in each of the project the right way? Or can there be a centralized directory for skinning?

  Certainly the later. We JAR our Skin as per the JDev Web Guide (http://download.oracle.com/docs/cd/E14571_01/web.1111/b31973/af_skin.htm#CHDBEDHI), then place it in a central directory. The JAR is then attached to each application's ViewController via Project Properties -> Libraries and Classpaths.
  Presumably a Maven deployment (we don't use Maven so I can't comment specifically) is also possible, but beyond scope of your question.
  CM.

• Any best practices for secondary interface/IP

  Hello,
  I am working for translate firewall from to ASA now.  As I know ASA did not support secondary interface IP. 
  However, my existing firewall setup is using this method to bind different subnet into single Interface. 
  Did any best practices to migrate into ASA environment?
  Thanks!

  Hi,
  This depends on your current environment which we dont know about.
  As ASA firewalls can not have secondary IP addresses on a single interface then the typical options would be to either
  Move the gateway of these internal subnets (which need to be under the same interface) to an internal L3 switch or Router. Then configure a link network between that device and the ASA interface and route the subnets through that link subnet.
  Configure the subnets to different ASA interface (actual physical interfaces or subinterface if using Trunking) and separate those subnets to different Vlans on your switch network (or if not using Vlans then simply to different switches)
  I guess it would also be possible to have 2 separate physical ASA interfaces connected to the same network switch network (Vlan) where the 2 subnet are used and just configure the other gateway on the other interface and the other subnet on the other physical interface. I would assume it could work but I am really hesitant to even write this as this would certainly be something that I would not even consider unless in some really urgent situation where there was no other options (for some reason).
  - Jouni

• DNS best practice in local domain network of Windows 2012?

  Hello.
  We have a small local domain network in our office. Which one is the best practice for the DNS: to setup a DNS in our network forwarding to public DNSs or directly using public DNS in all computers including
  server?
  Thanks.
  Selim

  Hi Selim,
  Definately the first option  "setup a DNS in our network forwarding to public DNSs " and all computers including server has local DNS configured
  Even better best practice would be, this local DNS points to a standalone DNS server in DMZone which queries the public DNS.
  Using a centralized DNS utilizes the DNS cache to answer similar queries, resulting in faster response time, less internet usage for repeated queries.
  Also an additional DNS layer helps protect your internal DNS data from attackers out in the internet.
  Using internal DNS on all the computer will also help you host intranet websites and accessibility to them directly. Moreover when you are on a AD domain, you need to have the computers DNS configured properly for AD authentication to happen.
  Regards,
  Satyajit
  Please “Vote As Helpful”
  if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• DNS Configured-Best Practice on Snow Leopard Server?

  How many of you configure and run DNS on your Snow Leopard server as a best practice, even if that server is not the primary DNS server on the network, and you are not using Open Directory? Is configuring DNS a best practice if your server has a FQDN name? Does it run better?
  I had an Apple engineer once tell me (this is back in the Tiger Server days) that the servers just run better when DNS is configured correctly, even if all you are doing is file sharing. Is there some truth to that?
  I'd like to hear from you either way, whether you're an advocate for configuring DNS in such an environment, or if you're not.
  Thanks.

  Ok, local DNS services (unicast DNS) are typically straightforward to set up, very useful to have, and can be necessary for various modern network services, so I'm unsure why this is even particularly an open question.  Which leads me to wonder what other factors might be under consideration here; of what I'm missing.
  The Bonjour mDNS stuff is certainly very nice, too.  But not everything around supports Bonjour, unfortunately.
  As for being authoritative, the self-hosted out-of-the-box DNS server is authoritative for its own zone.  That's how DNS works for this stuff.
  And as for querying other DNS servers from that local DNS server (or, if you decide to reconfigure it and deploy and start using DNS services on your LAN), then that's how DNS servers work.
  And yes, the caching of DNS responses both within the DNS clients and within the local DNS server is typical.  This also means that there is need no references to ISP or other DNS servers on your LAN for frequent translations; no other caching servers and no other forwarding servers are required.

• Best practices for setting up users on a small office network?

  Hello,
  I am setting up a small office and am wondering what the best practices/steps are to setup/manage the admin, user logins and sharing privileges for the below setup:
  Users: 5 users on new iMacs (x3) and upgraded G4s (x2)
  Video Editing Suite: Want to connect a new iMac and a Mac Pro, on an open login (multiple users)
  All machines are to be able to connect to the network, peripherals and external hard drive. Also, I would like to setup drop boxes as well to easily share files between the computers (I was thinking of using the external harddrive for this).
  Thank you,

  Hi,
  Thanks for your posting.
  When you install AD DS in the hub or staging site, disconnect the installed domain controller, and then ship the computer to the remote site, you are disconnecting a viable domain controller from the replication topology.
  For more and detail information, please refer to:
  Best Practices for Adding Domain Controllers in Remote Sites
  http://technet.microsoft.com/en-us/library/cc794962(v=ws.10).aspx
  Regards.
  Vivian Wang

• Best practices to share 4 printers on small network running Server 2008 R2 Standard (service pack 1)

  Hello, 
  I'm a new IT admin at a small company (10-12 PCs running Windows 7 or 8) which has 4 printers. I'd like to install the printers either connected to the server or as wireless printers (1 is old enough to require
  a USB connection to a PC, no network capability), such that every PC has access to each printer.
  Don't worry about the USB printer - I know it's not the best way to share a printer, but it's not a critical printer; I just want it available when its PC is on.
  I've read a lot about the best way to set up printers, including stuff about group policy and print server, but I am not a network administrator, and I don't really understand any of it. I'd just like to install
  the drivers on the server or something, and then share them. Right now all the printers do something a little different: one is on a WSD port, two has a little "shared" icon, one has the icon but also a "network" icon... it's very confusing.
  Can anyone help me with a basic setup that I can do for each printer?
  p.s. they all have a reserved IP address.
  Thanks,
  Laura

  may need to set print server... maybe helpful.
  http://www.techiwarehouse.com/engine/9aa10a93/How-to-Share-Printer-in-Windows-Server-2008-R2
  http://blogs.technet.com/b/yongrhee/archive/2009/09/14/best-practices-on-deploying-a-microsoft-windows-server-2008-windows-server-2008-r2-print-server.aspx
  http://joeit.wordpress.com/2011/06/08/how-do-i-share-a-printer-from-ws2008-r2-to-x86-clients-or-all-printers-should-die-in-a-fire/
  Best,
  Howtodo

• Best Practice for FlexConnect Wireless roaming in MediaNet environment?

  Hello!
  Current Cisco best practice recommendations for enterprise MediaNet design, specify that VLANs be local to a switch / switch stack (i.e., to limit the scope of spanning-tree). 
  In the wireless world, this causes problems if you want users while roaming to keep real-time applications up and running.  Every time they connect to a new AP on a different VLAN, then they will need to get a new IP address, which interrupts real-time apps. 
  So...best practice for LAN users causes real problems for wireless users.
  I thought I'd post here in case there's a best practice for implementing wireless roaming in a routed environment that we might have missed so far!
  We have a failover pair of FlexConnect 7510s, btw, configured for local switching for Internal users, and central switching with an anchor controller on the DMZ for Guest users.
  Thanks,
  Deb

  Thanks for your replies, Stephen and JSnyder.
  The situation here is that the original design engineer is no longer here, and the original design was not MediaNet-friendly, in that it had a very few /20 subnets bridged over entire large sites. 
  These several large sites (with a few hundred wireless users per site), are connected to an HQ location (where the 7510s in failover mode are installed) via 1G ethernet hand-offs (MPLS at the WAN provider).  The 7510s are new, and are replacing older contollers at the HQ location. 
  The internal employee wireless users use resources both local to their site, as well as centralized resources.  There are at least as many Guest wireless users per site as there are internal employee users, and the service to them consists of Internet traffic only.  (When moved to the 7510s, their traffic will continue to be centrally switched and carried to an anchor controller in the DMZ.) 
  (1) So, going local mode seems impractical due to the sheer number of users whose traffic bound for their local site would be traversing the WAN twice.  Too much bandwidth would be used.  So, that implies the need to use Flex / HREAP mode instead.
  (2) However, re-designing each site's IP environment for MediaNet would suggest to go routed to the closet.  However, this breaks seamless roaming for users....
  So, this conundrum is why I thought I'd post here, and see if there was some other cool / nifty solution I wasn't yet aware of. 
  The only other (possibly friendly to both needs) solution I'd thought of was to GRE tunnel a subnet from each closet to the collapsed Core / Disti switch at each site.  Unfortunately, GRE tunnels are not supported in the rev of IOS on the present equipment, and so it isn't possible to try this idea.
  Another "blue sky" idea I had (not for this customer, but possibly elsewhere in the future), is to use LAN switches such as 3850s that have WLC functionality built-in.  I haven't yet worked with the WLC s/w available on those, but I was thinking it looks like they could be put into a mobility group, and L3 user roaming between them might then work.  Do you happen to know if this might be a workable solution to the overall big-picture problem? 
  Thanks again for taking the time and trouble to reply!
  Deb