Best practices for VTP / VLAN environment

Similar Messages

• Best practice for the test environment  &  DBA plan Activities    Documents

  Dears,,
  In our company, we made sizing for hardware.
  we have Three environments ( Test/Development , Training , Production ).
  But, the test environment servers less than Production environment servers.
  My question is:
  How to make the best practice for the test environment?
  ( Is there any recommendations from Oracle related to this , any PDF files help me ............ )
  Also please , Can I have a detail document regarding the DBA plan activities?
  I appreciate your help and advise
  Thanks
  Edited by: user4520487 on Mar 3, 2009 11:08 PM

  Follow your build document for the same steps you used to build production.
  You should know where all your code is. You can use the deployment manager to export your configurations. Export customized files from MDS. Just follow the process again, and you will have a clean instance not containing production data.
  It only takes a lot of time if your client is lacking documentation or if you re not familiar with all the parts of the environment. What's 2-3 hours compared to all the issues you will run into if you copy databases or import/export schemas?
  -Kevin

• Best practice for setting an environment variable used during NW AS startup

  We have installed some code which is running in both the ABAP and JAVA environment, and some functionality of this code is determined by the setting of operating system environment variables. We have therefore changed the .sapenv_<host>.csh and .sapenv_<host>.sh scripts found in the <sid>adm user home directory. This works, but we are wondering what happens when SAP is upgraded, and if these custom shell script changes to the .sh and .csh scripts will be overwritten during such an upgrade. Is there a better way to set environment variables so they can be used by the SAP server software when it has been started from <sid>adm user ?

  Hi,
  Thankyou. I was concerned that if I did that there might be a case where the .profile is not used, e.g. when a non-interactive process is started I was not sure if .profile is used.
  What do you mean with non-interactive?
  If you login to your machine as sidadm the profile is invoked using one of the files you meant. So when you start your Engine the Environment is property set. If another process is spawned or forked from a running process it inherits / uses the same Environment.
  Also, on one of my servers I have a .profile a .login and also a .cshrc file. Do I need to update all of these ?
  the .profile is used by bash and ksh
  The .cshrc is used by csh and it is included via source on every Shell Startup if not invoked with the -f Flag
  the .login is also used by csh and it is included via source from the .cshrc
  So if you want to support all shells you should update the .profile (bash and ksh) and one of .cshrc or .login for csh or tcsh
  In my /etc/passwd the <sid>adm user is configured with /bin/csh shell, so I think this means my .cshrc will be used and not the .profile ? Is this correct ?
  Yes correct, as described above!
  Hope this helps
  Cheers

• Best Practices for management VLAN

  Hi guys,
  I have a client with a data center where they have lots of VLANs running off a 3750 (main switch) and then they have a 3550 and a 2950 running off from this main 3750.
  They have lots of VLANs configured and I see that Vlan1 is not being used. Currently, all the IPs of the switches and routers belong to one of the customer Vlan's.
  I've read that this is bad practice and that a management VLAN should be created. But I think I've also read that when it comes to management Vlans, one needs to stay away from Vlan1
  So I am not sure how to tackle this.
  any help?
  thanks

  Here is a very good discussion which should answer all your questions.
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&topicID=.ee71a04&fromOutline=true&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc12936/14
  http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.htm#wp39009

• Best practices for securely storing environment properties

  Hi All,
  We have a legacy security module that is included in many
  different applications. Historically the settings (such as
  database/ldap username and password) was stored directly in the
  files that use them. I'm trying to move towards a more centralized
  and secure method of storing this information, but need some help.
  First of all, i'm struggling a little bit with proper scoping
  of these variables. If another application does a cfinclude on one
  of the assets in this module, these environment settings must be
  visible to the asset, but preferrably not visible to the 'calling'
  application.
  Second i'm struggling with the proper way to initialize these
  settings. If other applications run a cfinclude on these assets,
  the application.cfm in the local directory of the script that's
  included does not get processed. I'm left with running an include
  statement in every file, which i would prefer to avoid if at all
  possible.
  There are a ton (>50) applications using this code, so i
  can't really change the external interface. Should i create a
  component that returns the private settings and then set the
  'public' settings with Server scope? Right now i'm using
  application scope for everything because of a basic
  misunderstanding of how the application.cfm's are processed, and
  that's a mess.
  We're on ColdFusion 7.
  Thanks!

  Hi,
  Thank you for posting in Windows Server Forum.
  As per my research, we can create some script for patching the server and you have 2 servers for each role. If this is primary and backup server respectively then you can manage to update each server separately and bypass the traffic to other server. After
  completing once for 1 server you can just perform the same step for other server. Because as I know we need to restart the server once for successful patching update to the server.
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Best Practices for Patching RDS Environment Computers

  Our manager has tasked us with creating a process for patching our RDS environment computers with no disruption to users if possible. This is our environment:
  2 Brokers configured in HA Active/Active Broker mode
  2 Web Access servers load balanced with a virtual IP
  2 Gateway servers load balanced with a virtual IP
  3 session collections, each with 2 hosts each
  Patching handled through Configuration Manager
  Our biggest concern is the gateway/hosts. We do not want to terminate existing off campus connections when patching. Are there any ways to ensure users are not using a particular host or gateway when the patch is applied?
  Any real world ideas or experience to share would be appreciated.
  Thanks,
  Bryan

  Hi,
  Thank you for posting in Windows Server Forum.
  As per my research, we can create some script for patching the server and you have 2 servers for each role. If this is primary and backup server respectively then you can manage to update each server separately and bypass the traffic to other server. After
  completing once for 1 server you can just perform the same step for other server. Because as I know we need to restart the server once for successful patching update to the server.
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Best Practice for Production environment

  Hello everyone,
  can someone share the best practice for a production environment? or is there a SAP standard best practice to follow in a Production landscape?
  i understand there are Best practices available for Implementation , Migration and upgrade. But, i was unable to find one for productive landscape
  thanks.

  Hi Siva,
  What best practise are you looking for ? If you can be specific on your question we could provide appropriate response.
  From my basis experience some of the best practices.
  1) Productive landscape should have high availability to business. For this you may setup DR or HA or both.
  2) It should have backup configured for which restore has been already tested
  3) It should have all the monitoring setup viz application, OS and DB
  4) Productive client should not be modifiable
  5) Users in Production landscape should have appropriate authorization based on SOD. There should not be any SOD conflicts
  6) Transport to Production should be highly controlled. Any transport to Production should be moved only with appropriate Change Board approvals.
  7) Relevant Database and OS security parameters should be tested before golive and enabled
  8) Pre-Golive , Post Golive should have been performed on Production system
  9) EWA should be configured atleast for Production system
  10) Production system availability using DR should have been tested
  Hope this helps.
  Regards,
  Deepak Kori

• Best Practice for FlexConnect Wireless roaming in MediaNet environment?

  Hello!
  Current Cisco best practice recommendations for enterprise MediaNet design, specify that VLANs be local to a switch / switch stack (i.e., to limit the scope of spanning-tree). 
  In the wireless world, this causes problems if you want users while roaming to keep real-time applications up and running.  Every time they connect to a new AP on a different VLAN, then they will need to get a new IP address, which interrupts real-time apps. 
  So...best practice for LAN users causes real problems for wireless users.
  I thought I'd post here in case there's a best practice for implementing wireless roaming in a routed environment that we might have missed so far!
  We have a failover pair of FlexConnect 7510s, btw, configured for local switching for Internal users, and central switching with an anchor controller on the DMZ for Guest users.
  Thanks,
  Deb

  Thanks for your replies, Stephen and JSnyder.
  The situation here is that the original design engineer is no longer here, and the original design was not MediaNet-friendly, in that it had a very few /20 subnets bridged over entire large sites. 
  These several large sites (with a few hundred wireless users per site), are connected to an HQ location (where the 7510s in failover mode are installed) via 1G ethernet hand-offs (MPLS at the WAN provider).  The 7510s are new, and are replacing older contollers at the HQ location. 
  The internal employee wireless users use resources both local to their site, as well as centralized resources.  There are at least as many Guest wireless users per site as there are internal employee users, and the service to them consists of Internet traffic only.  (When moved to the 7510s, their traffic will continue to be centrally switched and carried to an anchor controller in the DMZ.) 
  (1) So, going local mode seems impractical due to the sheer number of users whose traffic bound for their local site would be traversing the WAN twice.  Too much bandwidth would be used.  So, that implies the need to use Flex / HREAP mode instead.
  (2) However, re-designing each site's IP environment for MediaNet would suggest to go routed to the closet.  However, this breaks seamless roaming for users....
  So, this conundrum is why I thought I'd post here, and see if there was some other cool / nifty solution I wasn't yet aware of. 
  The only other (possibly friendly to both needs) solution I'd thought of was to GRE tunnel a subnet from each closet to the collapsed Core / Disti switch at each site.  Unfortunately, GRE tunnels are not supported in the rev of IOS on the present equipment, and so it isn't possible to try this idea.
  Another "blue sky" idea I had (not for this customer, but possibly elsewhere in the future), is to use LAN switches such as 3850s that have WLC functionality built-in.  I haven't yet worked with the WLC s/w available on those, but I was thinking it looks like they could be put into a mobility group, and L3 user roaming between them might then work.  Do you happen to know if this might be a workable solution to the overall big-picture problem? 
  Thanks again for taking the time and trouble to reply!
  Deb

• Best practice for Wireless ap vlan

  Is there a best practice for grouping lightweight access points in one vlan or allowing them to be spread across several ??

  Whether you have multiple sites or not, it's good practice to put your APs in a separate and dedicated VLAN. 
  If your sites are routed sites, then you can re-use the same VLAN numbers but make sure they are on separate subnets and/or VRF instance.

• Best practice for a deplomyent (EAR containing WAR/EJB) in a productive environment

  Hi there,
  I'm looking for some hints regarding to the best practice deployment in a productive
  environment (currently we are not using a WLS-cluster);
  We are using ANT for buildung, packaging and (dynamic) deployment (via weblogic.Deployer)
  on the development environment and this works fine (in the meantime);
  For my point of view, I would like to prefere this kind of Deploment not only
  for the development, also for the productive system.
  But I found some hints in some books, and this guys prefere the static deployment
  for the p-system.
  My question now:
  Could anybody provide me with some links to some whitepapers regarding best practice
  for a deployment into a p-system ??
  What is your experiance with the new two-phase-deploment coming up with WLS 7.0
  Is it really a good idea to use the static deployment (what is the advantage of
  this kind of deployment ???
  THX in advanced
  -Martin

  Hi Siva,
  What best practise are you looking for ? If you can be specific on your question we could provide appropriate response.
  From my basis experience some of the best practices.
  1) Productive landscape should have high availability to business. For this you may setup DR or HA or both.
  2) It should have backup configured for which restore has been already tested
  3) It should have all the monitoring setup viz application, OS and DB
  4) Productive client should not be modifiable
  5) Users in Production landscape should have appropriate authorization based on SOD. There should not be any SOD conflicts
  6) Transport to Production should be highly controlled. Any transport to Production should be moved only with appropriate Change Board approvals.
  7) Relevant Database and OS security parameters should be tested before golive and enabled
  8) Pre-Golive , Post Golive should have been performed on Production system
  9) EWA should be configured atleast for Production system
  10) Production system availability using DR should have been tested
  Hope this helps.
  Regards,
  Deepak Kori

• Best Practice for Managing a BPC Environment?

  My company is currently running a BPC 5.1 MS environment and will soon be upgrading to version 7.0 MS.  I was wondering if there is a white paper or some guidance that anyone can give with regard to the best practice for managing a BPC environment.  Which brings to light several questions in my mind:
  1.  Which department(s) in a company should u201Cownu201D the BPC application? 
  2. If both, whatu2019s SAPu2019s recommendation for segregation of duties?
  3. What roles should exist within our company to manage BPC?
  4. What type(s) of change control is SAPu2019s u201CBest Practiceu201D?
  We are currently evaluating the best way to manage the system across multiple departments, however there is no real business ownership in the system, which seems to be counter to the reason for having BPC as a solution in the first place.
  Any guidance on this would be very much appreciated.

  My company is currently running a BPC 5.1 MS environment and will soon be upgrading to version 7.0 MS.  I was wondering if there is a white paper or some guidance that anyone can give with regard to the best practice for managing a BPC environment.  Which brings to light several questions in my mind:
  1.  Which department(s) in a company should u201Cownu201D the BPC application? 
  2. If both, whatu2019s SAPu2019s recommendation for segregation of duties?
  3. What roles should exist within our company to manage BPC?
  4. What type(s) of change control is SAPu2019s u201CBest Practiceu201D?
  We are currently evaluating the best way to manage the system across multiple departments, however there is no real business ownership in the system, which seems to be counter to the reason for having BPC as a solution in the first place.
  Any guidance on this would be very much appreciated.

• Looking for best practice on J2EE development environment

  Hi,
  We are starting to develope with J2EE. We are looking for best practice on J2EE development environment. Our concern is mainly on code sharing and deployment.
  Thanks, Charles

  To support "code sharing" you need an integrated source code control system. Several options are out there but CVS (https://www.cvshome.org/) is a nice choice, and it's completely free and it runs on Windows, Linux, and most UNIX variants.
  Your next decision is on IDE and application server. These are usually from a single "source". For instance, you can choose Oracle's JDeveloper and Deploy to Oracle Application Server; or go with free NetBeans IDE and Jakarta Tomcat; or IBM's WebSphere and their application server. Selection of IDE and AppServer will likely result in heated debates.

• Best Practices for zVM/SLES10/zDB2 environment for dialog instances.

  Hi,  I am a zSeries system programmer who has just completed an IBM led Proof of Concept which demonstrated the viability of running SAP instances on SUSE SLES10 Linux booted in zVM guests and accessing zDB2 data via hipersockets. Before we build a Linux infrastructure using the 62 IFLs we just procured, we are wondering if any best practices for this environment have been developed as an OSS note or something else by SAP.    Below you will find an email which was sent and responded to by IBM and Novell on these topics...
  "As you may know, Home Depot has embarked on an IBM led proof of concept using SUSE SLES10 running in zVM guests on IBM zSeries hardware to host SAP server instances.  The Home Depot IT organization is currently in the midst of a large scale push to modernize our merchandising and people systems on SAP platforms.  The zVM/SUSE/SAP POC is part of that effort, as is a parallel POC of an Intel Blade/Red Hat/SAP platform.  For our production financial systems we now use a pSeries/AIX/SAP platform.
        So far in the zVM/SUSE/SAP POC, we have been able to create four zVM LPARS on IBM z9 hardware, create twelve zVM guests on those LPARS, boot SLES10 in those guests, install and run SAP instances in those guests using hipersockets for access to our DB2 SAP databases running on zOS, and direct user workloads to the SAP instances with good results.  We have also successfully developed cloning scripts that have made it possible to create new SLES10 instances, configured and ready for SAP installs, in about 10 seconds using FLASHCOPY and IBM DASD.
        I am writing in the hope that you can direct us to technical resources at IBM/Novell/SAP who may be able to field a few questions that have arisen.  In our discussions about optimization of the zVM/SUSE/SAP platform, we wondered if any wisdom about the appropriateness of and support for using zVM capabilities to virtualize SAP has ever been developed or any best practices drafted.  Attached you will find an IBM Redbook and a PowerPoint presentation which describes the use of the zVM discontiguous shared segments and the zVM named saved system features for the sharing of reentrant code and other  elements of Linux and its applications, thereby conserving storage and disk resources allocated to guest machines.   The specific question of the hour is, can any SAP code be handled similarly?  Have specific SAP elements eligible for this treatment been identified? 
        I've searched the SUSE Knowledgebase for articles on this topic to no avail.  Any similar techniques that might help us reduce the total cost of ownership of a zVM/SUSE/SAP platform as we compare it to Intel Blade/Red Hat/SAP and pSeries/AIX/SAP platforms are of great interest as we approach the end of our POC.  Can you help?
        Greg McKelvey is a Client I/T Architect at IBM.  He found the attached IBM documents and could give a fuller account of our POC.  Pat Downs, IBM zSeries IT Architect, has also worked to guide our POC. Akshay Rao, IBM Systems IT Specialist - Linux | Virtualization | SOA, is acting as project manager for the POC.  Jim Hawkins is the Home Depot Architect directing the POC.  I've CC:ed their email addresses.  I am sure they would be pleased to hear from you if there are the likely questions about what the heck I am asking about here.  And while writing, I thought of yet another question that I hoping somebody at SAP might weigh in on; are there any performance or operational benefits to using Linux LVM to apportion disk to filesystems vs. using zVM to create appropriately sized minidisks for filesystems without LVM getting involved?"
  As you can see, implementation questions need to be resolved.  We have heard from Novell that the SLES10 Kernel and other SUSE artifacts can reside in memory and be shared by multiple operating system images.  Does SAP support this configuration?  Also, has SAP identified SAP components which are eligible for similar treatment?  We would like to make sure that any decisions we make about the SAP platforms we are building will be supportable.  Any help you can provide will be greatly appreciated.  I will supply the documents referenced above if they are not known to any answerer.  Thanks,  Al Brasher 770-433-8211 x11895 [email protected]

  Hello AL ,
  first, let me welcome you on board,  I am sure you won't be disapointed with your choice to run SAP on ZOS.
  as for your questions,
  it wan't easy to find them in this long post , so i suggest you take the time to write a short summary that contains a very short list of questions.
  as for answers.
  here are a few usefull sources of information :
  1. the sap on db2 for Z/os sdn page :
  SAP on DB2 for z/OS
  in it you can find 2 relevant docs :
  a. best practices for ...
  b. database administration for db2 udb for z/os .
  this second publication is excellent , apart from db2 specific info , it contains information on all the components of the sap on db2 for z/os like zlinux,z/vm and so on ...
  2. I can see that you are already familiar with the ibm redbooks , but it seems that you haven't taken the time to get the most out of that resource.
  from you post it is clear that you have found one usefull publication , but I know there are several.
  3. a few months ago I wrote a short post on a similar subject ,
  I'm sure its not exactly what you are looking for at this moment , but its a good start , and with some patience you may be able to get some answers.
  here's a link
  http://blogs.ittoolbox.com/sap/db2/archives/index-of-free-documentation-on-sap-db2-administration-14245
  good luck.
  omer brandis.

• Best Practices for AD and Windows Environment

  Hello Everyone,
  I need to create a document having the best practices for AD containing best practices for DNS, DHCP, AD Structure, Group Policy, Trust Etc.
  I just need the best practices irrespective of what is implemented in our company.
  I just need to create a document for analysis as of now. I searched over the internet but could not find much. I would request you all to pour in your suggestions from where i can find those.
  If anyone could send me or point me the link. I am pretty new to the technology, so need your help.
  Thanks in Advance

  I have an article where I shared the best practices to use to avoid known AD/DNS issues: http://www.ahmedmalek.com/web/fr/articles.asp?artid=23
  However, you need first to identify your requirements and based on these requirements, you can identify what should be implemented on your environment and how to manage it. The basics here is that you need to have at least two DC/DNS/GC servers per AD domain
  for the High Availability. You need also to take a system state backup of at least one DC/DNS/GC server in your domain. As for DHCP, you can use 50/50 or 80/20 DHCP rule depending on your setup.
  You can also refer to that: https://technet.microsoft.com/en-us/library/cc754678%28v=ws.10%29.aspx
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Best practice for intervlan routing?

  are there some best practices for intervlan routing ?
  I've been reading allot and I have seen these scenarios
  router on a stick
  intervlan at core layer
  intervlan at distribution layer.
  or is intervlan needed at all if the switches will do the routing?
  I've done all of the above but I just want to know what's current.

  The simple answer is it depends because there is no one right solution for everyone. 
  So there are no specific best practices. For example in a small setup where you may only need a couple of vlans you could use a L2 switch connected to a router or firewall using subinterfaces to route between the vlans.
  But that is not a scalable solution. The commonest approach in any network where there are multiple vlans is to use L3 switches to do this. This could be a pair of switches interconnected and using HSRP/GLBP/VRRP for the vlans or it could be stacked switches/VSS etc. You would then dual connect your access layer switches to them.
  In terms of core/distro/access layer in general if you have separate switches performing each function you would have the inter vlan routing done on the distribution switches for all the vlans on the access layer switches. The core switches would be used to route between the disribution switches and other devices eg. WAN routers, firewalls, maybe other distribution switch pairs.
  Again, generally speaking, you may well not need vlans on the core switches at all ie. you can simply use routed links between the core switches and everything else. 
  The above is quite a common setup but there are variations eg. -
  1) a collapsed core design where the core and distribution switches are the same pair. For a single building with maybe a WAN connection plus internet this is quite a common design because having a completely separate core is usually quite hard to justify in terms of cost etc.
  2) a routed access layer. Here the access layer switches are L3 and the vlans are routed at the access layer. In this instance you may not not even need vlans on the distribution switches although again to save cost often servers are deployed onto those switches so you may.
  So a lot of it comes down to the size of the network and the budget involved as to which solution you go with.
  All of the above is really concerned with non DC environments.
  In the DC the traditional core/distro or aggregation/access layer was also used and still is widely deployed but in relatively recent times new designs and technologies are changing the environment which could have a big impact on vlans.
  It's mainly to do with network virtualisation, where the vlans are defined and where they are not only routed but where the network services such as firewalling, load balancing etc. are performed.
  It's quite a big subject so i didn't want to confuse the general answer by going into it but feel free to ask if you want more details.
  Jon