Best practice Internet site deployment

Similar Messages

• What is the best practice in securing deployed source files

  hi guys,
  Just yesterday, I developed a simple image cropper using ajax
  and flash. After compiling the package, I notice the
  package/installer delivers the same exact source files as in
  developed to the installed folder.
  This doesnt concern me much at first, but coming to think of
  it. This question keeps coming out of my head.
  "What is the best practice in securing deployed source
  files?"
  How do we secure application installed source files from
  being tampered. Especially, when it comes to tampering of the
  source files after it's been installed. E.g. modifying spraydata.js
  files for example can be done easily with an editor.

  Hi,
  You could compute a SHA or MD5 hash of your source files on
  first run and save these hashes to EncryptedLocalStore.
  On startup, recompute and verify. (This, of course, fails to
  address when the main app's swf / swc / html itself is
  decompiled)

• What is the best practice for AppleScript deployment on several machines?

  Hi,
  I am developing some AppleScripts for my colleagues at work and I don't want to visit each of them to deploy my AppleScript on their Macs.
  So, what is the best practice for AppleScript deployment on several machines?
  Is there an installer created by the Automator available?
  I would like to have something like an App to run which puts all my AppleScript relevant files into the right place onto a destination Mac.
  Thanks in advance.
  Regards,

  There's really no 'right place' to put applescripts.  folder action scripts nees to go in ~/Library/Scripts/Folder Action Scripts (or /Library/Scripts/Folder Action Scripts), anything you want to appear in the script menu needs to go in ~/Library/Scripts (or /Library/Scripts), script applications should probably go in the Applications folder, but otherwise scripts can be placed anywhere.  conventional places to put them are in ~/Library/Scripts or in a subfolder of ~/Library/Application Support if they are run by an application.  The more important issue is to make sure you generalize the scripts: use the path to command to get local paths rather than hard-coding them in, make sure you test to make sure applications or unic executables you call are present ont he machine, use script bundles rather tna scripts if you scripts have private resources.
  You can write a quick installer script if you want to make sure scripts go where you want them.  Skeleton verion looks like this:
  set scriptsFolder to path to scripts folder from user domain
  set scriptsToExport to path to resource "xxx.scpt" in directory "yyy"
  tell application "Finder"
    duplicate scriptsToExport to scriptsFolder with replacing
  end tell
  say "Scripts are installed"
  save this as a script application, then open the application pacckage and create a folder called "yyy" in the resources folder and copy your script "xxx.scpt" into it.  other people can run the app to install the script.

• BEST PRACTICES: How to deploy apps with public and private content & data?

  Can anyone recommend a guide, blog post, etc. on best practices for:
  - designing & deploying apps that have publicly-accessible (http + https) content, and
  - content and data for which users must be authenticated and authorized?
  NOTE: In our environment users are authenticated via OID. We're using Apex 4.

  Hi,
  Have a look at this Sample App for getting Auth Token from Instagram in windows phone app. 
  Also read the api documentation for more details from
  here.
  Pradeep AJ

• Best Practice for SRST deployment at a remote site

  What is the best practice for a SRST deployment at a remote site? Should a separate router such as a 3800 series be deployed for telephony in addition to another router to be deployed for Data? Is there a need for 2 different devices?

  Hi Brian,
  This is typically done all on one ISR Router at the remote site :)There are two flavors of SRST. Here is the feature comparison;
  SRST Fallback
  This feature enables routers to provide call-handling support for Cisco Unified IP phones if they lose connection to remote primary, secondary, or tertiary Cisco Unified Communications Manager installations or if the WAN connection is down. When Cisco Unified SRST functionality is provided by Cisco Unified CME, provisioning of phones is automatic and most Cisco Unified CME features are available to the phones during periods of fallback, including hunt-groups, call park and access to Cisco Unity voice messaging services using SCCP protocol. The benefit is that Cisco Unified Communications Manager users will gain access to more features during fallback ****without any additional licensing costs.
  Comparison of Cisco Unified SRST and
  Cisco Unified CME in SRST Fallback Mode
  Cisco Unified CME in SRST Fallback Mode
  • First supported with Cisco Unified CME 4.0: Cisco IOS Software 12.4(9)T
  • IP phones re-home to Cisco Unified CME if Cisco Unified Communications Manager fails. CME in SRST allows IP phones to access some advanced Cisco Unified CME telephony features not supported in traditional SRST
  • Support for up to 240 phones
  • No support for Cisco VG248 48-Port Analog Phone Gateway registration during fallback
  • Lack of support for alias command
  • Support for Cisco Unity® unified messaging at remote sites (Distributed Exchange or Domino)
  • Support for features such as Pickup Groups, Hunt Groups, Basic Automatic Call Distributor (BACD), Call Park, softkey templates, and paging
  • Support for Cisco IP Communicator 2.0 with Cisco Unified Video Advantage 2.0 on same computer
  • No support for secure voice in SRST mode
  • More complex configuration required
  • Support for digital signal processor (DSP)-based hardware conferencing
  • E-911 support with per-phone emergency response location (ERL) assignment for IP phones (Cisco Unified CME 4.1 only)
  Cisco Unified SRST
  • Supported since Cisco Unified SRST 2.0 with Cisco IOS Software 12.2(8)T5
  • IP phones re-home to SRST router if Cisco Unified Communications Manager fails. SRST allows IP phones to have basic telephony features
  • Support for up to 720 phones
  • Support for Cisco VG248 registration during fallback
  • Support for alias command
  • Lack of support for features such as Pickup Groups, Hunt Groups, Call Park, and BACD
  • No support for Cisco IP Communicator 2.0 with Cisco Unified Video Advantage 2.0
  • Support for secure voice during SRST fallback
  • Simple, one-time configuration for SRST fallback service
  • No per-phone emergency response location (ERL) assignment for SCCP Phones (E911 is a new feature supported in SRST 4.1)
  http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/vcallcon/ps2169/prod_qas0900aecd8028d113.html
  These SRST hardware based restrictions are very similar to the number of supported phones with CME. Here is the actual breakdown;
  Cisco 880 SRST Series Integrated Services Router
  Up to 4 phones
  Cisco 1861 Integrated Services Router
  Up to 8 phones
  Cisco 2801 Integrated Services Router
  Up to 25 phones
  Cisco 2811 Integrated Services Router
  Up to 35 phones
  Cisco 2821 Integrated Services Router
  Up to 50 phones
  Cisco 2851 Integrated Services Router
  Up to 100 phones
  Cisco 3825 Integrated Services Router
  Up to 350 phones
  Cisco Catalyst® 6500 Series Communications Media Module (CMM)
  Up to 480 phones
  Cisco 3845 Integrated Services Router
  Up to 730 phones
  *The number of phones supported by SRST have been changed to multiples of 5 starting with Cisco IOS Software Release 12.4(15)T3.
  From this excellent doc;
  http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/vcallcon/ps2169/data_sheet_c78-485221.html
  Hope this helps!
  Rob

• Music on Hold: Best Practice and site assignment

  Hi guys,
  I have a client with multiple sites, a large number of remote workers (on and off domain) and Lync Phone Edition devices.
  We want to deploy a custom music on hold file. What's the best way of doing this? I'm thinking
  Placing the file on a share on one of the Lync servers. However this would mean (I assume) that clients will always try to contact the UNC path every time a call is placed on hold, which would result in site B connecting to site A for it's MoH file. This
  is very inefficient and adds delay onto placing a call on hold. If accessing the file from a central share is best practice, how could I do this per site? Site policies I've tried haven't worked very well. For example, if a file is on
  \\serverB\MoH\file.wma for a site called "London Site" what commands do I need to run to create a policy that will force clients located at a site to use that UNC path? Also, how do client know what site
  they are in?
  Alternatively, I was thinking of pushing out the WMA file to local devices via a Group Policy, and then setting Lync globally to point to %systemdrive%\MoH\file.wma. Again, how do I go about doing this? Also, what would happen to LPE devices that wouldn't
  have the file (as they wouldn't get the GPO)?
  Any help with this would be appreciated. Particularly around how users are assigned to sites, and the syntax used to create a site policy for the first option. Any best practice guidance would be great!
  Thanks - Steve

  Hi StevehootMITS,
  If Lync Phone Edition or other device that doesn’t provide endpoint MOH, you can use PSTN Gateways to provide music on hold. For more information about Music On Hold, you can check
  http://windowspbx.blogspot.in/2011/07/questions-about-microsoft-lync-server.html
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or
  suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best regards,
  Eric

• SAP Adapter Best Practice Question for Deployment to Clustered Environment

  I have a best practices question on the iway Adapters around deployment into a clustered environment.
  According to the documentation, you are supposed to run the installer on both nodes in the cluster but configure on just the first node. See below:
  Install Oracle Application Adapters 11g Release 1 (11.1.1.3.0) on both machines.
  Configure a J2CA configuration as a database repository on the first machine.
  Perform the required changes to the ra.xml and weblogic-ra.xml files before deployment.
  This makes sense to me because once you deploy the adapter rar in the next step it the appropriate rar will get staged and deployed on both nodes in the cluster.
  What is the best practice for the 3rdParty adapter directory on the second node? The installer lays it down with the adapter rar and all. Since we only configure the adapter on node 1, the directory on node 2 will remain with the default installation files/values not the configured ones. Is it best practice to copy node 1's 3rdParty directory to node 2 once configured? If we leave node 2 with the default files/values, I suspect this will lead to confusion to someone later on who is troubleshooting because it will appear it was never configured correctly.
  What do folks typically do in this situation? Obviously everything works to leave it as is, but it seems strange to have the two nodes differ.

  What is the version of operating system. If you are any OS version lower than Windows 2012 then you need to add one more voter for quorum.
  Balmukund Lakhani
  Please mark solved if I've answered your question, vote for it as helpful to help other users find a solution quicker
  This posting is provided "AS IS" with no warranties, and confers no rights.
  My Blog |
  Team Blog | @Twitter
  | Facebook
  Author: SQL Server 2012 AlwaysOn -
  Paperback, Kindle

• Best Practice/Validation for deploying a Package to Azure

  Before deploying a package to Azure, What kind of best practice/Validation can be done to know the Package compatibility with Azure Enviroment?

  What do you mean by the compatibility of the azure package with the azure environment? what do you want to validate? would be great if you provide bit of a background for your question.
  As far as the deployment best practice is concerned, the usual way is to upload your azure cloud service deployment package and configuration files (*.cspkg and *.cscfg) to the blob container first and upload it to the cloud service by referring from uploaded
  container. This will not only give you flexibility to keep different versions of your deployments which you can use to roll back entire service but also the process of the deployment will be comparatively faster than that of deploying from VS or by uploading
  manually from file system.
  You can refer link - http://azure.microsoft.com/en-in/documentation/articles/cloud-services-how-to-create-deploy/#deploy
  Bhushan | Blog |
  LinkedIn | Twitter

• Best Practice Internet Security with ADO / OraMTS / OraOLEDB and 9i?

  Hi people,
  I have the following scenario to support and I URGENTLY need some information regarding the security model vs performance envelope of these platforms.
  We currently are developing a web-application using IE 5.0^ as our browser, IIS 5.0 as our server, ASP (JScript) as our component glue, custom C++ COM+ middle tier components using ADO / Oracle OLE DB to talk to a Solaris based Oracle 9i instance.
  Now it comes to light from the application requirements that the system should, if at all possible, be supporting Virtual Private Databases for subscribers [plus we need to ease backend data service development and row-level security combined with fine grained audit seems the way to go].
  How does one use Oracle's superior row-level security model in this situation?
  How does one get the MS middle tier to authenticate with the database given that our COM+ ADO components are all required to go through ONE connection string? [Grrrr]
  Can we somehow give proxy rights to this identity so that it can "become" and authenticate with an OID/LDAP as an "Enterprise User"? If so, how?
  I have seen a few examples of JDBC and OCI middle-tier authentication but how does one achieve the same result as efficiently as possible from the MS platform?
  It almost appears, due to connection pooling that each call to the database on each open connection could potentially be requiring a different application context - how does one achieve this efficiently?
  If this is not the way to go - how could it work?
  What performance tradeoffs do we have using this architecture? (And potentially how will we migrate to .Net on the middle tier?)
  As you can see, my questions are both architectural and technical. So, are there any case studies, white papers or best practice monographs on this subject that are available to either Technet members or Oracle Partners?
  Alternatively, anyone else come up against this issue before?
  Thanks for your attention,
  Lachlan Pitts
  Developer DBA (Oracle)
  SoftWorks Australia Pty Ltd

  Hi people,
  I have the following scenario to support and I URGENTLY need some information regarding the security model vs performance envelope of these platforms.
  We currently are developing a web-application using IE 5.0^ as our browser, IIS 5.0 as our server, ASP (JScript) as our component glue, custom C++ COM+ middle tier components using ADO / Oracle OLE DB to talk to a Solaris based Oracle 9i instance.
  Now it comes to light from the application requirements that the system should, if at all possible, be supporting Virtual Private Databases for subscribers [plus we need to ease backend data service development and row-level security combined with fine grained audit seems the way to go].
  How does one use Oracle's superior row-level security model in this situation?
  How does one get the MS middle tier to authenticate with the database given that our COM+ ADO components are all required to go through ONE connection string? [Grrrr]
  Can we somehow give proxy rights to this identity so that it can "become" and authenticate with an OID/LDAP as an "Enterprise User"? If so, how?
  I have seen a few examples of JDBC and OCI middle-tier authentication but how does one achieve the same result as efficiently as possible from the MS platform?
  It almost appears, due to connection pooling that each call to the database on each open connection could potentially be requiring a different application context - how does one achieve this efficiently?
  If this is not the way to go - how could it work?
  What performance tradeoffs do we have using this architecture? (And potentially how will we migrate to .Net on the middle tier?)
  As you can see, my questions are both architectural and technical. So, are there any case studies, white papers or best practice monographs on this subject that are available to either Technet members or Oracle Partners?
  Alternatively, anyone else come up against this issue before?
  Thanks for your attention,
  Lachlan Pitts
  Developer DBA (Oracle)
  SoftWorks Australia Pty Ltd

• Intranet and Internet Site deployment

  I have to design an Intranet and an Intranet for the same client.  Both sites share a few items in common.  I have a few questions.
  Can both sites have one authoring environment or separate ones.
  Can both sites be deployed on the same server or different servers.
  Do both sites have to be isolated from each other.
  If there is content common among the two sites, how can I share this information.

  If the main difference between intranet and internet is content or permission to see content, then you should be able to first create a web application for your intranet, then Extend that same web app in to a new authentication zone for the internet.
  When you use Extend both sites will share the same content databases, but have distinct Urls and authentication schemes.  So in this scenario, all content is common, but you would use permissions to determine what is visible to anonymous users. 
  If you need greater protection of true intranet content, then you might consider creating a separate web app for intranet, a second for internet authoring, and then extend the internet one to another zone to provide anonymous access.  In this case,
  to share common content, you could look at the Content Deployment features. (http://technet.microsoft.com/en-us/library/ee721058(v=office.14).aspx)
  All of these can be on the same server, provided it can be made visible to the public internet through firewalls, etc.
  Hope that helps.

• Best Practice User-Access Deployment

  Hi All.
  We have SAP ECC, Solution Manager+CUA, Portal, BW and BusinessObject. And we want to manage user and access from single system.
  My though is:
  BusinessObject Connected to BW and BW connected to CUA.
  Portal connected to SAP ECC and SAP ECC connected to CUA.
  And we deploy user and access from CUA.
  I am wondering whether this is the best approach or there are another better solution
  Thanks

  Hi Sandy,
  If it is operationally effective and you have adequate controls in place then your solution is perfectly adequate for your current usage.
  If you want to provision to non-SAP systems (e.g. single source of uses for email, network, SAP, non-SAP apps) then the next logical step would be to incorporate your user management into an identity management solution.  There are a number of credible vendors out there and would always recommend a comparative analysis of products before switching to an IdM product as doing it properly has enterprise wide implications (and benefits).

• Best practice secure network deployment?

  Hello all, I have a few servers and am planning to rebuild our infrastructure to be more secure. We currently have 3 physical machines, (2 standalone servers and then a VM host (esxi, but might switch to Hyper-V - thoughts?)
  I run an exchange server, have AD, failover AD server, a number of web hosts and a couple of linux machines. I also have our work network on the same subnet (all one location)
  My question is this: I have an ASA and then some switches, modem goes to ASA, does NAT with our static, ASA goes to everything else. How should I rebuild the network to allow for the following. 1) Some sort of secure AD and web services which are accessible
  to the WAN and allow things like /owa acccess, LDAP integration, etc. 2) Secure internal systems (primary domain controller, workstations, etc) where they can browse the internet etc, but are not exposed by to any risks from exposing the other servers.
  This might rely more on virtual networking, which I'm not terribly familiar with, so if any recommendations could be made for virtual networking setups in esxi or hyper-v I'd gladly look those over too.
  Thanks!

  What ASA are you running? U need a security plus license to make use of the DMZ functionality. I will then recommend moving the servers that mostly servs users outside your organisation to the DMZ. Like web servers. Your exchange server could stay on inside.
  If your asa is just a 5505 I wouldn't let it do any vlan-routing. Consider using a l3 switch.
  Put your DMZ on a separate vlan. Servers in one vlan. The  admin-interfaces of your network gear in one. Create one vlan for wifi clients, and one or two for your clients. Then you need IP-helpers in each vlan that requires dhcp pointing towards your
  DHCP-server. Towards your vmware server you configure your switch for trunking as well as between switches. In vsphere you create portgroups that will tag each vlan, you will only need your DMZ-vlan and server vlan as the other ones is reachable through the
  vlan-routing.
  Putting your servers in a separate vlan will improve security and eliminate mitm attacks on the servers. Your next step is then to secure all access ports, but take that as another project.

• Best Practices/Advice on deploying .exe setups

  We have a couple applications (office, mcafee) that need to be deployed thru .exe. We also have some MSI applications. The msi's work great as Windows can control and know when they are done. What is anyone's advice on making .exe setups run and stopping other zen bundles from starting before that setup is complete?

  For such cases, you may need to get a little tricky and use VBS or
  another scripting tool (Autoit) that would be launched by ZCM to call
  the wrapper app and then also monitor the chained app.
  A "Monitor Modules" feature as existed in ZDM7 would really help.
  If anyone is actually struggling with "Wrappers", just let me know and I
  can whip up a tool to help. I used to have one I even used in ZDM7
  since even monitor modules did not always help.
  On 12/16/2013 10:46 AM, kjhurni wrote:
  >
  > craig_wilson;2297895 Wrote:
  >> Change the Option from "No Wait" to "When action is complete" for "Wait
  >> before Proceeding to the Next Action" on your launch executable action.
  >>
  >>
  >> On 12/15/2013 5:16 PM, dabarnett wrote:
  >>>
  >>> We have a couple applications (office, mcafee) that need to be
  >> deployed
  >>> thru .exe. We also have some MSI applications. The msi's work great
  >> as
  >>> Windows can control and know when they are done. What is anyone's
  >> advice
  >>> on making .exe setups run and stopping other zen bundles from
  >> starting
  >>> before that setup is complete?
  >>>
  >>>
  >
  > To add to what Craig says, the "wait" action only works if the setup.exe
  > doesn't launch a bunch of other things, and exit the original wrapper
  > (ie: setupvse.exe for McAfee VSE Enterprise).
  >
  > setupvse.exe is an installation wrapper that then launches msiexec.exe
  > and it (the setupvse.exe) promptly unloads from memory about 2-3 seconds
  > after it starts/launches (you can see this via procmon or whatever it's
  > called now), so ZCM thinks it's done, and continues onto the next app,
  > whilst msiexec.exe continues on it's merry way setting up VSE
  > Enterprise.
  >
  > And McAfee doesn't support running the .MSI for their stuff (it won't
  > install properly or any of your custom settings if you use the MID
  > either).
  >
  >

• What is best practice to deploy webpart into 1. Solutions Galary, 2. GAC, 3. BIN?

  I am trying various ways to deploy webpart. Can you please provide me  best practice methods to deploy webpart into:-
  Case 1. Solutions Galary: ?
  Case 2. GAC: ?
  Case 3. BIN: ?

  That is going to depend on what is in the web part...
  There are "apps", "sandboxed solutions" (becoming deprecated in 2013), "Farm Solutions" if you have dlls that need to be deployed to the gac.
  Apps - More for javascript (or if you have server side code that you want to run on a server that is not in sharepoint
  sandboxed solutions - run in the context of a site, but cannot add dll to gac (or consume certain dlls such as system.web, etc...) so anything that you want to do outside the context of the current site collection is not allowed
  Farm Solution - allows you to deploy .Net code to the GAC.  Would package as a wsp and give it to an admin to install (requires app pool resets and/or iis resets).

• Best practices for deployment from Dev /Staging /Production in SharePoint ?

  Hi All,
  What is a best practices to deploy SharePoint Portal to dev / staging / Production.
  I have custom solution deployed using WSP file. But I have done some changes using sharepoint designer.
  Like as Designer workflow, master pages etc.
  How can I deploy my document libraries and list to dev to prod using best practices?
  Thanks
  Balaji More

  Hi,
  According to your post, my understanding is that you wanted to know the best practices to deploy SharePoint Portal in different SharePoint environment.
  If the site is not existing in the production server, we can save the site from the development server, and then import it to the production server.
  But if the site is already existing in the production server, we should follow these steps to just add the taxonomy and content types to the production server:
  Save the site from Dev as a template
  Import the template as solution in Visual Studio
  Remove unnecessary items from the solution(Please pay more      attention on it. If a content type/list... in the solution is existing in      the production site too, it will replace the
  same object existing in the      production after deployment)
  Package the solution
  Deploy the solution in the production
  For more detailed, please see:
  http://ahmedmadany.wordpress.com/2012/12/30/importing-sharepoint-solution-package-wsp-into-visual-studio-2010/
  There is a similar thread for your reference.
  http://social.technet.microsoft.com/Forums/en-US/7dcf61a8-1af2-4f83-a04c-ff6c439e8268/best-practices-guide-for-deploying-sharepoint-2010-from-dev-to-test-to-production?forum=sharepointgeneralprevious
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support