Cluster and Security

Similar Messages

• Cluster logins and security

  I am new to SQL Server clusters for HA, but from a security angle, say for example you have 10 SQL Servers in the cluster, and Server 1 dies, do Server 2 takes on the databases in Server 1 - how are the logins in Server 1 carried over so users can still
  login and access their databases? Or do you have to clone all accounts on all servers so they can still login to any server. This seems massively unsecure to me, as users who need access to a DB on server 1 will have no requirement to access DB's on other
  servers in the node. So how does it work? Please keep answers basic for someone new to this.

  Hi,
  Read this short tutorial :-)
  http://www.brentozar.com/archive/2012/02/introduction-sql-server-clusters/
  There is no reason to write it in the forum again:
  "A failover cluster basically gives you the ability to have all the data for a SQL Server instance installed in something like a share that can be accessed from different servers. It will always have the same instance name, SQL Agent jobs, Linked Servers
  and Logins wherever you bring it up. You can even make it always use the same IPAddress and port– so no users of the SQL Server have to know where it is at any given time."
  [Personal Site] [Blog] [Facebook]

• Break cluster and move databases to new server

  Hello everyone.  I have a question that may be basic but I am by no means a SQL person.  Right now we have a SQL 2005 cluster running on VM ESXi with a celerra backend storage.  Some drives are mapped Raw.  We recently put in a new
  VNX and we are not able to migrate the SQL server over due to how the drives are mapped.  I am thinking that I want to build a new SQL server and move the databases.  The new build will not be a cluster since we have point in time recovery manager
  from EMC.  Now my thinking is, can I break the cluster, move the 2nd node to the new ESXi and storage and present new storage or would it be best to just build a new server?  Is it easy enough to change an instance name after SQL is running? 
  Several applications refer to the SQL Cluster and they are critical so I need something with least amount of downtime.  Would doing backup of all of SQL and then a restore to the new system be best?  Any thoughts or direction?  Thanks
  Joe M

  The most straightforward and reliable method is to build a new server, migrate the databases using backup/restore, test the new server, and cut-over by shutting down the old servers and either reconfiguring the client applications or renaming the new server
  to have the same network name as the old server's SQL Cluster Client Access point. 
  You can also use DNS redirection instead of renaming the new server, although using a DNS hostname alias for your server requires some additional security configuration.  EG
  http://blogs.msdn.com/b/dbrowne/archive/2012/05/21/how-to-add-a-hostname-alias-for-a-sql-server-instance.aspx
  David
  David
  David http://blogs.msdn.com/b/dbrowne/

• Some error in cluster alertlog but the cluster and database is normal used.

  hi.everybody
  i used RAC+ASM,RAC have two nodes and ASM have 3 group(+DATA,+CRS,+FRA),database is 11gR2,ASM used ASMlib,not raw.
  When i start cluster or auto start after reboot the OS,in the cluster alertlog have some error as follow:
  ERROR: failed to establish dependency between database rac and diskgroup resource ora.DATA.dg
  [ohasd(7964)]CRS-2302:Cannot get GPnP profile. Error CLSGPNP_NO_DAEMON (GPNPD daemon is not running).
  I do not know what cause these error but the cluster and database can start normal and use normal.
  I do not know whether these errors will affect the service.
  thanks everybody！

  anyon has the same question?

• I have forgotten my apple security questions, when I go to My Apple ID and click on password and security, there is no option to reset my security questions even though I have a rescue email adress, how do i reset my security question ?

  I have forgotten my security questions but when I click on My Apple ID and got to password and security, there is no option to rest my questions and/or send my self a rescue email, what do I do now ?

  You need to contact Apple. Click here, phone them, and ask for the Account Security team, or fill out and submit this form.
  (89174)

• Start up problems after Safari 3.1 and Security update

  Updated safari and security update last night.
  Safari downloaded and installed but there was an error downloading or installing the security update, I forgot.
  After I restarted everything booted up fine, but was stuck on "Starting Mac OS X" screen.
  Did a fsck and zap the pram, still stuck.
  Today I tried booting up in safe mode, stuck on the gray screen with the apple logo.
  Then I tried booting up from an external firewire dvd drive. Repaired permissions, repaired the disk, but it is still stuck on "Starting Mac OS X" screen. Help please...
  Thank you

  Ok i had a similar problem, with all the recent updates for Leopard, including the 10.5.2 combo update... the 12" PowerBook G4 kept getting stuck on the grey apple and spinning wheel... if it managed to get past this it would get stuck on the blue screen!!!
  The way i got around this, after trying all these other tips was: Archived & Installed 10.5; restarted, waited; downloaded 10.5.2 Combo update, installed; restarted, waited; waited; waited; after getting back to desktop, restarted, waited; then ran Software Update only installing one at a time, and after each install, restarted, waited; when all Software updates completed, proceeded with iLife updates etc... It took a while (still quicker than the 3 days of failed installs and updates) with a lot of waiting on the blue screen (5-20mins) but we got there in the end. Disks where checked with Leopard Disk Utility before and after, permissions where checked before and after completing all installs, also with a DW 4.1 optimization. Also note worthy is the RAM was upgraded from the initial 256Mb (!!!) with an extra Gb.

• Bursting with translation and security attributes?

  Hi folks,
  I've been lurking on the forum for a while and despite not always finding a solution, existing threads normally pointed me in the right direction - so thanks :)
  I'm working on EBS 11.5.10 with the latest Bi-Publisher 5.6.3 (5472959) and bursting (5968876) patches installed.
  I have successfully done the following individual AR Invoice Bi-Publisher tasks:
  1. translated an invoice RTF template by attaching an xliff file to the data definition,
  2. applied security attributes to the template to restrict updates on the resulting PDF,
  3. burst a custom AR invoice print and emailed the resultant pdf's.
  The PDF generated by the combined Invoice print correctly applies the translation and security attributes; however when I run the "XML Publisher Report Bursting Program" to the XML file the resultant burst PDF's do not apply the translation or security attributes. I assume this a limitation of bursting control files? If so, is this on the list of future enhancements to Bi-Publisher?
  Here's an example of my control file document entry, I have included locale and pdf-security entries - these don't cause an error but equally don't generate the desired result (p.s. I know I'm emailing on a PRI filter - it's just a test):
  <xapi:document output-type="pdf" delivery="att_email">
  <xapi:template type="rtf"
  location="/usr/tmp/xxxINVOICE3.rtf"
  locale="fr-US"
  pdf-security="true" pdf-encryption-level="1" pdf-permissions-password="xxxxxx"
  filter=".//G_INVOICE_HEADER[PRINTING_OPTION='PRI']" >
  </xapi:template>
  </xapi:document>
  Thanks
  Dave

  =================
  ==Properties Idea's
  =================
  You would have happened to try applying the security stuff in the application for your template? Try that and see if the pdf properties get set.
  If that doesn't work your left with two options:
  1. create a java concurrent program and set the properties manually.
  2. Log a tar.
  =================
  ==local idea's
  =================
  Are you sure you don't have to create template config for the locale? i suspect that's why it's not applying the xliff translation. Also, your NLS_LANG needs to be set to FRENCH for the approriate template to be applied. If your logged-in as english your french format template will not be applied, neither will the translation. As an example you can query vl table and you'll only get american (us) but if you alter your session you'll get the translation for that language when your query the table.
  location="xdo://xxxAR.xxx_XML_PRINT.fr.US"
  try it out and see if that works. Note: This will only work if your session NLS_LANG is set to FRENCH.

• How to Set up HTTPOnly and SECURE FLAG for session cookies

  Hi All,
  To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
  I have found the below solutions.
  For setting up the HTTPOnly for the session cookies.
  1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.httponly = true;
  For setting up the secure flag for the session cookies.
  2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.secure = "true"
  Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
  <cfapplication setclientcookies="false" sessionmanagement="true" name="test">
  <cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
    <cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
    <cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
  </cfif>
  But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
  Your timely help is well appreciated.
  Thanks in advance.

  BKBK wrote:
  Abdul L Koyappayil wrote:
  BKBK wrote:
  You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
  I couldnt understand this. I mean how are you relating this with my question.
  When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
       If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
  Name:
  JSESSIONID
  Content:
  782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
  Domain:
  xyz.abc.pqr.com
  Path:
  Send for:
  Any kind of connection
  Accessible to script:
  No (HttpOnly)
  Created:
  Wednesday, September 3, 2014 2:25:10 AM
  Expires:
  When the browsing session ends
  BKBK wrote:
  2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
  Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
       I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
  BKBK wrote:
  3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
  It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
       I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea??

• HT2534 My friend created me an itunes store account with his credit card , his credit card is about to expire and they are asking me to re-enter the credit card and security card number .... I don't have these numbers ... How can i create new itunes accou

  My friend created me an itunes store account with his credit card , his credit card is about to expire and they are asking me to re-enter the credit card and security card number .... I don't have these numbers ... How can i create new itunes account without credit card?????

  Why do you need to create a new account?
  Just change the payment method.
  http://support.apple.com/kb/ht1918

• I forgot the answers for the security questions and when I try to change them (My Apple ID - Manage your account - Password and Security) I'm asked to answer the exact questions I'm Trying to change because I don't remember the answers. How can I do it?

  I forgot the answers for the security questions and when I try to change them (My Apple ID -> Manage your account -> Password and Security) I'm asked to answer the exact questions I'm trying to change because I don't remember the answers. How can I do it?

  Can't you try the email option instead?

• [Request] Move Windows Control Panel applet from "System and Security" to "Programs"

  The "Flash Player (32-bit)" Windows Control Panel applet should be  moved from "System and Security" to "Programs" where the Java applet is.
  Vote: https://bugbase.adobe.com/index.cfm?event=bug&id=2953107
  Thanks

  njb,
  Why not just run the ThinkVantage System Update and let it install as usual. You can also "un-check" those drivers that you don't want to install.
  *Non Lenovo employee*
  I have a Y2P (i5) ... Feel free to ping me if you want me to test some applications with your Y2P if you have the same model. I don't mind keep doing recovery on it if needed .... =)

• System and security control panel

  Could someone with a W520 take a screenshot of the lenovo apps in their "system and security" section of control panel please. I am doing a ground up install from bare windows 7 to get rid of the preloaded SQL server 2005 and adding back the programe I want.
  Just want to seee what came preloaded.
  Thanks

  njb,
  Why not just run the ThinkVantage System Update and let it install as usual. You can also "un-check" those drivers that you don't want to install.
  *Non Lenovo employee*
  I have a Y2P (i5) ... Feel free to ping me if you want me to test some applications with your Y2P if you have the same model. I don't mind keep doing recovery on it if needed .... =)

• "logon time" between USR41 and security audit log

  Dear colleagues,
  I got a following question from customer for security audit reason.
  > 'Logon date' and 'Logon time' values stored in table  USR41 are exactly same as
  > logon history of Security Audit Log(Tr-cd:SM20)?
  Table:USR41 saves 'logon date' and 'logon time' when user logs on to SAP System from SAP GUI.
  And the Security Audit Log(Tr-cd:SM20) can save user's logon history;
  at the time when user logged on, the security audit log is recorded .
  I tried to check SAP GUI logon program:SAPMSYST several ways, however,
  I could not check it because the program is protected even for read access.
  I want to know about specification of "logon time" between USR41 and security audit log,
  or about how to look into the program:SAPMSYST and debug it.
  Thank you.
  Best Regards.

  Hi,
  If you configure Security Audit you can achieve your goals...
  1-Audit the employees how access the screens, tables, data...etc
  Answer : Option 1 & 3
  2-Audit all changes by all users to the data
  Answer : Option 1 & 3
  3-Keep the data up to one month
  Answer: No such settings, but you can define maximum log size.
  4-Log retention period can be defined.
  Answer: No !.. but you can define maximum log size.
  SM19/SM20 Options:
  1-Dialog logon
  You can check how many users logged in and at what time
  2-RFC login/call
  Same as above you can check RFC logins
  3-Transaction/report start
  You can see which report or transaction are executed and at what time
  (It will help you to analyise unauthorized data change. Transactions/report can give you an idea, what data has been changed. So you can see who changed the data)
  4-User master change
  (You can see user master changes log with this option)
  5-System/Other events
  (System error can be logged using this option)
  Hope, it clear the things...
  Regards.
  Rajesh Narkhede

• I have used a Seagate external hard drive for my Mac desktop. It is malfunctioning. Can I disconnect and depend on iCloud to keep my documents, music, and photos backed up safe and secure? I use the Cloud for phone, pad and desktop.

  Can I expect iCloud to safely back up and secure my documents, music and pictures? I am using Cloud on phone, pad, and desktop. Have depended on external hard drive in the past. It is malfunctioning. Will the Cloud replace it for storage and safety?

  Time Machine in itself, without an external drive may well be good for instances where you accidentally delete documents that you later require. However in the event of a hard drive failure, if Time Machine backup is kept on the same drive as the original items, it will not be much use to you.
  In my opinion, it is vitally important that you have an external drive for backup, whether you use Time Machine or a another backup solution is entirely up to you.
  My situation is slightly unusual, I have four hard drives in my computer and multiple arrays of hard drive enclosures with multiple hard drives within them (in total I have 40 TB of storage). As a result of this I tend to employ more than one backup procedure, I use Time Machine to backup some items and a utility called tri-backup to backup other items. I also keep two backups of everything.
  Time Machine is free, it's included with your operating system, I wonder if you mean time capsule.

• HT1222 MacOSX v10.6.8 mail and security update issues - help?

  in the system profiler, my mail app is showing as v4.5  but has the application name Mail 3.6  
  Not sure if that matters but I read to reinstall updcombo and security update but when installing the security update I get:
  security update 2012-004 can't be installed on this disk. This volume does not meet the requirements
  Help?

  this is where the install stops