Best practice using keyword in subject for encryption
I have setup an encryption content filter on my appiance to encrypt messages that are outbound, and have a subject header that begin with the keyword Secure inside brackets. [Secure]. My intent was to eliminate some fals positives by including the brackets. What ended up happening was for some reason ALL outbound messages were being encrypted.
After some more testing it seems like the content filter is ignoring the brackets as a requirement, but I can seem to find anything in the online help to back this up.
Can someone assist with verification of the requirements around using a keywork in the subject to allow users to encrypt oubound messages voluntarily?
Best practices around achieving this if anyone has them would also be greatly appreciated.
Thanks,
Chris
Hi Chris,
While I would have to see the syntax of the filter in question to be 100% sure , it sounds as if your conditional variable is being treated literally. The content filters will except regular expressions so what this means is something like [Secure] could be seen as look for anything that contains
an S, or a
e or a
c or a
u or a
r or a
e
Since you said begins with we would be looking for anything in the subject that begins with of of these letters. This is due to the fact that the brackets [ ] are special characters in regular expressions, thus they need to be escaped. That being said [Secure] would become \\[Secure\\], we use the \\ to escape the brackets. In content filters however, you can get by with using just one escape as the filter is smart enough to go ahead an enter the additional escape for you. So in the filter it would be something like begins with \[Secure\]
Once you enter this in the condition for you filter it will display like the following,
subject == "^\\[Secure\\]"
I hope that helps.
Christopher C Smith
CSE
Cisco IronPort Customer Support
Similar Messages
-
Best practice: Using break statement inside for loop
Hi All,
Using break statment inside FOR loop is a best practice or not?
I have given some sample code:
1. With break statement
2. With some boolean variable that decide whether to come out of the loop or not.
for(int i = 0; i < 10; i++){
if(i == 5){
break;
boolean breakForLoop = false;
for(int i = 0; i < 10 && !breakForLoop; i++){
if(i == 5){
breakForLoop = true;
The example may be a stupid one. But i want to know which one is good?
Thanks and Regards,
Ashok kumar B.Actually, it's bad practice to use break anywhere other than in conjunction with a switch statement.Presumably, if you favour:
boolean test = true;
while (test)
test = foo && bar;
if (test)
}overfor (;;)
if (! ( foo && bar) ) break;
}then you also favour
boolean test = foo && bar;
if (test)
}overif (foo && bar)
}Or can you justify your statement with any example which doesn't cause more complexity, more variables in scope, and multiple assignments and tests? -
Looking for best practices using Linux
I use Linux plataform to all the Hyperion tools, we has been problems with Analyzer V7.0.1, the server hangs up ramdomly.<BR>I'm looking for a Linux best practices using Analyzer, Essbsae, EAS, etc.<BR>I'll appreciate any good or bad comments related Hyperion on Linux OS.<BR><BR>Thanks in advance.<BR><BR>Mario Guerrero<BR>Mexico
Hi,<BR><BR>did you search for patches? It can be known problem. I use all Hyperion tools on Windows without any big problem.<BR><BR>Hope this helps,<BR>Grofaty
-
What are the best practices to migrate VPN users for Inter forest mgration?
What are the best practices to migrate VPN users for Inter forest mgration?
It depends on a various factors. There is no "generic" solution or best practice recommendation. Which migration tool are you planning to use?
Quest (QMM) has a VPN migration solution/tool.
ADMT - you can develop your own service based solution if required. I believe it was mentioned in my blog post.
Santhosh Sivarajan | Houston, TX | www.sivarajan.com
ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
Blogs: Blogs
Twitter: Twitter
LinkedIn: LinkedIn
Facebook: Facebook
Microsoft Virtual Academy:
Microsoft Virtual Academy
This posting is provided AS IS with no warranties, and confers no rights. -
Favorite / Best Practice / Useful MTE's ??!?!
Hi Everyone,
I'm setting up monitoring on a multi-system architecture; i've got all of the agents working and reporting to my CEN. I've even got the auto-response email all set up, great!
I've been looking around for any best practice on what MTE's (out of the 100's there!) I should be setting up virtual and rule based nodes for.
So come on everyone...what are your favorite MTE's. Of course I'm looking at Dialog Response Times, and Filesystem %'s -- but any other tips? hints? tricks? Any neat MTE's out there that you love to check.
A best practice / useful guide would be brilliant?
Thanks in advance.
Nic Doodson??
-
What is the BEST practice - use BO or Java Object in process as webservice
Hi All,
I have my BP published as web service. I have defined My process input & output as BOs. My BP talks to DB through DAO layer(written in JAVA) which has Java objects. So I have BO as well as java Objects. Since I am collecting user input in BO, I have to assign individual values contained in BO to Java object's fields.
I want to reduce this extra headache & want to use either of BO or Java object.I want to know What is the best practice - use BO or Java object as process input. If it is BO,how I can reuse BOs in Java?
Thanks in advance.
Thanks,
Sujata P. GalindeHi Mark,
Thanks for your response. I also wanted to use java object only. When I use java object as process input argument..it is fine. But when I try to create Process web service, I am getting compilation error - "data type not supported".....
To get rid of this error, I tried to use heir (BO inheriting from java class). But while invoking process as web service, it is not asking for fields that are inherited from java class.
Then I created Business Object with a field of type java class... This also is not working. While sending request, it is giving an error that - field type for fields from java class not found.
Conclusion - not able to use java object as process(exposed as web service) input argument .
What is the Best & feasible way to accomplist the task - Process using DAO in Java & exposed as web service.
Thanks & Regards,
Sujata -
Hi,
Can anyone share the best practices used in CMS transport.
Basically, why I need this is that, we want to have a track of all the transport that are done in QA/Prod
Regards,
SreenivasHi
U can try checking this document to know info about CMS
(How To Transport XI Content Using CMS)
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/f85ff411-0d01-0010-0096-ba14e5db6306
Also...
How to configuring the CMS for XI?
Business System Groups - CMS -
Best practice standard User Acess Test for WIN2012 AD
What is the Best practice standard User Acess Test for WIN2012 AD
Hello,
as before, add a computer to the domain and log on with a domain user account to the computer.
You should be able from the client machine to open the sharedfolders on the DCseither with:
\\DCName\sysvol
\\DCName\netlogonor \\NetBiosDomainName\sysvol
\\NetBiosDomainName\netlogon
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
Quick question regarding best practice and dedicating NIC's for traffic seperation.
Hi all,
I have a quick question regarding best practice and dedicating NIC's for traffic seperation for FT, NFS, ISCSI, VM traffic etc. I get that its best practice to try and separate traffic where you can and especially for things like FT however I just wondered if there was a preferred method to achieving this. What I mean is ...
- Is it OK to have everything on one switch but set each respective portgroup to having a primary and failover NIC i.e FT, ISCSI and all the others failover (this would sort of give you a backup in situations where you have limited physical NICs.
- Or should I always aim to separate things entirely with their own respective NICs and their own respective switches?
During the VCAP exam for example (not knowing in advance how many physical NIC's will be available to me) how would I know which stuff I should segregate on its own separate switch? Is there some sort of ranking order of priority /importance? FT for example I would rather not stick on its own dedicated switch if I could only afford to give it a single NICs since this to me seems like a failover risk.I know the answer to this probably depends on however many physical NICs you have at your disposal however I wondered if there are any golden 100% rules for example FT must absolutely be on its own switch with its own NICs even at the expence of reduced resiliency should the absolute worst happen? Obviously I know its also best practice to seperate NICs by vender and hosts by chassis and switch etc
-
Looking for information on best practices using Live Upgrade to patch LDOMs
This is in Solaris 10. Relatively new to the style of patching... I have a T5240 with 4 LDOMS. A control LDOM and three clients. I have some fundamental questions I'd like help with..
Namely:
#1. The Client LDOMS have zones running in them. Do I need to init 0 the zone or can I just +zoneadm zone halt+ them regardless of state? I.E. if it's running a database will halting the zone essentially snapshot it or will it attempt to shut it down. Is this even a nessessary step.
#2. What is the reccommended reboot order for the LDOMs? do I need to init 0 the client ldoms and the reboot the control ldom or can I leave the client LDOM's running and just reboot the control and then reboot the clients after the control comes up?
#3. Oracle. it's running in several of the zones on the client LDOM's what considerations need to be made for this?
I am sure other things will come up during the conversation but I have been looking for an hour on Oracle's site for this and the only thing I can find is old Sun Docs with broken links.
Thanks for any help you can provide,
pipelineadmin+*Before you use live upgrade, or any other patching technique for Solaris, please be sure to read http://docs.oracle.com/cd/E23823_01/html/E23801/index.html which includes information on upgrading systems with non-global zones. Also, go to support.oracle.com and read Oracle Solaris Live Upgrade Information Center [ID 1364140.1]. These really are MANDATORY READING.
For the individual questions:
#1. During the actual maintenance you don't have to do anything to the zone - just operate it as normal. That's the purpose of the "live" in "live upgrade" - you're applying patches on a live, running system under normal operations. When you are finisihed with that process you can then reboot into the new "boot environment". This will become more clear after reading the above documents. Do as you normally would do before taking a planned outage: shut the databases down using the database commands for a graceful shutdown. A zone halt will abruptly stop the zone and is not a good idea for a database. Alternatively, if you can take application outages, you could (smoothly) shutdown the applications and then their domains, detach the zones (zoneadm detach) and then do a live upgrade. Some people like that because it makes things faster. After the live upgrade you would reboot and then zoneadm attach the zones again. The fact that the Solaris instance is running within a logical domain really is mostly besides the point with respect to this process.
As you can see, there are a LOT of options and choices here, so it's important to read the doc. I ***strongly*** recommend you practice on a test domain so you can get used to the procedure. That's one of the benefits of virtualization: you can easily set up test environments so you cn test out procedures. Do it! :-)
#2 First, note that you can update the domains individually at separate times, just as if they were separate physical machines. So, you could update the guest domains one week (all at once or one at a time), reboot them into the new Solaris 10 software level, and then a few weeks later (or whenever) update the control domain.
If you had set up your T5240 in a split-bus configuration with an alternate I/O domain providing virtual I/O for the guests, you would be able to upgrade the extra I/O domain and the control domain one at a time in a rolling upgrade - without ever having to reboot the guests. That's really powerful for providing continuous availability. Since you haven't done that, the answer is that at the point you reboot the control domain the guests will lose their I/O. They don't crash, and technically you could just have them continue until the control domain comes back up at which time the I/O devices reappear. For an important application like a database I wouldn't recommend that. Instead: shutdown the guests. then reboot the control domain, then bring the guest domains back up.
3. The fact that Oracle database is running in zones inside those domains really isn't an issue. You should study the zones administration guide to understand the operational aspects of running with zones, and make sure that the patches are compatible with the version of Oracle.
I STRONGLY recommend reading the documents mentioned at top, and setting up a test domain to practice on. It shouldn't be hard for you to find documentation. Go to www.oracle.com and hover your mouse over "Oracle Technology Network". You'll see a window with a menu of choices, one of which is "Documentation" - click on that. From there, click on System Software, and it takes you right to the links for Solaris 10 and 11. -
Best practice DNS in VPN environment for Lync2013 clients
So I do have those site2site VPNs to connect the small branch offices to the main office. Internal DNS makes sure, that the branch offices can acess all the servers/services in the main office with their domain.local namespace.
In such a scenario will the Lync2013 clients connect through the VPN to the internal sites due to both lyncdiscover and lyncdiscoverinternal being available?
Wouldn't it cause way less burden on the VPN routers if clients would simply go out to the internet and connect from the external side so all the Lync traffic does not have to be stuffed through the VPN pipe? I dont see the point to encrypt the traffice
once more.
Thanks for your suggestions about best practices!
HSTHi,
When users connect to the corporate network using a VPN client, Lync media traffic is sent through the VPN tunnel. This configuration can create additional latency and jitter because media traffic must pass through an additional layer of encryption and
decryption. The issue is compounded when the VPN concentrator is busy.
If you want to connect Lync server from public network you need to deploy an Edge server.
The solution to force VPN traffic through the Edge Servers must allow external Lync clients connected through VPN, you can refer to the part of "Solution Configuration" in the link below:
http://blogs.technet.com/b/nexthop/archive/2011/11/15/enabling-lync-media-to-bypass-a-vpn-tunnel.aspx
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
2nd Mac - best practices using iPhoto on both?
Hi -
I just got a new MacBook and have an iMac that is still the "hub" of my photo library. It is, in fact, about a 180 GB iPhoto library. I know that I can't sync libraries between Macs (a shame - someone should come up with a way to that assuming they haven't already!) so I'm just looking for any best practices?
I got the MacBook to be able to work on some photos while on the road - I can at least work on post processing in Photoshop, etc. I'm thinking now that my best strategy is to possibly work with the images on my MacBook, importing them into the iPhoto library if desired. Then use my Photo sharing service - Phanfare - to "sync" them? It requires me to download them on the other side and pull them again into the iPhoto Library on the iMac?
I don't use the Mobile Me Gallery but I suppose that would be another way to have access to them on the alternate computer?
Any other best practices or suggestions?
Thx!So, if there are times when I'm not home to access my external drive, then going with the two libraries is the best solution, yes?
Perhaps, but you can get very small and portable external HDs these days.
I'm not sure though if I should really make both a 180 GB iPhoto library, do you? It is a back up true, but seems like a chunk to move
But you only do it once. The first time. Thereafter you're simply updating the other with the changes.
At least maybe I could split into pictures from 2009 - 2010 and have that library for both my iMac and the MacBook. I very rarely access before then (only if I need something specific) so then I could access that via the iMac exclusively?
That would be viable.
I would maintain a +full Library+ on the Desktop, the mobile versions a Smaller subset.
I'm sort of ruling out the one library on the external solution because it eliminates the possibility of being remote -
As I said above you can get tiny portable drives...
unless there is some swanky Login to My Computer or something that works with a Mac that can go remotely to my computer and then to my external drive.
*_This_* might help.
Regards
TD -
[XI 3.1] BEST PRACTICE method of Oracle connection for RPTs on Linux
Business Objects XI (3.1) - SP3.
Running on Red Hat Enterprise Linux OS.
7,000+ Crystal Reports 2008 *.rpt objects ONLY (No Universe / No WebI).
All reports connecting to Oracle 10g databases.
==================
In the past, all of this infrastructure was running on Windows Server OS and providing the database access via a Named ODBC connection (eg. "APP_DATA".)
This made it easy to manage as all the Report Developers had a standard System DSN called "APP_DATA" which was the same as the System DSN name on all of our DEV, TEST/UAT, and PROD servers for Business Objects.
When we wanted to move/promote a *.rpt file from DEV to PROD we did not have to change any "Database Connection" info as it was all taken care of by pointing the System DSN called "APP_DATA" a a different physical Oracle server at the ODBC level.
Now, that hardware is moving from Windows OS to Red Hat Linux and we are trying to determine the Best Practices (and Pros/Cons) of using one of the three methods below to access the Oracle database for our *.rpts....
1.) Oracle Native connection
2.) ODBC connection
3.) JDBC connection
Here's what we have determined so far -
1a.) Oracle Native connection should be the most efficient method of passing SQL-query to the DB with the fewest issues and best speed [PRO]
1b.) Oracle Native connection may not be supported on Linux - http://www.forumtopics.com/busobj/viewtopic.php?t=118770&view=previous&sid=9cca754b468fc67888ab2553c0fbe448 [CON]
1c.) Using Oracle Native would require special-handling on the *.rpts at either the source-file or the CMC level to change them from DEV -> TEST -> PROD connection. This would result in a lot more Developer / Admin overhead than they are currently used to. [CON]
2a.) A 3rd-Party Linux ODBC option may be available from EasySoft - http://www.easysoft.com/products/data_access/odbc_oracle_driver/index.html - which would allow us to use a similar Developer / Admin overhead to what we are used to. [PRO]
2b.) Adding a 3rd-Party Vendor into the mix may lead to support issues is we have problems with results or speeds of our queries. [CON]
3a.) JDBC appears to be the "defacto standard" when running Oracle SQL queries from Linux. [PRO]
3b.) There may be issues with results or speeds of our queries when using JDBC. [CON]
3c.) Using JDBC requires the explicit-IP of the Oracle server to be defined for each connection. This would require special-handling on the *.rpts at either the source-file (and NOT the CMC level) to change them from DEV -> TEST -> PROD connection. This would result in a lot more Developer / Admin overhead than they are currently used to. [CON]
==================
We would appreciate some advice from anyone who has been down this road before.
What were your Best Practices?
What can you add to the Pros and Cons listed above?
How do we find the "sweet spot" between quality/performance/speed of reports and easy-overhead for the Admins and Developers?
As always, thanks in advance for your comments.Hi,
I just saw this article and I would like to add some infos.
First you can quite easely reproduce the same way of working with the odbc entries by playing with the oracle name resolution on the server. By changing some files (sqlnet, tnsnames.ora,..) you can define a different oracle server for a specific name that will be the same accross all environments.
Database name will be resolved differently regarding to the environment and therefore will access a different database.
Second option is the possibility to change the connection in .rpt files by an automated way like the schedule manager. This tool is a additional web application to deploy that can change the connection settings of rpt reports on thousands of reports in a few clicks. you can find it here :
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/80af7965-8bdf-2b10-fa94-bb21833f3db8
The last option is to do it with a small sdk script, for this purpose, a few lines of codes can change all the reports in a row.
After some implementations on linux to oracle database I would prefer also the native connection. ODBC and JDBC are deprecated ways to connect to database. You can use DATADIRECT connectors that are quite good but for volumes you will see the difference. -
Best Practice: A J2EE Blue-Print for a Typical Web App
Consider a typical synchronous Struts-based Web application which does a simple DB search and post. What are some of the main patterns and components that should be used if following the �industry best practices�
Does the following flow seem accurate?
Strust Action creates a TransferObject , and passes it to a Business Delegate. Delegate finds the appropriate BusinessObject, the Business Object uses the Data Access Object�.the CRUD operation happens and the result is sent back to the Action in the same TransferObject.
Which one of these components need an interface?
What's the best way for this components to interact with each other (factory, etc.)?
Message was edited by:
kmkiani
Message was edited by:
kmkianiThere are 3 tiers in a Java EE application. (Presentation, Business, Integration).
The BusinessDelegate in this scenario would be a Presentation-tier business delegate. This guy would interact with a Session Facade who lives on the Business-tier. The SessionFacade is the abstraction on the Business-tier and the Business Delegate is the abstraction on the Presentation-tier. It is these guys that have direct communication. This design enables low coupling between the actual implementations of each area. If done properly, you could go from EJB to Web Service to POJO business models without ever having to change anything in the Presentation-tier.
These object-oriented design patterns are primarily for Enterprise applications with extensive Quality-of-Service requirements.
In your scenario, the Presentation-tier would contain a MVC-based web application, i.e. Struts. The business model and business/domain requirements would be implemented in the Business-tier.
Presentation Tier - Struts Web Application
Business Tier - (EJB | POJO | WEB SERVICES) Application
Integration Tier - (Relational Database | File System | XML Database | EIS) -
OBIEE Best Practice Data Model/Repository Design for Objectives/Targets
Hello World!
We are faced with a design question that has become somewhat difficult and we need some help. We want to be able to compare side-by-side actual measures with their corresponding objectives/targets. Sounds simple. But, our objectives are static (not able to be aggregated) with multi-dimensionality and multi-levels. We need some best practice tips on how to design our data model and repository properly so that we can see the objective/target for a measure regardless of the dimensions that are used in the criteria and regardless of the level.
Here is some more details:
Example of existing objective table.
Dimension1
Dimension2
Dimension3
Obj1
Obj2
Quarter
NULL
NULL
NULL
.99
1.8
1Q13
DIM1VAL1
NULL
NULL
.99
2.4
1Q13
DIM1VAL1
DIM2VAL1
NULL
.98
2.41
1Q13
DIM1VAL1
DIM2VAL1
DIM3VAL1
.97
2.3
1Q13
DIM1VAL1
NULL
DIM3VAL1
.96
1.9
1Q13
NULL
DIM2VAL1
NULL
.97
2.2
1Q13
NULL
DIM2VAL1
DIM3VAL1
.95
2.0
1Q13
NULL
NULL
DIM3VAL1
.94
3.1
1Q13
- Right now we have quarterly objectives set using 3 different dimensions. So, if an author were to add one or more (or zero) dimensions to their criteria for a given measure they could get back a different objective. They could add Dimension1 and get 99%. They could add Dimension1 and Dimension2 and get 98%. They could add all three dimensions and get 97%. They could add zero dimensions (highest grain) and get 99%. Using our existing structure if we were to add a new dimension to the mix the possible combinations would grow dramatically. (Not flexible)
- We would like our final solution to be flexible enough so that we could view objectives with altogether different dimensions and possibly get different objectives.
- We currently have 3 fact tables with 3+ conformed dimension tables and a few unique dimension tables.
Could anyone share a similar situation where you have implemented a data model structure with the proper repository joins to handle showing side-by-side objectives/targets where the objectives were static and could be displayed at differing levels with flexible dimensions as described?
Any help would be greatly appreciated.hi..yes this suggestion is nice...first configure the sensors(activity or variable) ..then configure the sensor action as a JMS Topic which will in turn insert the data into a DB..Or when u configure the sensor action as a DB..then the data goes to Oracle Reports schema..if there is any chance of altering the DB..i mean if there is any chance by changing config files so that the data doesnt go to that Reports schema and goes to a custom schema created by any User....i dont know if it can b done...my problem is wen i m configuring the jms Topic for sensor actions..i see blank data coming..for sm reason or the other the data is not getting posted ...i have used a esb ..a routing service based on the schema which i am monitoring...can any1 help?
Maybe you are looking for
-
Best practice for making changes to Oracle apps business views and BAs/fold
HI The oracle BI solution comes with pre-defined Business Views- database views and Business Areas and folders. If we want to customize those database views or BAs and folders what will be the best practice in order to avoid losing it during any upgr
-
Can I remove the apple watch app from my iphone?
With all the apps that Apple requires to be downloaded, it leaves little room for the apps I want or pictures or music. Is there a way to delete this app or other apps I don't want/use that Apple puts on there?
-
Hi there! Perhaps you could help me with this issue. I have been trying to ugrade to OS X Mavericks but i keep getting this message: "Error 1004" Please help.
-
I am trying to video tape a 60 minute segment, but my iPad stops at 50 minutes, saying that's all the time allowed. Is there any way to tape for longer than 50 minutes? I bought extra storage space in the cloud, which made no difference. :( Any id
-
Hi , How can i get multi-provider table name. Regards Rajini