IBCM Design configuration

hi,  I've got some design questions around IBCM.  We're planning to setup IBCM for customer in 2 DMZ locations (Americas / Europe).  Current thinking would be to have 1 MP; 2x DP's in each of the DMZ.  Our exisiting configuration consist
of 1 CAS and 3x Primary sites (120,000 end points)  (SCCM 2010 SP1 CU2) will be upgrading to R2 next month.
here are some questions I have
- I know that the MP need to have Public DNS name, I guess this is also needed for the DP's in the DMZ otherwise the clients will not be able to connect to these?
- do I need to create new SCCM site for each DMZ, or can the DMZ MP's be joined to the existing site for that region?
-DP,  When installing the DP role, I guess no boundaries can be assigned, when Internet Clients request for Content the clients will get list of DP's and will select first the http(s) enabled DP's vs. http DP's is that correct?
- SUP, do I need to install Full WSUS or is the WSUS console sufficient enough for installing the SUP Role ?  Is there any issue/problem with adding the SUP Role alongside to the MP or DP?  Current thinking is that we will have max. 10,000
clients globally configured for IBCM, so I don't think should be any issue from performance point of view.
- Clients? Currently all our clients are installed as "Intranet" clients, to make them IBCM aware is it necessary to do full re-install of the SCCM Client, and then pass along the MP and Cert info, or can this be done with registry tweak? The client
certs will be deployed using AD.

Jason,
few follow-up questions to your replies, sorry for the delay on this but has been hectic, and now I have some time again to work on this.
you said about the client re-install following:
- Clients: No, you only need to reinstall them if you want to configure them as "Internet only". Other clients will pick up the necessary info from AD and ConfigMgr policy allowing them to switch between Intranet and Internet modes.
==> for this to work, obviously the client need to have the right certificate which we will deploy using AD/GPO's, what about the management point?  I did found script that allowed me to update the client setting so that the mp field was populated
with the Internet MP, are you now saying that this is not required?  if so can you explain how my client will find the Internet MP?  Our client will be configured for both Intranet/Internet.
last question (for now)  Our DMZ has it's own AD Forest, so I will request to have the schema change applied to that Forest, are there any other watch out, that I should consider.  There is trust relationship between Extranet Forest and regular
production forest to which also all workstations are joined.  I'm confused with this one about the info the is published in AD.
thx for all the help

Similar Messages

  • Problem when Activating Design-Configuration objects

    Hi Everyone,
    We are facing a strange error in our XI system. When we are trying to activate any design/configuration object, we get an error, which states:
    <b>ERROR com.sap.aii.utilxi.swing.toolkit.ExceptionDialog: Throwable
    Thrown:
    MESSAGE ID: com.sap.aii.utilxi.misc.api.ResourceException
    com.sap.aii.utilxi.swing.framework.PersistenceException: ResourceException in method ConnectionFactoryImpl.getConnection(): com.sap.engine.services.dbpool.exceptions.BaseResourceException: SQLException thrown by the physical connection: com.sap.sql.log.OpenSQLException: Error while accessing secure store: File "
    <hostname>\sapmnt\<SYSID>\SYS\global\security\data\SecStore.properties" does not exist although it should</b>
    We double checked that the properties file does exist in the directory specified. We also went for a instance restart, but since then the SMC is showing a yellow flag with info 'J2EE Status Info Unavailable', and the java Stack is not working. Does anybody have any idea why this error is occuring?
    Regards,
    Amitabha

    Hi Krishna,
    As far as I know, this file is used for containing encrypted password and connection info for J2EE stack. So, I daresay, it will be very risky to remove the file from the source directory. Still, I would like to try your hint.
    Regards,
    Amitabha

  • IB- design,configure- Activate What next?

    I'm trying to understand the XI IS functionality by taking simple FILE->IS->FILE scenario.
    After design,configure, scenario activate:
    a)what gets published in IS (a daemon program in java/abap stack!!)  from ID-directory?
    b)what need to be checked in XI adapter framework (for file adapter, check the CC status in RWB component monitoring for green active status)? any other verification steps
    c)SXMB_MONI is useful for monitoring the message, but I'm more interested in if the program exists for the scenario and if yes it is compiled ok in first place (similar to compiled java program eg: sample.java)
    d) where to get more meaningful run time error message?
    for example there was a error in message mapping per SXMB_MONI log
    <u><b> <SAP:Stack>During the application mapping com/sap/xi/tf/_mm_unix_etc_pwd_ a com.sap.aii.utilxi.misc.api.BaseRuntimeException was thrown: RuntimeException in Message-Mapping transformatio~</SAP:Stack></b></u>
    With help of <b>Michal weblog</b> (thanks) advise /people/michal.krawczyk2/blog/2005/09/16/xi-how-to-test-your-mapping-in-real-life-scenarios
    tested the payload xml attachement in IR and fixed the datatype to match ID->Comm Channel->content conversion parameters.
    Good, I could fix the error by referring web log.
    Why SXMB_MONI is not spelling out understandable runtime error message?
    (in place of no use exception msg "RuntimeException in Message-Mapping transformation"). May be there is more info somewhere!!
    Checking if there is a way to get meaningful error message for message mapping runtime errors!
    e) Is there a parsing tool to convert sender payload XML (from payload attachement xsmb_moni) to ID->message type structures? This would help fixing message mapping errors that exist in source(sender).
    Thanks.

    Hi
         Simple once activation is done then you need to go for testing
         In the File 2 File you will be using two adapters for  configuration(ID)
         what gets published in IS (a daemon program in java/abap stack!!) from ID- 
         directory? ---> In IS we can see how the message is processed based on the 
         mapping  declared in IR.  All the things what and all happened in the IS we can
         check in the RWB (T.code : SXMB_MONITOR)
          U can see all the steps how the messaged prossed in IS and with meaning 
          full errors.  (I.e Root cause)
    thanks
    Rakesh

  • Issues in the import of Design & Configuration objects

    Hi SDNers,
    I have a small doubt. In one of our scenario we have exported the Design & Configuration objects (all objects) from DEV to ACC.
    But actually we want only selected objects to be imported into ACC.
    Will the import of objects under the same namespace append / overwrite the already imported objects ??
    Kindly advice us.
    Thanks in advance,
    Anguraj

    Hi Roger,
    Thanks for your reply..
    Actually with IR we are not facing any issues.. but with ID when we are importing the objects from Dev to Acc , some objects are getting overwritten and some are getting appended.
    Could you please let me know what is the actual behaviour in PI 7.0
    When  the object will overwrite and will append.
    Appreciate for exact reply.
    Regards,
    Anguraj

  • Fiori Launchpad Designer configuration issue

    Hello All,
    Query 1 :
    During "Launchpad Designer " configuration when we create Transport requests using scope=CONF to the url and click on "settings" button to create the package , i face the below error:
    Error message : "error 400  bad request in Odata response  for GET /SAP/OPU/ODATA/UI2/TRANSPORT/PACKAGE/ZLAOMySpend/:HTTP request failed" . Details :package ZXXOMySpend does not exist”
    After which we created a new package under SE80 with the same PACKAGE name (ZXXOMySpend) , then when I clicked on “save” the above error was gone.
    Is it the right step ?
    Query :2
    To create a custom role in the gateway system  (using PFCG tcode)  to add the catalog  and assign the role to needed users
    Steps followed :
    PFCG -->created a role using "single role"
    selected "Transaction"      and then selected the TYPE  "Catalog"
    When a popup arrived and selected the catalog created on the Fiori launchpad designer.
    Earlier we were using the under transaction "TYPE" as "Catalog Provider" now is it changed to "catalog" ? as we dont see this option on the drop down.
    could you please confirm the above?
    Thanks,
    Usha

    Hi Usha,
    Please look at help.sap.com. You can find answers.
    Creating Transport Requests for User Changes - User Interface Add-On for SAP NetWeaver - SAP Library
    Assigning Catalogs to Roles - User Interface Add-On for SAP NetWeaver - SAP Library
    Regards, Masa
    SAP Customer Experience Group - CEG

  • ODI 10.1.3.5 Lightweight Designer Configuration Problems

    I am trying to configure ODI Lightweight Designer and running into problems.
    A bit of background information.
    I am using ODI 10.1.3.5
    Windows 2003
    SQLServer 2005
    I am working with a Server that is also hosting OBIEE and using the OC4J that is part of OBIEE configuration.
    I have copied the SQLServer 2005 JDBC Driver into the appslib folder of my OC4J install.
    I am running into problems configuring the Connection Pools and Data Sources.
    Can anyone provide pointers/guidance for configuring the Connection Pools for the Master and Work Repositories on SQL Server 2005.
    Thanks
    Wayne

    A bit more information
    On the OC4J - JDBC
    Connection Factory Class = com.microsoft.sqlserver.jdbc.SQLServerConnectionPoolDataSource
    JDBC URL = jdbc:sqlserver://server:1433;databaseName=db_snpm;user=odimaster;password=pass
    error message:
    Unable to create : com.microsoft.sqlserver.jdbc.SQLServerConnectionPoolDataSource
    Missing class: com.microsoft.sqlserver.jdbc.SQLServerConnectionPoolDataSource Dependent class: oracle.oc4j.sql.config.DataSourceConfigUtils Loader: oc4j:10.1.3 Code-Source: /E:/OracleBI/oc4j_bi/j2ee/home/lib/oc4j-internal.jar Configuration: in META-INF/boot.xml in E:\OracleBI\oc4j_bi\j2ee\home\oc4j.jar This load was initiated at ascontrol.web.ascontrol:0.0.0 using the Class.forName() method. The missing class is available from the following locations: 1. Code-Source: /E:/OracleBI/oc4j_bi/j2ee/home/applib/sqljdbc.jar (from in /E:/OracleBI/oc4j_bi/j2ee/home/config/server.xml) This code-source is available in loader global.libraries:1.0. This shared-library can be imported by the "ascontrol" application.
    I have an Environment Variable:
    CLASSPATH = E:\OracleBI\oc4j_bi\j2ee\home\applib - Location of the SQLServer Jar File sqljdbc.jar
    I am sure I am missing something obvious, just cannot figure it out.
    Any help/guidance would be appreciated
    Wayne Van Sluys
    Edited by: WVanSluys on Jan 13, 2009 10:15 AM

  • Livecycle Designer - configuring attachments

    Can someone provide instructoions on how to configure an attachment using Livecycle Designer.  We have enabled reader extensions and can see the capability in Adobe Reader.
    Can't figure out how to add the attachment to a form and have a server app see the attachment when the form is Submitted to the application.
    Thanks

    Here's where they'll know: http://forums.adobe.com/community/livecycle

  • Importing design/configuration objects.

    Hi everybody,
    I've exported design and configuration objects from a test server, but now i need to import those files into the development server in order to set the scenario on this server.
    So, i've tried the import option but it saids "0 objects found", i don't know where to upload these files and what tool/option use to perform the importing task.
    Do you know how to do that?
    Regards,
    Gerardo.

    Hi Gerardo,
    you have to transfer exported files (from the export directory of the dev XI)
    to the importing directories of the destination XI(qat, prd) server
    try this page:
    http://help.sap.com/saphelp_nw04/helpdata/en/a8/5e56006c17e748a68bb3843ed5aab8/content.htm
    it shows <b>Import and Export Directories</b>
    the whole path look like this:
    <b><SAPSID>/SYS/global/xi/repository_server/import/</b>
    for example
    Regards,
    michal

  • Best practice MPLS design/configuration for small service provider

    We are a small regional service provider and did not have MPLS supported on our network.  To start supporting MPLS, I’d like to get opinions and recommendations on the best practice configuration. 
    Here is what we have today –
    We have our own BGP AS and multiple /24s.
    We are running OSPF on the Cores and BGP on the Edge routers peering with ISPs.
    We peer with multiple tier-1 ISPs for internet traffic. We do not provide public transit.
    What we want for phase one MPLS implementation –
    Configure basic MPLS /vpn functionality.
    No QoS optimization required for phase 1.
    We have Cisco ME 3600X for  PE. Any recommendations will be appreciated.

    Not sure what kind of devices or routers you have in your network but looks for if you have support for labeled multicast for MVPN support. That will avoid other complexity of using other control protocols (like PIM) in core.
    PE redundancy can be obtained by BGP attributes, CE-PE connectivity can be tunned using IGP or VRRP/HSRP...
    You can have mutiple RSVP TEs for various contract traffic and you can bind various kind of traffic to different RSVP Tunnels based on contract or service with your customer.
    RSVP-TE with link/node protection design will be of great help to achieve quicker failover.

  • Designer Configuration/ Users locking each other

    I have Designer 9i installed in an education environment. We have about 100 users all sharing the same repository, with their own user accounts. They are reverse and forward engineering against their own db tables.
    The system is grinding to a halt, some students are being locked out by others, and it can take half an hour to just get in to Designer.
    Designer seems to be working with exclusive locks for this. Can I change this ? or is their another way I can configure Designer to keep performance in this situation ?
    Any advice appreciated.

    Hi,
    The fourth point I presume B speaks and A can't hear rather than B himself.
    Which SDK version are you using ?  If you are using player 10 or 10.1 , can you try with 9 for once and see if you can reproduce just for a testing scenario.
    I haven't seen this occuring . Moreover, if you can ,please tell me some activity that does reproduce this.
    Thanks
    Hironmay Basu

  • Query Designer configuration

    Hi,
    I'm trying to debug a configuration problem with query designer when it connects to my BI 7.0 server.  Here is the problem:
    start - all programs - business explorer - query designer
    I then connect to my SAP BI 7.0 system using my personal id that has sap_all sap_new authorities
    From the Query designer I select query - open
    then I select -
    info areas - human resources - personal administration - headcount and personal actions - headcount/change in staffing level
    Then Execute ...
    My web page opens up with...
    http:///irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fcom.sap.pct!2fplatform_add_ons!2fcom.sap.ip.bi!2fiViews!2fcom.sap.ip.bi.bex?QUERY=0PA_C01_Q001&VARIABLE_SCREEN=X&DUMMY=1
    For some reason the hostname and port are missing.  Does anyone know where this is configured?
    Thanks,
    Lee

    Bhanhu,
    Thanks for the quick response.  I am the basis administrator for this server.  This system was built by a redirected restore, so I'm trying to figure out where these settings are adjusted.  Do you know the profile parameters that would be used in RZ10 or the settings in RSPARAM.  I looked in RSPARAM but I did not see where this could be set.  Any leads would be helpfull.
    Thanks,
    Lee

  • Can I find NX7K VDC design/configuration examples?

    We have a couple of NX7K that we plan to have 2 VDC on each. So the 7K can function as a virtual core switch and virtual distribution switch. I have read about some VDC concepts but have not been able to find a detailed VDC design and configurations example document from Cisco sites. If any one has seen one, can you share that with me?
    A few subjects I like to find good examples:
    Connection in between ports in different VDC;
    Management connectivity to each VDC;
    Routing config between VDC.
    Thanks

    Hello
    The best source that would cover all the relevant VPC details would be the design guide available here:
    http://www.cisco.com/en/US/products/ps9670/products_implementation_design_guides_list.html
    The first 4 chapters are lots to read but it very good
    Hth
    Sent from Cisco Technical Support iPhone App

  • CSS11500 one arm design configuration assistance.

    Is it possible to configure the CSS11500 as single arm design? if yes how to configure the source nat on the CSS11500, it is not possibe for me to change the default gateway as well as configure CSS as inline.
    Regards

    yes you can configure CSS in one armed mode. You would do the nat with a group config ie:
    service yada
    ip address 192.168.20.40
    active
    content yadayada
    vip address 192.168.20.55
    add service yada
    group yadayadayada
    vip address 192.168.20.55
    add destination service yada

  • Nexus5k peer-keepalive design/configuration

    So I am looking for thoughts on the following implementation.
    I have three sets of Nexus5ks (PODS) that I want to setup the peer-keepalive links for.
    For each POD I have configured the mgmt0 ports and connected to a L2 switch.   This L2 switch is being used for each PODs peer-keepalive along with some other management services for our DC.    My concern is that all PODs peer-keepalives are traversing this single switch and want to make sure that I fully understand what will happen if this switch goes down.   We'll work diligently to restore service to this switch as other critical management services are running on it but the single-point of failure for 3 PODs peer-keepalives has me concerned.  
    So if the keepalive link goes down it is my understanding that all the vPCs will remain active and data forwarding will continue.   That's good to know.  But are there any other risks or caveats I should be aware of.   What if another system failure occurs when this keepalive link is down?  A switch reboots or a vPC drops?  
    Also, is there any failure scenario where all 3 PODS would lose data forwarding if this L2 switch fails that all the keepalives are going over?
    I feel it would be overkill to setup a separate L2 switch for each POD for just this use.   So am leveraging an existing L2 switch we use for other network management functions. 
    Any advice in appreciated.  Thank in advance
    Chucky

    Hi Chucky,
    As you already know once vPC are operational, if the peer-keepalive link fails, then everything carries on as before. Both switches will still continue to forward traffic on their vPC member ports.
    If you were then unfortunate enough to have a failure of the vPC peer link while the peer-keepalive is down, then you get into the scenario where the vPC member ports on the operational secondary device are taken down. You still have connectivity to downstream devices from the operational primary though, and so unless you have single attached devices on the secondary, you're still OK.
    "What if another system failure occurs when this keepalive link is down?  A switch reboots or a vPC drops?"
    If one of the Nexus 5K switch reboots while the peer-keepalive were down, then the remaining N5K will remain or become operational primary and continue to forward traffic on the vPC member ports. If you lost both Nexus 5K of the same pod at the same time as the Layer-2 switch were down, then depending upon your code version and configuration, you could run into issues when they came back up. In the early days of vPC the peer-keepalive was required to initially establish vPC, but Cisco have addressed this issue from 5.0(2)N2(1) with the auto-recovery feature.
    If a vPC drops on one or both of the peers e.g., due to a single link failure or the entire downstream device rebooting, then the ports and vPC becomes operational on both the peer devices once the downstream device is operational again. This is irrespective of the state of the peer-keepalive link.
    The Virtual Port Channel Operations guide discusses failure scenarios (and more besides), and the use of the auto-recovery and is worth a read to ensure you fully understand the recovery options for all scenario.
    In short, I believe that what you're planning is an acceptable risk.
    Regards

  • Integration Design/Configuration in IB Logon : Authorisation Error

    Hi all,
    we get the following error message when logging on to the Integration Builder:
    "Authorization error. Unknown user name or incorrect passwords."
    We installed the SDK versions 1.4.2_03 and 1.4.2_05 on our computer and have local Admin rights.
    Has anyone already a similar problem and can us further help.
    The user/password has been created in SU01 with all the roles outlined in the install document over 24 hours ago and is viewable in the J2EE Admin Tool.
    The user XISUPER can run the SLD & RWB ok however.
    Is there anything else we should be checking ?
    Kind regards
    Colin

    Hi Fabrice,
    We have a solution. Try it and it may work for you.
    We had an issue where the short domain name was not being resolved correctly to the long domain name so this was the failure reason.
    Try using the long domain name in the URL just by changing it and see if that works.
    Then your admin guys need to see if the name can be resolved correctly.
    The message you are getting is a completely bogus message by the way.
    Fingers crossed.
    Colin.

Maybe you are looking for

  • Errors with a TDS 1012 scope

    Hello,    I am having probelms with the example for the TDS 1012 scope that I got from the NI website. I have installed the drivers on the PC and I have assumed that that is all I need to do to have the example work.   I have attached a screen shoot

  • Putting video on to DV tape

    Using FCE 3.5. I want to take a section of video, and put it back on to a DV tape. I have the clip opened up in the FCE timeline, saved it as a project, DV tape is in camcorder and connected to the computer, and I have been trying to use the "Print t

  • Display results from dynamic query created and executed inside procedure

    Hi; I have created this code: CREATE OR REPLACE PROCEDURE RunDynamicQuery(Var1 IN VARCHAR2, Var2 IN VARCHAR2, VAR3 IN VARCHAR2) AS -- Do something -- That ends up with a variable holding a query.... (just an example) MainQuery :='select sysdate from

  • PowerPivot - Create a Lookup Table and Calculate Totals via PowerQuery

    Hi, I have got a question to powerpivot/powerquery. I have got one source file "product-sku.txt" with product data (product number, product size, product quantity etc.). In powerpivot I created via this text file 2 powerpivot tables: product-sku and

  • Install os x on macbook with windows 7 installed

    Hallo. I have got macbook with only Windows 7 installed. How could I possibly get mac os x on it? Thank you