Best Practice For Secure File Sharing?
I'm a newbie to both OX X Server and File Sharing protocols, so please excuse my ignorance...
My client would like to share folders in the most secure way possible; I was considering that what might be the best way would be for them to VPN into the server and then view the files through the VPN tunnel; my only issue with this is that I have no idea how to open up File Sharing to ONLY allow users who are connecting from the VPN (i.e. from inside of the internal network)... I don't see any options in Server Admin to restrict users in that way....
I'm not afraid of the command line, FYI, I just don't know if this is:
1. Possible!
And 2. The best way to ensure secure AND encrypted file sharing via the server...
Thanks for any suggestions!
my only issue with this is that I have no idea how to open up File Sharing to ONLY allow users who are connecting from the VPN
Simple - don't expose your server to the outside world.
As long as you're running on a NAT network behind some firewall or router that's filtering traffic, no external traffic can get to your server unless you setup port forwarding - this is the method used to run, say, a public web server where you tell the router/firewall to allow incoming traffic on port 80 to get to your server.
If you don't setup any port forwarding, no external traffic can get in.
There are additional steps you can take - such as running the software firewall built into Mac OS X to tell it to only accept network connections from the local network, but that's not necessary in most cases.
And 2. The best way to ensure secure AND encrypted file sharing via the server...
VPN should take care of most of your concerns - at least as far as the file server is concerned. I'd be more worried about what happens to the files once they leave the network - for example have you ensured that the remote user's local system is sufficiently secured so that no one can get the documents off his machine once they're downloaded?
Similar Messages
-
Best Practice for Securing Web Services in the BPEL Workflow
What is the best practice for securing web services which are part of a larger service (a business process) and are defined through BPEL?
They are all deployed on the same oracle application server.
Defining agent for each?
Gateway for all?
BPEL security extension?
The top level service that is defined as business process is secure itself through OWSM and username and passwords, but what is the best practice for security establishment for each low level services?
Regards
FarbodIt doesnt matter whether the service is invoked as part of your larger process or not, if it is performing any business critical operation then it should be secured.
The idea of SOA / designing services is to have the services available so that it can be orchestrated as part of any other business process.
Today you may have secured your parent services and tomorrow you could come up with a new service which may use one of the existing lower level services.
If all the services are in one Application server you can make the configuration/development environment lot easier by securing them using the Gateway.
Typical probelm with any gateway architecture is that the service is available without any security enforcement when accessed directly.
You can enforce rules at your network layer to allow access to the App server only from Gateway.
When you have the liberty to use OWSM or any other WS-Security products, i would stay away from any extensions. Two things to consider
The next BPEL developer in your project may not be aware of Security extensions
Centralizing Security enforcement will make your development and security operations as loosely coupled and addresses scalability.
Thanks
Ram -
Best practices for office 365 SHARED CALENDAR for whole school / organization
hi
we need guidance on best practice for setting up SHARED CALENDAR on Office365 exchange server for entire organization (school)of150 staff.
Requirements
+ all staff should have read only / reviewer permissions on calendar
+handful staff should have editor permissions on calendar
+ the calendar should synchronise custom categories and colors
Current Solution
at the moment we have found that a shared mailbox is the best solution because;
- allusers can add the shared mailbox on outlook 2010as additional mailbox as readonly
- all the categories & colors for the calendarare automatically synchronised because the color categories are stored within this mailbox.
- you can edit calendar permissions in outlook to allow some users as "editor" of the calendar.Problem with Current Solution
the problem however is that the users also need to access this...
This topic first appeared in the Spiceworks CommunityHi Aleksei,
I think Inactive mailboxes in Exchange Online is the feature that you want. This feature makes it possible for you to preserve (store and archive) the contents of deleted mailboxes indefinitely.
A mailbox becomes inactive when an In-Place Hold or a
Litigation Hold is placed on the mailbox before the corresponding Office 365 user account is deleted.
But I'm afraid that it might be impossible to "easily share certain folders or even whole mailbox with people in the company". As can been seen from below articles, this only allows administrators, compliance officers, or records managers
to use the In-Place eDiscovery feature in Exchange Online to access and search the contents of an inactive mailbox:
http://technet.microsoft.com/en-us/library/dn144876(v=exchg.150).aspx
http://blogs.technet.com/b/exchange/archive/2013/03/21/preserve-mailbox-data-for-ediscovery-using-inactive-mailboxes-in-exchange-online.aspx
Anyway, this is the forum to discuss questions and feedback for Microsoft Office client. For more details about your question, I would suggest you post in the dedicated forum of
Exchange Online, where you can get more experienced responses:
https://social.technet.microsoft.com/Forums/msonline/en-US/home?forum=onlineservicesexchange
The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
Regards,
Ethan Hua
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
programs. -
Best Practice for Security Point-Multipoint 802.11a Bridge Connection
I am trying to get the best practice for securing a point to multi-point wireless bridge link. Link point A to B, C, & D; and B, C, & D back to A. What authenication is the best and configuration is best that is included in the Aironet 1410 IOS. Thanks for your assistance.
GregThe following document on the types of authentication available on 1400 should help you
http://www.cisco.com/univercd/cc/td/doc/product/wireless/aero1400/br1410/brscg/p11auth.htm -
Best Practice for External Libraries Shared Libraries and Web Dynrpo
Two blogs have been written on sharing libraries with Web Dynpro DC, but I would
like to know the best practice for doing this.
External libraries seem to work great at compile time, but when deploying there is often an error related to the external library not being a deployed component.
Is there a workaround for this besides creating a shared J2EE library which I have been able to get working? I am not interested in something that works, but really
what are the best practice for this. What is the best way to limit the number of jars that need to be kept in a shared library/ext library. When is sharing ref service/etc a valid approach vs. hunting down the jars in the portal libraries etc and storing in an external library.Security is mainly about mitigation rather than 100% secure, "We have unknown unknowns". The component needs to talk to SQL Server. You could continue to use http to talk to SQL Server, perhaps even get SOAP Transactions working but personally
I'd have more worries about using such a 'less trodden' path since that is exactly the areas where more security problems are discovered. I don't know about your specific design issues so there might be even more ways to mitigate the risk but in general you're
using a DMZ as a decent way to mitigate risk. I would recommend asking your security team what they'd deem acceptable.
http://pauliom.wordpress.com -
Best practice for secure zone various access
I am setting up a new site with a secure zone.
There will be a secure zone. Once logged in, users will have access to search and browse medical articles/resources
This is how an example may go:
The admin user signs up Doctor XYZ to the secure zone.
The Doctor XYZ is a heart specialist, so he only gets access to web app items that are classified as "heart".
However, he may also be given access to other items, eg: "lung" items.
Or, even all items. It will vary from user to user.
Is there any way to separate areas within the secure zone and give access to those separate areas (without having to give access to individual items - which will be a pain because there will be hundreds of records; and also without having the user log out and log into another secure area)my only issue with this is that I have no idea how to open up File Sharing to ONLY allow users who are connecting from the VPN
Simple - don't expose your server to the outside world.
As long as you're running on a NAT network behind some firewall or router that's filtering traffic, no external traffic can get to your server unless you setup port forwarding - this is the method used to run, say, a public web server where you tell the router/firewall to allow incoming traffic on port 80 to get to your server.
If you don't setup any port forwarding, no external traffic can get in.
There are additional steps you can take - such as running the software firewall built into Mac OS X to tell it to only accept network connections from the local network, but that's not necessary in most cases.
And 2. The best way to ensure secure AND encrypted file sharing via the server...
VPN should take care of most of your concerns - at least as far as the file server is concerned. I'd be more worried about what happens to the files once they leave the network - for example have you ensured that the remote user's local system is sufficiently secured so that no one can get the documents off his machine once they're downloaded? -
Best Practice for Flat File Data Uploaded by Users
Hi,
I have the following scenario:
1. Users would like to upload data from flat file and subsequently view their reports.
2. SAP BW support team would not be involved in data upload process.
3. Users would not go to RSA1 and use InfoPackages & DTPs. Hence, another mechanism for data upload is required.
4. Users consists of two group, external and internal users. External users would not have access to SAP system. However, access via a portal is acceptable.
What are the best practice we should adopt for this scenario?
Thanks!Hi,
I can share what we do in our project.
We get the files from the WEB to the Application Server in path which is for this process.The file placed in the server has a naming convention based on ur project,u can name it.Everyday the same name file is placed in the server with different data.The path in the infopackage is fixed to that location in the server.After this the process chain trigers and loads the data from that particular path which is fixed in the application server.After the load completes,a copy of file is taken as back up and deleted from that path.
So this happens everyday.
Rgds
SVU123
Edited by: svu123 on Mar 25, 2011 5:46 AM -
Best practice for securing confidential legal documents in DMS?
We have a requirement to store confidential legal documents in DMS and are looking at options to secure access to those documents. We are curious to know. What is the best practice? And how are other companies doing it?
TIA,
Margie
Perrigo Co.Hi,
The standard practice for such scenarios is to use 'authorization' concept.You can give every user to use authorization to create,change or display these confidential documents. In this way, you can control access authorization.SAP DMS system monitors how you work, and prevents you from displaying or changing originals if you do not have the required authorization.
The below link will provide you with an improved understanding of authorization concept and its application in DMS
http://help.sap.com/erp2005_ehp_04/helpdata/en/c1/1c24ac43c711d1893e0000e8323c4f/frameset.htm
Regards,
Pradeepkumar Haragoldavar -
EP Upgrade - SP14 - Best Practice for Modification File Comparison
SDN Experts -
We are upgrading our EP from SP14 - SP16. SAP offers a file "diff" tool that is only useful for Java application files to assist in re-applying our mods on top of the new code stack.
We are looking for best practices in Portal upgrades to do the following:
- Identify all files that we have modified on existing SP
- Diff all source code files (java, XML, GUI, other) between Current SP14 and SP16
We are also looking for documentation that identifies the local directory structure for NWDS. This would aid us in creating a batch process to "diff" our source code libraries.
Any recommendations are appreciated.
ThanksI'm not realy getting your question because you already state what to do:
We are looking for best practices in Portal upgrades to do the following:
Identify all files that we have modified on existing SP
Diff all source code files (java, XML, GUI, other) between Current SP14 and SP16
You should know by documentation what is changed I guess? Then start diff-ing the code and recompile or repackage. NWDS also has diff functionalities.
Good luck,
Benjamin -
Best Practices for Exporting Files??
I'm new to Premiere (coming from FCP). I used Premiere months ago to compress some ProRes files to h.264 files for the web. I sent the files through Media Encoder and everything seemed fine. However, I realized after several weeks that the audio in all of the files was a few frames out of sync. Having not been a Premiere user at the time I did not do much research and decided to just use MPEG Streamclip from then on.
Now that I'm learning how to use Premiere, I looked up the issue on the forums and found that many people have had similar issues with the audio being out of sync after exporting. However, there are tons of different scenerios in which it seems to be occuring. The one common variable that I've noticed (among many of the threads, but not all) is that many of the people are exporting to a Quicktime format.
While I don't remember all the details of my export and sequence settings from my issue months ago (so I don't want to address that specific case), I am curious as to what are some "Best Practices" when exporting from Premiere Pro? Is there any advantage/disadvantage to use AME rather than exporting directly from Premiere Pro? In general, I will just be exporting as H.264 files for the web, MPEG-2 for DVD, and ProRes 422 for After Effects (or sometimes to bring into MPEG Streamclip).
I shoot almost entirely in AVCHD, and usually at 1080p 30fps. I'm running CS5 on a Macbook Pro 15" 2.0 Quad Core i7 8GB RAM.
While the question may seem broad, my main concern that I want to avoid is having the audio out of sync. But also I just want to know of any important details to keep in mind to prevent other issues.
Thanks,
Mike> I'm running CS5...
What specific version? We're up to 5.0.4 now.
There have been bug fixes for audio/video synch in the updates. One of the fixes was for a bug in the conforming of audio and indexing of MPEG files, so you need to delete your media cache files and let Premiere Pro create new ones for this fix to take effect. -
Best Setup For Frequent File Sharing On Home Network?
Hi guys,
I'm setting up an office at my house with multiple computers on a network, and we'll be sharing files over the network frequently. My question is, what is the best setup for this?.. Fastest transfer of files, stable wireless connection, etc.
All of the computers will be Macs (iMacs and Macbooks).
We'll be editing videos/photos on the computers. (Potentially large files)
Is the easiest setup just to have the main computer attached to a good router, setup file sharing on all other computers, and just do it that way?
Or would it be better to create some sort of NAS?
Also can someone reccomend a good router for this type of scenario?
Thanks for any help given.NAS is the right tool for this job.
It is expensive but the market leaders.. synology and QNAP have really been doing it for long time and the ability to do file store/sharing and most importantly backup in these is excellent. Pick the best you can afford.. and buy disks that are in the recommended list. ie the cheapest are not always the best.. indeed they seldom are.
Plan very carefully for rotation of USB drives (easy and cheap now with 4TB single drives). Rotate backups with offsite location on weekly basis.
I would buy a 4 disk case.. you can use 4x3TB which are the best value at the moment.. that gives you 9TB of storage.. plus redundancy for a dead drive.
Alternatives are using a Mac Mini as a server.. with a large stack of disks on it.. generally should be thinking thunderbolt if you want speed. Hideously expensive though for now.
You can buy an Extreme or TC.. either would work well. TC allows you easy TM backups without using your NAS..
Edit very large files on the computer. ie copy to computer.. edit.. copy back to the NAS.
Editing very large files over wireless.. not good. Multiply that by mutliple computers.. not even fair.
Copy a large project to the computer.. work on it.. copy back to the NAS.. in the meantime Time Machine should be able to take care of incremental backups.
There are heaps and heaps of solutions.. as long as it is logical and easy to you.. and covers what you need.
Don't skimp.. spending a $1000 for a NAS with disks.. plus extra for the backup disks.. that represents how many day's work for you plus anyone you have helping.. $$$$ ????
A mini as a server is a good alternative.. You don't need to run server OS.. but share files to the network. Very hard to build the capacity of the NAS though.
And a Mac Pro is now a joke without internal slots and cages for drives. (nice machine but wrong for this).
And Apple have nothing in between.. a short tower case.. been missing for a long long time. -
Best practice for property file
I am trying one small code which uses values from property file.
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, java.io.IOException
InputStream inputStream = servletContext.getResourceAsStream(/WEB-INF/test.properties);
PrintWriter out = response.getWriter();
Properties prop = new Properties();
prop.load(inputStream);
inputStream.close();
String nameprop = prop.getProperty("name");
out.println(nameprop);
}I am getting the value from property file, It's perfectly ok as far as test code is concerned. Above will open the inputStream for each thread, which is not needed so i modified it and put in inside init() method. That is also working, i believe this will give me some better performance.
But can i extend it further? I load property file at application level and all my servlets make use of it?
What is normal practice to read property file to get good performance? I serached forum, i found some info there but could not figure out exactly how people are doing it.
Thanks in advance,
regards
ManishaThanks to all posters,
As mentioned by duffymo, I tried some code which i tested on my m/c and working fine. But just want to confirm, what i understood and wrote is correct.
I wrote 1st servlet to get the property file and store into servlet context, 2nd servlet is just to test it.
1st Servlet:
package common;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
public class TestPropertyfiles_1 extends HttpServlet
public void init(ServletConfig config) throws ServletException
super.init(config);
try{
String PF_PATH = "/WEB-INF/test.properties";
Properties prop = new Properties();
InputStream inputStream = config.getServletContext().getResourceAsStream(PF_PATH);
prop.load(inputStream);
inputStream.close();
getServletContext().setAttribute("pf", prop);
}catch(Exception e){}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, java.io.IOException
PrintWriter out = response.getWriter();
Properties tmpprop = (Properties) getServletContext().getAttribute("pf");
String nameprop = tmpprop.getProperty("name");
out.println("name from property file" + nameprop);
}2nd servlet:
package common;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
public class TestPropertyfiles_2 extends HttpServlet
public void init(ServletConfig config) throws ServletException
super.init(config);
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, java.io.IOException
PrintWriter out = response.getWriter();
Properties tmpprop = (Properties) getServletContext().getAttribute("pf");
String nameprop = tmpprop.getProperty("name");
out.println("name from property file - no 2" + nameprop);
}This was initially giving problem if I access 2nd servlet first before accessing 1st servlet. I did some changes inside web.xml
<servlet>
<servlet-name>common.TestPropertyfiles_1</servlet-name>
<servlet-class>common.TestPropertyfiles_1</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
And then all was ok.
One thing came to my mind. I can have one common servlet just for all initialisation, this will not have any doGet/doPost.
regards
Manisha -
Best practices for protecting files from ransomware?
If you don't know what CryptoWall and such ransomware is, you are lucky. For now.
This os probably more of a Desktop security issue but I'd like some ideas for file server protection.
A corporate office got lucky today with just the files on one PC infected and network file shares the user had access to lost - but they were backed up, hence the "lucky".
But it was scary enough they want to know what Microsoft wants us to do to prevent this in the future. The user was not admin on the local machine and so we are not sure how it was installed (I've read people get it different ways).
We have SCCM EndPoint protection and obviously it didn't help. It did actually stop a password stealing utility from installing around the same time but didn't stop us from having thousands of files rendered useless for many hours today.
It was suggested not using mapped network drives but I think one share was hit without a mapping (still waiting for confirmation). But I think anywhere it finds it, ie., under Favorites, could be attacked.
Suggestions please.
Thank you!You can try this.
http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit/ -
Best practices for ZFS file systems when using live upgrade?
I would like feedback on how to layout the ZFS file system to deal with files that are constantly changing during the Live Upgrade process. For the rest of this post, lets assume I am building a very active FreeRadius server with log files that are constantly updating and must be preserved in any boot environment during the LU process.
Here is the ZFS layout I have come up with (swap, home, etc omitted):
NAME USED AVAIL REFER MOUNTPOINT
rpool 11.0G 52.0G 94K /rpool
rpool/ROOT 4.80G 52.0G 18K legacy
rpool/ROOT/boot1 4.80G 52.0G 4.28G /
rpool/ROOT/boot1/zones-root 534M 52.0G 20K /zones-root
rpool/ROOT/boot1/zones-root/zone1 534M 52.0G 534M /zones-root/zone1
rpool/zone-data 37K 52.0G 19K /zones-data
rpool/zone-data/zone1-runtime 18K 52.0G 18K /zones-data/zone1-runtimeThere are 2 key components here:
1) The ROOT file system - This stores the / file systems of the local and global zones.
2) The zone-data file system - This stores the data that will be changing within the local zones.
Here is the configuration for the zone itself:
<zone name="zone1" zonepath="/zones-root/zone1" autoboot="true" bootargs="-m verbose">
<inherited-pkg-dir directory="/lib"/>
<inherited-pkg-dir directory="/platform"/>
<inherited-pkg-dir directory="/sbin"/>
<inherited-pkg-dir directory="/usr"/>
<filesystem special="/zones-data/zone1-runtime" directory="/runtime" type="lofs"/>
<network address="192.168.0.1" physical="e1000g0"/>
</zone>The key components here are:
1) The local zone / is shared in the same file system as global zone /
2) The /runtime file system in the local zone is stored outside of the global rpool/ROOT file system in order to maintain data that changes across the live upgrade boot environments.
The system (local and global zone) will operate like this:
The global zone is used to manage zones only.
Application software that has constantly changing data will be installed in the /runtime directory within the local zone. For example, FreeRadius will be installed in: /runtime/freeradius
During a live upgrade the / file system in both the local and global zones will get updated, while /runtime is mounted untouched in whatever boot environment that is loaded.
Does this make sense? Is there a better way to accomplish what I am looking for? This this setup going to cause any problems?
What I would really like is to not have to worry about any of this and just install the application software where ever the software supplier sets it defaults to. It would be great if this system somehow magically knows to leave my changing data alone across boot environments.
Thanks in advance for your feedback!
--JasonHello "jemurray".
Have you read this document? (page 198)
http://docs.sun.com/app/docs/doc/820-7013?l=en
Then the solution is:
01.- Create an alternate boot enviroment
a.- In a new rpool
b.- In the same rpool
02.- Upgrade this new enviroment
03.- Then I've seen that you have the "radious-zone" in a sparse zone (it's that right??) so, when you update the alternate boot enviroment you will (at the same time) upgrading the "radious-zone".
This maybe sound easy but you should be carefull, please try this in a development enviroment
Good luck -
Best Practices for securing VTY lines?
Hi all,
The thread title makes this sound like a big post but it's not.
If my router has say., 193 VTY lines as a maximum, but by default running-config has only a portion of those mentioned, should I set any configs I do on all lines, or just on the lines sh run shows? Example:
sh run on a router I have with default config has: :
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
Yet, I have the option of configuring up to 193 VTY lines:
Router(config)#line vty ?
<0-193> First Line number
It seems lines 16-193 still exist in memory, so my concern is that they are potentially exposed somehow to exploits or what not. So my practice is to do any configs I do using VTY 0 193 to ensure universal configuration. But, my "enabling" the extra lines, am I using more memory, and, how secure is this against somebody trying to say, connect 193 times to my router simtaneously? Does it increase the likelihood of success on DoS attack for example.Hi guys, thanks for the replies and excellent information. I'm excited to look at the IOS Hardending doc and the other stuff too.
Just to clarify, I don't actually use the default config, I only pasted it from a new router just to illustrate the default VTY line count.
I never use telnet from inside or outside, anyting snooping a line will pick up the cleartext as ou both know of course. SSH is always version 2 etc.
I was considering doing a console server from the insidde as the only access method - which I do have set up but I have to remote to it It's just that with power outages at times, the console PC won't come back up (no BIOS setting to return to previous state, no WOL solution in place) so now I have both that plus the SSH access. I have an ACL on both the VTY lines themselves as well as a ZBFW ACL governing SSH - perhaps a bit redundant in some ways but oh well if there's a zero-day ou thtere for turning off the zbfw I might still be protected
Regretfully I havne't learned about AAA yet - that I believe is in my CCNA Security book but first I need to get other things learned.
And with regard to logging in general, both enabling the right kind and monitoring it properly, that's a subject I need to work on big time. I still get prot 25 outbound sometimes from a spam bot, but by the time I manually do my sh logging | i :25 I have missed it (due to cyclic logging with a buffer at 102400). Probably this woud be part of that CCNA Security book as well.
So back to the # of VTY lines. I will see what I can do to reduce the line count. I suppose something like "no line vty 16 193" might work, if not it'll take some research.
But if an attacker wants to jam up my vty lines so I can't connect in, once they've fingerprinted the unit a bit to find out that I don't have an IPS running for example, wouldn't it be better that they have to jam up 193 lines simultaneously (with I presume 193 source IPs) instaed of 16? Or am I just theorizing too much here. I'ts not that this matters much, anybody who cares enough to hack this router will get a surprise when they find out there's nothing worth the effort on the other side But this is more so I can be better armed for future deployments. Anyway, I will bookmark the info from this thread and am looking forward to reading it.
Maybe you are looking for
-
Hi, Im using an iPhone 4 8gb and recently updated my software using my computer to iOS 6.1.3 and some of the tabs are now grayed out and cant function (specific reference to "Show My Caller ID - On/Off tab"). is there a way to fix this or can i down
-
How to find out which User id used to import Transport Request thru STMS ??
Dear Experts we have 6 BASIS Consultants in our org with STMS authroizations. In every day we review Imported Transport request thry Import History Option in STMS. Our requirement is which request is imported by which BASIS Consutlant thru STMS? Tha
-
I just backed up my computer using time machine. My question is how do I do a full restore if my hard drive were to fail? Thanks!
-
After months of..... 'subtle hints'... i have ordered the 5 for her ladyship and myself. I have never owned an iphone (yes, i know...) and was looking for any sensible tips regarding ownership......... accessories, apps, software, usage etc Regards
-
Automatic recovery Script in dlv_message table
Hi, We have a BPEL Process A(Sync) that call the BPEL Process B(One-Way). We are having having this issue repeatedly in Production where the Messages are getting struck in dlv_message table(with state0 or state1 ). This is particularly occurring duri