Best practices 2010 IPS 4260

Similar Messages

• Exchange 2010 - What is best practice for protection against corruption replication?

  My Exchange 2010 SP3 environment includes DAG with offsite passive copy.  DB is backed-up nightly with TSM TDP.  My predecessor also installed DoubleTake software to protect the DB against replication of malware or corruption to the passive MB
  server.  Doubletake updates offsite DB replica every 4-hours.  Understanding that this is ultimately a decision based on my company's risk tolerance, to the end, what is the probability of malware or corruption propagation due to replication? 
  What is industry best practice: do most companies have a 3rd, lagged copy of the DB in the DAG, or are 3rd party solutions such as DoubleTake commonly employed?  Are there other, better (and less expensive) options?

  Correct. If 8 days lagged copy is maintained then daily transaction log files of 8 days are preserved before replaying them to lagged database. This will ensure point-in-time recovery, as you can select log files that you need to replay into the database.
  Logs will get truncated if they have been successfully replayed into database and have expired their lagged time-stamp.
  Each database copy has a checkpoint file (.chk), which keeps track of transaction log files status.
  Command to check the Transaction Logs replay status:
  eseutil /mk <path-of-the-chk-file>  - (stored with the Transaction log files)
  - Sarvesh Goel - Enterprise Messaging Administrator

• Best practice for creating a new email address to Exchange Server 2010 for share point Library

  Hi,
  Please advise if there is any best practice for the above issue?
  Thanks 
  srabon

  Hi Srabon,
  Hope these are what you want.
  Use a cmdlet to Create a User account and Mailbox in Exchange 2010
  http://technet.microsoft.com/en-us/magazine/ff381465.aspx
  Create a Mailbox for an Existing User
  http://technet.microsoft.com/en-us/library/aa998319(v=exchg.141).aspx
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Best Practices in SharePoint 2010 ( Out of the box feature vs Custom Web Part, development )

  Hi
  How do we differentiate on when to allow custom web parts and when to use out of the box.
  What are the performance issues involved when we deploy a custom web part into the SharePoint server. 
  Why do some companies prefer to allow only out of the box features, and no custom work is done?

  SharePoint is a powerful, flexible server product that can provide a wealth collaboration environment right out of box.
  Best answer for your question is depend upon your requirement. Sometime Out of Box features will solve all the problem with little designing. But sometime your requirement need a Custom Web part / solution.
  With OOTB implementation the big advantage is easy to trouble shoot & fix the issues. You will also found tons of blogs on internet for OOTB features. In custom development, its hard to troubleshoot & identifying whether its SharePoint issue or Custom
  code issue.
  check the below article for more ideas.
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/1e7845ef-61e0-4d01-bb6c-92519e6d7139/sharepoint-2010-outofbox-best-practices?forum=sharepointgeneralprevious
  http://www.cdh.com/media/articles/Pages/SharePoint-out-of-the-box---To-customize-or-not-to-customize.aspx
  Master List of SharePoint 2010 On-Premises Custom Development Best Practices
  http://i.zdnet.com/whitepapers/Quest_WPW_SharepointDev_Custom_US_KS_v3.pdf
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• Best practice SSL End-to-End in Exchange 2010 CAS loadbalancing

  Hi,
  I was wondering if there is a best practice for deploying SSL End-to-End in Exchange 2010 CAS loadbalancing.
  We have ACE modules A5(1.1) and ANM 5.1(0), although there seems to be a template available in ANM it doesn't work. It throws a error when deploying, i believe the template is corrupt.
  As I am undersome pressure to deploy this asap I am looking for a sample config. I found one for SSL offloading, but I need one for End-to-End SSL.
  Thanks in advance,
  Dion

  Hi Dion,
  You can open up a case with TAC to have that template reviewed and confirm if the problem is at the ACE or ANM side.
  In the meantime here is a nice example for End-To-End SSL that can help you to get that working:
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml
  For CAS load balancing there's nothing special other than opening the right ports, I'd advise you to get SSL working first and take it from there, if any problem comes up you can post it here and we'll give you a hand.
  HTH
  Pablo

• IPS Tech Tips: IPS Best Practices with Cisco Remote Management Services

  Hi Folks -
  Another IPS Tech Tip coming up and this time we will be hearing from some past and current Cisco Remote Services members on their best practice suggestions. As always these are about 30 minutes of content and then Q&A - a low cost high reward event.
  Hope to see you there.
  -Robert
  Cisco invites you to attend a 30-45 minute Web seminar on IPS Best   Practices delivered via WebEx. This event requires registration.
  Topic: Cisco IPS Tech Tips - IPS Best Practices with Cisco Remote Management   Services
  Host: Robert Albach
  Date and Time:
  Wednesday, October 10, 2012 10:00 am, Central Daylight Time (Chicago,   GMT-05:00)
  To register for the online event
  1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=203590900&t=a&EA=ralbach%40cisco.com&ET=28f4bc362d7a05aac60acf105143e2bb&ETR=fdb3148ab8c8762602ea8ded5f2e6300&RT=MiM3&p
  2. Click "Register".
  3. On the registration form, enter your information and then click   "Submit".
  Once the host approves your registration, you will receive a confirmation   email message with instructions on how to join the event.
  For assistance
  http://www.webex.com
  IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and   any documents and other materials exchanged or viewed during the session to   be recorded. By joining this session, you automatically consent to such   recordings. If you do not consent to the recording, discuss your concerns   with the meeting host prior to the start of the recording or do not join the   session. Please note that any such recordings may be subject to discovery in   the event of litigation. If you wish to be excluded from these invitations   then please let me know!

  Hi Marvin, thanks for the quick reply.
  It appears that we don't have Anyconnect Essentials.
  Licensed features for this platform:
  Maximum Physical Interfaces       : Unlimited      perpetual
  Maximum VLANs                     : 100            perpetual
  Inside Hosts                      : Unlimited      perpetual
  Failover                          : Active/Active  perpetual
  VPN-DES                           : Enabled        perpetual
  VPN-3DES-AES                      : Enabled        perpetual
  Security Contexts                 : 2              perpetual
  GTP/GPRS                          : Disabled       perpetual
  AnyConnect Premium Peers          : 2              perpetual
  AnyConnect Essentials             : Disabled       perpetual
  Other VPN Peers                   : 250            perpetual
  Total VPN Peers                   : 250            perpetual
  Shared License                    : Disabled       perpetual
  AnyConnect for Mobile             : Disabled       perpetual
  AnyConnect for Cisco VPN Phone    : Disabled       perpetual
  Advanced Endpoint Assessment      : Disabled       perpetual
  UC Phone Proxy Sessions           : 2              perpetual
  Total UC Proxy Sessions           : 2              perpetual
  Botnet Traffic Filter             : Disabled       perpetual
  Intercompany Media Engine         : Disabled       perpetual
  This platform has an ASA 5510 Security Plus license.
  So then what does this mean for us VPN-wise? Is there any way we can set up multiple VPNs with this license?

• Best practices for permission settings in SharePoint 2010

  Hello,
  Does anyone know if there is a good "best practices" paper\article for SharePoint permissions in SharePoint 2010. I have a pretty good idea of what i would like to do. The problem is that there is another group that handles security for the SharePoint
  sites. It's really bad. Individuals have permissions and some of the group memberships really don't make much sense.
  I am tasked with cleaning up our permission settings in our farm but I would like something to give to that team. I want it to show what it is we need to do and why. What the best practices are. It's also going to be good for me as I will use it
  to compare with what I would like to see done.
  Can anyone recommend a link that covers this in detail.
  Thanks
  LSTalbot

  Hi,
  Please find the below link for detail description
  http://lightningtools.com/sharepoint_2010/sharepoint-2010-permissions-management-guide/
  Please Mark it as answer if this reply helps you in resolving the issue,It will help other users facing similar problem

• Best Practices for patching Exchange 2010 servers.

  Hi Team,
  Looking for best practices on patching Exchnage Server 2010.
  Like precautions  , steps and pre and post patching checks.
  Thanks. 

  Are you referring to Exchange updates? If so:
  http://technet.microsoft.com/en-us/library/ff637981.aspx
  Install the Latest Update Rollup for Exchange 2010
  http://technet.microsoft.com/en-us/library/ee861125.aspx
  Installing Update Rollups on Database Availability Group Members
  Key points:
  Apply in role order
  CAS, HUB, UM, MBX
  If you have CAS roles in an array/load-balanced, they should all have the same SP/RU level.  so coordinate the Exchange updates and add/remove nodes as needed so you do not run for an extended time with different Exchange levels in the same array.
  All the DAG nodes should be at the same rollup/SP level as well. See the above link on how to accomplish that.
  If you are referring to Windows Updates, then I typically follow the same install pattern:
  CAS, HUB, UM, MBX
  With windows updates however, I tend not to worry about suspending activation on the DAG members rather simply move the active mailbox copies, apply the update and reboot if necessary.

• Best practice - which server OS should I use for Exchange 2010 install

  We currently have 2 exchange 2007 boxes running Server 2003. the plan is to upgrade to exchange 2010 (I'd prefer 2013 but the powers that be want 2010), and I have been asked to follow Microsoft best practice. The problem is I can't find anything to point
  me in the direction of the recommended server OS, I can find ones it will work on but nothing to say Microsoft recommend this...
  We have licenses for Server 2008, 2008 R2 and 2012 available, which one should I advise is the Microsoft recommendation?

  Thanks Andy,
  So is there no actual best practice recommendation for a server OS to run Exchange 2010 on? I agree that 2012 would be the one to go for, but the people making the decision on how we do this want reasons, and as they don't really have a lot of technical
  understanding I need to be able to go to them with "Use Server 20xx because it's Microsoft best practice".
  If there isn't a best practice recommendation I will try the longer support life and more options for high availability with 2012.
  Well, you probably wont find a "best practice" as much as a "its supported" stance from Micorosoft.
  As in all these things, there may be other reasons a business chooses to use 2008 over 2012 etc...
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Multiple IPs and Outbound IP on 2008, best practice suggestion...

  Hello,
  I need a suggestion on an issue;
  I have a Windows 2008 R2 SP1 Std. Ed. I have 3 IPs for that server, each of them uses the same gateway. By design the IP which is closest to the gateway is the default outbound IP on W2K8_R2_SP1_SE.
  I want to choose any other IP out of other 2 assigned IPs as default outbound one.
  example:
  GATEWAY: 10.0.0.1
  IP1: 10.0.0.2 (default outbound by design)
  IP2: 10.0.0.3 (the one I want it to be default outbound)
  IP3: 10.0.0.4 (not important)
  There are basically 2 choices available to me doable right now. Can you please take a moment and suggest one of the solutions below or state if you know the best practice for such a case? Thank you very much in advance =)
  First Solution:
  apply this command: Netsh int ipv4 add address 12 10.0.0.1 255.x.x.x skipassource=true
  then apply these 3 hotfixes:
  IP addresses are still registered on the DNS servers even if the IP addresses are not used for outgoing traffic on a computer that is running Windows 7 or Windows Server 2008 R2
  http://support.microsoft.com/kb/2386184
  The "skipassource" flag of IP addresses is cleared after you use the GUI to change IP settings of a network adapter in Windows 7 or in Windows Server 2008 R2
  http://support.microsoft.com/kb/2554859
  FIX: IIS Manager does not display IP addresses that are assigned to the network adapter together with the skipassource flag
  http://support.microsoft.com/kb/2551090
  Second Solution:
  Simply create 2 interfaces. Use the first one with the IP that I want to be as outbound default, dump all other IPs to the second interface. 2 interfaces will have the same gateway but Windows will assume the first one as the outbound default.

  I believe you want to set the metric on the interfaces.
  You can do this by altering your routing table with
  route.exe or alternatively, you can change the interface metric in the TCP/IP advanced properties for your network adapter (via Control Panel). By default it uses an automatic metric (i.e. Windows chooses which interface to use).
  For your reference (and the reference of anyone else facing a similar challenge), the metric is a weighted value Windows will use to determine which interface to use for a particular endpoint. Here is the definition from the route.exe documentation:
  metric   Metric   : Specifies
  an integer cost metric (ranging from 1 to 9999) for the route, which is used when choosing among multiple routes in the routing table that most closely match the destination address of a packet being forwarded. The route with the lowest metric is chosen. The
  metric can reflect the number of hops, the speed of the path, path reliability, path throughput, or administrative properties.
  Jason Warren
  @jaspnwarren
  jasonwarren.ca
  habaneroconsulting.com/Insights

• IOS FW/IPS on a 2651XM best practices

  I have a 2651XM with 128MB and I'm trying to figure out what the best practices are as far as IPS is concerned. I downloaded the latest SDF and I'm trying to load all the threats (excluding the disabled ones) via SDM but for some reason the number that's actually gets applied is always lower than the original number listed when I first select them. I can see that the router runs out of memory while loading the definitions but I'd guess that that's normal. This happens even if I just try to load the ones with High severity. Am I doing something wrong? What's a good number of definitions given the the specs of my router. Also, can I automatically block all packets matched against IPS. Are the built-in definitions a waste of time or should I be using those?
  Also, how would I go about creating my own SDF - I can see that hey come in XML format.
  Thanks in advance!

  you can use this link for a bereinformaiom.
  http://www.snort.org/pub-bin/sigs.cgi?sid=469

• I found warning after ran Best practice analyser Tools in exchange 2010

  Hello ,
  when ran Best practice Analyse tool i found some warining :
  1-DNS 'Host' Record Appears to Be Missing
  2-Active Server Pages is
  not installed
  3-Application log size
  4-Self –sign certificate found:
  is strongly recommended that you install an authority-signed or trusted certificate
  The SSL certificate for 'https://exchange.mydomain.com/Autodiscover/Autodiscover.xml' is self-signed. It does not provide any of the security guarantees provided
  by authority-signed or trusted certificates.(i have ssl certificate form geo cert Turst )  all users you can access mails form owa and they  can connect
  mailbox using outlook anywhere but with SSL warning.
  5-Single Global catalog in topology:
  There is only one global catalog server in the Directory Service Access (DSAccess) topology on server CADEXCHANGE. This configuration should be avoided for fault-tolerance
  reasons
  already checked the below links but i am not understood good  :
  http://technet.microsoft.com/en-us/library/6ec1c7f7-f878-43ae-bc52-6fea410742ae.aspx
  http://technet.microsoft.com/en-us/library/4fa708a1-a118-4953-8956-3c50399499f8.aspx
  http://technet.microsoft.com/en-us/library/8867bba7-7f81-42f9-96b6-2feb7e0cea4e.aspx
  please advise me to avoid this issue
  thanks

  i have 2 server both server global catalog
  my question why warning appear only one global catalog
  please explain this.
  when test Autodiscover the test successful but when expand menu
  i am found some error :
  Attempting to test potential Autodiscover URL https://Mydomain.com:443/Autodiscover/Autodiscover.xml
  Testing the SSL certificate to make sure it's valid.
  Validating the certificate name.
  Certificate name validation failed 

• Best practice to move things between various environments in SharePoint 2013

  Hi All SharePoint Gurus!! - I was using SP deployment wizard to move Sites/lists/libraries/items etc. using SP Deployment Wizard (spdeploymentwizard.codeplex.com) in SP 2010. We just upgraded to SP 2013. I have few Lists and Libraries that I need to push
  into the Staging 2013 and Production 2013 environment from Development 2013 environment. SP Deployment Wizard  is throwing error right from the startup. I checked SP 2013 provides granular backups but is restricted to Lists/Library level. Could anybody
  let me know if SP Deployment Wizard works for 2013? I love that tool. Also, Whats the best practice to move things between various environments?
  Regards,
  Khushi
  Khushi

  Hi Khushi,
  I want to let you know that we built
  SharePoint Migration tool
  MetaVis Migrator that can copy and migrate to and from on-premise or hosted SharePoint sites. The tool can copy entire
  sites with sub-site hierarchies, content types, fields, lists, list views, documents, items with attachments, look and feel elements, permissions, groups and other objects - all together on at any level of granularity (for
  example, just lists or just list views or selected items). The tool preserves created / modified properties, all metadata and versions. It looks like Windows Explorer with copy/paste and drag-n-drop functions so it is easy to learn. It does not require any
  server side installations so you can do everything using your computer or any other server. The tool can copy the complete sites or just individual lists or even selected items. The tool also supports incremental or delta copy based on the previous migrations.
  The tool also includes Pre-Migration Analysis that helps to identify customizations.
  Free trial is available:
  http://www.metavistech.com . Feel free to contact us.
  Good luck with your migration project,
  Mark

• Best Practice: Dynamically changing Item-Level permissions?

  Hi all,
  Can you share your opinion on the best practice for Dynamically changing item permissions?
  For example, given this scenario:
  Item Creator can create an initial item.
  After item creator creates, the item becomes read-only for him. Other users can create, but they can only see their own entries (Created by).
  At any point in time, other users can be given Read access (or any other access) by an Administrator to a specific item.
  The item is then given edit permission to a Reviewer and Approver. Reviewers can only edit, and Approvers can only approve.
  After the item has been reviewed, the item becomes read-only to everyone.
  I read that there is only a specific number of unique permissions for a List / Library before performance issues start to set in. Given the requirements above, it looks like item-level permission is unavoidable.
  Do you have certain ideas how best to go with this?
  Thank you!

  Hi,
  According to your post, my understanding is that you wanted to change item level permission.
  There is no out of the box way to accomplish this with SharePoint.               
  You can create a custom permission level using Visual Studio to allow users to add & view items, but not edit permission.   
  Then create a group with the custom permission level. The users in this group would have the permission of create & add permission, but they could no edit the item.
  In the CodePlex, there is a custom workflow activities, but by default it only have four permission level:
  Full Control , Design ,Contribute and Read.
  You should also customize some permission levels for your scenario. 
  What’s more, when use the SharePoint 2013 designer, you should only use the 2010 platform to create the workflow using this activities,
  https://spdactivities.codeplex.com/wikipage?title=Grant%20Permission%20on%20Item
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support

• 2nd Mac - best practices using iPhoto on both?

  Hi -
  I just got a new MacBook and have an iMac that is still the "hub" of my photo library. It is, in fact, about a 180 GB iPhoto library. I know that I can't sync libraries between Macs (a shame - someone should come up with a way to that assuming they haven't already!) so I'm just looking for any best practices?
  I got the MacBook to be able to work on some photos while on the road - I can at least work on post processing in Photoshop, etc. I'm thinking now that my best strategy is to possibly work with the images on my MacBook, importing them into the iPhoto library if desired. Then use my Photo sharing service - Phanfare - to "sync" them? It requires me to download them on the other side and pull them again into the iPhoto Library on the iMac?
  I don't use the Mobile Me Gallery but I suppose that would be another way to have access to them on the alternate computer?
  Any other best practices or suggestions?
  Thx!

  So, if there are times when I'm not home to access my external drive, then going with the two libraries is the best solution, yes?
  Perhaps, but you can get very small and portable external HDs these days.
  I'm not sure though if I should really make both a 180 GB iPhoto library, do you? It is a back up true, but seems like a chunk to move
  But you only do it once. The first time. Thereafter you're simply updating the other with the changes.
  At least maybe I could split into pictures from 2009 - 2010 and have that library for both my iMac and the MacBook. I very rarely access before then (only if I need something specific) so then I could access that via the iMac exclusively?
  That would be viable.
  I would maintain a +full Library+ on the Desktop, the mobile versions a Smaller subset.
  I'm sort of ruling out the one library on the external solution because it eliminates the possibility of being remote -
  As I said above you can get tiny portable drives...
  unless there is some swanky Login to My Computer or something that works with a Mac that can go remotely to my computer and then to my external drive.
  *_This_* might help.
  Regards
  TD