CSM persistence question

i all,
in my balancing enviroment i need to sending multiple connection from different client to the same real server.
there is a solution for my problem?cookie?sticky url?
i'm very confused,it's my first configuration in this way.
best regards
Aghi

Aghi,
this is possible if there is something the CSM can use to identify the connections that have to go to the same server.
For example, if your application can set a cookie value like server=rs1, then we can create a config based on cookie sticky to achieve what you need.
If there is no such data to identify the server, then it doesn't seem to be possible.
If a human can't tell us how to distinguish a connection that needs to go to server1 from another one, a machine can't do job either.
Gilles.

Similar Messages

  • CSM general questions

    I've many times worked on the CSS but this is my first on the CSM and have some functional questions regarding it that I cannot seem to find answers for in the CCO docs. I appreciate any/all input.
    I am running a CSM in bridged (non-secure) mode with the client side being on the MSFC side and my questions are as follows:
    1) Should I disable NAT for both the client and server side?
    2) Should the real servers default GW be pointed back towards the CSM VIP?
    3) Does the CSM replace the source IP address of the client (in the client request) with that of itself?
    Thanks again.
    Mike.

    Mike,
    For a vserver in a transparent caching setup, you would configure no nat client, no nat server, but for most other traffic, you will want nat server, no nat client.
    If you are refeffing to "ip nat" under the interface in the MSFC config, remove that from the CSM vlans.
    For bridged mode CSM, the real server gateway is the MSFC vlan address on the CSM client vlan of the CSM, not to the CSM VIP.
    If you config nat client, you also must config a nat pool for the CSM. In this case, the client source IP is replaced with a nat pool address.
    Peter

  • CSM configuration question

    Customer wasnt current CSM config changed:
    ===================================
    Customer's request is to make all requests go to real server 173.200.12.109 and if that server is down only then send all requests to backup server 173.200.12.110. But if server 173.200.12.109 comes back online then start sending all requests back to 173.200.12.109 and not use 173.200.12.110.
    Questions:
    ==========
    1. I think I have to put the two servers in VLAN 110 and not VLAN 12 and use the CSM in bridge mode by giving the same IP addresses of 173.200.12.8 for client VLAN 12 and server VLAN 110. Right?
    2. There are two CAT 6500 with a CSM in each in Fault Tolerant Mode already configured and running and now need the above config changes added. Do I need to configure both CSM manually or if I configure one CSM will the other copy the config automatically.
    3. I need to add VLAN 12 and VLAN 110 to Switch VLAN DATABASE, but not add VLAN 12 or VLAN 110 to the MSFC2 or should I only add VLAN 12 to MSFC2 and not VLAN 110.
    4.Do new firewall rules need to be created for the two new server real IP addresses or VIP or non change required to the Firewall Rules.
    4. What are some useful troubleshooting commands I can see if this doesn't work ? -
    show module csm x connection detail, etc.

    1 & 3) The servers will go into vlan 110. You need to create this vlan on the switch but there is not a routed interface for it.
    The client vlan (vlan 12) will need a routed interface however it is not clear from your diagram where this should be. You will need to create vlan 12 on the switch as well. If you are putting a firewall in front of this vlan which it seems you are from your diagram then the routed interface for vlan 12 will be on the firewall not the MSFC. If you put it on the MSFC you will simply route round the firewall - probably not what you want.
    2) Version 4.1(1) does not seem to support the command "hw-module csm 'slot no" standby config-sync" (worth checking tho). Looks like this was brought in on version 4.2. Without this command yes you will have to manually copy the config.
    4) if you are not allowing through http ( assuming it is http) to the VIP already yes you will need a new firewall rule. That will allow application traffic. If you need direct access to the servers for management etc. then you will need to add in rules for those as well.
    5) sh mod csm x reals
    sh mod csm x vservers.
    sh mod csm x ft
    sh mod csm x conn
    HTH

  • CSM Probe Question

    Hello,
    We are currently running an http probe on the CSM which accepts a return code of 200 and 401 (because this application is single sign on and CSM does not have a user defined for it).
    This application is having an issue where the web application is available and returning a 401 code, however in some cases the actual application instance is not available.
    The only way we can see that is by looking at the HTTP stream:
    HTTP/1.1 401 Unauthorized
    WWW-Authenticate: NTLM
    Content-Length: 0
    Date: Thu, 05 Jul 2007 16:29:22 GMT
    Server: Apache-Coyote/1.1
    Connection: close
    This connection close is the only value by which we can tell whether the application is working.
    My question is there anyway we can use this value in the probe. I am quiet sure that its not possible but if anyone can confirm that will be great.
    Thanks

    Hi Gilles,
    I was reading that CSM only supports on a HTTP Probes the request methods like "GET", "HEAD" and "URL", Not "POST".
    It is possible to configure in a TCL script a HTTP Probe with "POST"?
    I see in the manual (4.2(x) Release)that does not appears the generic tcl command "POST".
    I will really appreciate your help.
    Thanks
    Hugo Rivas
    Network Services
    Data Center Triara

  • Persistence Question

    Hi,
    I am attempting to write something like a text game in Java. Obviously for something like this I need to be able to save the state of the program, so I am attempting to use persistence but I am running into a problem. My Game object contains everything to do with the game and I have a StartGame object that performs the saving and loading and calls game object to run.
    I can successfully save and load the game object using File and Object Output/InputStreams but upon loading the Game object no longer has any of the objects it is supposed to have saved. For example, there is a currentRoom pointer that points to an object of type Room (a custom class). I want this (and many other pointers like it) to have their referenced objects saved and still be pointing to them when a file is loaded. Can anyone enlighten me as to why this is not working?
    I guess the alternative might be to save each and every object within Game individually, but from what I have read it seems like it's supposed to be simpler than that. Thanks for any help.

    I realized I made a silly mistake and was writing the wrong file name originally, but now I have another problem in that it will not even write the game object to the ObjectOutputStream.
    This is the class that runs the game:
    import java.io.*;
    public class StartGame2
         static Game game;
         static boolean runOnce = true;
         public static void main(String args[])
              game = new Game();
              while(!game.exit)
                   game.load = false;
                   game.save = false;
                   game.runGame();
                   if(game.save)
                        save(game.saveName);
                   if(game.load)
                        load(game.loadName);
              System.exit(0);
         static void save(String saveName)
              try
                   // Create a file to write game system
                   FileOutputStream out = new FileOutputStream (saveName);
                   // Create an object output stream, linked to out
                   ObjectOutputStream objectOut = new ObjectOutputStream (out);                    
                   // Write game to disk
                   objectOut.writeObject (game);               
                   // Close object output stream
                   objectOut.close();
                   Game.print("Game saved as " + saveName);
              catch (Exception e)
                   System.err.println ("Unable to create game data");
         static void load(String loadName)
              FileInputStream fin = null;
              ObjectInputStream objectIn = null;
              try
                   // Create a file input stream
                   fin = new FileInputStream(loadName);
                   // Create an object input stream
                   objectIn = new ObjectInputStream(fin);
                   // Read an object in from object store, and cast it to a game
                   game = (Game) objectIn.readObject();
              catch (Exception e)
                   Game.print("Failed to load.");
    }//End startGameThe Game class itself is of the form:
    public class Game implements Serializable
            public void runGame()
              //These should only run once
              if(StartGame2.runOnce)
                   welcome();          
                   makeRooms();                    
                   makePeople();
                   if(!exit && !load)
                        intro();          
                        StartGame2.runOnce = false;
                            while(!exit && !load && !save)
                                 ...doStuff...
    }Edited by: DrSpock11 on Mar 2, 2009 11:06 AM

  • CMP persistence questions

    Hi,
    I am using JBoss 3.0.6, CMP 2.0, default HyperSonic database.
    I wanted to know a few things
    (1) If i have to store big sized objects, what is a better idea
    -> to store on to the file system and enter the file URL's into the database OR try to store the objects into the database as BLOBS
    (2) If we start storing the objects into the filesystem I feel that there is always a risk of someone tampering the data, and i dont want the data to be visible. In such a case what can we do ?
    (3) If i choose to store these huge objects into the database ... particularly Hypersonic, what are its limitations ? How big objects can i store in it, and do i need to make any changes in any of the jboss xml files ?
    (4) I also read in some forums that storing the data into files is away from the EJB spec .. is it right ?
    Any hints or pointers to places that explain these are very much appreciated
    Regards
    Meka Toka

    my answers:
    1) I those objects are too big for HyperSonic, then the only choice is file system. If not then it depends of your performance requirements and whether you use local EJB's (with local interfaces). If you transfer large amounts of data to remote EJB's, then it may be not very fast. If it's not a big issue then use database. I would prefer database storage, if possible.
    2) You can encrypt files, or/and you can store data digests (SHA or MD5)
    in database and verify it every time you read data from files.
    3) http://hsqldb.sourceforge.net/doc/hsqlSyntax.html#Datatypes
    " In practice, objects of up to a megabyte in size have been successfully used in production databases. "
    I don't think you need to specify something special in decriptors or JBoss config files to store objects.
    "If JBossCMP cannot find a mapping for a type, it will serialize the object and use the java.lang.Object mapping."
    4) It's right. It's NOT recommened by spec. to work with files from EJB's.
    Maris Orbidans

  • Design Choices in a Web-only Application Using Java Persistence - Question!

    Hi,
    Is it possible to use both container and application managed entity manager factories in the same web-only application?
    It is not working for me....
    I have an application that is using container managed (injected) emf and also an application managed emf. The behavior I see is that updates from the application managed emf are not being persisted to the database but it can query properly. The container managed emf works normally.
    However, there is no error for the application managed emf. Maybe this is because I am using hypersonic in my test environment?

    Duh, forgot to joinTransaction in the app managed emf
    Edited by: edge1 on Aug 20, 2008 10:42 PM

  • EJB persistence question...

    Hi experts,
    I need to do the following operations over a table:
    1. Delete all data table.
    for example by using SQL: delete from table2. Update several rows at the same time.
    for example by using SQL: update MY_TABLE set MY_FIELD = 'New value for the column field'3. Insert several rows at the same time.
    for example by using SQL: insert into MY_TABLE select * from MY_TABLE2easiest by using SQL, but using EJBs......!!!
    I know that a EJB entity maps one row at the same time and the basic methods of the bean life cycle (create, store, remove, etc) only applies for the row mapped.
    How can I do this operations over several rows in a table using EJBs ??
    The only manner that I know is to do a loop for to iterate over each entity bean by making a findByPrimaryKey, sets bean attributes and then to wait for the ejbStore, ejbRemove, etc.
    is there another way or pattern for manage a table (several rows) in order to avoid this loop...?
    thanks in advance

    I know that a EJB entity maps one row at the same
    time and the basic methods of the bean life cycle
    (create, store, remove, etc) only applies for the row
    mapped.Exactly !
    How can I do this operations over several rows in a
    table using EJBs ?? It's not possible.
    The only manner that I know is to do a loop for to
    iterate over each entity bean by making a
    findByPrimaryKey, sets bean attributes and then to
    wait for the ejbStore, ejbRemove, etc.
    is there another way or pattern for manage a table
    (several rows) in order to avoid this loop...?No. Therefore I would advice to use SQL for those operations.
    EJB's won't work well, because of performance problems.

  • CSS 'Persistent' Clarification

    Two questions:
    1. When a client establishes a persistent HTTP connection that matches a CSS content rule, will the CSS map all requests over that connection to the same service within the content rule?
    2. When a EQL is applied to a Layer 5 content rule, does just the first request get evaluated against the EQL? If so, do all additional requests over the same connection *not* match the content rule?
    Thanks,
    Zach

    Zach,
    see our ASK THE EXPERT Event.
    Please join us there if you have CSS/CSM related questions.
    REgarding your current questions,
    1/ he default is to be persistent and send all requests to the same server - you can do a 'no persistent' to loadbalance every request.
    2/ every request should be evaluated.
    Regards,
    Gilles.

  • Noob Question: Problem with Persistence in First Entity Bean

    Hey folks,
    I have started with EJB3 just recently. After reading several books on the topic I finally started programming myself. I wanted to develop a little application for getting a feeling of the technology. So what I did is to create a AppClient, which calls a Stateless Session Bean. This Stateless Bean then adds an Entity to the Database. For doing this I use Netbeans 6.5 and the integrated glassfish. The problem I am facing is, that the mapping somehow doesnt work, but I have no clue why it doesn't work. I just get an EJBException.
    I would be very thankfull if you guys could help me out of this. And don't forget this is my first ejb project - i might need a very detailed answer ... I know - noobs can be a real ....
    So here is the code of the application. I have a few methods to do some extra work there, you can ignore them, there are of no use at the moment. All that is really implemented is testConnection() and testAddCompany(). The testconnection() Methode works pretty fine, but when it comes to the testAddCompany I get into problems.
    Edit:As I found out just now, there is the possibility of Netbeans to add a Facade pattern to an Entity bean. If I use this, everythings fine and it works out to be perfect, however I am still curious, why the approach without the given classes by netbeans it doesn't work.
    public class Main {
        private EntryRemote entryPoint = null;
        public static void main(String[] args) throws NamingException {
            Main main = new Main();
            main.runApplication();
        private void runApplication()throws NamingException{
            this.getContext();
            this.testConnection();
            this.testAddCompany();
            this.testAddShipmentAddress(1);
            this.testAddBillingAddress(1);
            this.testAddEmployee(1);
            this.addBankAccount(1);
        private void getContext() throws NamingException{
            InitialContext ctx = new InitialContext();
            this.entryPoint = (EntryRemote) ctx.lookup("Entry#ejb.EntryRemote");
        private void testConnection()
            System.err.println("Can Bean Entry be reached: " + entryPoint.isAlive());
        private void testAddCompany(){
            Company company = new Company();
            company.setName("JavaFreaks");
            entryPoint.addCompany(company);
            System.err.println("JavaFreaks has been placed in the db");
        }Here is the Stateless Session Bean. I added the PersistenceContext, and its also mapped in the persistence.xml file, however here the trouble starts.
    import javax.ejb.Stateless;
    import javax.persistence.EntityManager;
    import javax.persistence.PersistenceContext;
    @Stateless(mappedName="Entry")
    public class EntryBean implements EntryRemote {
        @PersistenceContext(unitName="PersistenceUnit") private EntityManager manager;
        public boolean isAlive() {
            return true;
        public boolean addCompany(Company company) {
            manager.persist(company);
            return true;
        public boolean addShipmentAddress(long companyId) {
            return false;
        public boolean addBillingAddress(long companyId) {
            return false;
        public boolean addEmployee(long companyId) {
            return false;
        public boolean addBankAccount(long companyId) {
            return false;
    }That you guys and gals will have a complete overview of whats really going on, here is the Entity as well.
    package ejb;
    import java.io.Serializable;
    import javax.persistence.*;
    @Entity
    @Table(name="COMPANY")
    public class Company implements Serializable {
        private static final long serialVersionUID = 1L;
        @Id
        @GeneratedValue(strategy = GenerationType.AUTO)
        private Long id;
        @Column(name="COMPANY_NAME")
        private String name;
        public Long getId() {
            return id;
        public void setId(Long id) {
            this.id = id;
       public String getName() {
            return name;
        public void setName(String name) {
            this.name = name;
            System.err.println("SUCCESS:  CompanyName SET");
        @Override
        public int hashCode() {
            int hash = 0;
            hash += (id != null ? id.hashCode() : 0);
            return hash;
        @Override
        public boolean equals(Object object) {
            // TODO: Warning - this method won't work in the case the id fields are not set
            if (!(object instanceof Company)) {
                return false;
            Company other = (Company) object;
            if ((this.id == null && other.id != null) || (this.id != null && !this.id.equals(other.id))) {
                return false;
            return true;
        @Override
        public String toString() {
            return "ejb.Company[id=" + id + "]";
    }And the persistence.xml file
    <?xml version="1.0" encoding="UTF-8"?>
    <persistence version="1.0" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd">
      <persistence-unit name="PersistenceUnit" transaction-type="JTA">
        <provider>oracle.toplink.essentials.PersistenceProvider</provider>
        <jta-data-source>jdbc/sample</jta-data-source>
        <exclude-unlisted-classes>false</exclude-unlisted-classes>
        <properties>
          <property name="toplink.ddl-generation" value="create-tables"/>
        </properties>
      </persistence-unit>
    </persistence>And this is the error message
    08.06.2009 10:30:46 com.sun.enterprise.appclient.MainWithModuleSupport <init>
    WARNUNG: ACC003: Ausnahmefehler bei Anwendung.
    javax.ejb.EJBException: nested exception is: java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
            java.rmi.RemoteException: Transaction aborted; nested exception is: javax.transaction.RollbackException: Transaktion für Zurücksetzung markiert.; nested exception is:
            javax.transaction.RollbackException: Transaktion für Zurücksetzung markiert.
    java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
            java.rmi.RemoteException: Transaction aborted; nested exception is: javax.transaction.RollbackException: Transaktion für Zurücksetzung markiert.; nested exception is:
            javax.transaction.RollbackException: Transaktion für Zurücksetzung markiert.
            at com.sun.corba.ee.impl.javax.rmi.CORBA.Util.mapSystemException(Util.java:243)
            at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:205)
            at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.invoke(StubInvocationHandlerImpl.java:152)
            at com.sun.corba.ee.impl.presentation.rmi.bcel.BCELStubBase.invoke(BCELStubBase.java:225)
            at ejb.__EntryRemote_Remote_DynamicStub.addCompany(ejb/__EntryRemote_Remote_DynamicStub.java)I spend half the night figuring out whats wrong, however I couldnt find any solution.
    If you have any idea pls let me know
    Best regards and happy coding
    Taggert
    Edited by: Taggert_77 on Jun 8, 2009 2:27 PM

    Well I don't understand this. If Netbeans created a Stateless Session Bean as a facade then it works -and it is implemented as a CMP, not as a BMP as you suggested.
    I defenitely will try you suggestion, just for curiosity and to learn the technology, however I dont have see why BMP will work and CMP won't.
    I also don't see why a stateless bean can not be a CMP. As far as I read it should not matter. Also on the link you sent me, I can't see anything related to that.
    Maybe you can help me answering these questions.
    I hope the above lines don't sound harsh. I really appreciate your input.
    Best regards
    Taggert

  • Newbie question on Java Persistence API - Entity Beans

    Hi All,
    I am basically new to Entities and the Java Persistence API. My question is, when using a container managed EntityManager, do I have to manually tidy-up any resources? Say for example, do I have to explicitly close the database connection (if ever I have that ability)? Invoke close() on EntityManager?
    - Pat

    You don't have to. That's what they mean by container managed. The container does it for you.
    In fact you will get an IllegalStateException if you call close on a container-managed EntityManager.

  • Basic Questions About CSM

    Hi,
    We have a CSM installed in a 6513 chassis working as our load balancer for web servers. I have a few basic questions:
    1. The current default configuration of probes on our switch indicates 2 minutes interval, 3 consecutive errors before marking real server failure and 5 minutes between probes of failed server. This setting results in 10-12 minute switch over delay in case one server fails.
    In one of the Cisco papers I read that the default for these parameters in CSM is 8 seconds, 2 retries and 5 seconds, respectively.
    My question is what is the default settings for probe parameters and is there any recommendation for a optimal settings? (I am going to use 1min, 3, 15seconds resulting 0.5 to 1.5 minutes delay and want to make sure there is no concerns with that)
    2. Does the sticky timeout affect the switch over delay time? My understanding is that sticky timeour applies to the normal condition when all legs are up and in case of a failure, the traffic will switch over regardless of an existing active sticky session. Is this correct?
    3. What is the exact definition of a "connection" in a load balancer? Is there any way to estimate or predict the number of connections for a specific traffic load (e.g. number of connection per user)?
    Thanks for your response,
    Ali

    There is an ASK THE EXPERT session currently, if you have more questions, please join us there.
    Regarding your current questions :
    1/ The default for an icmp probe is 120sec, 3 retries and 300sec for failed.
    You can use whatever values you think is necessary for your environment.
    However, you need to remember that a probe generates traffic and each probe require process CPU time to send and receive.
    With a lot of servers you probably want to avoid low frequency values.
    I think your suggested value of 1 minute is ok.
    2/ the sitcky timeout does not affect failover.
    However, you should be aware that if a server goes dowm, the CSM will send NEW connections to the other servers. But active connection will stay with this server even if down. To change this behavior use the 'failaction purge' command.
    3/ A connection is a flow. It is defined by a SRC IP, DST IP, protocol, SRC PORT, DST PORT.
    Within a connection you can send 2 bytes or 2 Gig.
    So, it is difficult to link the 2 values.
    ie: when you load a webpage, if you are using http 1.0 you open 1 connection for every object (text, gif, banner, ...) but with http 1.1 you can download all the same objects in a single connection.
    Hope this helps.
    Gilles.

  • Persistence API newbie question

    Hello everybody!
    I am new at J2EE development, so can you explain me some details. We're curently do J2EE application at work and using J2EE 1.5 features(EJB 3.0, Persistence etc..). I don't understand exactly what lies under annotations. Let's take Persistence API. All anotations and classes is in javax.persistence package. What is that package, where it come from? Is it located in container or where? In fact I would like to use Persistence API on sites managed by Apache Tomcat Server. Is it possible, what classes do I need? Another question is it is possible to use that API at Swing Applications, and what do I need to do this.
    Please, explain me little of where all that stuff come from.
    Thank you!

    anotations and classes is in javax.persistence
    package. What is that package, where it come from? Is
    it located in container or where? Java Persistence API (JPA) is part of JavaEE 5 platform, and so is available in all JavaEE 5 compliant application servers. In JavaEE SDK 5, these classes are in lib/javaee.jar. JPA is also available as a standalone technology. There are several products that are implementing this technology, like Hibernate, TopLink, or OpenJPA.
    The specification:
    http://jcp.org/en/jsr/detail?id=220
    Persistence Part in JavaEE 5 Tutorial (Part Four: Persistence )
    http://java.sun.com/javaee/5/docs/tutorial/doc/
    In fact I would
    like to use Persistence API on sites managed by
    Apache Tomcat Server. Is it possible, what classes do
    I need? Another question is it is possible to use
    that API at Swing Applications, and what do I need to
    do this. They are all possible ways of using JPA. See JavaEE 5 Tutorial for more details. The newly released NetBeans 5.5 has nice support for developing and deploying JPA applications. NetBeans site has a lot of resources on this topic. For example:
    http://www.netbeans.org/kb/55/persistence_ontomcat.html
    http://www.netbeans.org/kb/articles/hibernate-javaee.html
    -cheng

  • Portal Landscape - With 2 CSM (load balance) related question

    Hi,
      We are currently having a portal landscape (Dev, QA -2 app servers, PRD - 4 app servers). The load balancing happens on Production Portal using CSM (load balancer) and it does SSL offloading for security encryption and it lands onto one of the application servers. When we try to login to portal it authenticates using the LDAP (OID). And we have some links which takes to backend R/3, BW etc (we use SAP load balance using SMLG logon group)
    Now due to another special project the following is what we are planning:
    1. Adding couple of more application servers for production portal or having seperate second portal landscape itself
    2. Adding couple of more application servers for R/3 production server (load balance can be done with special logon group for that)
    Questions are:
    1. When we land into current production portal page and click a iview link for the special project it should go only to those special portal app servers (planning to do through another CSM) and from their to backend R/3. In this scenario how the authentication (or sso ticket) happens when it goes from CSM to another CSM, will it ask for login again or any issue will happen with SSO ticket ?
    2. If we decide to go for second portal landscape and in the same scenario when login to current prod portal page and click a iview link for the special project it should go to that another production portal,in that case what will happen to the login authentication happened through the first portal and SSO ticket ?
    3. Suppose if we go to the second production portal directly through a website and if the user tries to login using the same id to first portal how portal will deal in terms of security (SSO) and also how backend R/3 will behave when same id comes as part of SSO.
    Or if anyone thinks of any other issue apart from SSO or encryption related things which i need to be aware of, kindly let me know.
    Thanks,
    Murali.

    I am not sure what CSM is, but I would expect it only does ssl offloading and a sort of "reverse proxy" against the cluster.
    >1. When we land into current production portal page and click a iview link for the special project it should go only to those special portal app servers (planning to do through another CSM) and from their to backend R/3. In this >scenario how the authentication (or sso ticket) happens when it goes from CSM to another CSM, will it ask for login again or any issue will happen with SSO ticket ?
    This depends on the host name you use for the two CSM clusters. If they have the same subdomain, there should be no problem as the SAP Logon Ticket (MYSAPSSO2) cookie is issued to the sub domain of the portal.
    If they do not have the same subdomain, the second CSM cluster will receive the request without the MYSAPSSO2 cookie, and will therefore trigger reauthentication.
    >2. If we decide to go for second portal landscape and in the same scenario when login to current prod portal page and click a iview link for the special project it should go to that another production portal,in that case what will >happen to the login authentication happened through the first portal and SSO ticket ?
    It will fail, as the MYSAPSSO2 cookie from the first portal is not recognized in the second. However, you can easily setup so that the second portal trusts the first and does a logon based on its credentials
    >3. Suppose if we go to the second production portal directly through a website and if the user tries to login using the same id to first portal how portal will deal in terms of security (SSO) and also how backend R/3 will behave >when same id comes as part of SSO.
    I assume both portal will be setup against the same LDAP/UME source. Therefore it will allow the logon. The backend systems should trust both the first and second portal (STRUSTSSO2 transaction)
    I think your architecture choice comes down to if the new project has special considerations with regards to versioning of portal. If it does, it would be sensible to separate it into a separate portal (and you can always integrate them with the first portal through portal federation if you have a relatively new version).
    Regards
    Dagfinn

  • Questions about 6500/FWSM/CSM

    Hi,
    I have some questions regarding FWSM and CSM. Thank you in advance for your feedback.
    I am using a pair of 6513 with one fwsm and csm in each. I am setting up a dmz environment with these units. fwsm is the second tier firewall (a pair of PIX 525 are in perimeter).
    1. Do I have to use MSFC? I am connecting PIXes to the outside VLAN of the FWSM and two inside routers to inside VLAN of the FWSM. FWSM has a DMZ VLAN as well. I don't see any reason to involve MSFC in the picture. Is this correct? Is there any reason in the future that I may need MSFC (i.e. changing from single context to multiple or using load balancing for DMZ servers)?
    2. I am going to extend outside and inside VLANs of FWSM between two 6513 switches. Should I do this for DMZ as well? As I do not use gateway redundancy for my DMZ servers and it is a pure firewall configuration of 6513/FWSM, I don't think it is required.
    3. My understanding is with extending outside VLAN, if the link between primary PIX and primary 6513 fails or if primary PIX fails over to secondary for any reason, secondary PIX will have a way to get to the outside interface of primary FWSM. Is this correct? If not, then how I can make sure that PIX fail over will be transparent to primary 6513/FWSM which is not connected to secondary PIX?
    4. Any difference in spanning-tree configuration between this environment and a regular dual homed server based config?
    Thanks,

    Hi
    1) No you should be fine if you leave out the MSFC. Certainly you don't want the MSFC between your perimeter pix firewalls and the FWSM's as you could end up routing around the firewalls. You could have the MSFC on the inside of the FSWM's.
    Changing to multiple context will not requre that you need the MSFC for the above. It is quite feasible to have a separate context where the MSFC is involved and still have your above setup where you haven't involved the MSFC. You dictate this by how you allocate vlans to the FWSM.
    2) You will have to extend the DMZ, or at least you will have to allocate the DMZ vlan on both switches under the "firewall vlan-group .. " command. If you don't allocate the same vlans on each switch to the FWSM your failover will not work properley. If the DMZ servers are physically connecting into the 6500 chassis i would look to dual hone and include the DMZ in failover if you can. Can't see the reason not to use failover between chassis's if you can. (Of course depends on your have 2 NIC's in DMZ servers ).
    3)Assuming your 6500's are connected with a layer 2 trunk yes the secondary pix should still be able to get to the outside interface of the FWSM primary.
    4) For the FWSM not really. Just make sure you use a dedicated layer 2 trunk/etherchannel for the FWSM between the 2 switches.
    Hope this has answered some of your queries
    Jon

Maybe you are looking for

  • Editing a downloaded document "in place" and re-uploading it

    We're using the following procedure to download a document that has previously been uploaded to a BLOB field in the table. create or replace procedure download_doc (req_id in varchar2) as v_mime varchar2(48); v_length number; v_file_name varchar2(200

  • How to activate Acrobat 9 Pro part of CS5 ?

    My PC runs Windows 8.1 64b. CS5 runs perfectly but Acrobat 9 Pro which is part of the package refuses to work unless being activated. The problem is that there is no indication whatsoever adressing the activation process... To be noted is that Acroba

  • Why won't my iMessage or any other browsing or date work?

    Usually when my iMessage won't work or I can't use any browsing data, such as checking emails or using safari, restarting my phone will allow me to use iMessage and browse when it turns back on. However, today I restarted it numerous times and it sti

  • Muvo2 Battery drains o

    Hello everyone, I need a help. My Muvo2 is acting weird - it looks like the player itself drains out the battery. When I charge it at the night & switch it on next afternoon, battery indicator shows me only one bar! I tried 4 different batteries - it

  • Photoshop crushes when printing.

    Hi, When I try to print I and go to "adjust printer" to set the paper, photoshop crushes, I donwload what I think is the last driver of the epson stylus pr 3800 that I'm trying to print on but it is not working. With snow leopard worked perfectly. I'