Best Practice User-Access Deployment

Similar Messages

• What is the best practice for AppleScript deployment on several machines?

  Hi,
  I am developing some AppleScripts for my colleagues at work and I don't want to visit each of them to deploy my AppleScript on their Macs.
  So, what is the best practice for AppleScript deployment on several machines?
  Is there an installer created by the Automator available?
  I would like to have something like an App to run which puts all my AppleScript relevant files into the right place onto a destination Mac.
  Thanks in advance.
  Regards,

  There's really no 'right place' to put applescripts.  folder action scripts nees to go in ~/Library/Scripts/Folder Action Scripts (or /Library/Scripts/Folder Action Scripts), anything you want to appear in the script menu needs to go in ~/Library/Scripts (or /Library/Scripts), script applications should probably go in the Applications folder, but otherwise scripts can be placed anywhere.  conventional places to put them are in ~/Library/Scripts or in a subfolder of ~/Library/Application Support if they are run by an application.  The more important issue is to make sure you generalize the scripts: use the path to command to get local paths rather than hard-coding them in, make sure you test to make sure applications or unic executables you call are present ont he machine, use script bundles rather tna scripts if you scripts have private resources.
  You can write a quick installer script if you want to make sure scripts go where you want them.  Skeleton verion looks like this:
  set scriptsFolder to path to scripts folder from user domain
  set scriptsToExport to path to resource "xxx.scpt" in directory "yyy"
  tell application "Finder"
    duplicate scriptsToExport to scriptsFolder with replacing
  end tell
  say "Scripts are installed"
  save this as a script application, then open the application pacckage and create a folder called "yyy" in the resources folder and copy your script "xxx.scpt" into it.  other people can run the app to install the script.

• BEST PRACTICES: How to deploy apps with public and private content & data?

  Can anyone recommend a guide, blog post, etc. on best practices for:
  - designing & deploying apps that have publicly-accessible (http + https) content, and
  - content and data for which users must be authenticated and authorized?
  NOTE: In our environment users are authenticated via OID. We're using Apex 4.

  Hi,
  Have a look at this Sample App for getting Auth Token from Instagram in windows phone app. 
  Also read the api documentation for more details from
  here.
  Pradeep AJ

• What is the best practice in securing deployed source files

  hi guys,
  Just yesterday, I developed a simple image cropper using ajax
  and flash. After compiling the package, I notice the
  package/installer delivers the same exact source files as in
  developed to the installed folder.
  This doesnt concern me much at first, but coming to think of
  it. This question keeps coming out of my head.
  "What is the best practice in securing deployed source
  files?"
  How do we secure application installed source files from
  being tampered. Especially, when it comes to tampering of the
  source files after it's been installed. E.g. modifying spraydata.js
  files for example can be done easily with an editor.

  Hi,
  You could compute a SHA or MD5 hash of your source files on
  first run and save these hashes to EncryptedLocalStore.
  On startup, recompute and verify. (This, of course, fails to
  address when the main app's swf / swc / html itself is
  decompiled)

• Need best practice when accessing an ucm content after being transferred.

  Hi All,
  I have a business requirement where I need to auto-transfer the content to another UCM when this content expires in the source UCM.
  This content needs to be deleted after it spends a certain duration in the target UCM.
  Can anybody advise me the best practice to do this in the Oracle UCM?
  I have set up an expiration date and trying to auto Replicate the content to the target UCM once the content reaches the expiration date.
  I am not aware of the best practice to access the content when it is in the target UCM?
  Any help in this case would be greatly appreciated.
  Regards,
  Ashwin

  SR,
  Unfortunately temp tables are the way to go. In Apex we call them collections (not the same as PL/SQL collections) and there's an API for working with them. In other words, the majority of the leg work has already been done for you. You don't have to create the tables or worry about tying data to different sessions. Start you learning here:
  http://download.oracle.com/docs/cd/E14373_01/appdev.32/e11838/advnc.htm#BABFFJJJ
  Regards,
  Dan
  http://danielmcghan.us
  http://sourceforge.net/projects/tapigen
  http://sourceforge.net/projects/plrecur
  You can reward this reply by marking it as either Helpful or Correct ;-)

• Best Practice for SRST deployment at a remote site

  What is the best practice for a SRST deployment at a remote site? Should a separate router such as a 3800 series be deployed for telephony in addition to another router to be deployed for Data? Is there a need for 2 different devices?

  Hi Brian,
  This is typically done all on one ISR Router at the remote site :)There are two flavors of SRST. Here is the feature comparison;
  SRST Fallback
  This feature enables routers to provide call-handling support for Cisco Unified IP phones if they lose connection to remote primary, secondary, or tertiary Cisco Unified Communications Manager installations or if the WAN connection is down. When Cisco Unified SRST functionality is provided by Cisco Unified CME, provisioning of phones is automatic and most Cisco Unified CME features are available to the phones during periods of fallback, including hunt-groups, call park and access to Cisco Unity voice messaging services using SCCP protocol. The benefit is that Cisco Unified Communications Manager users will gain access to more features during fallback ****without any additional licensing costs.
  Comparison of Cisco Unified SRST and
  Cisco Unified CME in SRST Fallback Mode
  Cisco Unified CME in SRST Fallback Mode
  • First supported with Cisco Unified CME 4.0: Cisco IOS Software 12.4(9)T
  • IP phones re-home to Cisco Unified CME if Cisco Unified Communications Manager fails. CME in SRST allows IP phones to access some advanced Cisco Unified CME telephony features not supported in traditional SRST
  • Support for up to 240 phones
  • No support for Cisco VG248 48-Port Analog Phone Gateway registration during fallback
  • Lack of support for alias command
  • Support for Cisco Unity® unified messaging at remote sites (Distributed Exchange or Domino)
  • Support for features such as Pickup Groups, Hunt Groups, Basic Automatic Call Distributor (BACD), Call Park, softkey templates, and paging
  • Support for Cisco IP Communicator 2.0 with Cisco Unified Video Advantage 2.0 on same computer
  • No support for secure voice in SRST mode
  • More complex configuration required
  • Support for digital signal processor (DSP)-based hardware conferencing
  • E-911 support with per-phone emergency response location (ERL) assignment for IP phones (Cisco Unified CME 4.1 only)
  Cisco Unified SRST
  • Supported since Cisco Unified SRST 2.0 with Cisco IOS Software 12.2(8)T5
  • IP phones re-home to SRST router if Cisco Unified Communications Manager fails. SRST allows IP phones to have basic telephony features
  • Support for up to 720 phones
  • Support for Cisco VG248 registration during fallback
  • Support for alias command
  • Lack of support for features such as Pickup Groups, Hunt Groups, Call Park, and BACD
  • No support for Cisco IP Communicator 2.0 with Cisco Unified Video Advantage 2.0
  • Support for secure voice during SRST fallback
  • Simple, one-time configuration for SRST fallback service
  • No per-phone emergency response location (ERL) assignment for SCCP Phones (E911 is a new feature supported in SRST 4.1)
  http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/vcallcon/ps2169/prod_qas0900aecd8028d113.html
  These SRST hardware based restrictions are very similar to the number of supported phones with CME. Here is the actual breakdown;
  Cisco 880 SRST Series Integrated Services Router
  Up to 4 phones
  Cisco 1861 Integrated Services Router
  Up to 8 phones
  Cisco 2801 Integrated Services Router
  Up to 25 phones
  Cisco 2811 Integrated Services Router
  Up to 35 phones
  Cisco 2821 Integrated Services Router
  Up to 50 phones
  Cisco 2851 Integrated Services Router
  Up to 100 phones
  Cisco 3825 Integrated Services Router
  Up to 350 phones
  Cisco Catalyst® 6500 Series Communications Media Module (CMM)
  Up to 480 phones
  Cisco 3845 Integrated Services Router
  Up to 730 phones
  *The number of phones supported by SRST have been changed to multiples of 5 starting with Cisco IOS Software Release 12.4(15)T3.
  From this excellent doc;
  http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/vcallcon/ps2169/data_sheet_c78-485221.html
  Hope this helps!
  Rob

• SAP HANA Security - Best Practice for Access to Schemas??

  Hi,
  Currently we don'y have a defined Security model in HANA Studio.Neither there is no defined duties of a BASIS / Security / Developers.
  I want to understand what best practices are followed at other customers for defining security for Schema.
  1. Who should be creating the schema for Developers / Modelers?
  2. Should we use our own ID's to create/maintain these Schema or a Generic ID?
  Right now, when developers log in to Studio, by default they are assigned to their own schema (User ID) and they create objects under that.
  We(Security team), face issues when other developers need access to schema of another user as they want to develop objects under schema of different user
  Also, who should be owning the "SYSTEM" user ID and what steps needs to be done whenever a new schema is created.
  Thanks for the help in advance.

  Hi,
  I created a project (JDeveloper) with local xsd-files and tried to delete and recreate them in the structure pane with references to a version on the application server. After reopening the project I deployed it successfully to the bpel server. The process is working fine, but in the structure pane there is no information about any of the xsds anymore and the payload in the variables there is an exception (problem building schema).
  How does bpel know where to look for the xsd-files and how does the mapping still work?
  This cannot be the way to do it correctly. Do I have a chance to rework an existing project or do I have to rebuild it from scratch in order to have all the references right?
  Thanks for any clue.
  Bette

• ACS v5 best practice w/ access policies.

  Hello, I am in the process of deploying a ACS v5 appliance with 2 network devices talking through it to MS Active Directory via LDAP. It works great but I have a design question.
  Our current access policy has one AD group match, one AD attribute match, and network device type is valid. If those 3 items match then permit access. Pretty simple. But my question is specific to the network device type. Is it best practice to have one large access policy with different network device types OR have one access policy per device type?
  For example, lets say I have a 3000 series Concentrator and a 5500 series ASA and logging into the network via there devices I have the same IT support person and I am pulling the AD attribute msdialin=TRUE.
  One Access Policy
  1: IT Support memberOf=VPN User Allow Dial in=True Network Device=VPN 3000
  2: IT Support memberOf=VPN User Allow Dial in=True Network Device=ASA 5500
  Or have two Access Policies, one dedicated to each device type?
  Access Services
  >VPN 3000
  >Authorization
  1: IT Support memberOf=VPN User Allow Dial in=True
  Access Services
  >ASA 5500
  >Authorization
  1: IT Support memberOf=VPN User Allow Dial in=True
  Just not sure which way to go. Any help is greatly appreciated.
  e-

  Hello, I am in the process of deploying a ACS v5 appliance with 2 network devices talking through it to MS Active Directory via LDAP. It works great but I have a design question.
  Our current access policy has one AD group match, one AD attribute match, and network device type is valid. If those 3 items match then permit access. Pretty simple. But my question is specific to the network device type. Is it best practice to have one large access policy with different network device types OR have one access policy per device type?
  For example, lets say I have a 3000 series Concentrator and a 5500 series ASA and logging into the network via there devices I have the same IT support person and I am pulling the AD attribute msdialin=TRUE.
  One Access Policy
  1: IT Support memberOf=VPN User Allow Dial in=True Network Device=VPN 3000
  2: IT Support memberOf=VPN User Allow Dial in=True Network Device=ASA 5500
  Or have two Access Policies, one dedicated to each device type?
  Access Services
  >VPN 3000
  >Authorization
  1: IT Support memberOf=VPN User Allow Dial in=True
  Access Services
  >ASA 5500
  >Authorization
  1: IT Support memberOf=VPN User Allow Dial in=True
  Just not sure which way to go. Any help is greatly appreciated.
  e-

• Best Practices for Accessing the Configuration data Modelled as XML File in

  Hi,
  I refer the couple of blof posts/Forum threads on How to model and access the Configuration data as XML inside OSB.
  One of the easiest and way is to
  Re: OSB: What is best practice for reading configuration information
  Another could be
  Uploading XML data as .xq file (Creating .xq file copy paste all the Configuration as XML )
  I need expert answers for following.
  1] I have .xsd file which is representing the Configuration data. Structure of XSD is
  <FrameworkConfig>
  <Config type="common" key="someKey">proprtyvalue</Config>
  <FrameworkConfig>
  2] As my project will move from one env to another the property-value will change according to the Environment...
  For Dev:
  <FrameworkConfig>
  <Config type="common" key="someKey">proprtyvalue_Dev</Config>
  <FrameworkConfig>
  For Stage :
  <FrameworkConfig>
  <Config type="common" key="someKey">proprtyvalue_Stage</Config>
  <FrameworkConfig>
  3] Let say I create the following Folder structure to store the Configuration file specific for dev/stage/prod instance
  OSB Project Folder
  |
  |---Dev
  |
  |--Dev_Config_file.xml
  |
  |---Stage
  |
  |--Stahe_Config_file.xml
  |
  |---Prod
  |
  |-Prod_Config_file.xml
  4] I need a way to load these property file as xml element/variable inside OSb message flow.?? I can't use XPath function fn:doc("URL") coz I don't know exact path of XMl on deployed server.
  5] Also I need to lookup/model the value which will specify the current server type(Dev/Stage/prod) on which OSB MF is running. Let say any construct which will act as a Global configuration and can be acccessible inside the OSb message flow. If I get the vaalue for the Global variable as Dev means I will load the xml config file under the Dev Directory @runtime containing key value pair for Dev environment.
  6] This Re: OSB: What is best practice for reading configuration information
  suggest the designing of the web application which will serve the xml file over the http protocol and getting the contents into variable (which in turn can be used in OSB message flow). Can we address this problem without creating the extra Project and adding the Dependencies? I read configuration file approach too..but the sample configuration file doesn't show entry of .xml file as resources
  Hope I am clear...I really appreciate your comments and suggestion..
  Sushil
  Edited by: Sushil Deshpande on Jan 24, 2011 10:56 AM

  If you can enforce some sort of naming convention for the transport endpoint for this proxy service across the environments, where the environment name is part of the endpoint you may able to retrieve it from $inbound in the message pipeline.
  eg. http://osb_host/service/prod/service1 ==> Prod and http://osb_host/service/prod/service2 ==> stage , then i think $inbound/ctx:transport/ctx:uri can give you /service/prod/service1 or /service/stage/service1 and applying appropriate xpath functions you will be able to extract the environment name.
  Chk this link for details on $inbound/ctx:transport : http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/userguide/context.html#wp1080822

• SAP Adapter Best Practice Question for Deployment to Clustered Environment

  I have a best practices question on the iway Adapters around deployment into a clustered environment.
  According to the documentation, you are supposed to run the installer on both nodes in the cluster but configure on just the first node. See below:
  Install Oracle Application Adapters 11g Release 1 (11.1.1.3.0) on both machines.
  Configure a J2CA configuration as a database repository on the first machine.
  Perform the required changes to the ra.xml and weblogic-ra.xml files before deployment.
  This makes sense to me because once you deploy the adapter rar in the next step it the appropriate rar will get staged and deployed on both nodes in the cluster.
  What is the best practice for the 3rdParty adapter directory on the second node? The installer lays it down with the adapter rar and all. Since we only configure the adapter on node 1, the directory on node 2 will remain with the default installation files/values not the configured ones. Is it best practice to copy node 1's 3rdParty directory to node 2 once configured? If we leave node 2 with the default files/values, I suspect this will lead to confusion to someone later on who is troubleshooting because it will appear it was never configured correctly.
  What do folks typically do in this situation? Obviously everything works to leave it as is, but it seems strange to have the two nodes differ.

  What is the version of operating system. If you are any OS version lower than Windows 2012 then you need to add one more voter for quorum.
  Balmukund Lakhani
  Please mark solved if I've answered your question, vote for it as helpful to help other users find a solution quicker
  This posting is provided "AS IS" with no warranties, and confers no rights.
  My Blog |
  Team Blog | @Twitter
  | Facebook
  Author: SQL Server 2012 AlwaysOn -
  Paperback, Kindle

• Best Practice/Validation for deploying a Package to Azure

  Before deploying a package to Azure, What kind of best practice/Validation can be done to know the Package compatibility with Azure Enviroment?

  What do you mean by the compatibility of the azure package with the azure environment? what do you want to validate? would be great if you provide bit of a background for your question.
  As far as the deployment best practice is concerned, the usual way is to upload your azure cloud service deployment package and configuration files (*.cspkg and *.cscfg) to the blob container first and upload it to the cloud service by referring from uploaded
  container. This will not only give you flexibility to keep different versions of your deployments which you can use to roll back entire service but also the process of the deployment will be comparatively faster than that of deploying from VS or by uploading
  manually from file system.
  You can refer link - http://azure.microsoft.com/en-in/documentation/articles/cloud-services-how-to-create-deploy/#deploy
  Bhushan | Blog |
  LinkedIn | Twitter

• The best practice to access entities in JClient?

  Hi
  For example if I have data bound combobox I use:
  String val = getPanelBinding().findIterBinding("StatesViewIterator").getCurrentRow().getAttribute("Name").toString();
  Is there any other way? Can I get directly from the combobox?
  andrius

  Using the panelBinding is best practices.
  Frank

• Optimization and Best Practices: User Goup Permissions

  Hello All,
  Recently I have done some soul searching on the best way to
  allow for complex user permissions on a web site while keeping
  server resources in mind. I am hoping that some of you will have
  some ideas or suggestions on the best way to implement a system
  like this using CF. First a little background:
  In my CF application I assign user accounts to a permission
  group so different users can access different pages. For example, I
  can assign user 'Joe Bob' to the 'Administrators' group which can
  access pretty much everything, whereas the user 'Jane Smith' has
  been assigned to the 'Contributors' group and can only access
  certain pages.
  Initially I assigned the permissions based on the name of the
  permissions group, so when the user logged on I created a session
  variable called AccountType which would contain the value,
  "Administrator", "Contributor", etc. That way, my templates could
  run a simple cfif to check if the person could see a particular
  resource,link,etc.
  However, now I am expanding the permissions scheme to allow
  site administrators to create their own user groups with their own
  unique names and permissions settings. The user account types are
  stored in a database and each separate permission is stored as a
  yes/no variable in a column. For example:
  UserTypeID......Name
  ..............CanLogIn........CanAccessProducts......CanAccessBlog.......etc...
  1
  ...................Administrator.....yes................yes.............................. .yes
  2 ...................Contributor
  .........yes...............no................................yes
  3....................Store
  Manager.....yes...............yes..............................no
  So the problem arises: How should these permission settings
  be applied for the logged in users? I want to be conscious of both
  server memory as well processing/requests to the DB and ease of
  coding. Here are some ideas that I had:
  IDEA 1: When the user logs on, do just as I was doing and
  assign a session variable named UserType that stores the
  UserTypeID. Then, within application.cfm, check if the user is
  logged on, if yes, query the database (cached query) and get the
  permission values for that account type and store them in a
  structure which can be referenced as needed in that request.
  Pros: In this method, the work appears to mostly be done by
  the processor, db server. Since queries can be cached, I can use
  the same cached query for multiple users that log into the site so
  more than one user can share the cached query.
  Cons: I think that reading a cached query and then building a
  structure containing the values of the table on ever page load
  might be overkill and might demand unneeded processing.
  IDEA 2. This method is similar to #1 in that a session
  variable named UserType will be created when the user logs on.
  However the main difference is that the database won't be queried
  for a permission column until it is actually needed. So if the user
  tries to access page xyz.cfm, coldfusion checks the appropriate
  column in the table based on the UserType variable and either
  allows the user to see it or not.
  Pros: This could potentially save some server memory if there
  are a lot of users logged on at once and a lot of permission
  columns in the database.
  Cons: This could be a coding nightmare and will add a lot
  more lines of code on many templates since pretty much every
  template will make at least one permissions check.
  IDEA 3: Another method which might work would be when a user
  logs on, query the appropriate permissions records and store all of
  the yes/no columns as a structure in the session scope. On each
  page load (application.cfm), copy the structure stored in the
  session scope which contains all of the permissions to the local
  variable scope so it can be easily accessed by the page.
  Pros: Using this method, I only have to query the permissions
  once, and then access all the variables I need because they will be
  stored in memory.
  Cons: In the event that there are a LOT of permission
  variables (assuming 100 or so) this could cause each logged in user
  session to hold a lot of variables. I'm not sure how much server
  memory a structure containing 100 values is, but I want to keep
  that in mind so I don't hog too many resources unnecessarily.
  What are your thoughts on this topic? Do you have any
  suggestions or ideas for handling this type of situation?

  I was surprised no one was interested in discussing this one
  either. However, I played around with several different options and
  although I didn't do any performance benchmarking to compare which
  method would be the most efficient, I guestimated using common
  sense and ease of programming to come up with a solution similar to
  Idea 3 above.
  When the user logs in, the permissions table is queried and
  all of the permissions are added to a structure variable which is
  then stored in the session scope. This way, I can look up a
  particular permission any time I want without having to query the
  database.
  Additionally, if these templates will be accessed by non
  logged in users (like a forum application) I may need to have a
  structure for each non-logged in user as well. However, I believe
  the way to solve that problem efficiently is to store an empty
  permissions structure which contains all the same variables as the
  logged in user in the Application scope which can be referenced
  when needed.
  This method puts the most stress on system memory, but I
  believe that it is better to stress out the system memory rather
  than the processor. Also, I don't think that a hundred structures
  each containing a couple hundred variables really isn't a lot of
  data in the grand scheme of things.
  It would be cool to know though how much memory a session
  structure containing 100 variables would take up. Perhaps one of
  those monitoring programs like SeeFusion would shed some light on
  that. If anyone has a copy of SeeFusion (or similar) please feel
  free to post that information. It could be helpful to CF developers
  in many situations.

• "Best practice" for accessing a class from a custom component?

  My app utilizes a simple class to hold global properties such as username, session data, and similar data. The class is initialized at app startup via code similar to: appGlobals:myGlobals=new myGlobals.
  Many of the custom MXML components and AS classes need to access that data. I have been able to work with it using Application.application.appGlobals.propertyname.
  Is this method the best way to communicate from components and classes to a class initiated at the application level, or should I learn something new before I build a lot of code on this method?
  Thanks.
  Paul

  The WizardModel class is interesting, it is a "singleton" where it is designed to only have one instance, and the class actually has a static variable of its own class. Because that variable is static, an instance is created the first time the class is accessed.
  As to where the WizardModel is "first accessed" and thus its own variable of type WizardModel instantiated, is hard to say, as you really need to understand the application and component startup lifecycle indepth. I have a certain depth of knowledge of that but not enough depth to say definitively when WizardModel  is first accessed, but here are some possibilities:
  WizardModel.wizardTitle = WizardModel.wizardTitleBase;      In the WizardController "wizardTitleChangeHandler" event handler
  creationComplete="WizardModel.app = this;"      In the Wizard.mxml main app creationComplete handler
  <mx:Panel title="{WizardModel.wizardTitle}" width="100%" height="100%">    Opening tag of Panel in Wizard.mxml
  I know its confusing, but just try to absorb what you can for now, and over time it will become gradually more clear.

• Best practice secure network deployment?

  Hello all, I have a few servers and am planning to rebuild our infrastructure to be more secure. We currently have 3 physical machines, (2 standalone servers and then a VM host (esxi, but might switch to Hyper-V - thoughts?)
  I run an exchange server, have AD, failover AD server, a number of web hosts and a couple of linux machines. I also have our work network on the same subnet (all one location)
  My question is this: I have an ASA and then some switches, modem goes to ASA, does NAT with our static, ASA goes to everything else. How should I rebuild the network to allow for the following. 1) Some sort of secure AD and web services which are accessible
  to the WAN and allow things like /owa acccess, LDAP integration, etc. 2) Secure internal systems (primary domain controller, workstations, etc) where they can browse the internet etc, but are not exposed by to any risks from exposing the other servers.
  This might rely more on virtual networking, which I'm not terribly familiar with, so if any recommendations could be made for virtual networking setups in esxi or hyper-v I'd gladly look those over too.
  Thanks!

  What ASA are you running? U need a security plus license to make use of the DMZ functionality. I will then recommend moving the servers that mostly servs users outside your organisation to the DMZ. Like web servers. Your exchange server could stay on inside.
  If your asa is just a 5505 I wouldn't let it do any vlan-routing. Consider using a l3 switch.
  Put your DMZ on a separate vlan. Servers in one vlan. The  admin-interfaces of your network gear in one. Create one vlan for wifi clients, and one or two for your clients. Then you need IP-helpers in each vlan that requires dhcp pointing towards your
  DHCP-server. Towards your vmware server you configure your switch for trunking as well as between switches. In vsphere you create portgroups that will tag each vlan, you will only need your DMZ-vlan and server vlan as the other ones is reachable through the
  vlan-routing.
  Putting your servers in a separate vlan will improve security and eliminate mitm attacks on the servers. Your next step is then to secure all access ports, but take that as another project.