Border Manager 3.8.5 and S2S VPN
I have a couple of questions with Border Manager and S2S VPN. Everything
is up and running, we can ping both servers (Netware 6.5.6), we can ping
workstations attached to each others network, we can access programs from
each others network. Everything seems to be working great. The question I
have is this - on both servers, under Remote Manager, VPN Monitoring, both
show as 'Being Configured'. I do not think that this is an issue but there
is another error in the Audit Log. The error -
"Proposal Mismatch - Quick Mode: ESP - transform mismatch mine: esp des
his: esp 3des dst: xx.xx.xx.xx src: xx.xx.xx.xx cookies
my-his:17B2D88772DE1D61 - 4F15FFD50824F821".
This appears on both servers Audit Log.
Is this a legit error or a information error? I used Craig Johnson's 'A
Beginner's Guide To BorderManager 3.x' but ended up making both VPN's
masters as per Novell TID - 10095268.
If anyone has an insight as to what these errors are and if there is a
fix it would be greatly appreciated.
Kelly
Kelly Burnside wrote:
> I have a couple of questions with Border Manager and S2S VPN. Everything
> is up and running, we can ping both servers (Netware 6.5.6), we can ping
> workstations attached to each others network, we can access programs
> from each others network. Everything seems to be working great. The
> question I have is this - on both servers, under Remote Manager, VPN
> Monitoring, both show as 'Being Configured'.
Sometimes the imanager snapin can not get the current status of the
connection from vpinf so it shows 'Being Configured'. It can take some
times, maybe days to change the status.
I do not think that this is
> an issue but there is another error in the Audit Log. The error -
> "Proposal Mismatch - Quick Mode: ESP - transform mismatch mine: esp des
> his: esp 3des dst: xx.xx.xx.xx src: xx.xx.xx.xx cookies
> my-his:17B2D88772DE1D61 - 4F15FFD50824F821".
This is not an error, it is an information message.
> This appears on both servers Audit Log. Is this a legit error or a
> information error? I used Craig Johnson's 'A Beginner's Guide To
> BorderManager 3.x' but ended up making both VPN's masters as per Novell
> TID - 10095268. If anyone has an insight as to what these errors are
> and if there is a fix it would be greatly appreciated.
> Kelly
Everything is fine, nothing to be worry about.
gonzalo
Similar Messages
-
Border Manager and Cisco ACS connection
The NIC in the Border Manager server failed.
I installed a new NIC and gave it the same IP address and mask as the old
one. The lights on the NIC's in both boxes are green but I cannot ping one
from the other. They are connected with a cross-over cable
I was told I would have to set up a 'route' - help please.
The person who would normally set this up is sun bathing on an island
somewhere in the Indian Ocean.> > In article <LShvd.6367$[email protected]>, wrote:
> > > The NIC in the Border Manager server failed.
> >
> > Which NIC? The public side, or the private side?
> >
> > > I installed a new NIC and gave it the same IP address and mask as
the
> old
> > > one.
> >
> > If this was on the public side, did you also rename the interface the
> same as
> > the old one? (If not, your filters may fail to filter).
> >
> > > The lights on the NIC's in both boxes are green but I cannot ping
one
> > > from the other. They are connected with a cross-over cable
> >
> > UNLOAD IPFLT (drops filters) for a test. If you did everything right,
> the
> > default filters may be blocking ICMP, and so you would normally not be
> able
> > to ping.
> >
> > > I was told I would have to set up a 'route' - help please.
> >
> > Seems unlikely. Changing a nic will not normally change any
configured
> > static routes, as they are stored in a separate file.
> >
> > > The person who would normally set this up is sun bathing on an
island
> > > somewhere in the Indian Ocean.
> >
> > Must be nice!
> >
> >
> > Craig Johnson
> > Novell Support Connection SysOp
> > *** For a current patch list, tips, handy files and books on
> > BorderManager, go to http://www.craigjconsulting.com ***
> >
>
> The card that I replaced in the Border Manager server had a 192.168.x.x
> address, connected to the card in the ACS box with a cross-over cable.
The
> card in the ACS box is also a 192.168.x.x address. I have a route set up
> to the 192.168.101.0 network specifying the ACS box address as the next
> hop.
> Mike
>
Problem solved, the card has blown in the ACS box. -
S2S VPN - ASA 5505 to ASA 5540 - Routing Problems
I'm a software developer (no doubt the issue) trying to setup my remote office (5505) to the main office (5540). No problem getting the S2S VPN up, but I definitely have problems with the routing. Using tracert, it shows it going into the remote network for a couple of hops, but then timing out. Packet tracer shows everything is fine. Using my client VPN credentials to the remote network, same on the return path...does a few hops, then gets lost. I've stripped down the config to the basics and ensured it isn't security settings on both ends, but still doesn't work. I've spent A LOT of hours trying to get this to work, so thanks for any assistance!
Current running config:
ASA Version 8.2(5)
hostname asa15
enable password XXXXX encrypted
passwd XXXXX encrypted
names
name 10.0.0.0 remote-network
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.16.5.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
access-list outside_1_cryptomap extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
access-list inside_nat0_outbound extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
access-list inside_access_in extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
access-list inside_nat0_outbound_1 extended permit ip 172.16.5.0 255.255.255.0 remote-network 255.0.0.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm location remote-network 255.0.0.0 inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound_1
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 99.X.X.7 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 172.16.5.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 99.X.X.7
crypto map outside_map 1 set transform-set ESP-AES-128-SHA
crypto map outside_map 1 set reverse-route
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 28800
vpn-addr-assign local reuse-delay 5
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 172.16.5.100-172.16.5.130 inside
dhcpd auto_config outside interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
tunnel-group 99.X.X.7 type ipsec-l2l
tunnel-group 99.X.X.7 ipsec-attributes
pre-shared-key XXXXX
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
: endjust out of curiosity, why do you have
route outside 0.0.0.0 0.0.0.0 99.X.X.7 1
You already set your default route through DHCP setroute under the interface. this could be the issue.
If your VPN config is ok and you are seeing encaps/decaps, it is likely a routing issue.
Does the remote device have the correct default gateway?
May be a Natting issue if you have a one-way tunnel (usually send but no receive)...
Patrick -
S2S VPN only works in one direction
I'm very new to cisco devices but we recently acquired a catalyst 2911 device for our co-lo cabinet and I am trying to get a site-to-site vpn connection working between the facility and my offices network as well as a remote access VPN for me to use in case I have to fix something while outside of the office.
The office's gateway is 66.119.163.2 and the device is a TZ210 with it's LAN network being 192.168.1.0 /24
The co-los gateway is 204.244.50.254 and the device is an ASR 2911 with it's LAN network being 10.0.10.0 /24
The S2S VPN connection is up between the two locations and the 2911 device and the servers within it's LAN can ping and RDP to the office's machines. The office network can only ping the LAN interface IP on the 2911 which is 10.0.10.1 but not the servers in the network. the site-to-site VPN was set up with the CCP wizard.
How can I allow the 192.168.1.0/24 network to see the 10.0.10.1/24 network and why do I only currently see the gateway?
If need be I can post my running-config file with the preshare keys redacted.I would suggest that you change your vpn client pool to be in a totally unique subnet.
For example:
10.20.20.0/24
ip local pool SDM_POOL_1 10.20.20.200 10.20.20.250
Then a few ACLs to be modified:
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 105 permit ip 10.20.20.0 0.0.0.255 10.0.10.0 0.0.0.255
access-list 105 permit ip 10.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
ip access-list extended 106
5 deny ip 10.0.10.0 0.0.0.255 10.20.20.0 0.0.0.255
ip access-list extended 107
5 deny ip 10.0.10.0 0.0.0.255 10.20.20.0 0.0.0.255 -
Hi
Running Border Manager Proxy Server 3.8 on Netware 6.5 sp5, is there a way
to draw reports on internet access for users?In article <akoIi.855$[email protected]>, Janine wrote:
> Running Border Manager Proxy Server 3.8 on Netware 6.5 sp5, is there a way
> to draw reports on internet access for users?
>
BorderManager has some logging display options built in (described in my BMgr
3.x book - see the URL below), but mostly you are expected to use 3rd-party
log analysis tools.
See tip #21 at the URL below, and tip #72.
As for commercial programs to look at log files, I've heard Cyfin Reported is
good, but pricy. Any program which can read a web server's common log files
could be used to look at your proxy logs, though they may not give the output
you want.
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com *** -
Managing VMs in Azure and AWS : What's the best practice?
Hi guys,
I'm doing some research to understand what my options are when it comes to managing some machines in both Azure and AWS. I'd ideally like to treat each web service as a separate physical office site, demarking boundaries and putting a Distribution
Point (or maybe a secondary, based on the bandwidth costs) up in each to handle content distribution. The VMs within these services are routable, as in I can ping them and they can ping back to the core datacenter where I plan to put the primary.
Have you guys done something like this before? How did it work out? How would you recommend I approach managing less than 50 Azure + AWS VMs? I'm trying to keep this infrastructure as simple as is possible, and currently only
has one Primary site.
Thanks!
If this post was helpful, please vote up or 'Mark as Answer'! More of this sort of thing at www.foxdeploy.comManaging Azure VMs from an on-prem ConfigMgr instance is supported and should work no problem assuming you have a VPN connection set up (which it sounds like you do):
http://support.microsoft.com/kb/2889321
There really is nothing special here. It's just network traffic and the VPN makes the actual physical location of the target managed system irrelevant. As long as the client can communicate with the MP, DP, and WSUS instance on the normal ports (80, 8530,
and 10123 by default) then it'll work.
Same goes with Amazon. Although of course it isn't specifically supported by Microsoft, neither is your internal networking infrastructure.
Jason | http://blog.configmgrftw.com | @jasonsandys -
Border Manager 3.9 upgrade
Are current subscription holders of SMB6.6 eligable for the upgrade to
3.9 border manager?Chuck,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Border Manager Radius Services
Can someone tell me how many DNS servers can you specify with Border
Manager Radius Services?Kerry,
It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
- You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
Hi all!
Please give me advice in the problem below:
Exist a device in the Small business portfolio which allows certificate based authentication (not only PSK) in S2S VPN?
Or which is the first/cheapest device that support this function?
We have to connect a device (remote site) to a Checkpoint firewall (central site) over S2S VPN.
On the remote site NO fixed IP address. And our contact person sad, the Checkpoint support this type of connection only with certificate.
(PSK is not allowed, only with fixed IP)
Thanks,You are on the right track. Client certificates plus OTP authentication methods is one of the most secure ways to setup remote access VPN on the ASA.
For revocation, the ASA will generally check the CRLs on the issuing CA. (or in rare cases use OCSP)
For your second post, you use connection-profiles (i.e. pre-login selection) to configure the different authentication methods for your two (or more) use cases.
You might want to invest in the certifcation guide for the CCNP VPN exam:
CCNP Security VPN 642-648 Official Cert Guide (2nd Edition)
Even though that exam is being retired next month, it has a wealth of information that complements the configuration guides with a more comprehensive explanation of just the type of questions you are asking. -
S2S VPN Dropping GroupWise Connection
We have a S2S vpn between two BM 3.8.4 servers. At the remote site, the
user has a full GroupWise 7.0.2 client running in caching mode, which
connects to the post office at the home site. Everything will work fine
for about 4 hours, then the GW client will fail to connect. The only way
to recover is to reboot the client system. While the GW client will not
connect, all other services through the tunnel work fine. The servers
never lose contact, and I can even remote the system in question while it
can't connect to GW.
There is nothing scheduled to run every 4 hours on the system or the
servers. The NIC is not set to power off. We sent another system to the
remote site, and brought his back here. The new system at the remote site
does the same thing, but the old system connected to the post
office locally without going through the vpn stays connected.
I looked at the old (2004) post from Craig about making sure the connection
can be initiated from both sides, and it can. Am I missing something?
TIAIn article <f6Fkk.13632$[email protected]>, Randall Diekmeyer
wrote:
> It seems to happen every four hours. Would a packet capture from the BM
> server do? That would save me from a 10 hr round trip. :-)
>
That's hard to say. Capturing packets might just get you a bunch of
encrypted traffic and miss what is going on at the client. Wouldn't hurt
though.
Why not try to remote into the problem PC and install wireshark, and then
use it remotely? Either RDP, or VNC. You'll have to filter out the remote
control traffic, and probably other stuff as well, but you will at least
see what is happening where it is important.
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com *** -
Hi guys,
I have created a site to site VPN between my WatchGuard XTM firewall and MS Azure static gateway. The VPN connects without any issues, but I noticed the file transfer speeds to my servers (via SMB) are very slow. Most of the time it peaks at 350KB/s, sometimes
it hovers around 70KB/s. I have 200Mbps fibre link that is not saturated at all.
sometimes it reaches 3-5MB/s, but it is rare and random.
I'm located in Sydney Australia, the Virtual network is in the UK. I tried to test the Netherlands and Sydney data centres, same exact problem, very poor performance.
Anyone having similar issues with S2S VPNs?
Thanks,
IbHello Code_Jax,
1. Have you created the Azure resources in the same data center region?
2. Is the region that you have chosen close to your On-premise network?
I suggest that you change the region where you have deployed your Azure Resources and check if you get the same Performance.
I also suggest that you use Netmon to and analyze network traffic. You can follow the link below to download Netmon:
https://www.microsoft.com/en-us/download/details.aspx?id=4865
Thanks,
Syed Irfan Hussain -
hi,
i created a S2S VPN and the ASA2's internet connection isn't that good and some packet losses would be 'normal'.
i'm not sure if that relates to the unequal encap/decaps on my 'sh crypto ipsec sa' output.
is the below reading normal?
ASA1:
#pkts encaps: 129766, #pkts encrypt: 130193, #pkts digest: 130193
#pkts decaps: 90306, #pkts decrypt: 90306, #pkts verify: 90306
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 129766, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 427, #pre-frag failures: 0, #fragments created: 854
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 29
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0
ASA2:
#pkts encaps: 533, #pkts encrypt: 533, #pkts digest: 533
#pkts decaps: 600, #pkts decrypt: 600, #pkts verify: 600
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 533, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 36
#send errors: 0, #recv errors: 0Hi,
I don't think there is anything unusual about the packet count being different for decaps/encaps
I would imagine that typically the data transfer is uneven so I don't expect ever to see these counters match. Only time is usually when just configuring a new connection and testing it with ICMP which would result in identical count in encap/decap counters (if the ICMP went through) as we would see echo/echo-reply packets.
If you would see zero counter on one of the SA pairs then it would indicate a problem
I don't see anything special/strange in the above.
- Jouni -
Hello,
I been trying to get my cisco VPN for few days now, and haven't gotten far.. NO traffic going across the sites..
RouterB# 2801 IOS adventerprisek9-mz.124-22.YB8
crypto isakmp policy 10
authentication pre-share
group 2
crypto isakmp key P2P address 24.47.184.XX
crypto ipsec transform-set P2P ah-sha-hmac
crypto map S2S-VPN-MAP 100 ipsec-isakmp
set peer 24.47.184.XX
set transform-set P2P
match address S2S-VPN-TRAFFIC
IPv4 Crypto ISAKMP SA
dst src state conn-id status
IPv6 Crypto ISAKMP SA
Crypto Map "S2S-VPN-MAP" 100 ipsec-isakmp
Peer = 24.47.184.XX
Extended IP access list S2S-VPN-TRAFFIC
access-list S2S-VPN-TRAFFIC permit ip 0.0.0.0 255.255.0.0 0.0.0.0 255.255.0.0
Security association lifetime: 4608000 kilobytes/3600 seconds
PFS (Y/N): N
Transform sets={
P2P: { ah-sha-hmac } ,
Interfaces using crypto map S2S-VPN-MAP:
RouterB# 2821 IOS 2800nm-advipservicesk9-mz.124-24.T1
crypto isakmp policy 10
authentication pre-share
group 2
crypto isakmp key P2P address 108.170.99.XX
crypto ipsec transform-set P2P ah-sha-hmac
crypto map S2S-VPN-MAP 100 ipsec-isakmp
set peer 108.170.99.XXX
set transform-set P2P
match address S2S-VPN-TRAFFIC
Crypto Map "S2S-VPN-MAP" 100 ipsec-isakmp
Peer = 108.170.99.XX
Extended IP access list S2S-VPN-TRAFFIC
access-list S2S-VPN-TRAFFIC permit ip 0.0.0.0 255.255.0.0 0.0.0.0 255.255.0.0
Security association lifetime: 4608000 kilobytes/3600 seconds
Responder-Only (Y/N): N
PFS (Y/N): N
Transform sets={
P2P: { ah-sha-hmac } ,
Interfaces using crypto map S2S-VPN-MAP:
IPv4 Crypto ISAKMP SA
dst src state conn-id status
IPv6 Crypto ISAKMP SA
I have applied the crypto map on the interfaces and created ACL to allow the traffic..
I would appreciate if someone can point me on the right direction..Not to sure if it makes a difference, but RouterA isn;t the same as B when i do show cry engine bri
RouterB#sh crypto engine bri
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: onboard 0
Product Name: Onboard-VPN
Middleware Version: v1.3.3
Firmware Version: v2.3.3
Time running: 153029 seconds
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0000
Maximum SA index: 0000
Maximum Flow index: 2400
Maximum RSA key size: 2048
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: EBFFDF68
crypto engine state: installed
crypto engine in slot: N/A
RouterA#sh crypto engine bri
crypto engine name: Virtual Private Network (VPN) Modul
crypto engine type: hardware
State: Enabled
Location: onboard 0
Product Name: Onboard-VPN
HW Version: 1.0
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0000
Maximum SA index: 0000
Maximum Flow index: 0300
Maximum RSA key size: 0000
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: 93994D78
crypto engine state: installed
crypto engine in slot: N/A -
How to have one centeral management console for DB and Application server?
Hi
Thank you for reading my post
I read in several places that ORACLE provide facilitis that help developers to have one centeral console to manage Application server / Database and what ever oracle products.
I want to know that, when i have Oracle 10g r2 and Application server 10.1.3.1 installed, how i can use that centeral management console?
is it some other application that i should install ?
or it is just some more configuration?
thanksWhat you are looking for is called Grid Control.
You will need the Grid Control Agent installed on each server that has products from Oracle's technology stack installed (database, web server, app server, etc). You will also need install the Grid Control software and repository.
You can download Grid Control from the following link:
http://www.oracle.com/technology/software/products/oem/index.html -
I need your help with a decision to use iPhoto. I have been a PC user since the mid 1980’s and more recently have used ACDSee to manage my photo images and Photoshop to edit them. I have used ProShow Gold to create slideshows. I am comfortable with my own folder and file naming conventions. I currently have over 23,000 images of which around 60% are scans going back 75 years. Since I keep a copy of the originals, the storage requirements for over 46,000 images is huge. 180GB plus.
I now have a Macbook Pro and will add an iMac when the new models arrive. For my photos, I want to stay with Photoshop which also gives me the Bridge. The only obvious reason to use iPhoto is to take advantage of Faces and the link to iMovie to make slideshows. What am I missing and is using iPhoto worth the effort?
If I choose to use iPhoto, I am not certain whether I need to load the originals and the edited versions. I suspect that just the latter is sufficient. If I set PhotoShop as my external editor, I presume that iPhoto will keep track of all changes moving forward. However, over 23,000 images in iPhoto makes me twitchy and they are appear hidden within iPhoto. In the past, I have experienced syncing problems with, and database errors in, large databases. If I break up the images into a number of projects, I loose the value of Faces reaching back over time.
Some guidance and insight would be appreciated. I have a number of Faces questions which I will save for later.Bridge and Photoshop is a common file-based management system. (Not sure why you'd have used ACDSEE as well as Bridge.) In any event, it's on the way out. You won't be using it in 5 years time.
Up to this the lack of processing power on your computer left no choice but to organise this way. But file based organisation is as sensible as organising a Shoe Warehouse based on the colour of the boxes. It's also ultimately data-destructive.
Modern systems are Database driven. Files are managed, Images imported, virtual versions, lossless processing and unlimited editing are the way forward.
For a Photographer Photoshop is overkill. It's an enormously powerful app, a staple of the Graphic Designers' trade. A Photographer uses maybe 15% to 20% of its capability.
Apps like iPhoto, Lightroom, Aperture are the way forward - for photographers. There's the 20% of Photoshop that shooters actually use, coupled with management and lossless processing. Pop over to the Aperture or Lightroom forums (on the Adobe site) and one comment shows up over and over again... "Since I started using Aperture/ Lightroom I hardly ever use Photoshop any more..." and if there is a job that these apps can do, then the (much) cheaper Elements will do it.
The change is not easy though, especially if you have a long-standing and well thought out filing system of your own. The first thing I would strongly advise is that you experiment before making any decisions. So I would create a Library, import 300 or 400 shots and play. You might as well do this in iPhoto to begin with - though if you’re a serious hobbyist or a Pro then you'll find yourself looking further afield pretty soon. iPhoto is good for the family snapper, taking shots at birthdays and sharing them with friends and family.
Next: If you're going to successfully use these apps you need to make a leap: Your files are not your Photos.
The illustration I use is as follows: In my iTunes Library I have a file called 'Let_it_Be_The_Beatles.mp3'. So what is that, exactly? It's not the song. The Beatles never wrote an mp3. They wrote a tune and lyrics. They recorded it and a copy of that recording is stored in the mp3 file. So the file is just a container for the recording. That container is designed in a specific way attuned to the characteristics and requirements of the data. Hence, mp3.
Similarly, that Jpeg is not your photo, it's a container designed to hold that kind of data. iPhoto is all about the data and not about the container. So, regardless of where you choose to store the file, iPhoto will manage the photo, edit the photo, add metadata to the Photo but never touch the file. If you choose to export - unless you specifically choose to export the original - iPhoto will export the Photo into a new container - a new file containing the photo.
When you process an image in iPhoto the file is never touched, instead your decisions are recorded in the database. When you view the image then the Master is presented with these decisions applied to it. That's why it's lossless. You can also have multiple versions and waste no disk space because they are all just listings in the database.
These apps replace the Finder (File Browser) for managing your Photos. They become the Go-To app for anything to do with your photos. They replace Bridge too as they become a front-end for Photoshop.
So, want to use a photo for something - Export it. Choose the format, size and quality you want and there it is. If you're emailing, uploading to websites then these apps have a "good enough for most things" version called the Preview - this will be missing some metadata.
So it's a big change from a file-based to Photo-based management, from editing files to processing Photos and it's worth thinking it through before you decide.
Maybe you are looking for
-
Error in Template creation in OSA
HI , We are in process of implementation of OSA , i have done all configurations on the Development system , it works fine , but when i do the same on to the quality or the production server i encounter the following detail error , the system shows A
-
"revert" deleted hard drive name in disk utility HELP!!
I booted my wifes macbook pro 10.4.11 in target mode and connected it to my computer, macbook pro 10.5.6 and went into my disk utility to create a partition in the other computer. I used my disk utility from 10.5.6 because for some reason it got eras
-
Safari isn´t showing Facebook quick link on Mountain Lion
Hi guys, I´ve noticed that Safari won´t show Facebook link in the Condivision Quick Menu. I can just see Twitter but not Facebook. Any idea why? Thanks in advance.
-
Aliased edges to shapes animated w/ FCE distortion filters
I'm creating a sharp edged shape in Photoshop at 720 x 480 res w/ .9 aspect ratio and importing it into FCE. When I animate it using FCE's distortion filters like Wave, Ripple, Whirlpool, etc. the edges of the shape become stepped, most noticeably wh
-
I have downloaded itunes. How do I start the IPAD?
How do I get the ipad to work? I have downloaded itunes, but when I turn the ipad on, it shows the cable and the itunes logo only.