Best practice or successful deployments of certificates with Biztalk 2013

Similar Messages

• Best practices for buying a digital certificate for Exchange 2013

  Good dayfriends,
  Could you indicateme which are the bestpractices when buying
  a public digital certificatefor use onExchangeServer 2013.
  I'd be interested in knowing your opinion about
  using wildcardor SAN certificates.
  Likewise what are the best recommendations
  to include names and why they should or
  should not include the internal FQDN
  of my servers.
  Currently I have an infrastructure that has two
  MailBox servers,two CAS servers and an EDGE
  2010 server, but I'm planning update it to Exchange 2013.
  I searched what are the best
  practices according to Microsoft but
  have found little information.
  I would appreciate
  if you can post links like
  Microsoft KBs and other technical documents that
  discuss the above mentioned.
  Thanking your
  invaluable support.
  Greetings.

  Hi,
  Personal suggestion, we can use two namespaces for your Exchange 2013:
  Autodiscover.domain.com (Used for autodiscover service)
  Mail.domain.com (used for all Exchange services external and internal URLs)
  Please pointed mail.domain.com and autodiscover.domain.com to your internet facing CAS 2013.
  For more information about Digital Certificates and SSL in Exchange 2013, please refer to the
  Digital Certificates Best Practices part in the following technet article:
  http://technet.microsoft.com/en-us/library/dd351044%28v=exchg.141%29.aspx?lc=1033
  Additionally, here are some other scenarios about certificate planning in Exchange 2013:
  http://blogs.technet.com/b/exchange/archive/2014/03/19/certificate-planning-in-exchange-2013.aspx
  Regards,
  Winnie Liang
  TechNet Community Support

• What is the best practice for using the Calendar control with the Dispatcher?

  It seems as if the Dispatcher is restricting access to the Query Builder (/bin/querybuilder.json) as a best practice regarding security.  However, the Calendar relies on this endpoint to build the events for the calendar.  On Author / Publish this works fine but once we place the Dispatcher in front, the Calendar no longer works.  We've noticed the same behavior on the Geometrixx site.
  What is the best practice for using the Calendar control with Dispatcher?
  Thanks in advance.
  Scott

  Not sure what exactly you are asking but Muse handles the different orientations nicely without having to do anything.
  Example: http://www.cariboowoodshop.com/wood-shop.html

• Best Practices when replacing 2003 server R2 with a new domainname and server 2012 r2 on same lan network

  I have a small office (10 computers with five users) that have a Windows 2003 server that has a corrupted AD. Their 2003 server R2 is essentially a file server and provides authentication.  They purchased a new Dell 2012 R2 server.  
  It seems easier to me to just create a new domain (using their public domain name).  
  But I need as little office downtime. as possible . Therefore I would like to promote this server to its new domain on the same lan as the current domain server.  I plan to manually replicate the users and folder permissions.  Once done, I plan to
  remove the old server from the network and join the office computers to the new domain.  
  They also they are also running a legacy application that will require some tweaking by another tech. I have been hoping to prep the new domain prior to new legacy tech arriving.  That is why I would like both domain to co-exist temporarily. I have read
  that the major issues involved in this kind of temporary configuration will then be related to setting up dns.  They are using the firewall to provide dhcp.
  Are there any best practices documents for this situation?
  Or is there a better or simpler strategy?
  Gary Metz

  I followed below two links. I think it should be the same even though the links are 2008 R2 migration steps.
  http://kpytko.pl/active-directory-domain-services/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/
  http://blog.zwiegnet.com/windows-server/migrate-server-2003-to-2008r2-active-directory-and-fsmo-roles/
  Hope this help!

• Best Practices for Integrating UC-5x0's with SBS 2003/8?

  Almost all of Cisco's SBCS market is the small and medium business space.  Most, if not all of these SMB's have a Microsoft Small Business Server 2003 or 2008. It will be critical, In order for Cisco to be considered as a purchase option, that the UC-5x0 integrates well into these networks.
  To that end, I see a  lot of talk here about how to implement parts and pieces of this, but no guidance from Cisco, no labs and no best practices or other documentation. If I am wrong, please correct me.
  I am currently stumbling through and validating these configurations myself, Once complete, I will post detailed recommendations. However, it would have been nice to have a lab to follow instead of having to learn from each mistake.
  Some of the challanges include;
  1. Where should the UC-540 be placed: As the gateway for QOS or behind a validated UC-5x0 router/security appliance combination
  2. Should the Microsoft Windows Small Business Server handle DCHP (as Microsoft's documentation says it must), or must the UC-540 handle DHCP to prevent loss of features? What about a DHCP relay scheme?
  3. Which device should handle DNS?
  My documentation (and I recommend that any Cisco Lab/Best Practice guidence include it as well) will assume the following real-world scenario, the same which applies to a majority of my SMB clients;
  1. A UC-540 device utilizing SIP for the cost savings
  2. High Speed Internet with 5 static routable IP addresses
  3. An existing Microsoft Small Business Server 2003/8
  4. An additional Line of Business Application or Terminal Server that utilizes the same ports (i.e. TCP 80/443/3389) as the UC-540 and the SBS, but on seperate routable IP's (Making up crazy non-standard port redirections is not an option).
  5. A employee who teleworks from various places that provide a seat and a network jack, which is not under our control (i.e. a employees home, a clients' office, or a telework center). This teleworker should use the built in VPN feature within the SPA or 7925G phones because we will not have administrative access to any third party's VPN/firewall.
  Your thoughs appreciated.

  Progress Report;
  The following changes have been made to the router in support of the previously detailed scenario. Everything appears to be working as intended.
  DHCP is still on the UC540 for now. DNS is being performed by the SBS 2008.
  Interestingly, the CCA still works. The NAT module even shows all the private mapped IP's, but no the corresponding public IP's. I wouldnt recommend trying to make any changes via the CCA in the NAT module.  
  To review, this configuration assumes the following;
  1. The UC540 has a public IP address of 4.2.2.2
  2. A Microsoft Small Business Server 2008 using an internal IP of 192.168.10.10 has an external IP of 4.2.2.3.
  3. A third line of business application server with www, https and RDP that has an internal IP of 192.168.10.11 and an external IP of 4.2.2.4
  First, backup your current configuration via the CCA,
  Next, telent into the UC540, login, edit, cut and paste the following to 1:1 NAT the 2 additional public IP addresses;
  ip nat inside source static tcp 192.168.10.10 25 4.2.2.3 25 extendable
  ip nat inside source static tcp 192.168.10.10 80 4.2.2.3 80 extendable
  ip nat inside source static tcp 192.168.10.10 443 4.2.2.3 443 extendable
  ip nat inside source static tcp 192.168.10.10 987 4.2.2.3 987 extendable
  ip nat inside source static tcp 192.168.10.10 1723 4.2.2.3 1723 extendable
  ip nat inside source static tcp 192.168.10.10 3389 4.2.2.3 3389 extendable
  ip nat inside source static tcp 192.168.10.11 80 4.2.2.4 80 extendable
  ip nat inside source static tcp 192.168.10.11 443 4.2.2.4 443 extendable
  ip nat inside source static tcp 192.168.10.11 3389 4.2.2.4 3389 extendable
  Next, you will need to amend your UC540's default ACL.
  First, copy what you have existing as I have done below (in bold), and paste them into a notepad.
  Then, im told the best practice is to delete the entire existing list first, finally adding the new rules back, along with the addition of rules for your SBS an LOB server (mine in bold) as follows;
  int fas 0/0
  no ip access-group 104 in
  no access-list 104
  access-list 104 remark auto generated by SDM firewall configuration##NO_ACES_24##
  access-list 104 remark SDM_ACL Category=1
  access-list 104 permit tcp any host 4.2.2.3 eq 25 log
  access-list 104 permit tcp any host 4.2.2.3 eq 80 log
  access-list 104 permit tcp any host 4.2.2.3 eq 443 log
  access-list 104 permit tcp any host 4.2.2.3 eq 987 log
  access-list 104 permit tcp any host 4.2.2.3 eq 1723 log
  access-list 104 permit tcp any host 4.2.2.3.35 eq 3389 log 
  access-list 104 permit tcp any host 4.2.2.4 eq 80 log
  access-list 104 permit tcp any host 4.2.2.4 eq 443 log
  access-list 104 permit tcp any host 4.2.2.4 eq 3389 log
  access-list 104 permit udp host 116.170.98.142 eq 5060 any
  access-list 104 permit udp host 116.170.98.143 any eq 5060
  access-list 104 deny   ip 10.1.10.0 0.0.0.3 any
  access-list 104 deny   ip 10.1.1.0 0.0.0.255 any
  access-list 104 deny   ip 192.168.10.0 0.0.0.255 any
  access-list 104 permit udp host 116.170.98.142 eq domain any
  access-list 104 permit udp host 116.170.98.143 eq domain any
  access-list 104 permit icmp any host 4.2.2.2 echo-reply
  access-list 104 permit icmp any host 4.2.2.2 time-exceeded
  access-list 104 permit icmp any host 4.2.2.2 unreachable
  access-list 104 permit udp host 192.168.10.1 eq 5060 any
  access-list 104 permit udp host 192.168.10.1 any eq 5060
  access-list 104 permit udp any any range 16384 32767
  access-list 104 deny   ip 10.0.0.0 0.255.255.255 any
  access-list 104 deny   ip 172.16.0.0 0.15.255.255 any
  access-list 104 deny   ip 192.168.0.0 0.0.255.255 any
  access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
  access-list 104 deny   ip host 255.255.255.255 any
  access-list 104 deny   ip host 0.0.0.0 any
  access-list 104 deny   ip any any log
  int fas 0/0
  ip access-group 104 in
  Lastly, save to memory
  wr mem
  One final note - if you need to use the Microsoft Windows VPN client from a workstation behind the UC540 to connect to a VPN server outside your network, and you were getting Error 721 and/or Error 800...you will need to use the following commands to add to ACL 104;
  (config)#ip access-list extended 104
  (config-ext-nacl)#7 permit gre any any
  Im hoping there may be a better way to allowing VPN clients on the LAN with a much more specific and limited rule. I will update this post with that info when and if I discover one.
  Thanks to Vijay in Cisco Tac for the guidence.

• Best practice for oracle 10.2 RAC with ASM

  Did any one tried/installed Oracle 10.2 RAC with ASM and CRS ?
  What is the best practice?
  1. separate home for CRS, ASM and Oracle Database?
  2. separate home for CRS and same home for ASM and Oracle Darabase?
  we set up the test environment with separate CRS, ASM and Oracle database homes, but we have tons of issues with the listener, spfile and tnsnames.ora files. So, seeking advise from the gurus who implimeted/tested the same ?

  I am getting ready to install the 10gR2 database software (10gR2 Clusterware was just installed ) and I want to have a home for ASM and another for database as you suggest. I have been told that 10gR2 was to have a smaller set of binaries that can be used for the ASM home ... but I am not sure how I go about installing it. The first look at the installer does not seem to make it obvious...Is it a custom build option?

• Best practice to host websites on xserve with mac os x server leopard.

  Hi Guys,
  I'm trying to optimize the xserve to host multiple joomla sites...
  Can some one help me with "hidden manuals or using your experience" about best practices out there...!!
  It'd be great on your part...
  Cheers

  Erm, Joomla site hosting 'just works' with Leopard Server site virtualisation and the built in mysql.
  If you want the best practice try Mac OS X Server Essentials Second Edition which has chapters about setting up multiple web sites.

• Best practice to develop internet app integrating with backend R/3 modules

  While we wait to upgrade from R/3 4.6c, going forward we want to stop investing in ITS Flow Logic applications.
  What is the best practice around using backend RFCs/BAPIs to expose SAP functionality as a web application that is accessible on the internet? One thought looks like using WAS 6.4 - utilizing JRA to call RFCs and using JSP/Servlet; another is to use Webdynpro based development. Will appreciate some architecture advice along side - especially if we also wanted internet surfers to set up user accounts. Thanks!

  Hi Vito,
  I do have the same situation as you and also some of the guys mentioned above as well. I have Portal only users and also users who uses the SAP GUI.
  Thus, what I would advise, taking into consideration of audit as well, is to have the below scenerios:
  1) Users who login to backend with SAP GUI on Citrix only
  We have changed the system parameter: login/password_change_for_SSO=2
  The password change dialog box appears and the password must be changed (input: old and new password). Also we have setup SNC (CyberSafe) so that in our SAP GUI, users can click on the system with SNC setup and login to backend without having to enter userID and password
  2) Users who login to backend with SAP GUI on client (local)
  Users will login with userID and password
  3) Portal user with SSO and no login to backend vwith SAP GUI 
  Portal users will have their password deactivated.
  Explaination to Audit for Portal users:
  We have 90days password reset on Windows (AD). So our Portal users are respecting the audit request of having 90days password reset, but instead of having it in SAP, its in our Windows. Furthermore, SSO is setup as such that the coinnection for these Portal users to the backend is secure.
  We are not able to set login/password_change_for_SSO=3 as we have sites which does not use Citrix. Thus, these sites will have local SAP GUI install.
  Hope that can share some experience of mine to those who are also in my past situation.
  Ray

• Best practice creating an Corporate Design (Layout) with a web dynpro

  I got now a dynpro application that has the functionality of my wishes.
  but how to create a corporate design (layout) for my customer?
  i heared that there is a special protal editor for making layouts?
  do you know a best practice? or is it best to work witch the dynpro explorer itself?

  Hi,
  if the application parameter WDTHEMEROOT is not availiable together with the other application parameters in the Workbench, then you might have a lower support package...
  For the style sheet editor you need a portal installation, it belongs to the portal. There's no ABAP transaction for that or ABAP only style sheet editor.
  Regards, Heidi
  PS: See also CSS for WebDynpro ABAP without Portal
  Message was edited by:
          Heidi von Geisau

• Best Practices - Distributi​ng Dynamic VI's with LV2011

  I'm distributing code which consists of a main program which calls existing (and future) vi's dynamically, but one at a time. The dynamically called vi's do not have input or output terminals. They run, one at a time, in a sub-panel in the main program. The main program needs to maintain a reference to the dynamically loaded vi so it can be sure the dyn. loaded vi has fully stopped before unloading calling a replacement vi. These vi's do not used Shared Variables or Globals, but may have a few vi's in common with the main program (it would be OK to duplicate these vi's in the release).
  With that background, what are the best practices these days for releasing dynamically loaded vi's (and their dependents)?
  If I use a Project Library (.lvlib), it would seem that I need to first build a .exe containing the top-level vi's (the one's to be dynamically loaded), so that a separate .lvlib can be generated which includes their dependencies. The contents of this .lvlib and a .lvlib containing the top-level vi's can then be merged to create a single .lvlib, and then a packed library can be generated for distribution with the main .exe.
  This seems way too involved (but necessary?)
  My goal is to simply have a .exe for the main program, and some other structure containing the dynamically called vi's and their dependents. This seemed so straighforward when a .exe was really a .llb a few years ago
  Thanks in advance for your feedback.
  Solved!
  Go to Solution.

  A great source of information I've found since posting is here:
  http://zone.ni.com/devzone/cda/pub/p/id/1261
  regarding packed libraries. Bottom line - they automatically include dependencies to the top-level dynamically linked vi's placed in a .lvlib from which the .lvlibp is built..
  I cannot seem to find an example of dynamically calling a vi within a packed library. If I use the old .exe as llb method, I get an Error 7.

• Best practices for 2 x DNS servers with 2 x sites

  I am curious if someone can help me with best practices for my DNS servers.  Let me give my network layout first.
  I have 1 site with 2 x Windows 2012 Servers (1 GUI - 10.0.0.7, the other CORE - 10.0.0.8) the 2nd site connected via VPN has 2 x Windows 2012R2 Servers (1 GUI - 10.2.0.7, the other CORE - 10.2.0.8)  All 4 servers are promoted to DC's and have DNS services
  running.
  Here goes my questions:
  Site #1
  DC-01 - NIC IP address for DNS server #1 set to 10.0.0.8, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.2.0.7 & 10.2.0.8)
  DC-02 - NIC IP address for DNS server #1 set to 10.0.0.7, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.2.0.7 & 10.2.0.8)
  Site #2
  DC-01 - NIC IP address for DNS server #1 set to 10.2.0.8, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.0.0.7 & 10.0.0.8)
  DC-02 - NIC IP address for DNS server #1 set to 10.2.0.7, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.0.0.7 & 10.0.0.8)
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local
  > properties > Name Servers should I have all of my other DNS servers, or should I have my WAN DNS servers? In a single server scenario I always put my WAN DNS server but a bit unsure in this scenario. 
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local > properties > General > Type should all servers be set to
  Active Directory - Integrated > Primary Zone? Should any of these be set to
  Secondary Zone?
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local > properties > Zone Transfers should I allow zone transfers?
  Would the following questions be identical to the Forward Lookup Zone mydomain.local as well?

  I am curious if someone can help me with best practices for my DNS servers.  Let me give my network layout first.
  I have 1 site with 2 x Windows 2012 Servers (1 GUI - 10.0.0.7, the other CORE - 10.0.0.8) the 2nd site connected via VPN has 2 x Windows 2012R2 Servers (1 GUI - 10.2.0.7, the other CORE - 10.2.0.8)  All 4 servers are promoted to DC's and have DNS services
  running.
  Here goes my questions:
  Site #1
  DC-01 - NIC IP address for DNS server #1 set to 10.0.0.8, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.2.0.7 & 10.2.0.8)
  DC-02 - NIC IP address for DNS server #1 set to 10.0.0.7, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.2.0.7 & 10.2.0.8)
  Site #2
  DC-01 - NIC IP address for DNS server #1 set to 10.2.0.8, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.0.0.7 & 10.0.0.8)
  DC-02 - NIC IP address for DNS server #1 set to 10.2.0.7, DNS server #2 set to 127.0.0.1 (should I add my 2nd sites DNS servers under Advanced as well? 10.0.0.7 & 10.0.0.8)
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local
  > properties > Name Servers should I have all of my other DNS servers, or should I have my WAN DNS servers? In a single server scenario I always put my WAN DNS server but a bit unsure in this scenario. 
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local > properties > General > Type should all servers be set to
  Active Directory - Integrated > Primary Zone? Should any of these be set to
  Secondary Zone?
  Under the DNS management > Forward Lookup Zones > _msdcs.mydomain.local > properties > Zone Transfers should I allow zone transfers?
  Would the following questions be identical to the Forward Lookup Zone mydomain.local as well?
  Site1
  DC1: Primary 10.0.0.7. Secondary 10.0.0.8. Tertiary 127.0.0.1
  DC2: Primary 10.0.0.8.  Secondary 10.0.0.7. Tertiary 127.0.0.1
  Site2
  DC1: Primary 10.2.0.7.  Secondary 10.2.0.8. Tertiary 127.0.0.1
  DC2: Primary 10.2.0.8.  Secondary 10.2.0.7. Tertiary 127.0.0.1
  The DC's should automatically register in msdcs.  Do not register external DNS servers in msdcs or it will lead to issues. Yes, I recommend all zones to be set to AD-integrated. No need to allow zone transfers as AD replication will take care
  of this for you.  Same for mydomain.local.
  Hope this helps.  

• Best practice for taking Site collection Backup with more than 100GB

  Hi,
  I have site collection data is more than 100 GB. Can anyone please suggest me the best practice to take backup?
  Thanks in advance....
  Regards,
  Saya

  Hi
  i think Using powershell script we can do..
  Add this command in powershell
  Add-PSSnapin Microsoft.SharePoint.PowerShell
  Web application backup & restore
  Backup-SPFarm -Directory \\WebAppBackup\Development  -BackupMethod Full -Item "Web application name"
  Site Collection backup & restore
  Backup-SPSite http://1632/sites/TestSite  -Path C:\Backup\TestSite1.bak
  Restore-SPSite http://1632/sites/TestSite2  -Path C:\Backup\TestSite1.bak -Force
  Regards
  manikandan

• Best practice for calling an AM method with parameters

  Which will be the best way to call an AM method with parameters from a backing bean.
  I usually use the BindingContainer to get the operation binding and then call execute function. But when the method have parameters, how to do it?
  Thanks

  Hi,
  same:
  operationBinding.getParamMap().put("argument1Name", argument1Value);
  operationBinding.getParamMap().put("argument2Name", argument2Value);
  operationBinding.execute();
  Frank

• Microsoft BizTalk Adapters for Host Systems Missing with BizTalk 2013

  Hi All,
  I am using BizTalk 2013 and looking  for Microsoft BizTalk Adapters for Host Systems but cannot find it on Installation disk.
  Do any one has idea how to go ahead with this .
  Thanks
  Abhishek

  Hi Abhishek,
  As far as what we can experience, there is not standalone download for
  BizTalk 2013 Adapters for Host Systems 2013. Its part of the
  Host Integration Server 2013 installtion.
  HIS 2013 installation
  document’s official
  “Existing Product Upgrade
  This release supports an in-place upgrade of earlier versions of HIS. The Host Integration Server 2013 setup automatically
  upgrades your existing configuration. The following releases are supported for automatic upgrade.
  Host Integration Server 2009
  BizTalk Adapters for Host Systems 2.0
  When you run the installation setup for
  Host Integration Server 2013, we will get the information like the following. In my server I already have
  BizTalk Adapters for Host Systems 2.0 (as per the requirement),
  hence this installation wizard tries to upgrade it to make it compactable with 2013.
  When you proceed with the installation, this will install/upgrade the BizTalk adapter to 2013.
  If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

• Best practices for setting up RDS pool, with regards to profiles /appdata

  All,
  I'm working on a network with four physical sites and currently using a single pool of 15 RDS servers with one broker. We're having a lot of issues with the current deployment, and are rethinking our strategy. I've read a lot of conflicting information on how
  to best deploy such a service, so I'd love some input.
  Features and concerns:
  Users connect to the pool from intranet only.
  There are four sites, each with a somewhat different local infrastructure. Many users are connecting to the RDS pool via thin clients, although some locations have workstations in place.
  Total user count that needs to be supported is ~400, but it is not evenly distributed - some sites have more than others.
  Some of the users travel from one site to another, so that would need to be accounted for with any plans that involve carving up the existing pool into smaller groups.
  We are looking for a load-balanced solution - using a different pool for each site would be acceptable as long as it takes #4 and #7,8 into account.
  User profile data needs to be consistent throughout: My Docs, Outlook, IE favorites, etc.
  Things such as cached IE passwords (for sharepoint), Outlook settings and other user customization needs to be carried over as well.
  As such, something needs to account for the information in AppData/localroaming, /locallow and /local between these RDS servers.
  Ideally the less you have to cache during each logon the better, in order to reduce login times.
  I've almost never heard anything positive about using roaming profiles, but is this one of those rare exceptions? Even if we do that, I don't believe that covers the information in <User>/AppData/*  (or does it?), so what would be the best
  way to make sure that gets carried over between sessions inside the pool or pools?
  The current solution involves using 3rd party apps, registry hacks, GPOs and a mashup of other things and is generally considered to be a poor fit for the environment. A significant rework is expected and acceptable. Thinking outside the box is fine!
  I would relish any advice on the best solutions for deployment! Thank you!

  Hi Ben,
  Thank you for posting in Windows Server Forum.
  Please check below blogs and document which helps to understand some basic requirement and to setup the new environment with proper guided manner.
  1. Remote Desktop Services Deployment Guide
  (Doc)
  2. Step by Step Windows 2012 R2 Remote Desktop Services –
  Part 1, 2,3 & 4
  3.Deploying a 2012 / 2012R2 Remote Desktop Services (RDS) farm
  Hope it helps!
  Thanks.
  Dharmesh Solanki