Best Practices for ASA 5500 Device Monitoring

I have looked high and low and am unable to find anything on this topic. I am hoping that somebody here may be able to share some insight into what are considered the best practices for monitoring ASA's--specifically the 5510 with Sec+ License.
My current monitoring application keeps reporting issues with outbound interface buffers being too high, but there are not any performance issues and I believe the thresholds are just set absurdly low.
Thank you in advance for any assistance.

Hi James,
You probably won't be able to find any all-encompassing documentation for these types of best practices that cover all scenarios. The better method would be to define exactly what items you'd like to monitor and we can provide some guidance on how to best get that working for you.
-Mike

Similar Messages

Best practice for ASA Active/Standby failover

Hi,
I have configured a pair of Cisco ASA in Active/ Standby mode (see attached). What can be done to allow traffic to go from R1 to R2 via ASA2 when ASA1 inside or outside interface is down?
Currently this happens only when ASA1 is down (shutdown). Is there any recommended best practice for such network redundancy? Thanks in advanced!

Hi Vibhor,
I test ping from R1 to R2 and ping drop when I shutdown either inside (g1) or outside (g0) interface of the Active ASA. Below is the ASA 'show' failover' and 'show run',
ASSA1# conf t
ASSA1(config)# int g1
ASSA1(config-if)# shut
ASSA1(config-if)# show failover
Failover On
Failover unit Primary
Failover LAN Interface: FAILOVER GigabitEthernet2 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 60 maximum
Version: Ours 8.4(2), Mate 8.4(2)
Last Failover at: 14:20:00 SGT Nov 18 2014
This host: Primary - Active
Active time: 7862 (sec)
Interface outside (100.100.100.1): Normal (Monitored)
Interface inside (192.168.1.1): Link Down (Monitored)
Interface mgmt (10.101.50.100): Normal (Waiting)
Other host: Secondary - Standby Ready
Active time: 0 (sec)
Interface outside (100.100.100.2): Normal (Monitored)
Interface inside (192.168.1.2): Link Down (Monitored)
Interface mgmt (0.0.0.0): Normal (Waiting)
Stateful Failover Logical Update Statistics
Link : FAILOVER GigabitEthernet2 (up)
Stateful Obj xmit xerr rcv rerr
General 1053 0 1045 0
sys cmd 1045 0 1045 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 2 0 0 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
Route Session 5 0 0 0
User-Identity 1 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 9 1045
Xmit Q: 0 30 10226
ASSA1(config-if)#
ASSA1# sh run
: Saved
ASA Version 8.4(2)
hostname ASSA1
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface GigabitEthernet0
nameif outside
security-level 0
ip address 100.100.100.1 255.255.255.0 standby 100.100.100.2
ospf message-digest-key 20 md5 *****
ospf authentication message-digest
interface GigabitEthernet1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
ospf message-digest-key 20 md5 *****
ospf authentication message-digest
interface GigabitEthernet2
description LAN/STATE Failover Interface
interface GigabitEthernet3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet4
nameif mgmt
security-level 0
ip address 10.101.50.100 255.255.255.0
interface GigabitEthernet5
shutdown
no nameif
no security-level
no ip address
ftp mode passive
clock timezone SGT 8
access-list OUTSIDE_ACCESS_IN extended permit icmp any any
pager lines 24
logging timestamp
logging console debugging
logging monitor debugging
mtu outside 1500
mtu inside 1500
mtu mgmt 1500
failover
failover lan unit primary
failover lan interface FAILOVER GigabitEthernet2
failover link FAILOVER GigabitEthernet2
failover interface ip FAILOVER 192.168.99.1 255.255.255.0 standby 192.168.99.2
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-715-100.bin
no asdm history enable
arp timeout 14400
access-group OUTSIDE_ACCESS_IN in interface outside
router ospf 10
network 100.100.100.0 255.255.255.0 area 1
network 192.168.1.0 255.255.255.0 area 0
area 0 authentication message-digest
area 1 authentication message-digest
log-adj-changes
default-information originate always
route outside 0.0.0.0 0.0.0.0 100.100.100.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.101.50.0 255.255.255.0 mgmt
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh 10.101.50.0 255.255.255.0 mgmt
ssh timeout 5
console timeout 0
tls-proxy maximum-session 10000
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username cisco password 3USUcOPFUiMCO4Jk encrypted
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
crashinfo save disable
Cryptochecksum:fafd8a885033aeac12a2f682260f57e9
: end
ASSA1#

Best Practice for ASA Route Monitoring Options?

We have one pair Cisco ASA 5505 located in different location and there are two point to point links between those two locations, one for primary link (static route w/ low metric) and the other for backup (static route w/ high metric). The tracked options is enabled for monitoring the state of the primary route. the detail parameters regarding options as below,
Frequency: 30 seconds               Data Size: 28 bytes
Threshold: 3000 milliseconds     Tos: 0
Time out: 3000 milliseconds          Number of Packets: 8
------ show run------
sla monitor 1
type echo protocol ipIcmpEcho 10.200.200.2 interface Intersite_Traffic
num-packets 8
timeout 3000
threshold 3000
frequency 30
sla monitor schedule 1 life forever start-time now
------ show run------
I'm not sure if the setting is so sensitive that the secondary static route begins to work right away, even when some small link flappings occur.
What is the best practice to set those parameters up in the production environment. How can we specify the reasonanble monitoring options to fit our needs.
Thank you for any idea.

Hello,
Of course too sensitive might cause failover to happen when some packets get lost, but remember the whole purpose of this is to provide as less downtime to your network as possible,
Now if you tune these parameters what happen is that failover will be triggered on a different time basis.
This is taken from a cisco document ( If you tune the sla process as this states, 3 packets will be sent each 10 seconds, so 3 of them need to fail to SLA to happen) This CISCO configuration example looks good but there are network engineers that would rather to use a lower time-line than that.
sla monitor 123
type echo protocol ipIcmpEcho 10.0.0.1 interface outside
num-packets 3
frequency 10
Regards,
Remember to rate all of the helpful posts ( If you need assistance knowing how to rate a post just let me know )

Best practices for attaching iSCSI devices

Hello all,
My environment: Nexus 5010 with 2148T FEX switches in the racks.
Can (or should) I use the 2148T as the switch between clustered servers and the iSCSI SAN? The SAN is a Dell MD3000i connected to Dell R710 servers, Win Ent 2008 R2 Server.
Plans are to use two vlans so I have dual data paths to the SAN. Being new to the Nexus, I'm not sure what the best practice/configuration is for that.
Any suggestions on reading materials or best practice configurations would be appreciated!
Thanks...
Ted

We recently implemented Nexus 7010s, 5020s, and 2248s in our data center. Now we would like to harden them from a security persective; are there any Best Practices available for hardening Nexus devices?
Hi Carl,
I dont think a specifc hardening document has been realsed but yes you can refer the generic ios based hardening and try with NX-OS which are all supported or not.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
Hope to Help !!
Ganesh.H
Remeber to rate the helpful post

Best practices for additonal storage devices in a clustered container

I am wondering what is considered as best practices related to adding more storage devices. I have a Solaris Cluster 3.2, a failover resource group with a SZBT resource and a HASP resource for the zone root path. Now i have to add more storage devices (for Oracle to the zone). The additional storage devices are in the same metaset as the zone root. I see the following options:
-> Add it to the zone (simple not managed by HASP)
-> Add it to the existing HASP for the RG and lofs mount it in the Zone (managed by HASP, but needs lofs mount)
Are there other options, and what is considered best practices?
Fritz

Hi Fritz,
no matter which option you take it should resoult in lofs mounts.
I in person would not mix the concepts, you started with HASP, so I would continue with HASP.
To achieve this you have to take three steps:
1 add the file systems to the HASP resource,
2. create the mountpoints in the local zone
3 add the file system to the Mounts variable in the SCZBT's parameter file.
If you do not want to reboot the zones, you can mount the loopback files manually, but the safest option ( you will not mess up with typos in th mount pints and realize it later) would be to disable and reenable th sczbt resource.
Cheers
Detlef

Best practices for hardening Nexus devices

We recently implemented Nexus 7010s, 5020s, and 2248s in our data center. Now we would like to harden them from a security persective; are there any Best Practices available for hardening Nexus devices?

We recently implemented Nexus 7010s, 5020s, and 2248s in our data center. Now we would like to harden them from a security persective; are there any Best Practices available for hardening Nexus devices?
Hi Carl,
I dont think a specifc hardening document has been realsed but yes you can refer the generic ios based hardening and try with NX-OS which are all supported or not.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
Hope to Help !!
Ganesh.H
Remeber to rate the helpful post

Best practice for using both devices

Hello,
I currently have a mac book pro and mac pro that I use for my editing. My questions are as follows:
* Best way to import / export photos for use on both devices
* Is there a way to sync catalogs on both computers so they are able to update on thier own
* best way to maintain integrity of the photos (edits) when moving them from computer to computer.
I appreciate any help that is available!
Thanks,
Chris

There have been a number of threads on this issue, that probably give more detail, but this is what I would do
Put the photos and catalog on an external HD, and move that back and forth from mac book pro to mac pro. Then you have one catalog, and one set of photos (plus backups somewhere else) that are being used.
There is no catalog sync facility in Lightroom.
If you need to travel light, and can't bring an external disk, then the photos and catalog must be on an internal disk; and you could move photos and catalog from one computer to another using the external HD (when you get home) and the Lightroom command File->Export as Catalog; followed by physically transferring the catalog and photos to the other computer; followed by File->Import from Another Catalog.

Basic Strategy / Best Practices for System Monitoring with Solution Manager

I am very new to SAP and the Basis group at my company. I will be working on a project to identify the best practices of System and Service level monitoring using Solution Manager. I have read a good amount about SAP Solution Manager and the concept of monitoring but need to begin mapping out a monitoring strategy.
We currently utilize the RZ20 transaction and basic CCMS monitors such as watching for update errors, availability, short dumps, etc.. What else should be monitored in order to proactively find possible issues. Are there any best practices you all have found when implimenting Monitoring for new solutions added to the SAP landscape.... what are common things we would want to monitor over say ERP, CRM, SRM, etc?
Thanks in advance for any comments or suggestions!

Hi Mike,
Did you try the following link ?
If not, it may be useful to some extent:
http://service.sap.com/bestpractices
---> Cross-Industry Packages ---> Best Practices for Solution Management
You have quite a few documents there - those on BPM may also cover Solution Monitoring aspects.
Best regards,
Srini
Edited by: Srinivasan Radhakrishnan on Jul 7, 2008 7:02 PM

Best Practices for NCS/PI Server and Application Monitoring question

Hello,
I am deploying a virtual instance of Cisco Prime Infrastructure 1.2 (1.2.1.012) on an ESX infrastructure. This is being deployed in an enterprise enviroment. I have questions around the best practices for moniotring this appliance. I am looking to monitor application failures (services down, db issues) and "hardware" (I understand this is a virtual machine, but statistics on the filesystem and CPU/Memory is good).
Firstly, I have enabled via the CLI the snmp-server and set the SNMP trap host destination. I have created a notification receiver for the SNMP traps inside the NCS GUI and enabled the "System" type alarm. This type includes alarms like NCS_DOWN and PI database is down. I am trying to understand what the difference between enabling SNMP-SERVER HOST via the CLI and setting the Notification destination inthe GUI is? Also how can I generate a NCS_DOWN alarm in my lab. Doing NCS stop does not generate any alarms. I have not been able to find much information on how to generate this as a test.
Secondly, how and which processes should I be monitoring from the Management Station? I cannot easily identify the main NCS procsses from the output of ps -ef when logged in the shell as root.
Thanks guys!

Amihan_Zerrudo wrote:
1.) What is the cost of having the scope in a <jsp:useBean> tag set to 'session'? I am aware that there are a list of scopes like page, application, etc. and that if i use 'session' my variable will live for as long as that session is alive. (did i get this right?). You should rather look to the functional requirements instead of costs. If the bean need to be session scoped (e.g. maintain the logged in user), then do it so. If it just need to be request scoped (e.g. single page form data), then keep it request scoped.
2.)If the JSP Page where i use that <useBean> is to be accessed hundred of times a day, will it compensate my server resources? Right now i am using the Sun Glassfish Server.It will certainly eat resources. Just supply enough CPU speed and memory to a server. You cannot expect that a webserver running at a Pentium 500MHz with 256MB of memory can flawlessly serve 100 simultaneous users at the same second. But you may expect that it can serve 100 users per 24 hour.
3.) Can you suggest best practice in memory management given the architecture i described above?Just write code so that it doesn't unnecessarily eat memory. Only allocate memory if your application need to do so. You should rather let the hardware depend on the application requirements, not to let the application depend on the hardware specs.
4.)Also, I have implemented connection pooling in my architecture, but my application is to be used by thousands of clients everyday.. Can the Sun Glassfish Server take care of that or will I have to purchase a powerful sever?Glassfish is just an application server software, it is not server hardware. Your concerns are rather hardware related.

Best Practices for MDS Monitoring

We are deploying Solarwinds and would like some tips on what would be useful to monitor on MDS switches. Of course, the normal port utilization, cpu, interface counters are already set up, but thought I would check to see if anyone has any suggestions on any other OID's I should look into.
Thanks!

Hi Mike,
Did you try the following link ?
If not, it may be useful to some extent:
http://service.sap.com/bestpractices
---> Cross-Industry Packages ---> Best Practices for Solution Management
You have quite a few documents there - those on BPM may also cover Solution Monitoring aspects.
Best regards,
Srini
Edited by: Srinivasan Radhakrishnan on Jul 7, 2008 7:02 PM

IOS Update Best Practices for Business Devices

We're trying to figure out some best practices for doing iOS software updates to business devices. Our devices are scattered across 24 hospitals and parts of two states. Going forward there might be hundreds of iOS devices at each facility. Apple has tools for doing this in a smaller setting with a limited network, but to my knowledge, nothing (yet) for a larger implementation. I know configurator can be used to do iOS updates. I found this online:
https://www.youtube.com/watch?v=6QPbZG3e-Uc
I'm thinking the approach to take for the time being would be to have a mobile sync station setup with configurator for use at each facility. The station would be moved throughout the facility to perform updates to the various devices. Thought I'd see if anyone has tried this approach, or has any other ideas for dealing with device software updates. Thanks in advance.

Hi Bonesaw1962,
We've had our staff and students run iOS updates OTA via Settings -> Software Update. In the past, we put a DNS block on Apple's update servers to prevent users from updating iOS (like last fall when iOS 7 was first released). By blocking mesu.apple com, the iPads weren't able to check for or install any iOS software updates. We waited until iOS 7.0.3 was released before we removed the block to mesu.apple.com at which point we told users if they wanted to update to iOS 7 they could do so OTA. We used our MDM to run reports periodically to see how many people updated to iOS 7 and how many stayed on iOS 6. As time went on, just about everyone updated on their own.
If you go this route (depending on the number of devices you have), you may want to take a look at Caching Server 2 to help with the network load https://www.apple.com/osx/server/features/#caching-server . From Apple's website, "When a user on your network downloads new software from Apple, a copy is automatically stored on your server. So the next time other users on your network update or download that same software, they actually access it from inside the network."
I wish there was a way for MDMs to manage iOS updates, but unfortunately Apple hasn't made this feature available to MDM providers. I've given this feedback to our Apple SE, but haven't heard if it is being considered or not. Keeping fingers crossed.
Hope this helps. Let us know what you decide on and keep us posted on the progress. Good luck!!
~Joe

Best practice for logging

Hi All,
I would like to know if there is any best practice document for Firewall logging. This would include
1. What level of logging is ideal
2. If a log is stored in a logging server, how long is it best to store the logs and retain the logs by a backup tape etc.
This can include for various industries like IT, Banking etc.
Any document pertaining to these would be helpful. Thanks in advance.
Regards,
Manoj

Hi All,
I would like to know if there is any best practice document for Firewall logging. This would include
1. What level of logging is ideal
2. If a log is stored in a logging server, how long is it best to store the logs and retain the logs by a backup tape etc.
This can include for various industries like IT, Banking etc.
Any document pertaining to these would be helpful. Thanks in advance.
Regards,
Manoj
Manoj,
Check out the below link for best practice for logging and prerequiste in cisco devices.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#logbest
http://www.ciscopartner.biz/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html#wp1110908
Hope to Help !!
Ganesh.H
Remember to rate the helpful post

Best Practices For Household IOS's/Apple IDs

Greetings:
I've been searching support for best practices for sharing primarily apps, music and video among multple iOS's/Apple IDs. If there is a specific article please point me to it.
Here is my situation:
We currently have 3 iPads (2-kids, 1-dad) in the household and one iTunes account on a win computer. I previously had all iPads on single Apple ID/credit card and controlled the kids' downloads thru the Apple ID password that I kept secret. As the kids have grown older, I found myself constantly entering my password as the kids increased there interest in music/apps/video. I like this approach because all content was shared...I dislike because I was constantly asked to input password for all downloads.
So, I recently set up an individual account for them with the allowance feature at iTunes that allows them to download content on their own (I set restrictions on their iPads). Now I have 3 Apple IDs under one household.
My questions:
With the 3 Apple IDs, what is the best way to share apps,music, videos among myself and the kids? Is it multiple accounts on the computer and some sort of sharing?
Thanks in advance...

Hi Bonesaw1962,
We've had our staff and students run iOS updates OTA via Settings -> Software Update. In the past, we put a DNS block on Apple's update servers to prevent users from updating iOS (like last fall when iOS 7 was first released). By blocking mesu.apple com, the iPads weren't able to check for or install any iOS software updates. We waited until iOS 7.0.3 was released before we removed the block to mesu.apple.com at which point we told users if they wanted to update to iOS 7 they could do so OTA. We used our MDM to run reports periodically to see how many people updated to iOS 7 and how many stayed on iOS 6. As time went on, just about everyone updated on their own.
If you go this route (depending on the number of devices you have), you may want to take a look at Caching Server 2 to help with the network load https://www.apple.com/osx/server/features/#caching-server . From Apple's website, "When a user on your network downloads new software from Apple, a copy is automatically stored on your server. So the next time other users on your network update or download that same software, they actually access it from inside the network."
I wish there was a way for MDMs to manage iOS updates, but unfortunately Apple hasn't made this feature available to MDM providers. I've given this feedback to our Apple SE, but haven't heard if it is being considered or not. Keeping fingers crossed.
Hope this helps. Let us know what you decide on and keep us posted on the progress. Good luck!!
~Joe

Best practice for integrating a 3 point metro-e in to our network.

Hello,
We have just started to integrate a new 3 point metro-e wan connection to our main school office. We are moving from point to point T-1?s to 10 MB metro-e. At the main office we have a 50 MB going out to 3 other sites at 10 MB each. For two of the remote sites we have purchase new routers ? which should be straight up configurations. We are having an issue connecting the main office with the 3rd site.
At the main office we have a Catalyst 4006 and at the 3rd site we are trying to connect to a catalyst 4503.
I have attached configurations from both the main office and 3rd remote site as well as a basic diagram of how everything physically connects. These configurations are not working ? we feel that it is a gateway type problem ? but have reached no great solutions. We have tried posting to a different forum ? but so far unable to find the a solution that helps.
The problem I am having is on the remote side. I can reach the remote catalyst from the main site, but I cannot reach the devices on the other side of the remote catalyst however the remote catalyst can see devices on it's side as well as devices at the main site.
We have also tried trunking the ports on both sides and using encapsulation dot10q ? but when we do this the 3rd site is able to pick up a DHCP address from the main office ? and we do not feel that is correct. But it works ? is this not causing a large broad cast domain?
If you have any questions or need further configuration data please let me know.
The previous connection was a T1 connection through a 2620 but this is not compatible with metro-e so we are trying to connect directly through the catalysts.
The other two connection points will be connecting through cisco routers that are compatible with metro-e so i don't think I'll have problems with those sites.
Any and all help is greatly welcome ? as this is our 1st metro e project and want to make sure we are following best practices for this type of integration.
Thank you in advance for your help.
Jeff

Jeff, form your config it seems you main site and remote site are not adjacent in eigrp.
Try adding a network statement for the 171.0 link and form a neighbourship between main and remote site for the L3 routing to work.
Upon this you should be able to reach the remote site hosts.
HTH-Cheers,
Swaroop

Best Practices for Using Photoshop (and Computing in General)

I've been seeing some threads that lead me to realize that not everyone knows the best practices for doing Photoshop on a computer, and in doing conscientious computing in general. I thought it might be a good idea for those of us with some exprience to contribute and discuss best practices for making the Photoshop and computing experience more reliable and enjoyable.
It'd be great if everyone would contribute their ideas, and especially their personal experience.
Here are some of my thoughts on data integrity (this shouldn't be the only subject of this thread):
Consider paying more for good hardware. Computers have almost become commodities, and price shopping abounds, but there are some areas where spending a few dollars more can be beneficial. For example, the difference in price between a top-of-the-line high performance enterprise class hard drive and the cheapest model around with, say, a 1 TB capacity is less than a hundred bucks! Disk drives do fail! They're not all created equal. What would it cost you in aggravation and time to lose your data? Imagine it happening at the worst possible time, because that's exactly when failures occur.
Use an Uninterruptable Power Supply (UPS). Unexpected power outages are TERRIBLE for both computer software and hardware. Lost files and burned out hardware are a possibility. A UPS that will power the computer and monitor can be found at the local high tech store and doesn't cost much. The modern ones will even communicate with the computer via USB to perform an orderly shutdown if the power failure goes on too long for the batteries to keep going. Again, how much is it worth to you to have a computer outage and loss of data?
Work locally, copy files elsewhere. Photoshop likes to be run on files on the local hard drive(s). If you are working in an environment where you have networking, rather than opening a file right off the network, then saving it back there, consider copying the file to your local hard drive then working on it there. This way an unexpected network outage or error won't cause you to lose work.
Never save over your original files. You may have a library of original images you have captured with your camera or created. Sometimes these are in formats that can be re-saved. If you're going to work on one of those files (e.g., to prepare it for some use, such as printing), and it's a file type that can be overwritten (e.g., JPEG), as soon as you open the file save the document in another location, e.g., in Photoshop .psd format.
Save your master files in several places. While you are working in Photoshop, especially if you've done a lot of work on one document, remember to save your work regularly, and you may want to save it in several different places (or copy the file after you have saved it to a backup folder, or save it in a version management system). Things can go wrong and it's nice to be able to go back to a prior saved version without losing too much work.
Make Backups. Back up your computer files, including your Photoshop work, ideally to external media. Windows now ships with a quite good backup system, and external USB drives with surprisingly high capacity (e.g., Western Digital MyBook) are very inexpensive. The external drives aren't that fast, but a backup you've set up to run late at night can finish by morning, and if/when you have a failure or loss of data. And if you're really concerned with backup integrity, you can unplug an external drive and take it to another location.
This stuff is kind of "motherhood and apple pie" but it's worth getting the word out I think.
Your ideas?
-Noel

APC Back-UPS XS 1300. $169.99 at Best Buy.
Our power outages here are usually only a few seconds; this should give my server about 20 or 25 minutes run-time.
I'm setting up the PowerChute software now to shut down the computer when 5 minutes of power is left. The load with the monitor sleeping is 171 watts.
This has surge protection and other nice features as well.
-Noel

Best Practices for ASA 5500 Device Monitoring

Similar Messages

Maybe you are looking for