Best Practice to Assign Network

Hi Experts,
I have a question - What is best practice to Assign networks. Is it Header assignment or Activity Assignment.
I have a requirement which asks for a WBS Level Cost and Revenue posting while settlement. I followed the standard design of having a 1st level WBS and assigned a Network to that. Also have 2nd level WBSs linked to 1st level WBS, which have the activities. Is this suffice the settlement requirement.
Thanks
Rajesh

Hi,
The asked question needs more clarifications.
Header assigned Newtork is used in Assembly processing i.e. from sales order when the project is generated automatically. in that case each sales order line item will have one network assigned to it or there is activity assigned network which is observed intermediator between WBS and activity.
Regarding project profile if you want to assign the network to Proejct defination then only 1 network will be there in project struructre or if to WBS element then Each WBS will have one network.
Further you have also mentioned about settlement?? which question needs more elaboration.
regards
sameer

Similar Messages

  • Query: Best practice SAN switch (network) access control rules?

    Dear SAN experts,
    Are there generic SAN (MDS) switch access control rules that should always be applied within the SAN environment?
    I have a specific interest in network-based access control rules/CLI-commands with respect to traffic flowing through the switch rather than switch management traffic (controls for traffic flowing to the switch).
    Presumably one would want to provide SAN switch demarcation between initiators and targets using VSAN, Zoning (and LUN Zoning for fine grained access control and defense in depth with storage device LUN masking), IP ACL, Read-Only Zone (or LUN).
    In a LAN environment controlled by a (gateway) firewall, there are (best practice) generic firewall access control rules that should be instantiated regardless of enterprise network IP range, TCP services, topology etc.
    For example, the blocking of malformed TCP flags or the blocking of inbound and outbound IP ranges outlined in RFC 3330 (and RFC 1918).
    These firewall access control rules can be deployed regardless of the IP range or TCP service traffic used within the enterprise. Of course there are firewall access control rules that should also be implemented as best practice that require specific IP addresses and ports that suit the network in which they are deployed. For example, rate limiting as a DoS preventative, may require knowledge of server IP and port number of the hosted service that is being DoS protected.
    So my question is, are there generic best practice SAN switch (network) access control rules that should also be instantiated?
    regards,
    Will.

    Hi William,
    That's a pretty wide net you're casting there, but i'll do my best to give you some insight in the matter.
    Speaking pure fibre channel, your only real way of controlling which nodes can access which other nodes is Zones.
    for zones there are a few best practices:
    * Default Zone: Don't use it. unless you're running Ficon.
    * Single Initiator zones: One host, many storage targets. Don't put 2 initiators in one zone or they'll try logging into each other which at best will give you a performance hit, at worst will bring down your systems.
    * Don't mix zoning types:  You can zone on wwn, on port, and Cisco NX-OS will give you a plethora of other options, like on device alias or LUN Zoning. Don't use different types of these in one zone.
    * Device alias zoning is definately recommended with Enhanced Zoning and Enhanced DA enabled, since it will make replacing hba's a heck of a lot less painful in your fabric.
    * LUN zoning is being deprecated, so avoid. You can achieve the same effect on any modern array by doing lun masking.
    * Read-Only exists, but again any modern array should be able to make a lun read-only.
    * QoS on Zoning: Isn't really an ACL method, more of a congestion control.
    VSANs are a way to separate your physical fabric into several logical fabrics.  There's one huge distinction here with VLANs, that is that as a rule of thumb, you should put things that you want to talk to each other in the same VSANs. There's no such concept as a broadcast domain the way it exists in Ethernet in FC, so VSANs don't serve as isolation for that. Routing on Fibre Channel (IVR or Inter-VSAN Routing) is possible, but quickly becomes a pain if you use it a lot/structurally. Keep IVR for exceptions, use VSANs for logical units of hosts and storage that belong to each other.  A good example would be to put each of 2 remote datacenters in their own VSAN, create a third VSAN for the ports on the array that provide replication between DC and use IVR to make management hosts have inband access to all arrays.
    When using IVR, maintain a manual and minimal topology. IVR tends to become very complex very fast and auto topology isn't helping this.
    Traditional IP acls (permit this proto to that dest on such a port and deny other combinations) are very rare on management interfaces, since they're usually connected to already separated segments. Same goes for Fibre Channel over IP links (that connect to ethernet interfaces in your storage switch).
    They are quite logical to use  and work just the same on an MDS as on a traditional Ethernetswitch when you want to use IP over FC (not to be confused with FC over IP). But then you'll logically use your switch as an L2/L3 device.
    I'm personally not an IP guy, but here's a quite good guide to setting up IP services in a FC fabric:
    http://www.cisco.com/en/US/partner/docs/switches/datacenter/mds9000/sw/4_1/configuration/guides/cli_4_1/ipsvc.html
    To protect your san from devices that are 'slow-draining' and can cause congestion, I highly recommend enabling slow-drain policy monitors, as described in this document:
    http://www.cisco.com/en/US/partner/docs/switches/datacenter/mds9000/sw/5_0/configuration/guides/int/nxos/intf.html#wp1743661
    That's a very brief summary of the most important access-control-related Best Practices that come to mind.  If any of this isn't clear to you or you require more detail, let me know. HTH!

  • Best practice for limiting network management to few devices

    Hello ,
    I have set up a very basic security implementation that is no way realistic, but I just want to experiment and learn...
    In my 1801 router that answers DHCP requests on separate wired and wireless vlans, I have bound static IP addresses to the MAC addresses of my laptop wireless and wired interfaces.
    Then I set up an ACL to permit inbound traffic from these IPs only for the vty lines.
    Obviously this is easily defeated by statically assigning these same IPs to any device on the network, so I was thinking about a better way to limit management of the router to a few devices.
    What is the best practice in professional environments?
    Thanks.

    Obviously this is easily defeated by statically assigning these same IPs to any device on the network, so I was thinking about a better way to limit management of the router to a few devices.
    TACACs or RADIUS with robust password policy and regular interval to change the passwords (30 to 45 days).
    Read this and go to the "Composing hard-to-guess passwords" section.

  • Best practice for assigning permissions

    Good morning,
    I am trying redo permissions on our shared folders, and want to incorporate some sort of best practice and be security conscious.
    The current environment is permissions is assigned directly to the folder, and it is usually domain users :(.
    I have a multi-domain environment, I want to know what is the best way to handle permissions, so for instance I have a folder called
    \\ITserver01\ITtest, what kind of naming scheme do you give? I was thinking about maybe ITserver01_ITtest_RW as an example...
    Also do I have to create a domain local r/w and R/o group and a universal group r/w and r/o, since I cannot assign place users directly in the domain local account?
    Chad

    Best practices (esp in naming schemes) depends a bit on the corporate culture and standard procedures. However, we put users in domain local groups based on their role. Those groups would be made a member of a domain group that is used to grant access to
    local resources. and then make those resource access domain groups are member of local groups on the server.
    For example, If I have a server 'test', then there is a domain group called 'test administrators' and that group is then a member of the local admins group of the test server. And one of the members of the 'test administrators' group would be the 'site domain
    admins' group.
    For your example,  ITserver01_ITtest_RW would be a domain local group. And you would not put users in it directly, but user groups.  Users are in groups like 'Site helpdesk admins' or whtever. Something that defines their role in the orgnization.
    And then you would put the  'Site helpdesk admins' as member in the ITserver01_ITtest_RW group.
    Does that make sense?

  • SAP Best Practices on assigning roles for Auditors

    Dear Gurus,
    We need to set up SAP roles for auditors in or system for SRM ECC & BI.
    Could you please suggest on wich roles should be granted to the auditors as best practice to follow on?
    I will really apprecciate your help.
    Best Regards,
    Valentino

    Hi Martin,
    Thanks for your interest. I would be very happy to work with folks like you to slowly improve such roles as we find improvement possibilities for them, and all benefit from the joint knowledge and cool features which go into them. I have been filing away at a set of them for years now - they are not evil but still usefull and I give them to an auditor without being concerned as long as they can tell me approximately what they have been tasked to look into.
    I then also show them the corresponding user menu of my role for these tasks and then leave them alone for a while... 
    Anyway... SAP told me that if we host the content on SDN for the collaboration and documentation to the changes in the files, then version management of the files can be hosted externally for downloading them (actually, SAP does not have an option because their software does not support it...).
    I will rather host them on my own site and add the link in the SDN wiki and a sticky forum post link to it than use a generic download service, at least to start with. Via change management to the wiki, we can easily map this to version management of the files on a monthly periodic update cycle once there are enough changes to the wiki.
    How about "Update Tuesday" as a maintenance cycle --> config updates each second Tuesday of the month... to remove authorizations to access backdoors which are more than "just display"...
    Cheers,
    Julius

  • Network Design Review - Best Practices

    Looking to start a discussion around best practices for inbound network design at the core. 
    The planned devices are as followings:
    Edge Routing / DMVPN - Cisco 2951
    Cisco UCM / IP Phone VPN Concentrator - Cisco ASA 5512-X
    Cisco AnyConnect SSL Client Concentrator - Cisco ASA 5515-X
    Cisco FirePower / IPS Device - Cisco ASA 5515-X
    The plan is as follows:
    All traffic enters through the 2951. 
    DMVPN traffic will go directly to the FirePower Device and then to the core network.
    IP Phones will pass-through 2951, enter 5512-X for VPN, go to FirePower and then to the core network.
    AnyConnect Clients will pass-through 2951, enter 5515-X for VPN, go to FirePower and then to the core network. 
    Wondering if anyone else has completed a similar setup and any issues you may have fun into. 
    Basic diagram attached. 
    Thanks!

    There really isn't a true two factor authentication you can just do with radius unless its ISE and your doing EAP Chaining.  One way that is a workaround and works with ACS or ISE is to use "Was machine authenticated".  This again only works for Domain Computers.  How Microsoft works:) is you have a setting for user or computer... this does not mean user AND computer.  So when a windows machine boots up, it will sen its system name first and then the user credentials.  System name or machine authentication only happens once and that is during the boot up.  User happens every time there is a full authentication that has to happen.
    Check out these threads and it explains it pretty well.
    https://supportforums.cisco.com/message/3525085#3525085
    https://supportforums.cisco.com/thread/2166573
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • Best practice for ASA Active/Standby failover

    Hi,
    I have configured a pair of Cisco ASA in Active/ Standby mode (see attached). What can be done to allow traffic to go from R1 to R2 via ASA2 when ASA1 inside or outside interface is down?
    Currently this happens only when ASA1 is down (shutdown). Is there any recommended best practice for such network redundancy?  Thanks in advanced!

    Hi Vibhor,
    I test ping from R1 to R2 and ping drop when I shutdown either inside (g1) or outside (g0) interface of the Active ASA. Below is the ASA 'show' failover' and 'show run',
    ASSA1# conf t
    ASSA1(config)# int g1
    ASSA1(config-if)# shut
    ASSA1(config-if)# show failover
    Failover On
    Failover unit Primary
    Failover LAN Interface: FAILOVER GigabitEthernet2 (up)
    Unit Poll frequency 1 seconds, holdtime 15 seconds
    Interface Poll frequency 5 seconds, holdtime 25 seconds
    Interface Policy 1
    Monitored Interfaces 3 of 60 maximum
    Version: Ours 8.4(2), Mate 8.4(2)
    Last Failover at: 14:20:00 SGT Nov 18 2014
            This host: Primary - Active
                    Active time: 7862 (sec)
                      Interface outside (100.100.100.1): Normal (Monitored)
                      Interface inside (192.168.1.1): Link Down (Monitored)
                      Interface mgmt (10.101.50.100): Normal (Waiting)
            Other host: Secondary - Standby Ready
                    Active time: 0 (sec)
                      Interface outside (100.100.100.2): Normal (Monitored)
                      Interface inside (192.168.1.2): Link Down (Monitored)
                      Interface mgmt (0.0.0.0): Normal (Waiting)
    Stateful Failover Logical Update Statistics
            Link : FAILOVER GigabitEthernet2 (up)
            Stateful Obj    xmit       xerr       rcv        rerr
            General         1053       0          1045       0
            sys cmd         1045       0          1045       0
            up time         0          0          0          0
            RPC services    0          0          0          0
            TCP conn        0          0          0          0
            UDP conn        0          0          0          0
            ARP tbl         2          0          0          0
            Xlate_Timeout   0          0          0          0
            IPv6 ND tbl     0          0          0          0
            VPN IKEv1 SA    0          0          0          0
            VPN IKEv1 P2    0          0          0          0
            VPN IKEv2 SA    0          0          0          0
            VPN IKEv2 P2    0          0          0          0
            VPN CTCP upd    0          0          0          0
            VPN SDI upd     0          0          0          0
            VPN DHCP upd    0          0          0          0
            SIP Session     0          0          0          0
            Route Session   5          0          0          0
            User-Identity   1          0          0          0
            Logical Update Queue Information
                            Cur     Max     Total
            Recv Q:         0       9       1045
            Xmit Q:         0       30      10226
    ASSA1(config-if)#
    ASSA1# sh run
    : Saved
    ASA Version 8.4(2)
    hostname ASSA1
    enable password 2KFQnbNIdI.2KYOU encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface GigabitEthernet0
     nameif outside
     security-level 0
     ip address 100.100.100.1 255.255.255.0 standby 100.100.100.2
     ospf message-digest-key 20 md5 *****
     ospf authentication message-digest
    interface GigabitEthernet1
     nameif inside
     security-level 100
     ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
     ospf message-digest-key 20 md5 *****
     ospf authentication message-digest
    interface GigabitEthernet2
     description LAN/STATE Failover Interface
    interface GigabitEthernet3
     shutdown
     no nameif
     no security-level
     no ip address
    interface GigabitEthernet4
     nameif mgmt
     security-level 0
     ip address 10.101.50.100 255.255.255.0
    interface GigabitEthernet5
     shutdown
     no nameif
     no security-level
     no ip address
    ftp mode passive
    clock timezone SGT 8
    access-list OUTSIDE_ACCESS_IN extended permit icmp any any
    pager lines 24
    logging timestamp
    logging console debugging
    logging monitor debugging
    mtu outside 1500
    mtu inside 1500
    mtu mgmt 1500
    failover
    failover lan unit primary
    failover lan interface FAILOVER GigabitEthernet2
    failover link FAILOVER GigabitEthernet2
    failover interface ip FAILOVER 192.168.99.1 255.255.255.0 standby 192.168.99.2
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-715-100.bin
    no asdm history enable
    arp timeout 14400
    access-group OUTSIDE_ACCESS_IN in interface outside
    router ospf 10
     network 100.100.100.0 255.255.255.0 area 1
     network 192.168.1.0 255.255.255.0 area 0
     area 0 authentication message-digest
     area 1 authentication message-digest
     log-adj-changes
     default-information originate always
    route outside 0.0.0.0 0.0.0.0 100.100.100.254 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa authentication ssh console LOCAL
    http server enable
    http 10.101.50.0 255.255.255.0 mgmt
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet timeout 5
    ssh 10.101.50.0 255.255.255.0 mgmt
    ssh timeout 5
    console timeout 0
    tls-proxy maximum-session 10000
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    username cisco password 3USUcOPFUiMCO4Jk encrypted
    prompt hostname context
    no call-home reporting anonymous
    call-home
     profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    crashinfo save disable
    Cryptochecksum:fafd8a885033aeac12a2f682260f57e9
    : end
    ASSA1#

  • Best Practices for using FireFighter Id's

    Experts,
    I was just wondering what is the best practice in assigning FireFighter Id's to developers in a company, I mean do most of the developers have their own firefighter Id's or do they share a common FirefFighter (for example: a single FireFighter to a small group of developers or people).
    Please suggest how this works in your companies.
    Will reward points for helpful answers.
    Thanks,

    Why do you want to give priviledged access to all the users first of all.
    I was going through this thread and wanted to put some comments. In my opinion there might be numerous situations when developers team need change/update authorization on production system to fix critical problems. and it is also possible that more than one developer requires this authorization.
    There may be some other situation when a developer needs to logon to production system to check production system performance. Sometimes critical transactions require developers assistance to resolve issues in production environment.
    So as Naveen (first) said he has a situation where more than one developer needs to work on production system, according to me it is a valid scenario.
    Another thing that Naveen (second) mentioned,
    Even if you want to you should not share the credentials
    To my knoweledge the firefighter user credentials which include password as well is not required to be known by the user. any user who is assigned a firefighter ID doesn not require to enter user or password or any other credentials. So user credentials are never shared among different users.
    I hope i made a valid point.
    Best Regards,
    Amol Bharti

  • Best practice steps for virtual server

    Hello,
    I need help in below questions. Please help.
    Q1) What are the best practice steps to create a VM with Hyper-V?
    Q2) What is the best practice for virtual network cluster?
    Q3) What are the domain controllers? and how to upgrade it from 2003 domain to 2012 domain?
    Please help me to answer above questions. I am new to networking server side. Please guide me step by step. Any help is much appreciated.
    Thanks.
    chirag

    Please post your questions in the appropriate forums.
    This forum is for the specific product Virtual Server 2005.
    For Hyper-V related questions, use the Hyper-V forum:
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverhyperv
    For server questions please use the server forums:
    http://social.technet.microsoft.com/Forums/windowsserver/en-us/home?category=windowsserver
    Microsoft has a lot of documentation, have you read it yet? Googled?
    Clustering:
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/7173caf4-a5aa-4426-a16b-592a6e6714ec/windows-server-2012-hyperv-cluster-step-by-step?forum=winserverhyperv
    http://www.bing.com/search?q=hyper-v+cluster+2012+r2+step+by+step&src=IE-SearchBox&FORM=IE11SR
    Domain upgrades:
    http://technet.microsoft.com/en-us/library/hh994618.aspx

  • Best practice steps for Hyper-V virtual server

    Hello,
    I need help in below questions. Please help.
    Q1) What are the best practice steps to create a VM with Hyper-V?
    Q2) What is the best practice for virtual network cluster?
    Q3) What are the domain controllers? and how to upgrade it from 2003 domain to 2012 domain?
    Please help me to answer above questions. I am new to networking server side. Please guide me step by step. Any help is much appreciated.
    Thanks.
    chirag

    Do a search on TechNet or Bing for creating Hyper-V VMs. You will find all sorts of blog posts with examples.
    If you are asking about creating a Microsoft failover cluster with guest VMS, do a search again.  Lots of posts with examples.
    Upgrading an Active Directory Domain from Windows Server 2003 or Windows Server 2003 R2 to Windows Server 2012
    http://msmvps.com/blogs/mweber/archive/2012/07/30/upgrading-an-active-directory-domain-from-windows-server-2003-or-windows-server-2003-r2-to-windows-server-2012.aspx
    . : | : . : | : . tim

  • X2100M2 Embedded LIghts Out Manager best practice

    Hi guys,
    I'm in worry about the best practice of configuring network interface on a X2100M2 Solaris 5.10 for the Embedded LIghts Out Manager. Hope you can help. I haven't find any documents of it which explain the best practice.
    Here is the situation :
    I've have 4 network interfaces but I only need two of them. So I decide to use the bge0 and the bge1 interfaces.
    bge0 is the server interface with an IP with .157
    bge1 is the ELOM interface with an IP with .156
    In the past, it was the reverse : bge0 was the ELOM with .156 and bge1 was the network server int. with .157
    Could you please guys let me know what is the best practice? Does the int.0 must be the server one? Is it possible to have network problem with this kind of configuration?
    Thanks
    Cheers,

    hi guys,
    No one have a clue? I've got some dukeDolars to offer...
    Tks

  • StorageTek 2500 - Mirroring Best Practices

    I am setting up a new StorageTek 2500 array.
    One of my volumes will be assigned 12 hard drives from a single shelf and will use Raid 1+0.
    The CAM asks me to manually assign pairs of drives for mirroring.
    I would like to understand if there are any single point of failures within the disk shelves that I should be aware of when deciding this.
    Do the StorageTek 2500 series disk shelves have multiple backplanes?
    - If so, which hard drives are assigned to each backplane? I want to avoid assigning both disks that are being mirrored to the same controller. I don't want to lose the data on both drives in the event of a hardware failure.
    - If not, is it recommended to pair one drive from one shelf, with a drive from another shelf to eliminate single point of failure?
    Does anyone have any suggested best practices when assigning pairs of drives for mirroring on the StorageTek 2500?
    Thanks

    jgibson wrote:
    I am setting up a new StorageTek 2500 array.
    One of my volumes will be assigned 12 hard drives from a single shelf and will use Raid 1+0.
    The CAM asks me to manually assign pairs of drives for mirroring.
    I would like to understand if there are any single point of failures within the disk shelves that I should be aware of when deciding this.
    Do the StorageTek 2500 series disk shelves have multiple backplanes?No.
    >
    - If so, which hard drives are assigned to each backplane? I want to avoid assigning both disks that are being mirrored to the same controller. I don't want to lose the data on both drives in the event of a hardware failure.
    - If not, is it recommended to pair one drive from one shelf, with a drive from another shelf to eliminate single point of failure?
    I do not understand what you mean by shelf. The drives are connected to the same backplane, regardless of what pair you create. The SPOF is the backplane, nevertheless it is unlikely to fail.
    Regards
    Nicolas
    Does anyone have any suggested best practices when assigning pairs of drives for mirroring on the StorageTek 2500?
    Thanks

  • Which is the best way to assign cost center to cost element?

    Hi,
    I am getting the below error...
    569400- Gain/Loss Inventory Transfer account requires Cost Object Assignment
    which is best practice to assign cost center - either assign in KA02 or assign in OKB9-automatic account assignment?
    Please advise ...
    Thanks
    Kishore

    HI,
    assignment in KA02 is valid for the whole controlling area, assignment in OKB9 can be different on comp. code level (maybe thats an andvantage for you). Substitution (OKC9) is also possible and delivers more opportunities than OKB9.
    Best regards, Christian

  • IP over Infiniband network configuration best practices

    Hi EEC Team,
    A question I've been asked a few times, do we have any best practices or ideas on how best to implement the IPoIB network?
    Should it be Class B or C?
    Also, what are your thoughts in regards to the netmask, if we use /24 it doesn't give us the ability to visually separate two different racks (ie Exalogic / Exadata), whereas netmask /23, we can do something like:
    Exalogic : 192.168.*10*.0
    Exadata : 192.168.*11*.0
    While still being on the same subnet.
    Your thoughts?
    Gavin

    I think it depends on a couple of factors, such as the following:
    a) How many racks will be connected together on the same IPoIB fabric
    b) What rack configuration do you have today, and do you foresee any expansion in the future - it is possible that you will move from a purely physical environment to a virtual environment, and you should consider the number of virtual hosts and their IP requirements when choosing a subnet mask.
    Class C (/24) with 256 IP values is a good start. However, you may want to choose a mask of length 23 or even 22 to ensure that you have enough IPs for running the required number of WLS, OHS, Coherence Server instances on two or more compute nodes assigned to a department for running its application.
    In general, when setting a net mask, it is always important that you consider such growth projections and possibilities.
    By the way, in my view, Exalogic and Exadata need not be in the same IP subnet, especially if you want to separate application traffic from database traffic. Of course, they can be separated by VLANs too.
    Hope this helps.
    Thanks
    Guru

  • Best Practice Question on Heartbeat Network

    After running 3.0.3 a few weeks in production, we are wondering if we set up our Heartbeat /Servers correctly.
    We have 2 servers in our Production Server pool. Our LAN, a 192.168.x.x network, has the Virtual IP of the Cluster (heartbeat), the 2 main IP addresses of the servers, and a NIC assigned to each guest. All of this has been configured on the same network. Over the weekend, I wanted to separate the Heartbeat onto a new network, but when trying to add to the pool I received:
    Cannot add server: ovsx.mydomain.com, to pool: mypool. Server Mgt IP address: 192.168.x.x, is not on same subnet as pool VIP: 192.168.y.y
    Currently, I only have one router that translate our WAN to our LAN of 192.168.x.x. I thought the heartbeat would strictly be internal and would not need to be routed anywhere and just set up as a separate VLAN and this is why I created 192.168.y.y. I know that the servers can have multiple IP addresses, and I have 3 networks added to my OVM servers. 192.168.x.x, 192.168.y.y and 192.168.z.z. y and z are not pingable from anything but the servers themselves or one of the guests that I have assigned that network to. I can not ping them directly from our office network, even through the VPN which only gives us access to 192.168.x.x.
    I guess I can change my Sever Mgt IP away from 192.168.x.x to 192.168.y.y, but can I do that without reinstalling the VM server? How have others structured there networks especially relating to the heartbeat?
    Is there any documentation/guides that would describe how to set up the networks properly relating to the heartbeat?
    Thanks for any help!!

    Hello user,
    In order to change your environment, what you could do is go to the Hardware tab -> Network. Within here you can create new networks and also change via the Edit this Network pencil icon what networks should manage what roles (i.e. Virtual Machine, Cluster Heartbeat, etc). In my past experience, I've had issues changing the cluster heartbeat once it has been set. If you have issues changing it, via the OVM Manager, one thing you could do is change it manually via the /etc/ocfs2/cluster.conf file. Also, if it successfully lets you change it via the OVM Manager, verify it within the cluster.conf to ensure it actually did your change. This is where that is being set. However, doing it manually can be tricky because OVM has a tendency to like to revert it's changes back to its original state say after a reboot. Of course I'm not even sure if they support you manually making that change. Ideally, when setting up an OVM environment, best practice would be to separate your networks as much as possible i.e. (Public network, private network, management network, clusterhb network, and live migration network if you do a lot of live migrating, otherwise you can probably place it with say the management network).
    Hope that helps,
    Roger

Maybe you are looking for

  • Macbook Pro 13 inch (2011) freezes all the time

    Hi all , About a week ago, I started to experience difficulties working on my MacBook Pro - the whole system started to "freeze" and glitch all over the place, e.g. finder not responding like it should be, opening folders takes ages (in some cases up

  • Setting up a Server for Small Network

    I have a workgroup of 3 people all on macs running OS X. I have a PowerMac Quad and I want to set it up as a server so that my entire workgroup can access files from it in order to run InDesign and InCopy. How do I do this? Thanks in advance!

  • M-audio stops working with Logic Pro as soon as I hit play

    I've not found a solution to this anywhere. I've got Logic Pro 9 and hooked up a M-Audio Oxygen 49. The computer and software see the Oxygen okay and I can play any sound I want through the software. Until I hit play - trying to add a track to a reco

  • Sorting albums in Itunes

    How do I sort my albums of the same artist in years and not on the names. I'm using the Artist lookup as you can see below. It's dutch by the way.

  • Backing up Safari booksmarks to dropbox

    Is it possible to backup Safari bookmarks for my Mac to dropbox and then use then in Safari for Windows? What would I need to do?