Best practices for configure Rogue Detector AP and trunk port?

Similar Messages

• Best Practices for Configuration Manager

  What all links/ documents are available that summarize the best practices for Configuration Manager?
  Applications and Packages
  Software Updates
  Operating System Deployment
  Hardware/Software Inventory

  Hi,
  I think this may help you
  system center 2012 configuration manager best practices
  SCCM 2012 task-sequence best practices
  SCCM 2012 best practices for deploying application
  Configuration Manager 2012 Implementation and Administration
  Regards, Ibrahim Hamdy

• Best practice for version control B2B, ESB and BPEL

  Hello,
  we are setting up a new system using B2B, ESB and BPEL. The development team is more experienced working with PL/SQL, Oracle Workflow and we are worried that Jdeveloper generates changes to the source files during development and that we might have problems with the version control.
  Is there any best practice for setting up version control for these systems? Do we need to take anything in particular into consideration when setting up the projects?
  We are using Serena Dimensions 9.1 for version control with the add-on in Jdeveloper.
  Thanks in advance!

  I believe JDeveloper has a plugin for Dimensions.
  I havent used it but to get it, go to tools (It may be help I don't have JDeveloper on this machine to confirm) check for updates.
  If you select the thrid party check box - next, you will see an entry for dimentions.
  Configure the connection and develop as you would any other project.
  cheers
  James

• Best practice for configuring virtual drive on UCS

  Hi,
  I have two C210 M2 Server with LSI 6G MegaRAID 9261-8i Card with 10 hard drives of each 135GB. When I tried the automatic selection for the RAID configuration, the system has created one virtual drive with RAID 6. My concern is what the best practice to configure virtual drive? Is it RAID 1 and RAID5 or all in one drive with RAID6? Any help will be appreciated.
  Thanks.

  Since you are planning to have UC apps on the server, Voice applications have specified their recommendations here.
  http://docwiki.cisco.com/wiki/Tested_Reference_Configurations_%28TRC%29
  I believe your C210 server specs could be matching TRC #1,  where you need to have
  RAID 1  - First two HDDs for VMware
  RAID 5  - Remaining 8 HDDs as datastore for virtual machines ( CUCM and CUC ) 
  HTH
  Padma

• SAP HCM Implementation: Best Practice for configuring

  Hi,
  This is my first independent project of HCM implementation. I have just started the system configuration. Done with setting up the PA, PSA, EG and ESG. Assigned to CC.  At this stage, I have a very basic question which is, what is the best practice for the next steps of configuration. What do I go to next, step up the OM in the SAP EasyAccess Menu? How should I go from here?
  Would really appreciate some explanatory assistance.
  Thanks in advance.
  Papri
  Edited by: papri_rc on Jul 8, 2011 6:40 AM

  Its all depends on business requirement
  at starting as i advised you review your BBP , make sure you configure everything
  for your reference iam giving the following data for OM and PA config..
  as part of OM
  1.     depict client org structure using simple maintenance , with this you can create large structures in less time(while doing org structure be careful and refer BBP)
  2.     maintain integration switches
  3.     maintain plan version
  4.     maintain number ranges
  Configuration for PA
  HR Enterprise /PersonnelStructure     
  u2022     Personnel Areas     
  u2022     Personnel Sub Areas     
  u2022     Employee Group     
  u2022     Employee Sub Group     
  u2022     Assignment of Personnel Area to Company Code     
  u2022     Assignment of Employee Sub Group to Employee Group     
  Basic Settings
  1.     Maintain Number Range Intervals for Personnel Numbers     
  2.     Determine defaults for number ranges     
  Personal Data     
  1.     Create Forms of Address     
  2.     Create Marital Status     
  Family     
  1.     Defined Possible Family Members     
  Addresses
  1.     Create Address Type     
  Communication     
  1.     Create Communication Types     
  Contractual and Corporate Agreements
  1.     Define Contract Types     
  2.     Determine periods of notice     
  Employee Qualifications
  1.     Create education establishment types     
  2.     Define Education Training     
  3.     Create educational Certificates     
  4.     Create branches of study     
  5.     Determine permissible certificates for education type     
  Infotype Menus     
  1.     User Group Dependency on Menus and Info groups     
  2.     Infotype Menu     
  3.     Determine choice of Infotype menus     
  4.     Infotype Menus     
  Actions     
  1.     User Group Dependency on Menus and Infogroups     
  2.     Info Group     
  3.     Personnel Action Types     
  4.     Create reasons for personnel actions     
  5.     Change Action Menu     
  *Developments(ABAPconsultant will do)     *Field Enhancements     (any field enhancements in infotypes)
  Customer Infotypes     -Develop any customer infotypes if required for the business from 9000 series
  Edited by: Piscian . on Jul 8, 2011 9:08 AM

• Best practices to configure files to display and play in order?

  I'm looking for best practices to get saved recordings (songs and business trainings) on my PC correctly configured so they will show up correctly (artist, song title, track number) and play incorrect order.
  I have lots of MP3 files (and other formats) on my PC but when i transfer them to iTunes and sync to iPod they don't play in correct order or show up as unknown artist (and other issues).
  I typically have them in a folder by artist name then folder with name of course or album then each song begins with a number.
  EXAMPLE: Eagles (folder) - Hotel California (folder) - 1.HotelCalifornia.mp3, 2.NewKidInTown.mp3, etc etc.
  I've also right-clicked and went into properties and add the track number,  artist name, album name, contributing artist etc but it still comes up with these issues
  --it's also very time-consuming to do this.
  EXAMPLE: instead of it being track 1,2,3 etc it will be 1,10,11,2,21,3...
  I've tried dragging them or copying them into the "automatically add" folder and also adding to library in iTunes.
  Any help is much appreciated.

  Hi Narendra,
  Oracle User and the FTP user are 2 different users.
  I'm assuming you'll be reading the file from R12 through File Adapter and writing it to Bank using FTP Adapter.
  Oracle User is able to login into R12, do some operations, submit some concurrent programs/requests based on responsibilities and generate the file to be transferred (like in my case it did by running a Concurrent Request). The file so generated should be placed at a location from where File Adapter can read it within the BPEL process. Now to read the file, the user that is used is a SOA server user (again different from R12 user). This is the same user that you use to login into your SOA server physical box. Hence to be able to read the file, your file should have appropriate privileges (we set that as 777) so that it can be read by the SOA process (using SOA user).
  FTP user, on the other hand, is the user that allows connection to Bank FTP server. This has absolutely no connection with R12. Bank who hosts the FTP server must give you the FTP user details that you'll use inside your FTP JNDI Configuration on Weblogic. When you deploy and run your process (you don't deploy adapter), it picks up the connection details from FTP JNDI properties that you defined in weblogic.
  Hence both the jusers can be different and I don't think any best practices are required or do exist for this.
  Regards,
  Neeraj Sehgal

• Best Practice for External Libraries Shared Libraries and Web Dynrpo

  Two blogs have been written on sharing libraries with Web Dynpro DC, but I would
  like to know the best practice for doing this.
  External libraries seem to work great at compile time, but when deploying there is often an error related to the external library not being a deployed component. 
  Is there a workaround for this besides creating a shared J2EE library which I have been able to get working?  I am not interested in something that works, but really
  what are the best practice for this. What is the best way to  limit the number of jars that need to be kept in a shared library/ext library.  When is sharing ref service/etc a valid approach vs. hunting down the jars in the portal libraries etc and storing in an external library.

  Security is mainly about mitigation rather than 100% secure, "We have unknown unknowns". The component needs to talk to SQL Server. You could continue to use http to talk to SQL Server, perhaps even get SOAP Transactions working but personally
  I'd have more worries about using such a 'less trodden' path since that is exactly the areas where more security problems are discovered. I don't know about your specific design issues so there might be even more ways to mitigate the risk but in general you're
  using a DMZ as a decent way to mitigate risk. I would recommend asking your security team what they'd deem acceptable.
  http://pauliom.wordpress.com

• Best practices for using Normalizer in ASA and in AIP-SSM

  Both PIX OS 7.x and IPS 5.x software have a concept of "traffic normalization". PIX OS on ASA can do virtual reassembly, IPS on SSM (so far as I know) can do physical reassembly and fragmentation of IP packets. Also, both ASA and SSM can do TCP normalization. For example, they both can "check inconsistent retransmissions" and protect against "TTL evasion attacks". I realize that PIX OS has only basic normalization functions and the SSM is much more configurable.
  The question is: what are the best practices here? Is it better to disable some IP/TCP PIX OS checks / IPS signatures on ASA and/or SSM? Is it better to use just SSM for traffic normalization? Does anybody has personal experience here?
  Also, there is a BugID CSCsd04327 - "ASA all out of order packets are dropped when sending to ssm"
  "When ips ssm is inline slowness is reported. show service-policy shows that the number of out of order packets reported match exactly the number of no buffer drops (even with queue-limit option). Performance hit is not the result of tcp normalization (on IPS 5.x ssm) in this case, but rather an issue with asa normalizer."
  To me it seems to be more logical to have normalization function on the firewall, but there may be drawbacks in doing this.
  So, those who're using ASA with SSM, please share your experience.
  Thx.

  Yes, this is almost correct ;)
  TCP SRP (Stream Reassemly Processor) is turned OFF on the SSM and cannot be enabled, contrary to 4200 appliances, but IP FRP (Fragmentation Reassembly Processor) is functioning on the SSM.
  The testing of 7.2(1) shows the following:
  When you configure "policy-map" to send packets to the SSM the "tcp-map" parameter "queue-limit", which has the value of zero by default, is set to an X (the X is unknown). This means that the ASA now only accepts the TCP segments which are sent in the correct order. More specifically, the gaps in SEQs are not allowed anymore. When for example, the ASA receives a TCP segment which has a SEQ within the window, but the previous TCP segment has been lost, it sends an ACK to the sender to enforce retransmition of the lost segment. As a result the sender retransmits both segments. Only after that the ASA forwards both segments to the SSM. This basically means that SSM always sees in-order TCP segments. That it is why SRP is not needed on the SSM.
  There are at least two problems however.
  The first problem is the performance impact.
  ASA now acts almost like a proxy. And, so far as I know, it doesn't support SACK (Selective ACKs). First, when the ASA does TCP SEQ randomization it doesn't change SEQ values within the SACK TCP Option. This simply breakes SACK. Second, even if you turn randomization mechanism OFF, then, I believe, the ASA will not selectively ACK the lost TCP segments, as it simply doesn't support this mechanism.
  The second problem is THE SECURITY HOLE.
  By default the ASA doesn't check TCP checksums. The 4200 appliances do check by default. But as we now know the SRP is turned OFF on the SSM... So, this means that SSM module can easily be evaded. The hacker only needs to mix attacking traffic with the random TCP segments that have bad TCP checksum. The SSM module will see the mixture of the two and will not recognize the attack. The target host will drop TCP segments with the bad checksums and see only attacking traffic... This has been successfully verified in the lab.
  Of course, this security hole can be closed with the "tcp-map" parameter "checksum-verification", but it will definitely has performance impact.
  The last note: All of the above has never been documented by Cisco. So, use at your own risk, etc.
  I hope, you will read this message, Marcoa. All of this MUST be documented. Once again, the default behaviour of the ASA opens up a big security hole.
  Regards,
  Oleg Tipisov,
  REDCENTER,
  Moscow

• Best Practices for sharing media with iMovie and FCPX

  So I've a large iMovie Events directory, and would like to use that media with both iMovie and FCPX projects.
  I'd rather not duplicate the media, so would prefer to import as references into FCPX.
  The dilemma is that I see that it's possible to modify or move media from within the iMovie application, and therefore break the reference to that media with FCPX.
  I only see two options:  (1) Never Ever modify the location/name of media in the iMovie Events file (even from within the iMovie app) since I would break an FCPX link if that media is referenced, or (2) always import (copy) the iMovie events into the FCPX Event Library making an independent original so that I can confidently operate on those media files in either application.
  I'd surely rather not have to do (2 )(e.g. doubling my storage demands) to gain the flexibility of using either application to edit the video, but really don't want to live with the restrictions of (1).
  Thoughts / Solutions?  What might you consider as options or best practices?

  Unless there is some other reason, users should own the right to share their mailboxes - it shouldn't be something that demands administrator management (if only so that the administrators aren't swamped by user requests for sharing their mailboxes). 
  For true shared mailboxes, when the mailbox is created, full access is granted by an administrator.

• Best practice for dealing with Recordsets, JDBC and JSP?

  I've spent the last three years developing web apps using JSP, Struts and Kodo JDO for persistence. All of the content for the apps was created as Java objects using model classes and saved to an Oracle db. Thus, data retrieved from the db was as instances of the model classes and then put into Struts form beans, etc.
  I changed jobs last month and am now having to use Servlets with JDBC to retrieve records from db tables and returning it into Recordsets. Oh, and I can't use Struts in my JSPs either. I'm beginning to think that I had it easy at my previous job but maybe that's just because I was used to it.
  So here are my problems/questions:
  I have two tables with a one to many relationship that I need to retrieve data from, show in a jsp and be able to update eventually.
  So here's what I am doing:
  a) In a servlet, I use a SQL statement to join the tables and retrieve the results into a Recordset.
  b) I created a class with a bunch of String attributes to copy the Recordset data into, one Recordset row per each instance of the bean and then close the Recordset
  c) I then add the beans to an ArrayList and save the ArrayList into the session.
  d) Then, in the JSP, I retrieve the ArrayList from the session and iterate over each bean instance, printing the data out to the jsp. There are some logic statements to determine when not to print redundant data caused by the one to many join.
  e) I have not written the code to update the data yet but was planning on having separate jsps for updating the (one) table and the (many) table.
  Would most of you do something similar? Would you use one SQL statement to retrieve all of the data for display and use logic to avoid printing the redundant part of the data? Or would you have used separate SQL queries, one for each table? Would you have saved the results into something other than an instance of a bean class that represents one record in the RecordSet? Would you have had a bean class with attributes other than Strings - like had a collection attribute to hold the results from the "many" table? The way that I am doing everything just seems so cumbersome and difficult compared to using Struts and JDO before.
  Your help/opinion will be greatly appreciated!

  Would you use one SQL statement to retrieve all of the data for display Yes.
  and use logic to avoid printing the redundant part of the dataNo.
  I believe in minimising the number of queries. If it is a simple one-many join on a db table, then one query is better than one + n queries.
  However I prefer to store the objects in a bean class with attributes other than strings - ie one object, with a collection attribute to hold the related "many" records.
  Does the fact you are not using Struts mean that you have to use scriptlet code? (shudder)
  Or are you using JSTL, or other custom tags?
  How about tools like Ant? Junit testing?
  The way that I am doing everything just seems so cumbersome and difficult
  compared to using Struts and JDO before.Anything different takes adjusting to. Sounds like you know what you're doing for the most part. I agree, in terms of best practices what you have described so far sounds like a step backwards from what you were previously doing.
  However I wouldn't go complaining about it too loudly, too quickly. If you're new on the block theres nothing like making a pain of yourself, and complaining how backwards the work they have done is to put your new workmates' backs up
  Look on it as a challenge. Maybe discuss it quietly with a team leader, to see if they understand how much easier/better/less error prone such approaches can be?
  Struts, cumbersome as it can be, definitely has the advantage of pushing you to follow good MVC practice.
  Good luck,
  evnafets

• Best Practice for Installation of Both Leopard and Aperture 2 upgrade.

  I've finally bought the bullet and purchased both Leopard and Aperture 2.0 upgrade. I've tried searching for a best practice to install both, but haven't been able to find one--only trouble shooting type stuff. Any suggestions, things to avoid, etc would be greatly appreciated. Even a gentle shove to a prior thread would be helpful. . . .
  Thanks for pointing me in the right direction.
  Steve

  steve hutchcraft wrote:
  I've tried searching for a best practice to install...
  • First be really sure that all your apps work well with 10.5.3 before you leave 10.4.11, which is extraordinarily stable.
  • Immediately prior to and immediately after every installation of any kind (OS, apps, drivers, etc.) got to Utilities/Disk Utility/First Aid, and Repair Permissions. Repairing Permissions is not a problem fixer per se, but anecdotally many folks with heavy graphics installations (including me) who follow that protocol seem to maintain better operating environments under the challenge of heavy graphics than folks who do not diligently do so.
  • When you upgrade the OS do a "clean install."
  • RAM is relatively inexpensive and 2 GB RAM is limiting. I recommend adding 4x2 GB RAM. One good source is OWC: http://www.owcomputing.com/.
  • After you do your installations check for updates to the OS and/or Aperture, and perform any upgrades. Remember to Repair Permissions immediately prior to and immediately after the upgrade installations.
  • If you are looking for further Aperture performance improvement, consider the Radeon HD 3870. Reviews at http://www.barefeats.com/harper16.html and at http://www.barefeats.com/harper17.html.
  Good luck!
  -Allen Wicks

• Best Practice for configuring ZS3 storage

  Hi Team
  Can someone help me with the best way to configure data profile for a ZS3-2 storage which is mainly going to be used for oracle database and EBU application.
  If we are planning to install ldoms os on storage lun then what data profile should be the best one.
  Regards
  AB

  Without knowing more I would do the following, being very conservative;
  Create too pools, with pool0 on controller0 and pool1 on controller1. This is to take advantage of both controllers DRAM, for better performance. Regardless of RAIDZ or RAID 1+0, I would do this.
  I am assuming both trays are the same HHDs ( 900G?)
  Make the first pool RAID 1+0, with 2 write SSDs and one READ SSD. I would use this pool for redo logs, and database files. Mounting via OISP or dNFS.
  Make the second pool RAIDZ, with 2 write SSDs and one READ SSD, I would place my RMAN mount here, and any binary mounts and archive logs. Maybe DB files, if using partitioning. HCC is a great technology to use if you application will benefit from it.
  Now for the relaity check!
  9 times out of 10 method...
  Realistic... just use RAIDZ on both pools. In reality RAID 1+0 generates more IOPS in the array and leads to more DB I/O wait time! It's true!
  If you are headed to ECO I'll sit down and explain. short version, RAIDZ does less writes, which means better database performance.
  Erik

• Best practice for writing browser detector?

  I am looking into an old bean that was written several years ago that was supposed to perform a browser detection, however, its function appears solely to look for a regular expression pattern inside a String that is supposed to represent HttpServletRequest.getUserAgent(), however, it never references the request object; it "blindly" assumes it receives a String that looks like a user-agent string.
  Is this a best-practice method for doing browser detection? I would assume that it would have a better performance than having an actual browser detection bean that derives the browser OS name directly from HttpServletRequest.getUserAgent() itself, however, wouldn't it be not as accurate as "direct from the source"?
  Thanks

  Phil_The_Lifeless_Programmer wrote:
  I am looking into an old bean that was written several years ago that was supposed to perform a browser detection, however, its function appears solely to look for a regular expression pattern inside a String that is supposed to represent HttpServletRequest.getUserAgent(), however, it never references the request object; it "blindly" assumes it receives a String that looks like a user-agent string.
  Is this a best-practice method for doing browser detection? I would assume that it would have a better performance than having an actual browser detection bean that derives the browser OS name directly from HttpServletRequest.getUserAgent() itself, however, wouldn't it be not as accurate as "direct from the source"?
  ThanksI really don't understand you. There is no such method as getUserAgent() in the HttpServletRequest object, as mentioned before. I also really don't understand the performance and accuracy concern.
  But anyway, I would after all just say, keep in mind that clients can change/make/spoof request headers the way they want. Use the user-agent information for statistics only and don't let your code logic depend (that much) on it, that would also make no sense in the server side which is supposed to be completely client independent. It's only useful in the client side scripting language Javascript (because it have to take account with browser proprietary API's and browser specific behaviours) and there are much better and reliable ways to do it in Javascript.

• Best Practices for configuring ICMP from the outside

  Question,
  Are there any best practices or best recommendations on how ICMP should be configured from the outside? I have been cleaning up the rules on our ASA as a lot were simply ported over years ago when we retired our PIX. I noticed that there is a rule to allow ICMP any any and began to wonder how this works when the rules above are specific IP addresses and specific ports. This in thurn started me looking to see if there was any documentation or anything to help me determine a best practice. Anyone know of anything?
  As a second part how does this flow on a firewall if all the addresses are natted? It the ICMP traffic simply passed through the NAT and the destiantion simply responds?
  Brent                   

  Here you go, bro!
  http://checkthenetwork.com/networksecurity%20Cisco%20ASA%20Firewall%20Best%20Practices%20for%20Firewall%20Deployment%201.asp#_Toc218778855
  access-list inside permit icmp any any echo
  access-list inside permit icmp any any echo-reply
  access-list inside permit icmp any any unreachable
  access-list inside permit icmp any any time-exceeded
  access-list inside permit icmp any any packets-too-big
  access-list inside permit udp any any eq 33434 33464
  access-list deny icmp any any log
  P/S: if you think this comment is useful, please do rate them nicely :-)

• Best Practice for Host Named Site Collections and Web Apps

  Looking for advice on setting up the host named site collections.  If I am reading many of the technet articles and blogs correctly I should 1) have only 1 top level web app for host named site collections and 2) not have a host header for that web
  app.  If that's correct I am looking for advice.  We have 7 separate domains that we support in our farm.  Currently each of those domains is divided into web applications based on the domain,  *.contoso, *.trains.com, *.bakers.com, etc.
    Is the concept now that all of the host named site collections fall under that one web app?  How do we deal with the SSL for each of those separate domains which all have their own certificates? 
  Thanks in advance for your comments. 
  NLewis

  Yes, for creating host named site collections, first you create a host header less web app and then create host named site collections under that web app. However this is only for the cases where all the host named site collections ends in one domain. So
  you can create host named site collections as intranet.contoso.com, my.contoso.com, portal.contoso.com etc as they are all ending in *.contoso.com.
  As per your environment, if you have web apps which caters to different domains like *.contoso.com, *.trains.com, *.bakers.com, you need to create separate web apps as they are all ending in different domains. Then you can have a separate wildcard SSL certificate
  for each of those web apps.
  Hope this helps.
  Thanks
  Mohit