Best practice secure network deployment?

Similar Messages

• What is the best practice for AppleScript deployment on several machines?

  Hi,
  I am developing some AppleScripts for my colleagues at work and I don't want to visit each of them to deploy my AppleScript on their Macs.
  So, what is the best practice for AppleScript deployment on several machines?
  Is there an installer created by the Automator available?
  I would like to have something like an App to run which puts all my AppleScript relevant files into the right place onto a destination Mac.
  Thanks in advance.
  Regards,

  There's really no 'right place' to put applescripts.  folder action scripts nees to go in ~/Library/Scripts/Folder Action Scripts (or /Library/Scripts/Folder Action Scripts), anything you want to appear in the script menu needs to go in ~/Library/Scripts (or /Library/Scripts), script applications should probably go in the Applications folder, but otherwise scripts can be placed anywhere.  conventional places to put them are in ~/Library/Scripts or in a subfolder of ~/Library/Application Support if they are run by an application.  The more important issue is to make sure you generalize the scripts: use the path to command to get local paths rather than hard-coding them in, make sure you test to make sure applications or unic executables you call are present ont he machine, use script bundles rather tna scripts if you scripts have private resources.
  You can write a quick installer script if you want to make sure scripts go where you want them.  Skeleton verion looks like this:
  set scriptsFolder to path to scripts folder from user domain
  set scriptsToExport to path to resource "xxx.scpt" in directory "yyy"
  tell application "Finder"
    duplicate scriptsToExport to scriptsFolder with replacing
  end tell
  say "Scripts are installed"
  save this as a script application, then open the application pacckage and create a folder called "yyy" in the resources folder and copy your script "xxx.scpt" into it.  other people can run the app to install the script.

• BEST PRACTICES: How to deploy apps with public and private content & data?

  Can anyone recommend a guide, blog post, etc. on best practices for:
  - designing & deploying apps that have publicly-accessible (http + https) content, and
  - content and data for which users must be authenticated and authorized?
  NOTE: In our environment users are authenticated via OID. We're using Apex 4.

  Hi,
  Have a look at this Sample App for getting Auth Token from Instagram in windows phone app. 
  Also read the api documentation for more details from
  here.
  Pradeep AJ

• Best Practice for SRST deployment at a remote site

  What is the best practice for a SRST deployment at a remote site? Should a separate router such as a 3800 series be deployed for telephony in addition to another router to be deployed for Data? Is there a need for 2 different devices?

  Hi Brian,
  This is typically done all on one ISR Router at the remote site :)There are two flavors of SRST. Here is the feature comparison;
  SRST Fallback
  This feature enables routers to provide call-handling support for Cisco Unified IP phones if they lose connection to remote primary, secondary, or tertiary Cisco Unified Communications Manager installations or if the WAN connection is down. When Cisco Unified SRST functionality is provided by Cisco Unified CME, provisioning of phones is automatic and most Cisco Unified CME features are available to the phones during periods of fallback, including hunt-groups, call park and access to Cisco Unity voice messaging services using SCCP protocol. The benefit is that Cisco Unified Communications Manager users will gain access to more features during fallback ****without any additional licensing costs.
  Comparison of Cisco Unified SRST and
  Cisco Unified CME in SRST Fallback Mode
  Cisco Unified CME in SRST Fallback Mode
  • First supported with Cisco Unified CME 4.0: Cisco IOS Software 12.4(9)T
  • IP phones re-home to Cisco Unified CME if Cisco Unified Communications Manager fails. CME in SRST allows IP phones to access some advanced Cisco Unified CME telephony features not supported in traditional SRST
  • Support for up to 240 phones
  • No support for Cisco VG248 48-Port Analog Phone Gateway registration during fallback
  • Lack of support for alias command
  • Support for Cisco Unity® unified messaging at remote sites (Distributed Exchange or Domino)
  • Support for features such as Pickup Groups, Hunt Groups, Basic Automatic Call Distributor (BACD), Call Park, softkey templates, and paging
  • Support for Cisco IP Communicator 2.0 with Cisco Unified Video Advantage 2.0 on same computer
  • No support for secure voice in SRST mode
  • More complex configuration required
  • Support for digital signal processor (DSP)-based hardware conferencing
  • E-911 support with per-phone emergency response location (ERL) assignment for IP phones (Cisco Unified CME 4.1 only)
  Cisco Unified SRST
  • Supported since Cisco Unified SRST 2.0 with Cisco IOS Software 12.2(8)T5
  • IP phones re-home to SRST router if Cisco Unified Communications Manager fails. SRST allows IP phones to have basic telephony features
  • Support for up to 720 phones
  • Support for Cisco VG248 registration during fallback
  • Support for alias command
  • Lack of support for features such as Pickup Groups, Hunt Groups, Call Park, and BACD
  • No support for Cisco IP Communicator 2.0 with Cisco Unified Video Advantage 2.0
  • Support for secure voice during SRST fallback
  • Simple, one-time configuration for SRST fallback service
  • No per-phone emergency response location (ERL) assignment for SCCP Phones (E911 is a new feature supported in SRST 4.1)
  http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/vcallcon/ps2169/prod_qas0900aecd8028d113.html
  These SRST hardware based restrictions are very similar to the number of supported phones with CME. Here is the actual breakdown;
  Cisco 880 SRST Series Integrated Services Router
  Up to 4 phones
  Cisco 1861 Integrated Services Router
  Up to 8 phones
  Cisco 2801 Integrated Services Router
  Up to 25 phones
  Cisco 2811 Integrated Services Router
  Up to 35 phones
  Cisco 2821 Integrated Services Router
  Up to 50 phones
  Cisco 2851 Integrated Services Router
  Up to 100 phones
  Cisco 3825 Integrated Services Router
  Up to 350 phones
  Cisco Catalyst® 6500 Series Communications Media Module (CMM)
  Up to 480 phones
  Cisco 3845 Integrated Services Router
  Up to 730 phones
  *The number of phones supported by SRST have been changed to multiples of 5 starting with Cisco IOS Software Release 12.4(15)T3.
  From this excellent doc;
  http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/vcallcon/ps2169/data_sheet_c78-485221.html
  Hope this helps!
  Rob

• Best Practice for Networking in UCS required

  Hi
  We are planning to deploy UCS n our environment. The Fabric Interconnects A and B will need to connect to pair of Catalyst 4900 M switch. Whats is the best practice to connect? How should the 4900 switch be configured? Can I do port channel in UCS?
  Appreciate your help.
  Regards
  Kumar

  I highly recommend you review Brad Hedlund's videos regarding UCS networking here:
  http://bradhedlund.com/2010/06/22/cisco-ucs-networking-best-practices/
  You may want to focus on Part 10 in particular, as this talks about running UCS in end-host mode without vPC or VSS.
  Regards,
  Matt

• Best Practice - Securing Schema from User Access

  Scenario:
  User A requires access to schema called BLAH.
  User A is a developer that built an application using this schema in a separate development environment, although has the same privileges mirrored to production (same roles etc - required for operation of the application built).
  This means that the User has roles that grant Select, Update etc rights for the schema / table in order to use (and maintain) the applications.
  How can we restrict access to the BLAH schema in PRODUCTION, enforcing it to only be accessible via middle tier / application (proxy authentication?)?
  We've looked at using proxy authentication, however, it's not possible to grant roles and rights to the proxy account and NOT have them granted to the user (so they can dive straight in using development tooling and hit prod etc)>
  We've tried granting it on a session basis using proxy authentication (i.e. user a connects via proxy, an we ENABLE a disabled role on the user based on this connection), however, it causes performance issues.
  Are we tackling this the wrong way? What's the best practice for securing oracle schemas (and objects in general) for user access where the users actually get oracle user account (or even use SSO) for day to day business as usual.
  To me this feels like a common scenario, especially where SSO comes into play ...

  What about situations where we have Legacy Oracle Forms stuff? In these cases the user must be granted select etc rights to particular objects, as this can't connect via a middle tier.
  The problem we have is that our existing middle tier implementation is built expecting the user credentials to be passed to it during initial authentication and does not use a proxy, or super user style account.  We have, historically, been 100% reliant on Oracle rights and controls to validate and restrict access to our underlying data.  From what you are saying, we should start to look at using proxy or super user access and move this control process further up - i.e. into Code or Packages ?  If so, does this mean that there is no specific way to restrict schema access to given proxy accounts and then grant normal user accounts to connect through these to get access (kind of a delegated access scenario), without using disabled roles?

• SAP Adapter Best Practice Question for Deployment to Clustered Environment

  I have a best practices question on the iway Adapters around deployment into a clustered environment.
  According to the documentation, you are supposed to run the installer on both nodes in the cluster but configure on just the first node. See below:
  Install Oracle Application Adapters 11g Release 1 (11.1.1.3.0) on both machines.
  Configure a J2CA configuration as a database repository on the first machine.
  Perform the required changes to the ra.xml and weblogic-ra.xml files before deployment.
  This makes sense to me because once you deploy the adapter rar in the next step it the appropriate rar will get staged and deployed on both nodes in the cluster.
  What is the best practice for the 3rdParty adapter directory on the second node? The installer lays it down with the adapter rar and all. Since we only configure the adapter on node 1, the directory on node 2 will remain with the default installation files/values not the configured ones. Is it best practice to copy node 1's 3rdParty directory to node 2 once configured? If we leave node 2 with the default files/values, I suspect this will lead to confusion to someone later on who is troubleshooting because it will appear it was never configured correctly.
  What do folks typically do in this situation? Obviously everything works to leave it as is, but it seems strange to have the two nodes differ.

  What is the version of operating system. If you are any OS version lower than Windows 2012 then you need to add one more voter for quorum.
  Balmukund Lakhani
  Please mark solved if I've answered your question, vote for it as helpful to help other users find a solution quicker
  This posting is provided "AS IS" with no warranties, and confers no rights.
  My Blog |
  Team Blog | @Twitter
  | Facebook
  Author: SQL Server 2012 AlwaysOn -
  Paperback, Kindle

• Best Practice/Validation for deploying a Package to Azure

  Before deploying a package to Azure, What kind of best practice/Validation can be done to know the Package compatibility with Azure Enviroment?

  What do you mean by the compatibility of the azure package with the azure environment? what do you want to validate? would be great if you provide bit of a background for your question.
  As far as the deployment best practice is concerned, the usual way is to upload your azure cloud service deployment package and configuration files (*.cspkg and *.cscfg) to the blob container first and upload it to the cloud service by referring from uploaded
  container. This will not only give you flexibility to keep different versions of your deployments which you can use to roll back entire service but also the process of the deployment will be comparatively faster than that of deploying from VS or by uploading
  manually from file system.
  You can refer link - http://azure.microsoft.com/en-in/documentation/articles/cloud-services-how-to-create-deploy/#deploy
  Bhushan | Blog |
  LinkedIn | Twitter

• Best practices for network design on WLC 2504 and 5508

  Dear all:
  I'm looking for some recommendations on WLC 2504 and 5508 about the the following:
  Maximum amount of AP per port
  The scenario when to use all ports in both WLC
  Maximum number of clients(users) per port
  Bandwidth comsumption of  management vs data in order to assign one port for management
  I've just found this:
  Cisco 5508 controllers have eight Gigabit Ethernet distribution system ports, through which the controller can manage multiple access points. The 5508-12, 5508-25, 5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250 access points to join the controller. Cisco 5508 controllers have no restrictions on the number of access points per port. However, Cisco recommends using link aggregation (LAG) or configuring dynamic AP-manager interfaces on each Gigabit Ethernet port to automatically balance the load. If more than 100 access points are connected to the 5500 series controller, make sure that more than one gigabit Ethernet interface is connected to the upstream switch.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/6-0/configuration/guide/Controller60CG/c60mint.html
  Thanks for your help.

  The 5508-12, 5508-25, 5508-50, 5508-100, and 5508-250 models allow a total of 12, 25, 50, 100, or 250 access points to join the controller.
  This is an old document.  5508 can now support up to 500 APs if you run firmware 7.X.  2504 can support up to 75 APs if you run firmware 7.4.X.
  I'm looking for some recommendations on WLC 2504 and 5508 about the the following:
  Best practice and recommendation is to LAG all ports so you will be able to form a link redundancy.  If one link goes down, you have other link to push traffic. 

• Best Practice User-Access Deployment

  Hi All.
  We have SAP ECC, Solution Manager+CUA, Portal, BW and BusinessObject. And we want to manage user and access from single system.
  My though is:
  BusinessObject Connected to BW and BW connected to CUA.
  Portal connected to SAP ECC and SAP ECC connected to CUA.
  And we deploy user and access from CUA.
  I am wondering whether this is the best approach or there are another better solution
  Thanks

  Hi Sandy,
  If it is operationally effective and you have adequate controls in place then your solution is perfectly adequate for your current usage.
  If you want to provision to non-SAP systems (e.g. single source of uses for email, network, SAP, non-SAP apps) then the next logical step would be to incorporate your user management into an identity management solution.  There are a number of credible vendors out there and would always recommend a comparative analysis of products before switching to an IdM product as doing it properly has enterprise wide implications (and benefits).

• Sanity check - Best practice for network configuration

  Basic configuration is this:
  Physical server has two interfaces. Two different networks. Generically we reference them as Front End and Back End
  Back End is dedicated to storage (nfs from netapp or Sun 74xx)
  xenbr0 associated with eth0 (front end)
  xenbr1 associated with eth1 (back end)
  For each Virtual Machine, have been creating two interfaces; vif0 with xenbr0 and vif1 with xenbr1
  The desire is to have all disk I/O use the vif1 -> xenbr1 -> eth1 path. So far it seems to be working that way.
  Questioning the setup because we have seen this sort of error when shutting down a VM
  nfs: server axqntap1 not responding, still trying
  In case it matters, mount options inside the vm are: rw,bg,hard,intr,timeo=600,proto=tcp,vers=3,rsize=32768,wsize=32768
  Any advice, ideas? Are we all wrong with the bridge config? Mount options?
  Thank you - Randall

  Shutdown applications within the guest.
  Either power off from Oracle VM Manager or 'xm shutdown xxx' from the command line
  It is possible one or more files could be open when the shutdown is initiated.
  Have found at least one case of misconfigured IP which would have resulted in the disk access being via the 'Front End' interface rather than the Back End.
  Thanks

• Best Practices/Advice on deploying .exe setups

  We have a couple applications (office, mcafee) that need to be deployed thru .exe. We also have some MSI applications. The msi's work great as Windows can control and know when they are done. What is anyone's advice on making .exe setups run and stopping other zen bundles from starting before that setup is complete?

  For such cases, you may need to get a little tricky and use VBS or
  another scripting tool (Autoit) that would be launched by ZCM to call
  the wrapper app and then also monitor the chained app.
  A "Monitor Modules" feature as existed in ZDM7 would really help.
  If anyone is actually struggling with "Wrappers", just let me know and I
  can whip up a tool to help. I used to have one I even used in ZDM7
  since even monitor modules did not always help.
  On 12/16/2013 10:46 AM, kjhurni wrote:
  >
  > craig_wilson;2297895 Wrote:
  >> Change the Option from "No Wait" to "When action is complete" for "Wait
  >> before Proceeding to the Next Action" on your launch executable action.
  >>
  >>
  >> On 12/15/2013 5:16 PM, dabarnett wrote:
  >>>
  >>> We have a couple applications (office, mcafee) that need to be
  >> deployed
  >>> thru .exe. We also have some MSI applications. The msi's work great
  >> as
  >>> Windows can control and know when they are done. What is anyone's
  >> advice
  >>> on making .exe setups run and stopping other zen bundles from
  >> starting
  >>> before that setup is complete?
  >>>
  >>>
  >
  > To add to what Craig says, the "wait" action only works if the setup.exe
  > doesn't launch a bunch of other things, and exit the original wrapper
  > (ie: setupvse.exe for McAfee VSE Enterprise).
  >
  > setupvse.exe is an installation wrapper that then launches msiexec.exe
  > and it (the setupvse.exe) promptly unloads from memory about 2-3 seconds
  > after it starts/launches (you can see this via procmon or whatever it's
  > called now), so ZCM thinks it's done, and continues onto the next app,
  > whilst msiexec.exe continues on it's merry way setting up VSE
  > Enterprise.
  >
  > And McAfee doesn't support running the .MSI for their stuff (it won't
  > install properly or any of your custom settings if you use the MID
  > either).
  >
  >

• Best practice Internet site deployment

  What you will check before production on servers...??
  1. Hardware & software
  2. Antivirus
  3. Firewall
  what else.............??

  That's an awfully broad question. Here's the prereq's document:
  http://technet.microsoft.com/en-us/library/cc262485(v=office.14).aspx
  Mike Smith <a href="http://TechTrainingNotes.blogspot.com">TechTrainingNotes.blogspot.com</a>

• Best practice to deploy some secret credentials in AIR app

  Hi,
  Can someone suggest the best practice way to deploy some
  secret credentials in an AIR app please?
  For example, network connection settings or passwords ?
  In my particular case (and since this is only for testing)
  I'd like to deploy a password in an AIR app. So is there any way to
  effectively deploy an encrypted store with the app ? (hope that
  makes sense!)
  Tks,
  Alex

  I think the best practice is not to do it. You can't deploy
  an encrypted local
  store file to another computer. You could encrypt the
  information some other
  way, but that just moves the problem. If you have a server,
  you could have the
  app connect to the server to get the sensitive information
  and put it into the
  ELS (ideally through HTTPS).

• Best Practices for CS6 - Multi-instance (setup, deployment and LBQ)

  Hi everyone,
  We recently upgraded from CS5.5 to CS6 and migrated to a multi-instance server from a single-instance. Our current applications are .NET-based (C#, MVC) and are using SOAP to connect to the InDesign server. All in all it is working quite well.
  Now that we have CS6 (multi-instance) we are looking at migrating our applications to use the LBQ features to help balance the workload on the INDS server(s). Where can I find some best practices for code deployment/configuration, etc for a .NET-based platform to talk to InDesign?
  We will be using the LBQ to help with load management for sure.
  Thanks for any thoughts and direction you can point me to.
  ~Allen

  Please see if below metalink note guides you:-
  Symmetrical Network Acceleration with Oracle E-Business Suite Release 12 [ID 967992.1]
  Thanks,
  JD