GLOBAL GDF SETUP방법

Similar Messages

• Values not saved in "Global Authentication Setup" page

  Hi,
  I searched a bit in this forum but I couldn't find a related topic. So here is my problem.
  We are trying to deploy a small NAC lab environment. We use NAC Appliance v4.1.
  Now the problem is, that I like to set the values for PEAP and EAP-TLS in the "Global Authentication Setup" page. However, every time I press "Submit and restart" all checkboxes for PEAP and EAP-TLS are not checked anymore.
  I use a WebServer certificate from our PKI and I created it as described in various guides.
  If I create a self-signed certificate with ACS it works fine, but this will not be feasible for a larger deployment.
  I hope somebody knows this issue and can help me.
  Thanks,
  Harald

  I could solve my problem. I had to import the CA certificate in "ACS Certification Authority Setup".

• ACS 4.0.2 Radius Authentication Setup

  Dear Experts,
  I am having ACS 4.0.2 in my network, which I want to use for 802.1x Radius Authentication for Clients on PEAP-MSCHAPv2 methodology.
  As per the documentation " EAP Authentication with RADIUS Server",  Doc ID: 44844
  I have configured Network Configuration and populated AAA client IP range and Secret Key.
  Question1:
  Under Authenticate Using option, there are various RADIUS flavors available for selection. For a Non Cisco AAA client, should I select RADIUS IETF?
  Question 2:
  In the above snap shot, It has an option called Global Authentication Setup, where we can setup EAP configuration. Under PEAP subsection there is an option to "Allow EAP-MSCHAPv2" check box.
  After checking that, is a restart required to the ACS Server? Would it cause any disruptions to the existing services on the ACS?
  Kindly help as it is not mentioned in the documentation available with me.
  Regards,
  Karthik

  Hello,
  As per the ASCII and HEXA settings concern you might want to ignore those fields and leave them as they are by default.
  As per the "Bad request from NAS" and "Invalid message authenticator in EAP request" it is 99% of the times a Shared Secret Mismatch.
  Under the ACS Interface Configuration > Advanced Options > Is the Network Device Groups option enabled? If yes, please check the Shared Secret Key at the NDG level where the device was created. Remember the NDG Shared Secret takes precedence over the one configured on the AAA Client entry itself.
  Attaching an Example:
  AAA client with Shared Secret as "Cisco123":
  NDG Entry (which allocates AAA clients) with Shared Secret as "cisco"
  In order to check the NDG Shared Secret go to Network Configuration > Click the appropriate NDG > Scroll to the bottom and click on Edit Properties.:

• Bank Details flexfield - Global Legislation

  Hi All,
  I just wanted to get the confirmation of the Bank details flexfield.
  While we are defining the business group and assigning the legislation according to the legislation the Bank details flexfield will automatically get attached but for global legislations how the bank ff will get attached. As per my knowledge there is one Bank Details FF which is not having any legislation these will get attached to the global legislations.
  My question is there any where we will attach the bank ff to the legislation from the front end?
  Thanks and Regards,
  Joshna.

  Hi Joshna,
  Bank flex field is the only KFF which you do not attach to a BG.
  It is automatically derived from you Legislation code.
  So for GB, it would be GB_BANK_DETAILS.
  For a global/international setup with leg_code as say 'ZZ' a KFF with ZZ_BANK_DETAILS should get created.
  Which you can then configure.
  More Info can be found here - International HR and Payroll [ID 261452.1]
  #Define Bank Key Flexfield Structure for the Legislation
  The bank account structure for the new legislation is created during the setup process, and the appropriate legislation rule is created to ensure that the bank account structure is available within the legislation.
  The bank account structure is named {Legislation_Code}_BANK_DETAILS and is created without any segments. You must, therefore, configure the new structure by creating new segments to capture the bank details of an organization or person.
  Hope that helps.
  Edited by: VB on Jun 6, 2011 10:00 AM

• Is There a way to programmatically extract global virtual channel info from max?

  I have a group of DAQmx virtual global channels setup in MAX and I would like to be able to programmatically extract the physical channel information to be included with the data file. In the past I have been able to use traditional NI-DAQ channel utility vi's to accomplish this, but they only see traditional NI-DAQ virtual channels and not DAQmx virtual channels. Is there a group of vi's for extracting DAQmx virtual channel information? I'm using Labview 7.1 with a Windows XP OS.

  Paul,
  I can access basic properties using the approach you described, but do you know how to get the units from the global virtual channel?  Say I had a general appliance for reading in load cells, and I wanted to have the axis labels in a graph show the units of whatever load cell had been selected.

• JCOerror: This system does not let you log on using a password

  Hi,
  "JCOerror: This system does not let you log on using a password"
  This is the error message I get from MII tries to connect to the Production ECC using my credentials to perform a BAPI call.
  These credentials work fine interactively (using the SAP GUI) and for BAPI calls from MII on SAP Development instances.
  I can interpret this message in two ways:
  - My login can not log on using password (though I can interactively)
  - The server does not allow logging on using password only. (It might require to pre-authorize the connecting server as well).
  I guess my question can be if this error requires adding additional rights to my login for the production environment, or if this is a global SAP setup for this system?  Or something else?
  In either way, what is required to have this work?
  Thanks.

  Hi,
  Kindly try the following options.
  Try executing the BAPI seperately in se37, using your login credentials.
  Check whether RFC is enabled for the BAPI.
  Check whether the SAP server is details are furnished correctly in "SAP Server"(available under "Data Services") editor.
  We can ensure this by checking the connection status link in xMII.(Link is available under "Data Services").
  If connection status is "Running" then SAP server setting configuration is fine. Else it is not configured properly.
  Try executing the BAPI in BLS(Business Logic Services) using JCO connector.
  I believe if any one of these scenarios fail then "Proxy Error" might thrown.
  Thanks
  Rajesh Sivaprakasam

• ACS 4.0 EAP-TLS Cert not working

  Hey,
  so i generated my certificate signing request, took it to my CA, got a cert. From "ACS Certification Authority Setup" i installed it onto my ACS appliance, then from "Install ACS Certificate" installed it (it prepopulated the privkey and password so i assume it got that from the cert file). I then add the CA from the "Edit Certificate Trust List". All this goes off without a hitch.
  However when i try to add the "Certificate Revocation List" I am unable to add both LDAP:\\\ and http://. I have confirmed that the http:// is working on the CA, and every indication is that the ldap is working too but i don't know of the tools to test that with.
  When i go into "System Configuration"->"Global Authentication Setup"->"Allow EAP-TLS" i get the following error.
  Failed to initialize PEAP or EAP-TLS authentication protocol because CA certificate is not installed. Install the CA certificate using "ACS Certification Authority Setup" page.
  What exactly is not installed about the Certificate? it's on the ACS server, it's configured and the date range is correct.
  I've been banging my head against this all day and could use some suggestions. :)

  Ok, i now understand it a little better. I needed to install 2 certificates. the first being the Root CA's certificate in the "ACS Certification Authority Setup" section (i mistakenly thought this was simply where i download my generated cert for the next spot.
  The second cert is the one i generated using "Generate Certificate Signing Request", i then took that to my Root CA, generated a cert and installed that along with the private key under "Install ACS Certificate".
  Thanks for pointing me in the right direction since the error i was getting wasnt helpful to me.

• How to retry/resend an AS2 message outbound after a communication error

  Hello all. I am using B2B 10.1.2.3 and the retry functionality and resubmission functionality has never worked for me. Can some please comment on the proper procedures for me to setup retry intervals and also how to use the resubmission utility. Here is the initial error i received by the proxy:
  Transport error: [IPT_HttpSendError] HTTP encounters send error :502
  <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  <HTML><HEAD>
  <TITLE>502 Proxy Error</TITLE>
  </HEAD><BODY>
  <H1>Proxy Error</H1>
  The proxy server received an invalid
  response from an upstream server.<P>
  The proxy server could not handle the request <EM>POST http://12.152.215.243:4080/exchange/089264350000</EM>.<P>
  Reason: <STRONG>Error reading from remote server</STRONG><P>
  <HR>
  <ADDRESS>Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server Server at fisohs.fis.local Port 8181</ADDRESS>
  </BODY></HTML>
  [IPT_HttpSendError] HTTP encounters send error :502
  <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  <HTML><HEAD>
  <TITLE>502 Proxy Error</TITLE>
  </HEAD><BODY>
  <H1>Proxy Error</H1>
  The proxy server received an invalid
  response from an upstream server.<P>
  The proxy server could not handle the request <EM>POST http://12.152.215.243:4080/exchange/089264350000</EM>.<P>
  Reason: <STRONG>Error reading from remote server</STRONG><P>
  <HR>
  <ADDRESS>Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server Server at fisohs.fis.local Port 8181</ADDRESS>
  </BODY></HTML>
  The message was set to an "Error" state.  I tried the resubmission with the following commands:E:\Oracle\B2B\ip\install>java oracle.tip.adapter.b2b.data.ReSubmit -protMsgId "<AC1BAC5A12E3A7A60B100000104FD480@FAMOUSFIS>"
  The failed result:Resubmision started for message ID-protMsgId and with payload with path <AC1BAC5A12E3A7A60B100000104FD480@FAMOUSFIS>
  Message Id to resubmit : <AC1BAC5A12E3A7A60B100000104FD480@FAMOUSFIS>
  getWireMessageID AC1BAC5A12E3A7A60D000000104FD490
  Agreement Name : FIS_HyVee_X12_Agr
  refToMsgId !!!!!!!!!AC1BAC5A12E3A7A5E5F00000104FD440-1
  Action NOT Overloaded...
  Sender :Famous receiver :HyVee Inc actionName :IGNOREEBMSDUPELIM:TRUE;ACTION:Process_997_4010UCS docType :997 docRevision :4010UCS direction :Outbound ConversationId :<1298061621500.
  169625@hvcorp7_te>
  Exception in file creation : java.io.IOException: The filename, directory name, or volume label syntax is incorrect
  java.io.IOException: The filename, directory name, or volume label syntax is incorrect
  at java.io.WinNTFileSystem.createFileExclusively(Native Method)
  at java.io.File.checkAndCreate(File.java:1314)
  at java.io.File.createTempFile(File.java:1402)
  at java.io.File.createTempFile(File.java:1439)
  at oracle.tip.adapter.b2b.data.ReSubmit.getMessageDetails(ReSubmit.java:570)
  at oracle.tip.adapter.b2b.data.ReSubmit.beginResubmission(ReSubmit.java:906)
  at oracle.tip.adapter.b2b.data.ReSubmit.beginResubmission(ReSubmit.java:876)
  at oracle.tip.adapter.b2b.data.ReSubmit.main(ReSubmit.java:133)
  Enqueue the Message
  IPEnqueueError start...
  conversationId : <1298061621500.169625@hvcorp7_te>
  replyToMsgID : AC1BAC5A12E3A7A5E5F00000104FD440-1
  java.lang.Exception: No payload uri
  at oracle.tip.adapter.b2b.data.IPEnqueueError.sendMessage(IPEnqueueError.java:151)
  at oracle.tip.adapter.b2b.data.ReSubmit.enqueueMessage(ReSubmit.java:752)
  at oracle.tip.adapter.b2b.data.ReSubmit.beginResubmission(ReSubmit.java:911)
  at oracle.tip.adapter.b2b.data.ReSubmit.beginResubmission(ReSubmit.java:876)
  at oracle.tip.adapter.b2b.data.ReSubmit.main(ReSubmit.java:133)
  java.lang.NullPointerException
  at oracle.tip.adapter.b2b.data.IPEnqueueError.sendMessage(IPEnqueueError.java:238)
  at oracle.tip.adapter.b2b.data.ReSubmit.enqueueMessage(ReSubmit.java:752)
  at oracle.tip.adapter.b2b.data.ReSubmit.beginResubmission(ReSubmit.java:911)
  at oracle.tip.adapter.b2b.data.ReSubmit.beginResubmission(ReSubmit.java:876)
  at oracle.tip.adapter.b2b.data.ReSubmit.main(ReSubmit.java:133)
  This is standard EDI X12 over AS2. Nothing special. I have global retries setup in tip.properties.
  Any ideas.
  Thank you.
  Nick Graves

  Hi Nick,
  There are two types of retries -
  1. Transport level
  2. Document level
  You may set transport level retries while creating Delivery Channel & you may set Document level retires while creating the document
  As far as, resubmission is concerned, many clients have used it successfully. Are you setting environment by running setenv file before trying command-line resubmission? If no, then please do so.
  You may also go through below links to understand resubmission in Oracle B2B -
  http://www.oracle.com/technetwork/testcontent/b2b-tn-025-resubmit-utility-133078.pdf
  http://www.b2bgurus.com/2008/02/resubmission-feature.html
  http://www.b2bgurus.com/2007/12/resubmission-feature-in-b2b.html
  http://www.b2bgurus.com/2008/02/variable-retry-interval-for-http.html
  Let us know your B2B system's patch level in case it still does not work.
  Regards,
  Anuj

• ACS 4.2 replication issue

  We recently upgraded to ACS 4.2. All works perfectly except for replication. I now receive an error
  ACS Internal Database Replication Errors
  1.To disable receiving of EAP-FAST replication component, "EAP-FAST master server" must be enabled on "Global Authentication Setup" page
  We are not using EAP-FAST and it doen't appear to be enabled. EAP-FAST is not checked to replicate.

  I looked at that when I first got the issue. It saya that the server is Master. If I tick the box nothing changes and when I go back to that "Global Authentication" page the box is no longer ticked. The issue is the same on both the Primary Server and the Backup Server.

• Authentication eap-tls on ACS or local EAP WLC over Lwapp and 7921

  Hi All,
  I install WLC to provide Wlan architecture and the project was extended for VoWLAN. we have 7921 and E51 running over the wide WLAN architecture.
  Computer using Data over wirless are working over PEAP done by ACS and CA signed certificate + user secret on PC is link to the domain account and secret stay the login and password. Our problem is that user and password is link via ACS to Active Directory. The policy of password is to change frequently.
  For the Phone we are actually running authentication over Leap but I'm working to define the best security solution for us.
  I confront PEAP and Eap-TLS for now:
  1) PEAP check the authentication of ACS via certificate trust and authenticate via MS-Chapv2 and the secret password known by user. My problem here is the phone can only be static what is potentially not acceptable
  2) Eap-tls which is the best secured security due to the double side certificate authentication + (login / password) on the phone
  so I need to manage here Certificate Management ? I mean I can use either the MIC CA certificate on the phone or User CA defined one which I can put on ACS or Local EAP WLC and the put the ACS CA trust on the Phone.
  If I understood well I have to put User.cer and ACS_CA.cer on each phone and pout the User_CA on the ACS ?
  I have already Certificate on the ACS signed by CA (like veri-signed) so I must create CSR for any phones to be able to use the same CA ?
  I'm thinking to use also the local Eap certificate of Controller to manage all of that to avoid every potential money to pay to the trust CA of ACS
  can you help me to know if I understood everything good ? I would be please to exchange experience on that
  thanks ;)
  bye

  I am currently using EAP-TLS authentication on my wireless users using ACS 3.2. I have had that problem before. This is what I did...
  Setup a Microsoft Certificate server as my
  CA. You can use same machine wih your ACS and CA.
  Then, generate certificate signing request from ACS then request a server certificate from CA then copy and install a certificate to ACS. On the ACS, go to global authentication setup check the EAP-TLS cetificate. If it failed to respond means that the server certificate is not properly setup.
  On the windows xp clients, connect your machine using wired LAN, then request a certificate from CA(the same CA that you have use to your ACS) using IE (ex. http://CAip/certsrv), but this time request a client certificate. The name you should put when requesting the cert must be you local windows user, use 1024, choose microsoft base cryptographic provider 1.0. then installl the certificate on the client. Verify you client certificate it i was installed properly.
  At that poit you should be able to connect you r wireless client using EAP-TLS.

• EAP-TLS with windows machine

  I had configured everything for certificate authentication EAP-TLS in Windows 2003 AD with enterprise CA. After logging a machine to domain I receive a certificate for computer, then setup XP SP3 to reauthenticate perion 120 sec (by Microsoft KB). I try two different machines with XP to use EAP-TLS authentication, but reason is not toward success.
  I use "authentication open" on switch therefore machines could communicate with whole network. Nothing appars in Failed Attempts.csv of Passed Attempts.csv (of couse).
  Just list of RDS.log appears some activity ended with
  NAS: 172.24.34.62:27910:25 Cleaning lookup entry. AND reapeted
  If I change an authentication type to PEAP, and I had not it configured on ACS, than failed attempt log issue is arrised: EAP_PEAP Type not configured.
  Is it necessary to use http://support.microsoft.com/kb/957931 on windows XP to success machine authentication?
  Please let attentions to Attachments and let me know
  what could be a problem of my unsuccessness of use EAP-TLS.
  configuration of interface which I use for testing:
  interface GigabitEthernet0/42
  description Test 802.1X klient - Filip
  switchport access vlan 34
  switchport mode access
  switchport voice vlan 31
  authentication host-mode multi-domain
  authentication open
  authentication port-control auto
  authentication periodic
  authentication violation protect
  dot1x pae authenticator
  dot1x timeout tx-period 10
  spanning-tree portfast
  end

  Hi Filip,
  Just noticed your post...
  In order to use EAP-TLS you should ensure that you have the complete certs chain. I've noticed that EAP-TLS and service pack 3 has some compatibility issue so please try authenticating with a windows XP sp2 machine.
  Microsoft has done some changes in SP 3 for wired 802.1x
  Changes to the 802.1X-based wired network connection settings in Windows XP
  Service Pack 3
  http://support.microsoft.com/kb/949984/
  In Windows XP Service Pack 2 (SP2), both the wired and wireless connections are handled by the Wireless Zero Config (WZCSVC) service. Additionally, this service is always running. In Windows XP SP3, this WZCSVC functionality is divided into the following separate services as part of Network Access Protection (NAP) integration:
  * The WZCSVC service
  * The Wired AutoConfig service (DOT3SVC)
  As we are using wired authentication, I would suggest you to check whether wired autoconfig service is running or not.You can check by going to Manually start the Wired AutoConfig service
  If you are an end-user who has already installed Windows XP SP3, follow
  these steps:
  1. Click Start, and then click Run.
  2. In the Open box, type services.msc, and then press ENTER.
  3. Locate the Wired AutoConfig service, right-click it, and then click
  Start
  Since, we are not getting any hits on the ACS for EAP-TLS, it's clearly indicates that supplicant is not sending access-request...
  CERTIFICATE REQUIREMENT IN EAP-TLS:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a008009256b.shtml#wp39121
  ACS CONFIGURATION:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a008009256b.shtml#wp39247
  MICROSOFT XP CLIENT CONFIGURATION:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a008009256b.shtml#wp39392
  As far as peap is concerned where we are getting EAP_TYPE not configured. Here you need to enable peap-mschapv2 under the on the ACS >system configuration > global authentication setup and check the PEAP and EAP-TLS.
  Also make sure that your logging is set to full > Go to system configuration > services control > check the radio button for FULL > click on Restart.
  Also, let me know the full ACS version and platform.
  HTH
  JK
  Do rate helpful posts-

• EAP-TLS on ACS v4 for wireless users

  Hi,
  I?m trying to deploy EAP-TLS authentication method on ACS v4.0 for my local wireless users; really I stuck with the certificate issue and need your assistance to understand the required procedures to accomplish the task.
  As mentioned on the ACS configuration guide I have to have CA server to generate certificates for both ACS and wireless users, but I found an option on the ACS under System configuration tab then ACS Certificate Setup a Generate Self-Signed Certificate, I generated a certificate and uploaded a copy to my PC, installed and followed the recommended steps to configure the Microsoft XP client configuration but still I got the error ?Windows was unable to find a certificate to log you on to the network SSID? . Honestly I don?t know if this is possible but I gave it a try but failed.
  Kindly advice what is the appropriate and easiest way to accomplish the task, if you could provide me with helpful documents I?ll appreciate it.
  Regards,
  Belal

  I am currently using EAP-TLS authentication on my wireless users using ACS 3.2. I have had that problem before. This is what I did...
  Setup a Microsoft Certificate server as my
  CA. You can use same machine wih your ACS and CA.
  Then, generate certificate signing request from ACS then request a server certificate from CA then copy and install a certificate to ACS. On the ACS, go to global authentication setup check the EAP-TLS cetificate. If it failed to respond means that the server certificate is not properly setup.
  On the windows xp clients, connect your machine using wired LAN, then request a certificate from CA(the same CA that you have use to your ACS) using IE (ex. http://CAip/certsrv), but this time request a client certificate. The name you should put when requesting the cert must be you local windows user, use 1024, choose microsoft base cryptographic provider 1.0. then installl the certificate on the client. Verify you client certificate it i was installed properly.
  At that poit you should be able to connect you r wireless client using EAP-TLS.

• 802.1x Authentication in Extreme architecture

  Hi all,
  Objectives :
  Authenticate a supplicant on a Extreme 802.1x port with an ACS SE 4.2
  Supplicant = IP Phone
  Authenticator : Switch Extreme 450 E
  Authentication Server : ACS SE 1113 4.2.0.124.9
  1) We have done the tests with a Windows ACS 4.2.0.124 and everything runs correctly, the supplicant authenticates without any problem.
  2)We have replicate the windows ACS with the ACS SE. The 802.1x authentication does not work with the ACS SE but works with the Windows ACS.
  3) We have upload UDvs and VSA on the ACS SE and it still not work.
  These are the .csv file uploaded :
  accountactionsVsa.csv (used for the vendor)
  accountAttributes.csv (used for the vendor attributes)
  accountProfile.csv (used for the Attributes profile)
  accountvalues.csv (used for the Attributes values). This one is not on the attachment files :
  1,8,,,354,Disabled,1916,201,0,15/04/2009 10:00,,,,0
  2,7,,,354,Enabled,1916,201,1,15/04/2009 10:00,,,,0
  3,6,,,354,Disabled,1916,206,0,15/04/2009 10:00,,,,0
  4,5,,,354,Enabled,1916,206,1,15/04/2009 10:00,,,,0
  5,4,,,355,,,,,15/04/2009 10:00,,,,0
  The message in ACS Failed Attemps logs is : "Bad Request from NAS".
  We have verified the authenticator address and the secret key, everything is ok.
  With Windows ACS we can see first an "access request" between authenticator and aurthentication server. Next an "access challenge" from authentication server to Authenticator. NExt an "access request" between authenticator and aurthentication server and then an "access Accept" from authentication server to Authenticator.
  With ACS SE we can see first an "access request" between authenticator and aurthentication server. Next an "access Reject" from authentication server to Authenticator.
  We have tried to understand the differences between the first "access request" in ACS windows architecture and the first "access request" in ACS SE architecture. The only difference is on the Message-authenticator(80).
  Have you already had this kind of problem. How can i Solve it?
  Thanks for your replies.
  Best regards.

  The Supplicant only use EAP MD5 since it is a Ip phone.
  EAP MD5 is already checked in Global authentication Setup.
  Just for remember :
  802.1x runs in a Windows Version but not in a SE version with same configuration (we have done the test with a replication from Windows version to Appliance SE version. Both ACS version have the same configuration but one is running and not the other.

• ACS EAP-TLS

  Hello Experts...
  i have a problem when using ACS 5.1 with AP1141 through EAP-TLS authentication method.
  when i try to connect my laptop , it's authenticated sucessfully , but when i try to authenticate third party Black Box using EAP-TLS , i have an authentication failure ( 12511 Unexpectedly received TLS alert message; treating as a rejection by the client ).
  when i check the debug report at the ACS , i found that the authentication method when i use my laptop is x509_PKI  , and it's successfully , but when i use the 3rd party devise , the authentication method in the radius log report is EAP-TLS , and it's failed.
  so is there any different between the x509_PKI  and EAP-TLS , if yes , how could i check EAP-TLS.
  reyad

  hello,,,
  i do confirm that , the 3rd Party already trust the AAA CA , and the AAA trust the 3rd Party CA.
  when i use Cisco 4.1 Radius , the client is connected without any problem.
  to clarify the status , this client accept only eap-tls authentication method ,so the only changes which i did on the 4.1 radius , is go to system configuration , global authentication setup , and enable the eap-tls only...and change the AP EAP request timeout to 0
  and this what i did also in ACS5.1
  any suggestions
  reyad

• BPC 7.0NW Landscape

  BPC Gurus,
  Please advice on the below lanscape of BPC7.0NW for BPC Consolidation:
  1) Client has installed BI(Global) instance which has got all Business content intalled for regular extractions from ECC for FI, SD, MM, PP reportig.
  2) And they have installed BPC over another instance BI(Local) which does not have any Business Content objects like in BI(Global).
  Question:  Is there a concept of Local and Global installations of BI for the purpose of BPC? If so why?Is there an SAP documentation of SAP best practices on this?
  If so how to load master data and transaction data to BPC from Global BI to BPC? Is it that I have use open hub for master data and transaction data or any other way?
  What are the advantages and disadvantages of the layout as for as BPC is data loads(masterdata & transaction data) is concerned?
  Which is best landscape for the client??
  Thanks in Advance,
  GMR

  Hi GMR,
  What I would do with the scenario that you described below is the following. I would have my GLOBAL instance setup as a Source System within my LOCAL instance. Once you have done this you can setup a "one hop" loading process from your BPC system. BPC can do the following when it comes to loading master and transactional data.
  Dimensions can be loaded from BW InfoObjects and their corresponding master data via standard (BPC 7.5 NW)
  Dimensions can be loaded from BW InfoObjects and their corresponding master data via How-To Guide (BPC 7.0 NW)
  BPC Applications can be loaded from BW InfoProviders
  This means that you will need to (at least temporarily) persist what you pull in from GLOBAL somewhere in your LOCAL BW instance prior to pulling it into your BPC NW system.
  For Master Data I would suggest replicating the key infoObjects from GLOBAL to LOCAL and integrating this into a single data manager package that you can use to pull master data from GLOBAL BW into the LOCAL BW and finally into your BPC NW Dimension Library within your LOCAL instance.
  For Transactional Data I would suggest using a write optimized DSO in your LOCAL instance that you load into from your GLOBAL instance and then subsequently you pull the DSO data into your BPC Application via the Load from InfoProvider Data Manager Package. You could as I suggest above integrate this all into a single data manager package by copying your process chain and making some modifications.
  Hope this helps,
  Cheers,
  Scott