Firm zone & Trade off zone

Hi,
Can anywhere other than Sch agreement we can maintain Firm zone,Trade off zone & creation profile so that in SA automatically these fileds get sopied.
Regards
MSR

Dear Raghavendrams,
1) Creation profile is the combination of JIT and FRC(forecast) schedules which can be maintained in customising against the sub-node - "Maint. Rel. Creation Profile for Sched. Agmt. w. Rel. Docu." which is located under the node - Schedule agreement in purchasing.
2) JIT is the just -in-time schedule which means the schedule which is necessarily a firm one and therefore this schedule should fall in the firm zone.
On the other hand, FRC is the forecast shcedule which means a tentative one and therefore this should fall in the trade-off zone.
3) From the above it is evident that one cannot have JIT and FRC schedules maintained before hand since they are subject to change depending on the change in the production plan. Therefore you need to maintain these in the SA only. However you can create different creation profiles in SPRO. For instance- "14 days JIT and 6 months FRC". This means that for a material to be supplied from a vendor, you are giving a firm requirement for 14 days and balance 6 months requirement will be the forecasted one which enables the vendor to plan their resources and which in turn can reduce the lead times drastically in addition to reduction the production stoppages.
Creation profiles can be different depending upon the nature of material procured, type of vendor you are dealing with,his flexibility,credibility etc. For instance in case of a packaging material, the vendor is usually located very close to the manufacturing to have better space management in the warehouse.In such cases the material can be called off on daily basis i.e JIT- 1 day or even hourly basis in some cases.
Trust, you have understood the concept.
Regards
Venkat

Similar Messages

Firm or Trade-Off Zone Indicator not set

Hi
I have created the scheduling agreement and run the MRP by this the schedule lines are generated but the system has not set Firm or Trade-Off Zone Indicator how do I go head? IS there any customization/master data required to set the this indicator?
Please suggest.
Regards,
Prashant.

This depends a bit on how you communicate to your vendors.
Assuming EDI, then the message to the vendor will contain a few date fields
A. ABFDE End of production go-ahead
Which is the 'end' of the FIRM ZONE
B. ABMDE End of material go-ahead
Which is the 'end' of the TRADEOFF ZONE.
Upon receipt the vendors system will recognize these dates.
Assuming printout, you need to work in SAP-Script/Smartform to detail the effect of these date on your print.
Either by also mentioning these in the item header (remember each item has an unique FZ/ToZ setting). Or by using special markers on the date lines, based on these dates.
Regards
JP

Firm Zone and Trade off Zone in Scheduling Agreement

Dear All
Please explain in detailed the concept of Firm Zone and Trade off Zone in Scheduling Agreement, and it's effects in MRP run, i.e. If i take a MRP run for a material whci is having firm zone as 30 days and trade off zone as 60 days then what will be the result of MRP. The Material MRP type is VB
Thanks and Regards
Manoj

Hi,
Firm zone is the time frame in which you cannot change your orders (schedule lines) that you have ordered from a vendor in any way (Date change nor quantity change).
Trade off zone is time frame within which you can make changes to your procurement proposals, these changes are acceptable from vendor's side.
These time frames are agreed with the Vendor and then inserted for each scheduling agreement in 'Additional data'.
For your example if you take firm zone 30 days and trade-off zone 60 days, the check starts from current day on which MRP runs. For exampe current day is 1st Oct, all the procurement proposals with delivery date within 30 days that is till 1st September are firm orders, which MRP will not change in any case (You can find such orders with * in front of them in MD04 list). Beyond 1st september they are in trade off zone, in which MRP can modify them.
MRP types (VB in your case) have no correlation with these zones.
Amit G

Firm/Trade-off Zone Indicator - Data base field.

I'm looking for the data base field that holds the Firm/Trade-off Zone Indicator as it displays on the Delivery Scheduling Agreement, Delivery Schedule for Items from ME33L. The help for the field gives you the same information as for the Firm Zone And Trade-Off zone values in days (stored in EKPO), but this field displays differently for different schedule lines, and is a "1" - indicator for Firm Zone, or a "2" Indicator for Trade-Off Zone.
I'm beginning to wonder, is this field dynamic and just determined for display at the time the transaction is done ???
As in fact the lines within the firm zone are displayed in a different way (with an * following the MRP element data) on MD04.
But we were trying to determine where (IF) the field indicator is stored, and if so, what is setting it, as "some process" would have to be evaluating all orders as time passes to know they have now come within the firm zone.   If its not just a dynamic field.
Ruth Jones

Hi Ruth,
This one is dynamic (I guess you are wrinting about screen field RM06E-ETSTA visible e.g. in ME38/ME39 t-code).
And I guess it is calculated here:
Include: MM06EFET_ETT_ETSTA
FORM ETT_ETSTA.
   CLEAR RM06E-ETSTA.
   IF EKPO-ETFZ1 NE 0.
     REFE1 = EKET-EINDT - SY-DATLO - EKPO-ETFZ1.
     IF REFE1 <= 0.
       RM06E-ETSTA = '1'.
       EXIT.
     ENDIF.
   ENDIF.
   IF EKPO-ETFZ2 NE 0.
     REFE1 = EKET-EINDT - SY-DATLO - EKPO-ETFZ2.
     IF REFE1 <= 0.
       RM06E-ETSTA = '2'.
     ENDIF.
   ENDIF.
ENDFORM.
I guess you can call this form in your report logic/query and you should get exactly what you need.
Best Regards,
Tomek

Scheduling Agreements / Delivery Schedule / Firm zone, Trade zone

Dear all.
I am in the process of setting up scheduling agreements (LPA type) with firm zone and trade zone in SAP 4.5b
The following issues I have:
1.) with the release via ME84, it gives me an error 'no processing message ME 857, no message record found'.
As far as I know the customizing is correct. Can some one give a tip about what I maybe have forgotten?
2.) I am also using the firm and trade zone, but in the automatic generated delivery schedules line it is not turning up?
If there is any one who can help me with this subject, any information is welcome.
Thanks in advance.
Regards,
Wilfred

You have to create a condition record for your message type LPH1 in order to be able to generate the message (mn10).
At funcional level, try to update your schedule line manually through TCode me37 and then go to the ME84.
At customizing level, here are some things that were missing when it occurred to me :
Check in SPRO - Purchasing - Messages - Output Control - Message Types -
Define message type for scheduling agreement schedule lin - Fine-Tuned Control: Forecast Delivery Schedule/Expediter that you have operation 9 for LPH1 and the checkbox activated.
Check in SPRO - Purchasing - Messages - Output Control - Message Determination Schemas - DefineMessage Schema for Scheduling Agreement Release - Define Message Determ. Schema: Forecast Delivery Schedule/Ex in the control data : You must havefor LPH1 the requirement 109.
Hope it helps
Regards

ZBFW - dmz-zone to in-zone access

Hi IOSers,
I have a Cisco 2901 which terminates a Class C address pool.
I have split the Class C address pool into 3 sub-nets and 2 zones and created a non-addressable pool (private pool):
dmz-zone : x.x.x.0 TO x.x.x.127 (x.x.x.0/25)
in-zone: x.x.x.128 TO x.x.x.159 (x.x.x.128/27) & x.x.x.160 TO x.x.x.191 (x.x.x.160/27)
private-zone: 192.168.x.0 TO 192.168.x.255 (192.168.x.0/24)
I have configured private-zone NAT to use address pool x.x.x.161 TO x.x.x.189 within the in-zone.
Within the:
dmz-zone - are servers for : DNS, Syslog, SIP & HTTP/HTTPS
in-zone - is a SMTP mail server which is behind VPN Gateway/NAT, TomCat (Application Server) and PostgreSQL Server
private-zone - is where all standard users are operating from and they can access the SIP & HTTP/HTTPS servers within dmz-zone
My problem is that I cannot seem to configure the ZBFW to allow the dmz-zone HTTP/HTTP server to redirect to in-zone TomCat server.
I do not want to make the TomCat server generally visible and am instead using the Apache proxy/ajp13 to connect from dmz-zone server to in-zone server.
However I cannot seem to get anything (including icmp) to work from dmz-zone to in-zone.
I have Policy:
POLICY-DMZ-IN (dmz-zone to in-zone) which has:
any any udp/tcp inspect
any any icmp inspect
unmatched traffic DROP/LOG
But I still cannot get anything from dmz-zone to in-zone...
Can anyone please advise...
Could the POLICY-DMZ-IN be being overridden by other dmz-zone to out-zone policies?
I think I am making a basically incorrect assumption somewhere ...
NOTE: I have routing rules for each of various sub-nets and all out-zone to dmz-zone, out-zone to in-zone and private-zone to out-zone, in-zone and dmz-zone routing works ok, so it appears problem is with ZBFW not routing table.
Thank for any expertise you can bring to help resolve this.
Regards,
Zebity.

Hi Karthikeyan,
thank you for offering to look at this, I do all my configuration using CCP, which is a lot easier than pawing over IOS commands.
I have dumped out the config, but as it is hard to pull out the partiular part of the config, so find following screen snap & config:
The areas where I think there are problems are with "self" zone items (can I get rid of self zone case completely, with exception of blocking any external (DSL) access to self?)
and the dmz-zone to in-zone and in-zone to dmz-zone configs.
Building configuration...
Current configuration : 32292 bytes
! Last configuration change at 00:16:54 UTC Mon Jun 11 2012 by admin
! NVRAM config last updated at 07:37:35 UTC Sun Jun 10 2012 by admin
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname big
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 informational
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXX
no aaa new-model
no ipv6 cef
no ip source-route
ip cef
ip dhcp excluded-address 168.192.200.1 168.192.200.99
ip dhcp excluded-address 168.192.200.126 168.192.200.254
ip dhcp excluded-address 200.200.200.1 200.200.200.79
ip dhcp excluded-address 200.200.200.91 200.200.200.126
ip dhcp pool PRIVATE-POOL-1
   import all
   network 168.192.200.0 255.255.255.0
   domain-name in.froghop.com
   dns-server 200.200.200.20 200.200.200.4
   default-router 168.192.200.1
ip dhcp pool FROGHOP-POOL-2
   import all
   network 200.200.200.0 255.255.255.128
   domain-name froghop.com
   dns-server 200.200.200.20 200.200.200.4
   default-router 200.200.200.1
no ip bootp server
ip domain name froghop.com
ip name-server 200.200.200.4
ip name-server 200.200.200.20
ip inspect log drop-pkt
ip inspect audit-trail
ip inspect name CCP_MEDIUM appfw CCP_MEDIUM
ip inspect name CCP_MEDIUM dns
ip inspect name CCP_MEDIUM ftp
ip inspect name CCP_MEDIUM h323
ip inspect name CCP_MEDIUM sip
ip inspect name CCP_MEDIUM https
ip inspect name CCP_MEDIUM icmp
ip inspect name CCP_MEDIUM imap reset
ip inspect name CCP_MEDIUM pop3 reset
ip inspect name CCP_MEDIUM netshow
ip inspect name CCP_MEDIUM rcmd
ip inspect name CCP_MEDIUM realaudio
ip inspect name CCP_MEDIUM rtsp
ip inspect name CCP_MEDIUM esmtp
ip inspect name CCP_MEDIUM sqlnet
ip inspect name CCP_MEDIUM streamworks
ip inspect name CCP_MEDIUM tftp
ip inspect name CCP_MEDIUM tcp
ip inspect name CCP_MEDIUM udp
ip inspect name CCP_MEDIUM vdolive
ip inspect name dmzinspect tcp
ip inspect name dmzinspect udp
appfw policy-name CCP_MEDIUM
application im aol
    service default action allow alarm
    service text-chat action allow alarm
    server permit name login.oscar.aol.com
    server permit name toc.oscar.aol.com
    server permit name oam-d09a.blue.aol.com
    audit-trail on
application im msn
    service default action allow alarm
    service text-chat action allow alarm
    server permit name messenger.hotmail.com
    server permit name gateway.messenger.hotmail.com
    server permit name webmessenger.msn.com
    audit-trail on
application http
    strict-http action allow alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action allow alarm
application im yahoo
    service default action allow alarm
    service text-chat action allow alarm
    server permit name scs.msg.yahoo.com
    server permit name scsa.msg.yahoo.com
    server permit name scsb.msg.yahoo.com
    server permit name scsc.msg.yahoo.com
    server permit name scsd.msg.yahoo.com
    server permit name cs16.msg.dcn.yahoo.com
    server permit name cs19.msg.dcn.yahoo.com
    server permit name cs42.msg.dcn.yahoo.com
    server permit name cs53.msg.dcn.yahoo.com
    server permit name cs54.msg.dcn.yahoo.com
    server permit name ads1.vip.scd.yahoo.com
    server permit name radio1.launch.vip.dal.yahoo.com
    server permit name in1.msg.vip.re2.yahoo.com
    server permit name data1.my.vip.sc5.yahoo.com
    server permit name address1.pim.vip.mud.yahoo.com
    server permit name edit.messenger.yahoo.com
    server permit name messenger.yahoo.com
    server permit name http.pager.yahoo.com
    server permit name privacy.yahoo.com
    server permit name csa.yahoo.com
    server permit name csb.yahoo.com
    server permit name csc.yahoo.com
    audit-trail on
multilink bundle-name authenticated
parameter-map type inspect global
log dropped-packets enable
parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com
parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-2085601892
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2085601892
revocation-check none
crypto pki certificate chain TP-self-signed-2085601892
certificate self-signed 01
XXXXXXXX 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
4A6B4C93 CEE0C972 CEA5A38E 3C041EAD 803F43B2 DD121173 4302DC1E XXXXXXXX
4F5E79FE 8C76B0EC BC5DD668 69BE1A
            quit
license udi pid CISCO2901/K9 sn FTXXXXXXXXXX
hw-module pvdm 0/0
username admin privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
redundancy
ip tcp synwait-time 10
no ip ftp passive
class-map type inspect match-any OPEN-TRAFFIC-OUT-190
match access-group name OPEN-TRAFFIC-OUT-190
class-map type inspect match-any SMTPS-TRAFFIC-IN
match access-group name SMTPS-IN
class-map type inspect match-all NAT-POOL-TCP-TRAFFIC-OUT
match access-group name NAT-POOL-TRAFFIC-OUT
match protocol tcp
class-map type inspect imap match-any ccp-app-imap
match invalid-command
class-map type inspect match-any ccp-cls-protocol-p2p
match protocol edonkey signature
match protocol gnutella signature
match protocol kazaa2 signature
match protocol fasttrack signature
match protocol bittorrent signature
class-map type inspect match-all NAT-POOL-UDP-TRAFFIC-OUT
match access-group name NAT-POOL-TRAFFIC-OUT
match protocol udp
class-map type inspect match-all SELF-DNS-OUT
match access-group name SELF-DNS-OUT
match protocol dns
class-map type inspect match-any SMTP-PROTOCOL
match protocol smtp
class-map type inspect match-all ccp-cls-POLICY-DMZ-OUT-1
match class-map SMTP-PROTOCOL
match access-group name DMZ-MAIL-OUT
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any SIP-PROTOCOLS
match protocol sip
match protocol sip-tls
class-map type inspect match-all ccp-cls-POLICY-DMZ-OUT-2
match class-map SIP-PROTOCOLS
match access-group name DMS-SIP-TRAFFIC
class-map type inspect match-any OPEN-TRAFFIC-OUT-140
match access-group name OPEN-TRAFFIC-OUT-140
class-map type inspect match-any ccp-cls-insp-traffic
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect gnutella match-any ccp-app-gnutella
match file-transfer
class-map type inspect match-any OPENDIR-PROTOCOLS
match protocol kerberos
match protocol ldap
match protocol ldaps
match protocol ldap-admin
class-map type inspect ymsgr match-any ccp-app-yahoo-otherservices
match service any
match service text-chat
class-map type inspect msnmsgr match-any ccp-app-msn-otherservices
match service any
class-map type inspect match-any SYSLOG-PROTOCOL
match protocol syslog
class-map type inspect match-any ICMP-PROTOCOLS
match protocol icmp
class-map type inspect match-all SELF-ICMP
match access-group name SELF-ICMP-TRAFFIC
match class-map ICMP-PROTOCOLS
class-map type inspect match-any DMZ-DNS
match protocol dns
class-map type inspect match-all OPENDIR-OUT
match class-map OPENDIR-PROTOCOLS
match access-group name OPENDIR-TRAFFIC
class-map type inspect match-all SMTPS-TRAFFIC
match class-map SMTPS-TRAFFIC-IN
match protocol tcp
class-map type inspect match-any TRUSTED-HOSTS
match access-group name TRUSTED-HOSTS
match protocol udp
match protocol tcp
match protocol icmp
class-map type inspect match-any TRANSPORT-PROTOCOLS
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-cls-protocol-im
match protocol ymsgr yahoo-servers
match protocol msnmsgr msn-servers
match protocol aol aol-servers
class-map type inspect aol match-any ccp-app-aol-otherservices
match service any
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map type inspect match-any WEB-PROTOCOLS
match protocol http
match protocol https
class-map type inspect match-all ccp-protocol-pop3
match protocol pop3
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map type inspect match-any SELF-DNS-IN
match access-group name SELF-DNS-IN
match protocol dns
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any OPEN-TRAFFIC-IN-140
match access-group name OPEN-TRAFFIC-IN-140
class-map type inspect match-all SYSLOG-IN-DMZ
match access-group name SYSLOG-TRAFFIC
match class-map SYSLOG-PROTOCOL
class-map type inspect pop3 match-any ccp-app-pop3
match invalid-command
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
class-map type inspect kazaa2 match-any ccp-app-kazaa2
match file-transfer
class-map type inspect match-all ccp-protocol-p2p
match class-map ccp-cls-protocol-p2p
class-map type inspect match-all SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect msnmsgr match-any ccp-app-msn
match service text-chat
class-map type inspect ymsgr match-any ccp-app-yahoo
match service text-chat
match service any
class-map type inspect match-all ccp-cls-ccp-pol-outToIn-1
match class-map SMTP-PROTOCOL
match access-group name SMTP-TRAFFIC
class-map type inspect match-any DNS-PROTOCOL
match protocol dns
class-map type inspect match-all ccp-protocol-im
match class-map ccp-cls-protocol-im
class-map type inspect match-all ccp-cls-ccp-pol-outToIn-2
match class-map ICMP-PROTOCOLS
match access-group name IN-ZONE-ICMP
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-any ACCESS-PROTOCOLS
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-cls-ccp-pol-outToIn-3
match class-map ACCESS-PROTOCOLS
match access-group name DMZ-ZONE-TRAFFIC
class-map type inspect http match-any ccp-app-httpmethods
match request method bcopy
match request method bdelete
match request method bmove
match request method bpropfind
match request method bproppatch
match request method connect
match request method copy
match request method delete
match request method edit
match request method getattribute
match request method getattributenames
match request method getproperties
match request method index
match request method lock
match request method mkcol
match request method mkdir
match request method move
match request method notify
match request method options
match request method poll
match request method propfind
match request method proppatch
match request method put
match request method revadd
match request method revlabel
match request method revlog
match request method revnum
match request method save
match request method search
match request method setattribute
match request method startrev
match request method stoprev
match request method subscribe
match request method trace
match request method unedit
match request method unlock
match request method unsubscribe
class-map type inspect edonkey match-any ccp-app-edonkey
match file-transfer
match text-chat
match search-file-name
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all PUSH-NOTIFICATIONS
match access-group name PUSH-NOTIFICATIONS
match protocol tcp
class-map type inspect http match-any ccp-http-blockparam
match request port-misuse im
match request port-misuse p2p
match req-resp protocol-violation
class-map type inspect edonkey match-any ccp-app-edonkeydownload
match file-transfer
class-map type inspect match-all DEST-DNS
match access-group name DEST-DNS
match class-map DNS-PROTOCOL
class-map type inspect aol match-any ccp-app-aol
match service text-chat
class-map type inspect match-all ccp-protocol-imap
match protocol imap
class-map type inspect edonkey match-any ccp-app-edonkeychat
match search-file-name
match text-chat
class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-1
match class-map SYSLOG-PROTOCOL
match access-group name DMZ-SYSLOG
class-map type inspect match-any FTP-PROTOCOL
match protocol ftp
class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-2
match class-map ICMP-PROTOCOLS
match access-group name DMZ-ICMP
class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-3
match class-map WEB-PROTOCOLS
match access-group name DMZ-WEB
class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-4
match class-map SIP-PROTOCOLS
match access-group name DMZ-SIP
class-map type inspect match-any TIME-PROTOCOLS
match protocol ntp
class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-5
match class-map DMZ-DNS
match access-group name DMZ-DNS-TRAFFIC
class-map type inspect http match-any ccp-http-allowparam
match request port-misuse tunneling
class-map type inspect fasttrack match-any ccp-app-fasttrack
match file-transfer
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-6
match class-map ACCESS-PROTOCOLS
match access-group name IN-ZONE-TRAFFIC
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect POLICY-PRIVATE-TRANSIT
class type inspect ACCESS-PROTOCOLS
pass log
class class-default
drop
policy-map type inspect p2p ccp-action-app-p2p
class type inspect edonkey ccp-app-edonkeychat
log
allow
class type inspect edonkey ccp-app-edonkeydownload
log
allow
class type inspect fasttrack ccp-app-fasttrack
log
allow
class type inspect gnutella ccp-app-gnutella
log
allow
class type inspect kazaa2 ccp-app-kazaa2
log
allow
policy-map type inspect POLICY-IN-SELF
class type inspect ICMP-PROTOCOLS
inspect
class class-default
drop log
policy-map type inspect POLICY-SELF-IN
class type inspect OPEN-TRAFFIC-OUT-190
pass
class type inspect ccp-icmp-access
inspect
class class-default
drop
policy-map type inspect POLICY-DMZ-OUT
class type inspect TIME-PROTOCOLS
inspect
class type inspect WEB-PROTOCOLS
inspect
class type inspect FTP-PROTOCOL
inspect
class type inspect ccp-cls-POLICY-DMZ-OUT-2
inspect
class type inspect ccp-cls-POLICY-DMZ-OUT-1
inspect
class type inspect PUSH-NOTIFICATIONS
inspect
class type inspect DEST-DNS
inspect
class class-default
drop log
policy-map type inspect im ccp-action-app-im
class type inspect aol ccp-app-aol
log
allow
class type inspect msnmsgr ccp-app-msn
log
allow
class type inspect ymsgr ccp-app-yahoo
log
allow
class type inspect aol ccp-app-aol-otherservices
log
reset
class type inspect msnmsgr ccp-app-msn-otherservices
log
reset
class type inspect ymsgr ccp-app-yahoo-otherservices
log
allow
policy-map type inspect http ccp-action-app-http
class type inspect http ccp-http-blockparam
log
allow
class type inspect http ccp-app-httpmethods
log
allow
class type inspect http ccp-http-allowparam
log
allow
policy-map type inspect imap ccp-action-imap
class type inspect imap ccp-app-imap
log
policy-map type inspect pop3 ccp-action-pop3
class type inspect pop3 ccp-app-pop3
log
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ICMP-PROTOCOLS
inspect
class type inspect ccp-protocol-http
inspect
service-policy http ccp-action-app-http
class type inspect ccp-protocol-imap
inspect
service-policy imap ccp-action-imap
class type inspect ccp-protocol-pop3
inspect
service-policy pop3 ccp-action-pop3
class type inspect ccp-protocol-p2p
inspect
service-policy p2p ccp-action-app-p2p
class type inspect ccp-protocol-im
inspect
service-policy im ccp-action-app-im
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
drop log
policy-map type inspect POLICY-PRIVATE-IN-DMZ
class type inspect TRANSPORT-PROTOCOLS
inspect
class type inspect ICMP-PROTOCOLS
inspect
class class-default
drop log
policy-map type inspect POLICY-IN-OUT
class type inspect OPEN-TRAFFIC-OUT-140
pass log
class type inspect WEB-PROTOCOLS
inspect
class type inspect OPENDIR-OUT
inspect
class type inspect DEST-DNS
inspect
class type inspect PUSH-NOTIFICATIONS
inspect
class class-default
drop log
policy-map type inspect ccp-permit
class class-default
drop
policy-map type inspect POLICY-DMZ-SELF
class type inspect ICMP-PROTOCOLS
inspect
class type inspect TRANSPORT-PROTOCOLS
inspect
class class-default
drop log
policy-map type inspect POLICY-SELF-OUT
class type inspect SELF-DNS-OUT
pass
class type inspect TIME-PROTOCOLS
pass
class type inspect NAT-POOL-UDP-TRAFFIC-OUT
inspect
class type inspect NAT-POOL-TCP-TRAFFIC-OUT
inspect
class class-default
drop log
policy-map type inspect POLICY-OUT-SELF
class type inspect SELF-DNS-IN
pass
class type inspect TIME-PROTOCOLS
pass
class type inspect SELF-ICMP
inspect
class class-default
drop log
policy-map type inspect POLICY-IN-DMZ
class type inspect SYSLOG-IN-DMZ
pass
class type inspect ICMP-PROTOCOLS
inspect
class class-default
drop log
policy-map type inspect POLICY-DMZ-IN
class type inspect TRANSPORT-PROTOCOLS
inspect
class type inspect ICMP-PROTOCOLS
inspect
class class-default
drop log
policy-map type inspect ccp-permit-dmzservice
class type inspect ccp-cls-ccp-permit-dmzservice-4
inspect
class type inspect ccp-cls-ccp-permit-dmzservice-1
pass
class type inspect ccp-cls-ccp-permit-dmzservice-3
inspect
class type inspect ccp-cls-ccp-permit-dmzservice-5
inspect
class type inspect ccp-cls-ccp-permit-dmzservice-2
inspect
class class-default
drop log
policy-map type inspect ccp-pol-outToIn
class type inspect OPEN-TRAFFIC-IN-140
pass
class type inspect ccp-cls-ccp-pol-outToIn-1
inspect
class type inspect ccp-cls-ccp-pol-outToIn-2
inspect
class type inspect SMTPS-TRAFFIC
inspect
class type inspect SMTPS-TRAFFIC-IN
pass log
class class-default
drop log
policy-map sdmappfwp2p_CCP_MEDIUM
class sdm_p2p_edonkey
class sdm_p2p_gnutella
class sdm_p2p_kazaa
class sdm_p2p_bittorrent
zone security dmz-zone
zone security in-zone
zone security out-zone
zone security PRIVATE-ZONE
zone security PRIVATE-IN
zone-pair security ccp-zp-out-dmz source out-zone destination dmz-zone
service-policy type inspect ccp-permit-dmzservice
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect POLICY-IN-OUT
zone-pair security ccp-zp-out-zone-To-in-zone source out-zone destination in-zone
service-policy type inspect ccp-pol-outToIn
zone-pair security ZP-DMZ-IN source dmz-zone destination in-zone
service-policy type inspect POLICY-DMZ-IN
zone-pair security ZP-DMZ-OUT source dmz-zone destination out-zone
service-policy type inspect POLICY-DMZ-OUT
zone-pair security ZP-IN-DMZ source in-zone destination dmz-zone
service-policy type inspect POLICY-IN-DMZ
zone-pair security ZP-OUT-SELF source out-zone destination self
service-policy type inspect POLICY-OUT-SELF
zone-pair security ZP-SELF-OUT source self destination out-zone
service-policy type inspect POLICY-SELF-OUT
zone-pair security ZP-PRIVATE-OUT source PRIVATE-ZONE destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ZP-PRIVATE-IN source PRIVATE-ZONE destination in-zone
service-policy type inspect POLICY-PRIVATE-IN-DMZ
zone-pair security ZP-PRIVATE-DMZ source PRIVATE-ZONE destination dmz-zone
service-policy type inspect POLICY-PRIVATE-IN-DMZ
zone-pair security ZP-IN-SELF source in-zone destination self
service-policy type inspect POLICY-IN-SELF
zone-pair security ZP-SELF-IN source self destination in-zone
service-policy type inspect POLICY-SELF-IN
zone-pair security ZP-DMZ-SELF source dmz-zone destination self
service-policy type inspect POLICY-DMZ-SELF
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
interface Loopback0
ip address 200.200.200.190 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
zone-member security in-zone
interface Null0
no ip unreachables
interface GigabitEthernet0/0
description $ETH-LAN$$FW_INSIDE$
ip address 200.200.200.130 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security in-zone
duplex auto
speed auto
no mop enabled
interface GigabitEthernet0/1
description $ETH-LAN$$FW_INSIDE$
ip address 168.192.200.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security PRIVATE-ZONE
duplex auto
speed auto
no mop enabled
interface FastEthernet0/2/0
description $ETH-LAN$$FW_INSIDE$
ip address 192.168.1.160 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security PRIVATE-ZONE
duplex auto
speed auto
no mop enabled
interface FastEthernet0/2/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
no mop enabled
interface ATM0/3/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0/3/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
interface GigabitEthernet0/0/3
interface Virtual-Template1 type serial
description $FW_INSIDE$
ip unnumbered Loopback0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security in-zone
interface Vlan1
description $ETH-4ESG$$INTF-INFO-10/100/1000 Ethernet$$ETH-LAN$FW-DMZ$$FW_INSIDE$
ip address 200.200.200.1 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
zone-member security dmz-zone
interface Dialer0
description $FW_OUTSIDE$
ip address 210.210.210.154 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 XXXXXXXXXXXXXXXX
ppp pap sent-username [email protected] password 7 XXXXXXXXXXXX
service-policy input sdmappfwp2p_CCP_MEDIUM
service-policy output sdmappfwp2p_CCP_MEDIUM
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip flow-top-talkers
top 200
sort-by bytes
cache-timeout 500
ip dns server
ip nat pool NAT-POOL1 200.200.200.161 200.200.200.189 netmask 255.255.255.224
ip nat inside source route-map SDM_RMAP_1 pool NAT-POOL1
ip route 0.0.0.0 0.0.0.0 210.210.210.1
ip route 10.210.210.0 255.255.255.0 192.168.1.1 permanent
ip route 192.168.1.0 255.255.255.0 FastEthernet0/2/0 permanent
ip route 168.192.200.0 255.255.255.0 GigabitEthernet0/1 permanent
ip route 200.200.200.0 255.255.255.128 Vlan1 permanent
ip route 200.200.200.128 255.255.255.224 GigabitEthernet0/0 permanent
ip route 200.200.200.160 255.255.255.224 Loopback0 permanent
ip access-list extended DEST-DNS
remark CCP_ACL Category=1
permit udp any any eq domain
ip access-list extended DMS-SIP-TRAFFIC
remark CCP_ACL Category=128
permit ip host 200.200.200.30 any
permit ip host 200.200.200.40 any
ip access-list extended DMZ-DNS-TRAFFIC
remark CCP_ACL Category=128
permit ip any host 200.200.200.20
ip access-list extended DMZ-ICMP
remark CCP_ACL Category=128
permit ip any any
ip access-list extended DMZ-MAIL-OUT
remark CCP_ACL Category=128
permit ip any host 230.211.70.60
permit ip any host 230.250.90.137
ip access-list extended DMZ-SIP
remark CCP_ACL Category=128
permit ip any host 200.200.200.40
permit ip any host 200.200.200.30
ip access-list extended DMZ-SYSLOG
remark CCP_ACL Category=128
permit ip 230.211.70.0 0.0.0.255 host 200.200.200.32
permit ip 200.200.200.128 0.0.0.127 host 200.200.200.32
ip access-list extended DMZ-WEB
remark CCP_ACL Category=128
permit ip any host 200.200.200.35
permit ip any host 200.200.200.20
ip access-list extended DMZ-ZONE-TRAFFIC
remark CCP_ACL Category=128
permit ip 200.200.200.0 0.0.0.128 any
ip access-list extended ESP-TRAFFIC
remark CCP_ACL Category=1
permit esp any any
ip access-list extended IN-ZONE-ICMP
remark CCP_ACL Category=128
permit ip any any
ip access-list extended IN-ZONE-TRAFFIC
remark CCP_ACL Category=128
permit ip host 200.200.200.140 any
ip access-list extended NAT-POOL-TRAFFIC-IN
remark CCP_ACL Category=128
permit ip any 0.0.0.0 255.255.255.224
ip access-list extended NAT-POOL-TRAFFIC-OUT
remark CCP_ACL Category=128
permit ip 0.0.0.30 255.255.255.224 any
ip access-list extended OPEN-TRAFFIC-IN-140
remark CCP_ACL Category=1
permit udp host 230.211.70.60 host 200.200.200.140 eq isakmp
permit esp host 230.211.70.60 host 200.200.200.140
permit ip host 230.211.70.10 host 200.200.200.140
permit tcp host 230.211.70.35 host 200.200.200.140
deny   ip host 230.211.70.60 host 200.200.200.140
ip access-list extended OPEN-TRAFFIC-OUT-140
remark CCP_ACL Category=1
permit udp host 200.200.200.140 host 230.211.70.60 eq isakmp
permit esp host 200.200.200.140 host 230.211.70.60
permit ip host 200.200.200.140 host 230.211.70.10
permit tcp host 200.200.200.140 host 230.211.70.35
deny   ip host 200.200.200.140 host 230.211.70.60
ip access-list extended OPENDIR-TRAFFIC
remark CCP_ACL Category=128
permit ip any host 230.211.70.10
ip access-list extended PUSH-NOTIFICATIONS
remark CCP_ACL Category=1
permit tcp any any eq 5223
ip access-list extended SDM_GRE
remark CCP_ACL Category=1
permit gre any any
ip access-list extended SELF-DNS-IN
remark CCP_ACL Category=1
permit udp any eq domain any
ip access-list extended SELF-DNS-OUT
remark CCP_ACL Category=128
permit ip any host 200.200.200.20
permit ip any host 200.200.200.4
ip access-list extended SELF-ICMP-TRAFFIC
remark CCP_ACL Category=128
permit ip any host 200.200.200.190
ip access-list extended SMTP-TRAFFIC
remark CCP_ACL Category=128
permit ip any host 200.200.200.140
ip access-list extended SMTPS-IN
remark CCP_ACL Category=1
permit tcp any any eq 465
permit tcp any any eq 587
ip access-list extended SMTPS-OUT
remark CCP_ACL Category=1
permit tcp any eq 465 any
permit tcp any eq 587 any
ip access-list extended SYSLOG-TRAFFIC
remark CCP_ACL Category=128
permit ip any host 200.200.200.32
ip access-list extended TRUSTED-HOSTS
remark CCP_ACL Category=128
permit ip host 230.211.70.35 any
permit ip host 230.211.70.60 any
logging 200.200.200.32
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 168.192.200.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 210.210.210.0 0.0.0.255 any
access-list 100 permit ip 200.200.200.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=2
access-list 102 permit ip 168.192.200.0 0.0.0.255 any
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 102
control-plane
banner login ^CThis device is propoerty of FROGHOP and all activity is logged.^C
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
scheduler allocate 20000 1000
ntp update-calendar
ntp server 192.189.54.17
ntp server 192.189.54.33
ntp server 203.161.12.165
ntp server 130.102.2.123
end
Thanks in advance for any tips.
Regards,
John.

Some thoughts on trade-offs between usability and user-friendliness

I use Awesome as a window manager over LXDE. Recently, a friend of mine tried to use my laptop. The experience frustrated him somewhat--he managed to start the browser through the menu shortcut, but it opened out of sight under the "web" tag. Once he realized where it had gone (tags are clickable in Awesome), he had already managed to start several instances of it. Naturally, he tried to close them--first looking for the close window button which is not there, since I dont use title bars, and then trying alt+F4 to no avail (the default key command for closing a window in Awesome is super+shift+c). In desperation, he finally launched the terminal and used xkill to get rid of the redundant Chromium sessions.
The whole thing got me thinking. I find my system very usable--as I guess most of us Linux nerds do, as our systems are do-it-yourself projects to such a large degree. However, it is not exactly user-friendly. At the same time, I can navigate my confused friend's system quite well since he uses Gnome--a system that adheres more to the common desktop metaphor of e.g. Windows or OS X. However, I doubt I would be able to get around very well in some of the more minimalist *box setups so popular among Arch users (though, admittedly, it is probably easier to get the hang of a mouse-centered desktop than one that focuses on keyboard shortcuts). What I find interesting is that there is clearly a trade-off. If I was to build a system for more people than just me, I would probably go with Gnome, but I would not find it as usable as my current system.
Which brings me to my questions. Do others here share that experience? How do you go about managing it--different default sessions for different accounts, or a compromise that is more user friendly but less usable to you personally? Or do you force people to relearn and adapt to your preferred way of doing things (which might sound worse than it is--after all, if my way makes more sense once people adjust to it, then why not)?
Last edited by caligo (2010-03-12 09:53:01)

lolilolicon wrote:
mythus wrote:
While I understand your point, I have to fundamentally disagree with your subject. Having memory issues does not make someone brainless, and I overtly object to such. It would be just as bad as me saying people who think user friendly is for brainless creatures with no memory are elitist pigs *shrugs*.
Case in point, myself. I have memory issues. I didn't always have memory issues, having used to have a very sharp memory. But hey, getting hit by semi-trucks and having your head go through a windshield does some nasty things to your brain functions. Does me now having problems with remembering certain things all the sudden make me brainless? I sure don't think so, being that I am still able to think, process equations and goals, as well as teach myself new things and relearn forgotten things on a daily basis. It is just that most stuff I have to write down or print out and have in a huge binder in front of me at all times now. Having memory issues simply caused me to have to adjust to how I do things, not make me into a brainless creature. In fact it was after my accident that I came to try and use linux, and while I do have a certain need of the mouse at times, I also have my printed out shortcuts here at my disposal.
The lesson here, be careful of adding insults to posts when trying to make a point. Without that insult I could have easily agreed with your point.
I'm really sorry if it came out like that, I didn't mean that. My point was not at all about memory you know. I forget things too, and it happens often, and I'd curse myself if it were really bad.
I respect men like you. You managed to learn linux (and it was arch! ++), and resolve your issues, e.g. even you do forget sometimes your shortcuts, you still have your memory of them on the paper, plus backups of it. This is nothing like "brainless creators". What I meant by that was more about the lazy people who never know what they have.
I brought my mood to somewhere extreme, because I was feeling again the reasons why I switched to linux. It was the moment I decided I had been a lazy pig who had hated his computer but never had done anything about it.
s/it's for the brainless creatures who've got no memory/it's for the button lovers ;P/
Sorry mythus, I wish you all the best.
Thank you for your apology.
As I said earlier, I do agree with most of your points, it was just that one glaring sentence at the beginning which took on a role as the subject of your post, which I disagreed with. I do agree that the modern day idea of user-friendliness is for lazy people who don't wish to learn how to use a computer and simply want their computer to know what he/she wants to do and do it without any real input from them. Having to use all ten fingers versus one to two fingers is where that all boils down to. Just imagine having to actually sit up and make full use of both of your hands to use your computer instead of lean back in a recliner and rest your hand on a small plastic device, barely having to flinch your wrist and move your index finger. That is really where IMO the "User Friendly" systems of today are targeted. In reality, they aren't user friendly at all, but lazy friendly. Truly, I am still waiting for them to invent a mind reading device or a device that monitors your line of vision so that if you say.. look at the upper right side of a window it will close it for you, or if you open your eyes real big, it will full screen the window for you. *sarcasm intended*
For a system to be user friendly it has to be completely usable to it's principal user with little or no complications. The user should be able to do his or her work and other computer related activities without confusion and/or delay. Unfortunately, no two users are alike so the method that fits them best wouldn't work for everyone. However what does seem to work for the majority isn't necessarily a user friendly system, but a lazy friendly system that is familiar after generations of being presented the same UI.
It is also because of the lazy-friendly needs of a O/S so that it can be accepted by the largest amount of consumers possible (after all, it is all about money) that advancements and changes to the UI are sure to never come. At least from a corporation.... So you will always be faced with having to decide if you want your computer lazy-friendly and familiar for your friends/family, or user friendly for yourself.
BTW- I do not think that the mouse is a bad tool. It is a highly useful tool. It just should not be treated as a keyboard.

Trade-offs of different Immutability designs

Hi,
I'm wondering what the trade-offs are for the following immutability designs:
1) Object composition: a mutable class wraps an immutable class without any sort of inheritance. Example: String vs StringBuilder.
2) Single interface with optional operations. Example: List throws UnsupportedOperationException when someone tries modifying an immutable list.
3) Object inheritance: a mutable class extends an immutable class. Example: MutableString extends String by adding mutation methods to it. I could not find an example of this in the JDK.
4) Are there other possible designs you're familiar with?
Thank you,
Gili

Why would you need to do this? Why couldn't the mutable interface inherit from the immutable one?I was originally talking about classes where if the super is immutable then you quite literally cannot make it muttable (like String).
But to answer the direction of the inheritance tree problem (mutable->immutable or vice versa), if Mutable extended Immutable it's then fundamentally not an Immutable breaking the "is a" rule, you have this problem with both directions of inheritance. More reason to steer clear of it I think.
Deciding what modifiability to return/accept is an even more tricky business with both inherited route and with distinct classes, for example imagine the .iterator() method you would have to duplicate the methods to: mutableIterator() and immutableIterator(), this would plague your API designs and make it a royal pain to use.
I meant unmodifiable class, not immutable.The discussion works for immutable and unmodifiables, though I think that converting between (im)mutables becomes even hairier (should be avoided) as users are lead to believe the internal class will never change, whereas unmodifiables allow the internal class data to change just not via API calls.
I should explain that my "interest" here is the best way to introduce "turning modifiability on and off" (which is only a slight deviation to the original post). In my case, I've decided it's a must have feature.
Why would the caller ever need to know whether a Collection is mutable or not?Where we've experienced this issue we've been designing an API that's not just a collection, more like heavyweight resources, where:
-in certain cases we don't trust the user to give them access to the modifiable
-where they can only receive/read from the resource and they should not alter it
-to let them register interest in the resource before it's construction is finalised - ensuring they don't interrupt the finalisation process.
-the API is about the same size as the collections API, which I think is bordering on the (to) largish size (if it's a small API I'd consider distinct classes).
The decision was made to give them the ability to discover whether the resource was unmodifiable for two reasons:
-code could be written (annoying that it's not "have to be" I agree) which would then be guaranteed not to fail unexpectedly later on (assuming compliance).
-not having it meant that users are subtly encouraged to to write large chunks of code within an �ber try/catch to handle possible failures, which has it's obvious disadvantages.
I also believe there should be some method of discovering whether the resource/collection is unmodifiable. Say you want fail fast behaviour for example, you have to call some modifiable method and deal with the resulting exception if it failed. And (slightly worse) try and undo it if it did work - which in some cases is impossible.
In most cases (e.g. collections being used) this isn't required, as generally the collection's modifiability will stay the same for an apps lifetime and good testing (or the first time the error is discovered :) will out any mistakes which can be fixed once and for good.
I think that Josh got it right when designing the collections framework, I can't see a better way of doing it given the size of the resulting API and ignoring the "not being able to discern modifiability" problem. Adding anything other than a tagging interface or simple checking method would have resulted in a seriously bloated API.
I think the reason they didn't do anything about trying to discern modifiability was that, as collections don't change their modifiability (accepting composition), they probably decided, as you said, there's no benefit to adding the ability to check.
I followed the link btw, it's interesting to get other peoples take on these issues, I constantly worry if I'm going down the right route. I am trying to get a few of our projects made open source so I can get other peoples feedback/input for that very reason.
Wowsers, I also didn't realise I had this much to say about it, sorry.

Performance and security trade-off

h1. Scenario
When I run my code without implementing security its performance decreases from 40% to 70% .
My goals is to decide: do I really need any trade-off (speed vs security)? in either case I must provide arguments
Any kind of advice will be appreciated. I just need professional's view about the above scenario
Thank you

Hey Aasem,
As such, there is no thumb-rule for this trade off concept. It all depends on the type of database and its security. It may happen that you have to secure the data more than the performance; e.g. banking, insurance, stock market secotrs. In these sectors, the on-line transactions are required, but the data security is more important than the performance. So, here you may have to cmpromise with the performance.
But if you take an example of an live score of a cricket match, then the data security is not that much important rather the performance counts more. so, here you can compromise the security of the data with the database performance.
But, my point is that as a dba, you have to always consider the security of the data more than the performance. And the calculation what you are talking of is not of a fixed manner. It varies as per the requirement and need. And there is no thumb rule for this. It is only your experience which will help you to find out the measurement of everything what you are asking for.
Thanks and Regards,
MSORA

Master Data basis-- difference between a Xportation zone and tariff zone?

What is the difference between a transportation zone and tariff zone, & why would a transportation zone be different from a tariff zone?

What is the difference between a transportation zone and tariff zone, & why would a transportation zone be different from a tariff zone?

Changing zone interface while zone is running

i need to change the interface for the running Solaris zone in E2900 system.
now the zone interface is ce0:1 now i need to change the interface to ce2.
whether i need a reboot of the zone or not.
if reboot is not needed the following is ok or not
:my-zone> add net
:net> set address=x.x.x.x
:net> set physical=ce2:1
:net>end
:my-zone>verify
:my-zone>commit
^D

Well, you'll want to do that anyway for the next time you start the zone.
For the immediate changes, I think you'll need to go into the global zone and unplumb the interface. Then plumb up the new one into the non-global zone that you want. Ifconfig takes a 'zone' keyword to specify it.
Darren

Pixel/compression trade off

Picture qulaity appears to be a trade off between the number of pixels you have & the amount of compression that is applied when saving a JPEG .
Is there any gide or rule of thumb that you can provide that will tell which is best for your needs? For instance will a 10MP picture with high commpression be than an 8MP picture with low compression? What about 6MB etc? Is there a chart?
Any comments will be apprecieated.

The Old Fart wrote:
Picture qulaity appears to be a trade off between the number of pixels you have & the amount of compression that is applied when saving a JPEG .
Is there any gide or rule of thumb that you can provide that will tell which is best for your needs? For instance will a 10MP picture with high commpression be than an 8MP picture with low compression? What about 6MB etc? Is there a chart?
Any comments will be apprecieated.
I'll add a few personal thoughts to the advice already given.
- First, nearly all digital cameras use Bayer pattern sensors : there are theoretical reasons you can downsize to about 70% without losing significant detail...
- In many cases, you know the kind of output you want for a particular purpose : printing 4' x 6' or A4 format, displaying on high res displays (1900 x 1080 px) or saving for web (800 x 600 pix for instance). Then the first thing you can do before thinking about jpeg compression is to downsize to the adequate printing size. It's generally good enough not to output to more than 300 dpi or downsizing to the pixel dimension needed for display.
- There are several downisizing method : you might prefer bicubic or bicubic sharper. Some prefer more advanced method (Lanczos, available in Faststone Photo Resizer)
Now for jpeg compression :
- The level of detail depends very much on the noise level : you are losing details with noise anyway, so the denoising will be a compromise between detail and noise, and that will be important for the jpeg file size.
- The final size of an image depends highly on the level of detail of the scene and on the noise as stated above. For the same pixel dimensions, your file size may vary from 50% to 100% depending on detail and colors. If your purpose is to save with important compression, 'save for web' is your friend. If you only want to print without visible quality loss, use higher compression settings : for instance try the difference between 12 and 10 : you might gain 50% size without visible quality loss.

Trade-off between the one-arm and two-arm WAE designs

We are configuring a WAE (model 512) for a branch office and I was wondering if someone could please tell me the trade-off between the one-arm and two-arm WAE designs..
thanks..
greg..

if you are using WCCP then the WAE becomes the client withing the servcie groups 61, 62. In order to accelerate both vlans then apply the ip redirect 61 in on the client vlan ineterfaces to the one interface.
If inline, you can use both 2 port groups for each client interface or trunk all to a single inetrface and configure which vlans you would like to accelerate.
Now in terms of of using both GE inetrfaces, I would have to check. A topology diagram would help

Trade off between multiple small optimised aggregates - few large aggregate

Hi SDN community
I am asking a purely theoretical question to the sdn.sap.com community if any projects have done verifiable tests between the trade off in performance for a small number of cubes with large unoptimised aggregates, compared to that of multiple cubes with small optimised aggregates.
Will queries run faster acrosss more cubes with more aggregates that are smaller, as opposed to less cubes with larger aggregates.
We are currently trying to improve performance, and wish to get feedback on whether to change design to cater for ongoing performance issues.
Thank you for your assistance.
Simon

Hi Ravi,
Thank you for your reply.
The reason why we need to consider smaller aggregates is such:
- We have 2 value types Budget, and Forecasts in the same cube.
Because of this, we cannot restrict the aggregates to 2 smaller sized aggregates to allow performance gain.
- If we sepearate the data to the Forecasts Cube,
We have potential to create 12 Version specific aggregates
- If we create Fiscal Year Aggregates in addition, we split the size of the aggregates
Now although the roll up times will be longer, we have very targetted small aggregates so our reports should run faster.
we have consistent performance problems so i am proposing the above last major performance tuning that can be thought of, but will the performance be worth the expenditure.
Thank you.
Simon

Multi-zone vs single-zone: which should I choose

If I have a fleet of about 500 linux devices to manage spread accross 7 main sites should I create a single zone or a zone for each site?
Sites are connected by reliable high-speed WAN links but I dont want every client in every site pulling down updates over the WAN.
If I put a secondary server at each site and replicate content but keep a single zone do the clients have some way of knowing which is their local server? I'm unable to find any documentation on how a client chooses a server when there is more than one.
regards
Randall

Brundold/
Thanks for the responses..
Originally Posted by brunold
Randall,
I would choose a single zone because I would have all managed systems within the same system. You need to mirror down the updates just once and can use that bundle on all managed devices. So no need to copy that bundle to a second, third, fourth ... server to make sure they have the exact same packages in and so on. You need to do the job always only once and can use it on all the other systems. Also reports, policies, bundles ... they always need to be created just once ...
I have not seen a installation with 7 zlm server. We just have one primary and one secondary. Seven might be very high.
Do you have some locations where are less managed devices then on the other that you can reduce the number of zlm server ?
Of the 500 maybe 300 are at one location but unfortunately the remaining 200 are pretty evenly spread accross the other locations. Whilst a secondary server in every remote office is clearly overkill we want to avoid having 30 copies of each RPM being downloaded over the WAN. Is it possible to somehow proxy workstation updates from a server to a client? That would be a neat solution..
Originally Posted by brunold
But there are a few things you need to take care of:
1. whereas you can have more then just one zlm server, the data store (postgresql or oracle) is a single instance. All zlm server must access this database. So you need to make sure that is high available. Maybe having the database in a heartbeat / drbd mirror to a second location ? If that database is not accessible from a zlm server, it cannot distribute software !
Servers are likely to like on a VM cluster with HA so that shouldnt be an issue.
Originally Posted by brunold
This could be a very interesting project.
What software do you primarily distribute using zlm ?
OS updates or other software packages as well ?
Rainer
The priorities for deploying such a system (be it ZLM or something else) are
1. Inventory & Asset tracking/management
2. OS updates
3. A small and relatively static suite of in-house software

Firm zone & Trade off zone

Similar Messages

Maybe you are looking for