IDM 6.0 End-toEnd Encryption

We have a Security/Audit requirement to implement end-to-end encryption as it relates to Active Directory provisioning. We have version 6, SP1 running App server on Weblogic, a windows gateway device as a member of �Encrypt Domain�. We are currently using ADSI called from the gateway to the �Encrypt Domain� so passwords resets are currently being encrypted via ADSI 3DES.
We need to now encrypt from Weblogic to the gateway or even better, sip the gateway and encrypt right to the Active Directory environment.
Question:� has anyone configured/implemented this type of solution and could they share from a high=level the pieces needed to be successful?
Many thanks for your assistance.

Hi,
as you can read from
338 Sun Java System Identity Manager 7.0 � Identity Manager Administration
onward 168 bit 3DES encryption is used from the appserver to the gateway ootb. The same is with IDM6.0 i just had the 7.0 docs closer.
Regards,
Patrick

Similar Messages

SQL Server TDE stuck encryption state 4

I'm trying to create a robust script that runs backups, backs up current certificate, creates a new certificate, backs up new certificate and regenerates database encryption keys with the new certificate. Obviously to do all this you're talking about a pretty
complicated script! i've tried to make it as robust as possible, however when running the script the databases have gotten stuck in encryption state 4. (this has happened before which is why i'm testing this to destruction.) now before i delete and recreate
these databases is there any way to force them out of state 4? It will not allow you to turn encryption off you get the following error : Cannot disable database encryption while an encryption, decryption, or key change scan is in progress.
I'm not sure what happened to get them into this state but want to prevent it at all costs.
Please see my script. You should be able to test this easily by creating a couple db's.
Any improvements would be greatly appreciated, and this will be extremely useful to anyone in a TDE environment.
*** UPDATED ***
USE master
DECLARE @Name NVARCHAR(50) , -- Database Name
@Path NVARCHAR(100) , -- Path for backup files
@FileName NVARCHAR(256) , -- Filename for backup
@FileDate NVARCHAR(20) , -- Used for file name
@BackupSetName NVARCHAR(50) ,
@SQLScript NVARCHAR(MAX) ,
@Live AS NCHAR(3) = 'No'
-- *** MAKE SURE YOU CHECK THIS BEFORE RUNNING ***
-- specify database backup directory
SET @Path = 'E:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Backup\'
-- specify filename format
SET @FileDate = REPLACE(REPLACE(REPLACE(CONVERT(NVARCHAR(20), GETDATE(), 120),
IF CURSOR_STATUS('global', 'db_cursor') >= -1
DEALLOCATE db_cursor
DECLARE db_cursor CURSOR
FOR
SELECT Name
FROM sys.databases
WHERE Name NOT IN ( 'master', 'model', 'msdb', 'tempdb' )
AND is_encrypted = 1
OPEN db_cursor
FETCH NEXT FROM db_cursor INTO @Name
WHILE @@FETCH_STATUS = 0
BEGIN TRY
SET @FileName = @Path + @Name + '_' + @FileDate + '.bak'
SET @SQLScript = 'BACKUP DATABASE ' + @Name + ' TO DISK = '''
+ @FileName + ''' WITH NOFORMAT, INIT, SKIP, STATS = 10
RESTORE VERIFYONLY FROM DISK = ''' + @FileName + ''' BACKUP LOG '
+ @Name + ' TO DISK = ''' + @Path + @Name + '_log.ldf'''
PRINT '*** STEP ONE Backing up Databases ***'
PRINT @SQLScript
IF @Live = 'Yes'
EXEC (@SQLScript)
FETCH NEXT FROM db_cursor INTO @Name
END TRY
BEGIN CATCH
PRINT 'Error Completing Backups'
SELECT ERROR_NUMBER() AS ErrorNumber ,
ERROR_SEVERITY() AS ErrorSeverity ,
ERROR_STATE() AS ErrorState ,
ERROR_PROCEDURE() AS ErrorProcedure ,
ERROR_LINE() AS ErrorLine ,
ERROR_MESSAGE() AS ErrorMessage;
RETURN
END CATCH
CLOSE db_cursor
DEALLOCATE db_cursor
-- Get current certificate statuses
SELECT DB_NAME(database_id) AS DatabaseName ,
Name AS CertificateName ,
CASE encryption_state
WHEN 0 THEN 'No database encryption key present, no encryption'
WHEN 1 THEN 'Unencrypted'
WHEN 2 THEN 'Encryption in progress'
WHEN 3 THEN 'Encrypted'
WHEN 4 THEN 'Key change in progress'
WHEN 5 THEN 'Decryption in progress'
END AS encryption_state_desc ,
create_date ,
regenerate_date ,
modify_date ,
set_date ,
opened_date ,
key_algorithm ,
key_length ,
encryptor_thumbprint ,
percent_complete ,
certificate_id ,
principal_id ,
pvt_key_encryption_type ,
pvt_key_encryption_type_desc ,
issuer_name ,
cert_serial_number ,
subject ,
expiry_date ,
start_date ,
thumbprint ,
pvt_key_last_backup_date
FROM sys.dm_database_encryption_keys AS e
LEFT JOIN master.sys.certificates AS c ON e.encryptor_thumbprint = c.thumbprint
-- TDE cannot be started while backup is running
WHILE EXISTS ( SELECT *
FROM master.dbo.sysprocesses
WHERE dbid IN ( DB_ID('*** DATABASE ***') )
AND cmd LIKE 'BACKUP%' )
BEGIN
PRINT 'Waiting for backups to complete'
WAITFOR DELAY '00:01:00'
END
--Code for backing up certificate and generating new certificate
DECLARE @CurrentCertificateName AS NVARCHAR(100) ,
@CertificateBackupFile AS NVARCHAR(256) ,
@KeyBackup AS NVARCHAR(256) ,
@KeyStore AS NVARCHAR(256) = 'E:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Key Backup\' ,
@SecurePass AS NVARCHAR(50) = '*** Password ***'
-- Get current certificate name
SELECT @CurrentCertificateName = c.name
FROM sys.dm_database_encryption_keys AS e
LEFT JOIN master.sys.certificates AS c ON e.encryptor_thumbprint = c.thumbprint
WHERE DB_NAME(e.database_id) = @Name
-- backup the current certificate
SET @CertificateBackupFile = @KeyStore + @CurrentCertificateName + '.cer'
SET @KeyBackup = @KeyStore + @CurrentCertificateName + '.pvk'
SET @SQLScript = 'BACKUP CERTIFICATE ' + @CurrentCertificateName
+ +' TO FILE = ''' + @CertificateBackupFile + ''' WITH PRIVATE KEY'
+ ' (FILE = ''' + @KeyBackup + ''',' + ' ENCRYPTION BY PASSWORD = '''
+ @SecurePass + ''')'
PRINT '*** STEP TWO Backing up current certificate: ' + @SQLScript + ' ***'
IF @Live = 'Yes'
BEGIN TRY
EXEC ( @SQLScript )
END TRY
BEGIN CATCH
PRINT 'Could not back up existing Certificate. Job Cancelled'
SELECT ERROR_NUMBER() AS ErrorNumber ,
ERROR_SEVERITY() AS ErrorSeverity ,
ERROR_STATE() AS ErrorState ,
ERROR_PROCEDURE() AS ErrorProcedure ,
ERROR_LINE() AS ErrorLine ,
ERROR_MESSAGE() AS ErrorMessage;
RETURN
END CATCH
-- Generate the new certificate.
DECLARE @Now AS NVARCHAR(12) = REPLACE(REPLACE(REPLACE(CONVERT(NVARCHAR(20), GETDATE(), 120),
DECLARE @NewCertificateName AS NVARCHAR(50) = 'PCI_Compliance_Certificate_'
+ @Now
-- Manually set certificate name
--SELECT @NewCertificateName = 'PCI_Compliance_Certificate_201312231546'
-- Generate a new certificate
DECLARE @NewCertificateDescription AS NVARCHAR(100) = 'PCI DSS Compliance Certificate for 2014'
SET @SQLScript = 'CREATE CERTIFICATE ' + @NewCertificateName
+ ' WITH SUBJECT = ''' + @NewCertificateDescription + ''''
PRINT '*** STEP THREE Creating New Certificate: ' + @SQLScript + ' ***'
IF @Live = 'Yes'
BEGIN TRY
EXEC ( @SQLScript
END TRY
BEGIN CATCH
PRINT 'Could not create the new Certificate. Job Cancelled'
SELECT ERROR_NUMBER() AS ErrorNumber ,
ERROR_SEVERITY() AS ErrorSeverity ,
ERROR_STATE() AS ErrorState ,
ERROR_PROCEDURE() AS ErrorProcedure ,
ERROR_LINE() AS ErrorLine ,
ERROR_MESSAGE() AS ErrorMessage;
RETURN
END CATCH
-- Back up the new certificate
SET @CertificateBackupFile = @KeyStore + @NewCertificateName + '.cer'
SET @KeyBackup = @KeyStore + @NewCertificateName + '.pvk'
SET @SQLScript = 'BACKUP CERTIFICATE ' + @NewCertificateName
+ +' TO FILE = ''' + @CertificateBackupFile + '''' + ' WITH PRIVATE KEY'
+ ' (FILE = ''' + @KeyBackup + ''',' + ' ENCRYPTION BY PASSWORD = '''
+ @SecurePass + ''')'
PRINT '*** STEP FOUR Backing up New Certificate: ' + @SQLScript + ' ***'
IF @Live = 'Yes'
BEGIN TRY
EXEC ( @SQLScript
END TRY
BEGIN CATCH
PRINT 'Error: Could not back up New Certificate.'
SELECT ERROR_NUMBER() AS ErrorNumber ,
ERROR_SEVERITY() AS ErrorSeverity ,
ERROR_STATE() AS ErrorState ,
ERROR_PROCEDURE() AS ErrorProcedure ,
ERROR_LINE() AS ErrorLine ,
ERROR_MESSAGE() AS ErrorMessage;
RETURN
END CATCH
--Encrypt database with new certificate
WHILE EXISTS ( SELECT *
FROM master.dbo.sysprocesses
WHERE dbid IN ( DB_ID('*** DATABASE ***') )
AND cmd LIKE 'BACKUP%' )
BEGIN
PRINT 'Waiting for backups to complete'
WAITFOR DELAY '00:01:00'
END
DECLARE db_cursor CURSOR
FOR
SELECT Name
FROM sys.databases
WHERE Name NOT IN ( 'master', 'model', 'msdb', 'tempdb' )
AND is_encrypted = 1
OPEN db_cursor
FETCH NEXT FROM db_cursor INTO @Name
WHILE @@FETCH_STATUS = 0
BEGIN TRY
SET @SQLScript = 'USE ' + @Name
+ ' ALTER DATABASE ENCRYPTION KEY REGENERATE WITH ALGORITHM = AES_256 ENCRYPTION BY SERVER CERTIFICATE '
+ 'PCI_Compliance_Certificate_' + @Now
PRINT '*** STEP FIVE Encrypting Databases ***'
PRINT @SQLScript
IF @Live = 'Yes'
EXEC (@SQLScript)
FETCH NEXT FROM db_cursor INTO @Name
END TRY
BEGIN CATCH
PRINT 'Error Encrypting Databases'
SELECT ERROR_NUMBER() AS ErrorNumber ,
ERROR_SEVERITY() AS ErrorSeverity ,
ERROR_STATE() AS ErrorState ,
ERROR_PROCEDURE() AS ErrorProcedure ,
ERROR_LINE() AS ErrorLine ,
ERROR_MESSAGE() AS ErrorMessage;
RETURN
END CATCH
CLOSE db_cursor
DEALLOCATE db_cursor
-- Inspect the new state of the databases
SELECT DB_NAME(e.database_id) AS DatabaseName ,
e.database_id ,
e.encryption_state ,
CASE e.encryption_state
WHEN 0 THEN 'No database encryption key present, no encryption'
WHEN 1 THEN 'Unencrypted'
WHEN 2 THEN 'Encryption in progress'
WHEN 3 THEN 'Encrypted'
WHEN 4 THEN 'Key change in progress'
WHEN 5 THEN 'Decryption in progress'
END AS encryption_state_desc ,
c.name ,
e.percent_complete
FROM sys.dm_database_encryption_keys AS e
LEFT JOIN master.sys.certificates AS c ON e.encryptor_thumbprint = c.thumbprint

Hello,
State 4 means (as you've noted in your script) that there is a key change in process. When a key change happens with TDE, all of the data must first be decrypted with the old keys and encrypted with the new keys which takes time. However long it takes to
decrypt and encrypt your entire database (depending on how many key changes there are in the hierarchy) is how long it will take.
There is also a very niche scenario where database corruption can cause issues with TDE while encrypting or decrypting. You could run a CHECKDB and validate this is not the case (you can also check suspect_pages at a quick glance).
Sean Gallardy | Blog |
Twitter

Encryption in PL/SQL

Hi all,
Has anyone came across encryption code, such as DES, written in PL/SQL?
I found two files in Oralce 8.1.6, namely $ORACLE_HOME/rdbms/admin/dbmsobtk.sql & prvtobtk.plb. These files created a package called DBMS_OBFUSCATION_TOOLKIT which contains the following procedures:
PROCEDURE DESEncrypt(
input IN RAW,
key IN RAW,
encrypted_data OUT RAW);
PROCEDURE DESEncrypt(
input_string IN VARCHAR2,
key_string IN VARCHAR2,
encrypted_string OUT VARCHAR2);
PROCEDURE DESDecrypt(
input IN RAW,
key IN RAW,
decrypted_data OUT RAW);
PROCEDURE DESDecrypt(
input_string IN VARCHAR2,
key_string IN VARCHAR2,
decrypted_string OUT VARCHAR2);
I compiled the package, using sys, then granted execute privilege to a user. However I encountered error when compiling my PL/SQL function which calls the DESEncrypt procedure. The following is my code and error message
My Code
CREATE OR REPLACE FUNCTION DESEncrypt(pv_string VARCHAR2, pv_despin VARCHAR2) RETURN VARCHAR2
AS
lv_encrypted VARCHAR2(128);
BEGIN
DBMS_OBFUSCATION_TOOLKIT.DESENCRYPT(pv_string, pv_despin, lv_encrypted);
RETURN(lv_encrypted);
END;
Error Message
LINE/COL ERROR
5/2 PLS-00307: too many declarations of 'DESENCRYPT' match this call
5/2 PL/SQL: Statement ignored
Appreciate if someone can tell me where to find Encrypt code written in PL/SQL or help me resolve this problem (I can't change the package body for DBMS_OBFUSCATION_TOOLKIT since the prvtobtk file is wrapped.
Thank you.
Rdgs,
Lau

You must ensure that the lenght of the string to encrypt is divisible by 8. Perform the following before calling
/* Pad the string with spaces until it's length is a multiple of 8 */
while mod(strLength, 8) <> 0
loop
encryption_string := encryption_string | | ' ';
strLength := length(encryption_string);
end loop;
/* Encrypt the string the was passed to the procedure */
dbms_obfuscation_toolkit.desencrypt(input_string => encryption_string,
key_string => v_key_string,
encrypted_string => v_encrypted_form);
Thanks
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by hlau:
Hi all,
Has anyone came across encryption code, such as DES, written in PL/SQL?
I found two files in Oralce 8.1.6, namely $ORACLE_HOME/rdbms/admin/dbmsobtk.sql & prvtobtk.plb. These files created a package called DBMS_OBFUSCATION_TOOLKIT which contains the following procedures:
PROCEDURE DESEncrypt(
input IN RAW,
key IN RAW,
encrypted_data OUT RAW);
PROCEDURE DESEncrypt(
input_string IN VARCHAR2,
key_string IN VARCHAR2,
encrypted_string OUT VARCHAR2);
PROCEDURE DESDecrypt(
input IN RAW,
key IN RAW,
decrypted_data OUT RAW);
PROCEDURE DESDecrypt(
input_string IN VARCHAR2,
key_string IN VARCHAR2,
decrypted_string OUT VARCHAR2);
I compiled the package, using sys, then granted execute privilege to a user. However I encountered error when compiling my PL/SQL function which calls the DESEncrypt procedure. The following is my code and error message
My Code
CREATE OR REPLACE FUNCTION DESEncrypt(pv_string VARCHAR2, pv_despin VARCHAR2) RETURN VARCHAR2
AS
lv_encrypted VARCHAR2(128);
BEGIN
DBMS_OBFUSCATION_TOOLKIT.DESENCRYPT(pv_string, pv_despin, lv_encrypted);
RETURN(lv_encrypted);
END;
Error Message
LINE/COL ERROR
-------- <HR></BLOCKQUOTE>
null

Using SPML to create a custom end user interface?

We are trying to create a custom end user interface which uses SPML to communicate with our IDM server. The issue we have is whether there is a way to login to IDM from this end user interface as the end user, or at least run the end user functionality such as password changes and authentication question setup as the end user without giving all end users SPML capabilities. Right now we have created a special SPML user account and we have given that user broad capabilities. We are able to change passwords and set questions but the auditing just shows the SPML user as the subject for all these actions.
Thanks,

It looks like you are absolutely right.
I also cannot find that zlman option.
So it looks like you are the first that needs it.
We use zlman to create bundles and add packages when we build them in our rpm build environment, but at that time that are always new packages that need top be uploaded. So the bundle-add-package is what we use, but that doesn't help with packages in the repository.
So I would write a enhancement request for it ...
http://www.novell.com/rms
As a workaround, not a nice one of course, you can search for the package in the repository and upload it once again. It should recognize that and create just the package links to the bundle. Not nice, but it seems to be the only option for now.
Rainer

L2L VPN Issue - one subnet not reachable

Hi Folks,
I have a strange issue with a new VPN connection and would appreciate any help.
I have a pair of Cisco asa 5540s configured as a failover pair (code version 8.2(5)).
I have recently added 2 new L2L VPNs - both these VPNs are sourced from the same interface on my ASA (called isp), and both are to the same customer, but they terminate on different firewalls on the cusomter end, and encrypt traffic from different customer subnets.    There's a basic network diagram attached.
VPN 1 - is for traffic from the customer subnet 10.2.1.0/24.    Devices in this subnet should be able to access 2 subnets on my network - DMZ 211 (192.168.211.0./24) and DMZ 144 (192.168.144.0/24).    This VPN works correctly.
VPN 2 - is for traffic from the customer subnet 192.168.1.0/24.    Devices in this subnet should be able to access the same 2 subnets on my network - DMZ 211 (192.168.211.0./24) and DMZ 144 (192.168.144.0/24).    This VPN is not working correctly - the customer can access DMZ 144, but not DMZ 211.
There are isakmp and ipsec SAs for both VPNs.    I've noticed that the packets encaps/decaps counter does not increment when the customer sends test traffic to DMZ 211. This counter does increment when they send test traffic to DMZ144.   I can also see traffic sent to DMZ 144 from the customer subnet 192.168.1.0/24 in packet captures on the DMZ 144 interface of the ASA.   I cannot see similar traffic in captures on the DMZ211 interface (although I can see traffic sent to DMZ211 if it is sourced from 10.2.1.0/24 - ie when it uses VPN1)
Nat exemption is configured for both 192.168.1.0/24 and 10.2.1.0/24.
There is a route to both customer subnets via the same next hop.
There is nothing in the logs toindicate that traffic from 192.168.1.0/24 is being dropped
I suspect that this may be an issue on the customer end, but I'd like to be able to prove that.   Specifically, I would really like to be able to capture traffic destined to DMZ 211 on the isp interface of the firewall after it has been decrypted - I don't know if this can be done however, and I haven'treally found a good way to prove or disprove that VPN traffic from 192.168.1.0/24 to DMZ211 is arriving at the isp interface of my ASA, and to show what's happening to that traffic after it arrives.
Here is the relevant vpn configuration:
crypto map MY_CRYPTO_MAP 90 match address VPN_2
crypto map MY_CRYPTO_MAP 90 set peer 217.154.147.221
crypto map MY_CRYPTO_MAP 90 set transform-set 3dessha
crypto map MY_CRYPTO_MAP 90 set security-association lifetime seconds 86400
crypto map MY_CRYPTO_MAP 100 match address VPN_1
crypto map MY_CRYPTO_MAP 100 set peer 193.108.169.48
crypto map MY_CRYPTO_MAP 100 set transform-set 3dessha
crypto map MY_CRYPTO_MAP 100 set security-association lifetime seconds 86400
crypto map MY_CRYPTO_MAP interface isp
ASA# sh access-list VPN_2
access-list VPN_2; 6 elements; name hash: 0xa902d2f4
access-list VPN_2 line 1 extended permit ip object-group VPN_2_NETS 192.168.1.0 255.255.255.0 0x56c7fb8f
access-list VPN_2 line 1 extended permit ip 192.168.144.0 255.255.255.0 192.168.1.0 255.255.255.0 (hitcnt=45) 0x93b6dc21
access-list VPN_2 line 1 extended permit ip 192.168.211.0 255.255.255.0 192.168.1.0 255.255.255.0 (hitcnt=6) 0x0abf7bb9
access-list VPN_2 line 1 extended permit ip host 192.168.146.29 192.168.1.0 255.255.255.0 (hitcnt=8) 0xcc48a56e
ASA# sh access-list VPN_1
access-list VPN_1; 3 elements; name hash: 0x30168cce
access-list VPN_1 line 1 extended permit ip 192.168.144.0 255.255.252.0 10.2.1.0 255.255.255.0 (hitcnt=6) 0x61759554
access-list VPN_1 line 2 extended permit ip 192.168.211.0 255.255.255.0 10.2.1.0 255.255.255.0 (hitcnt=3) 0xa602c97c
access-list VPN_1 line 3 extended permit ip host 192.168.146.29 10.2.1.0 255.255.255.0 (hitcnt=0) 0x7b9f32e3
nat (dmz144) 0 access-list nonatdmz144
nat (dmz211) 0 access-list nonatdmz211
ASA# sh access-list nonatdmz144
access-list nonatdmz144; 5 elements; name hash: 0xbf28538e
access-list nonatdmz144 line 1 extended permit ip 192.168.144.0 255.255.255.0 192.168.0.0 255.255.0.0 (hitcnt=0) 0x20121683
access-list nonatdmz144 line 2 extended permit ip 192.168.144.0 255.255.255.0 172.28.2.0 255.255.254.0 (hitcnt=0) 0xbc8ab4f1
access-list nonatdmz144 line 3 extended permit ip 192.168.144.0 255.255.255.0 194.97.141.160 255.255.255.224 (hitcnt=0) 0xce869e1e
access-list nonatdmz144 line 4 extended permit ip 192.168.144.0 255.255.255.0 172.30.0.0 255.255.240.0 (hitcnt=0) 0xd3ec5035
access-list nonatdmz144 line 5 extended permit ip 192.168.144.0 255.255.255.0 10.2.1.0 255.255.255.0 (hitcnt=0) 0x4c9cc781
ASA# sh access-list nonatdmz211 | in 192.168\.1\.
access-list nonatdmz1 line 3 extended permit ip 192.168.211.0 255.255.255.0 192.168.1.0 255.255.255.0 (hitcnt=0) 0x2bbfcfdd
ASA# sh access-list nonatdmz211 | in 10.2.1.
access-list nonatdmz1 line 4 extended permit ip 192.168.211.0 255.255.255.0 10.2.1.0 255.255.255.0 (hitcnt=0) 0x8a836d91
route isp 192.168.1.0 255.255.255.0 137.191.234.33 1
route isp 10.2.1.0 255.255.255.0 137.191.234.33 1
Thanks in advance to anyone who gets this far!

Darragh
Clearing the counters was a good idea. If the counter is not incrementing and if ping from the remote side is not causing the VPN to come up it certainly confirms that something is not working right.
It might be interesting to wait till the SAs time out and go inactive and then test again with the ping from the remote subnet that is not working. Turn on debug for ISAKMP and see if there is any attempt to negotiate. Especially if you do not receive any attempt to initiate ISAKMP from then then that would be one way to show that there is a problem on the remote side.
Certainly the ASA does have the ability to do packet capture. I have used that capability and it can be quite helpful. I have not tried to do a capture on the outside interface for incoming VPN traffic and so am not sure whether you would be capturing the encrypted packet or the de-encrypted packet. You can configure an access list to identify traffic to capture and I guess that you could write an access list that included both the peer addresses as source and destination to capture the encrypted traffic and entries that were the un-encrypted source and destination subnets to capture traffic after de-encryption.
HTH
Rick

Secure pdf form sent by email

I created a self-signed digital ID for both signature end data encryption.
Then I created a pdf form by using livecycle and put it on our website, and after users fill it in, they will click submit by email to submit the data.
I tried to create a self-signed digital ID.- that also does data encryption. Then I did a test to fill the form, send by email. I suppose it has encrypted the attached PDF form, but I can open it just like regular form without encryption. How can I know if it is encrypted or not?
Thanks

This is my exact concern. I want to know that return email with xml data files are encrypted for confidentiality. Does anyone know how this is done?

Does the Intel 82579LM NIC on the Portege R830 support Promiscuous mode?

Hi,
I've got a work laptop (Portege R830), which doesn't want to sniff packets. I've got it connected to a Netgear Hub (DS104), along with an older notebook, and then uplink to ADSL.
Running a continuous ping to the default gateway and Wireshark on both devices and the other computer can see the pings from the Toshiba, but not vice-versa.
The Toshiba is running as an Administrator account, has the Windows Firewall disabled, and my Symantec End Point Encryption disabled. I don't have any other AV to my knowledge.
Does anyone have any ideas of services I should disable/enable, or knowledge of the features of this NIC?
According to the Intel site "Yes, all currently marketed Intel PRO/100, Intel PRO/1000, Intel Gigabit, Intel PRO/10 Gigabit, and Intel 10 Gigabit adapters support Promiscuous mode. " But the Intel 82579 Gigabit Ethernet Controller is not in the list that follows on; http://www.intel.com/support/network/sb/CS-004185.htm?wapkw=%28promiscuous%29
Thanks for your time.

Usually the firewall or Internet Security software blocks pings so perhaps try uninstalling Symantec completely. Just disabling it may not disable everything.
Another thing to try is use a Static IP Address instead of DHCP. Disabling IPv6 or installing a newer LAN driver from the Intel website may also help.

How to edit audio contents? (sample editing)

Hi, I have a problem in editing a recorded audio. Can anyone please help me with this one? The scenario is this...
I get my audio data by reading right from the line using targetdataline read method. Then I store the data in byte arrays. I tried to edit the values of each byte (in the byte array) by converting it to its short value, then alter its value before storing the new value to the source byte address.. Am I doing the right thing in the conversion and editing process?
My audio configuration is this:
audio format = PCM_SIGNED
sample rate = 8000
sample size in bits = 8
channels = mono
big endian = false
Well, I use this for my cryptographic process in a simple VOIP program. I was having a hard time getting the valid values of the recorded audio stored in the byte array. Can anyone enlighten me with this matter?

I have a "Recorder Class" that simply gets the audio data from the line. Here's some part of my code on how I get my audio data.
synchronized public void run() {
        while( !m_bQuitting ) { //m_bquitting is a bolean variable which tells if the recording thread must be stopped
             byte bs[] = new byte[bytesize];
                m_line.read( bs , 0 , bytesize );
             if( m_bRecording ) {
                    byte[] audio = new byte[bs.length];
                    //loop that initializes the temporary byte array to be encrypted
                                //this simple copies the contents of bs to audio byte array
                    for( int i = 0; i < audio.length && i < bs.length; i++ ){
                         audio[i] = bs;
                    if(rsa != null) {
                         /*encryption*/
                         for(int offset=0; offset < audio.length && offset < bs.length; offset++) {
                              short sample = (short)(audio[offset] & 0xff); //convert byte to short
                              short tmp = rsa.code(sample);
                              audio[offset] = (byte)tmp;
                         /*end of encryption*/
          cs.writebyte( audio );
     }else if( onlyonce ){
          cs.writebyte( ("NT|").getBytes() );
          onlyonce = false;
m_line.stop();
m_line.close();
My simple VOIP works well without the encryption process. My real problem here is how can I open/edit the data that is stored in the byte array. Simple conversion of each byte to its short value doesn't seem to solve my problem. My RSA works well on data structures integer, string, double, float, hex, biginteger and etc. I have read some articles that says that audio samples are stored depending on the size of the sample bits used, and in my case its 8 bits (-128 to 127). My perception here is that if each sample is stored in a byte, then there would be a corresponding hexadecimal value for that byte. Am I right?(Can anyone enlighten me with this one???) My plan here is to encrypt and decrypt the audio data byte per byte so I need to get the audio sample data of a recorded audio.
PS:
Sorry for my first post. :)

ORA-28232 w/ DBMS_OBFUSCATION_TOOLKIT

I am attempting to use DBMS_OBFUSCATION_TOOLKIT.DESEncrypt on an Oracle 8.1.6.3 database. However it keeps throwing the 28232 error. However I am definitely using an 8 character password.
Does anybody know what the problem might be?
TIA, APC

Here is the my_encryption package code ...........
CREATE OR REPLACE PACKAGE BODY my_encryption IS
|| Local variable to hold the current encryption key.
ps_encryption_key RAW(32);
|| Local exception to hide Oracle -28231 Error Code.
INTERNAL_BAD_KEY exception;
PRAGMA EXCEPTION_INIT(INTERNAL_BAD_KEY, -28231);
|| Local exception to hide Oracle -28232 Error Code.
INTERNAL_BAD_DATA exception;
PRAGMA EXCEPTION_INIT(INTERNAL_BAD_DATA, -28232);
|| Local function to get the encryption key for a particular case.
FUNCTION get_case_encryption_key(pi_cas_id IN ELS_CASES.ID%TYPE) RETURN RAW IS
|| The key to be returned.
key RAW(16);
|| Cursor to return the case encyption key in encrypted format.
CURSOR c_case_key(b_cas_id ELS_CASES.ID%TYPE) IS
SELECT encryption_key
FROM els_cases
WHERE id = b_cas_id;
BEGIN
OPEN c_case_key(pi_cas_id);
FETCH c_case_key INTO key;
CLOSE c_case_key;
RETURN key;
EXCEPTION
WHEN NO_DATA_FOUND THEN
RAISE NO_CASE;
END;
|| Procedure to initialize package with the master key.
|| The master key will be held elsewhere from the database.
PROCEDURE set_master_key(pi_key IN RAW) IS
BEGIN
IF LENGTHB(pi_key) != 32 THEN
RAISE BAD_KEY;
END IF;
ps_encryption_key := pi_key;
END;
|| Procedure to initialize package with the master key.
|| Always returns 'Y'
|| The master key will be held elsewhere from the database.
FUNCTION set_master_key(pi_key IN RAW) RETURN VARCHAR2 IS
BEGIN
set_master_key(pi_key);
RETURN 'Y';
END;
|| Procedure to initialize package with the case encryption key.
PROCEDURE set_case_key(pi_master_key IN RAW,
pi_cas_id IN ELS_CASES.ID%TYPE) IS
BEGIN
ps_encryption_key := pi_master_key;
ps_encryption_key := decrypt(pi_data=>get_case_encryption_key(pi_cas_id));
END;
|| Function to initialize package with the case encryption key.
|| Always returns 'Y'
FUNCTION set_case_key(pi_master_key IN RAW,
pi_cas_id IN ELS_CASES.ID%TYPE) RETURN VARCHAR2 IS
BEGIN
set_case_key(pi_master_key,pi_cas_id);
RETURN 'Y';
END;
|| Function to encrypt data using the master key. Note the length of
|| pi_data, in bytes, must be at most 2000 bytes and be divisible by 8.
FUNCTION encrypt(pi_data IN RAW) RETURN RAW IS
BEGIN
RETURN dbms_obfuscation_toolkit.DES3Encrypt(input => pi_data,
key => ps_encryption_key);
EXCEPTION
WHEN INTERNAL_BAD_DATA THEN
RAISE BAD_DATA;
WHEN INTERNAL_BAD_KEY THEN
RAISE BAD_KEY;
END;
|| Function to encrypt a BLOB using the current encryption key.
FUNCTION encrypt(pi_blob IN BLOB) RETURN BLOB IS
|| Temporary blob variable to hold the encrypted contents.
result blob;
|| Variable to hold the length of the blob.
blob_length PLS_INTEGER := dbms_lob.getlength(pi_blob);
|| The Oracle encryption routines can only encrypt data whose length is <=2000.
max_chunk_length PLS_INTEGER := 2000;
|| Variable to hold the length of the current chunk that is being encrypted.
chunk_length PLS_INTEGER;
|| Variable to remember which how much of the input blob has been encrypted.
pointer PLS_INTEGER := 1;
|| Variable to hold the next bit of data to be encrypted.
chunk RAW(2000);
|| Variable to hold a pad byte used to pad the last chunk.
pad RAW(1) := utl_raw.substr(utl_raw.cast_to_raw('0'),1,1);
BEGIN
|| Create the temporary blob using the database memory buffer.
dbms_lob.createtemporary(result, TRUE, dbms_lob.call);
|| Loop through the input blob
WHILE (pointer <= blob_length) LOOP
|| Grab at most 2000 bytes from the input blob.
chunk_length := LEAST(max_chunk_length,blob_length-pointer+1);
chunk := dbms_lob.substr(pi_blob,chunk_length,pointer);
|| Pad any chunk (ie the last) so its length is divisible by 8 (another Oracle limitation on encryption)!.
WHILE mod(chunk_length,8) !=0 LOOP
chunk := utl_raw.concat(chunk,pad);
chunk_length := chunk_length+1;
END LOOP;
|| Encrypt the chunk and write it to the end of the temporary blob.
dbms_lob.writeappend(result,
chunk_length,
encrypt(pi_data => chunk)
|| Advance the pointer by the length of the last chunk.
pointer := pointer + chunk_length;
END LOOP;
|| All Done!
RETURN result;
END;
|| Function to decrypt data using the master key. Note the length of
|| pi_data, in bytes, must be at most 2000 bytes and be divisible by 8.
FUNCTION decrypt(pi_data IN RAW) RETURN RAW IS
BEGIN
RETURN dbms_obfuscation_toolkit.DES3Decrypt(input => pi_data,
key => ps_encryption_key);
EXCEPTION
WHEN INTERNAL_BAD_DATA THEN
RAISE BAD_DATA;
WHEN INTERNAL_BAD_KEY THEN
RAISE BAD_KEY;
END;
|| Function to decrypt a BLOB using the current encryption key.
FUNCTION decrypt(pi_blob IN BLOB,
pi_size IN PLS_INTEGER) RETURN BLOB IS
|| Temporary blob variable to hold the encrypted contents.
result BLOB;
|| Variable to hold the length of the blob.
blob_length PLS_INTEGER := dbms_lob.getlength(pi_blob);
|| The Oracle encryption routines can only encrypt data whose length is <=2000.
max_chunk_length PLS_INTEGER := 2000;
|| Variable to hold the length of the current chunk that is being encrypted.
chunk_length PLS_INTEGER;
|| Variable to remember which how much of the input blob has been encrypted.
pointer PLS_INTEGER := 1;
BEGIN
|| Create the temporary blob using the database memory buffer.
dbms_lob.createtemporary(result, TRUE, dbms_lob.call);
|| Loop through the input blob
WHILE (pointer <= blob_length) LOOP
|| Grab at most 2000 bytes from the input blob.
chunk_length := LEAST(max_chunk_length,blob_length-pointer+1);
|| Decrypt the chunk and write it to the end of the temporary blob.
dbms_lob.writeappend(result,
chunk_length,
decrypt(pi_data => dbms_lob.substr(pi_blob,
chunk_length,
pointer
|| Advance the pointer by the length of the last chunk.
pointer := pointer + chunk_length;
END LOOP;
|| Remove the padding bytes that were added when the data was encrypted.
dbms_lob.trim(result,pi_size);
|| All Done!
RETURN result;
END;
|| Procedure to clear session state of stored keys.
PROCEDURE CLEAR IS
BEGIN
ps_encryption_key:=null;
END;
END;
and here is the PL/sql I run before running the sql stmt
DECLARE
mkey LONG RAW;
BEGIN
mkey := UTL_RAW.CAST_TO_RAW ('&&key');
my_encryption.set_master_key(mkey);
my_encryption.set_case_key(mkey,&&case_id);
END;
mkey is a 16 digit key .
and the encrypted_contents I'm trying to decrypt is a BLOB.
select my_encryption.decrypt(encrypted_contents,file_size),mime_type
from my_drafts where id = &&draft_id;
I hope this makes sense .
Ragini

OSB proxy service and BPEL depedency is not established in BTM

Hi All,
I am using BTM 12.1.0.3 and I have deployed a service where an OSB proxy service is taking employee information and callling a BPEL process which writes data in some database table. The OSB proxy service and BPEL got discovered in BTM but the dependecy between OSB Proxy service and BPEL process is not established in BTM. I have used soa-dorect protocol to call the BPEL from OSB. I have also tried with using http protocol in OSB for calling a BPEL but nothing worked and the depedency is not established in BTM.
Now I want to create an end-toend transaction i.e. starting from OSB proxy to the database. For this I selected OSB proxy operation and BPEL operation but correlation is not established. How can I correlate these operation? And how can I create an end-to-end transaction for this type of service where OSB calls a BPEL?
Please guide!!
Thanks in advance!!

you can manually correlate any number of services to create an end-2-end transaction. Please see http://docs.oracle.com/cd/E24628_01/doc.121/e37014/transactions004.htm#BABDBDFI on how to manually correlate services in BTM.

CUA vs Ecatt

Hello Gurus,
Our landscape consists of multiple systems & clients and we would be creating mass users across the landscape. Since the number of systems and clients are multiple, its going to be tedious task of creating users by logging into each & every client & system. So we are now in discussion whether to go with CUA or to use eCATT script. I went through all the forums & my notes and to my understanding going with eCATT will be more good rather than configuring CUA to our existing landscape. I heard that SAP will or going to retire CUA in the coming years & replace with SAP IDM. So at this point, using eCATT for mass users creation & later on moving to SAP IDM would be a better choice to my understanding.
Please share your expertise or advice. I appreciate your help
Thanks,
Venkat

If there already is a CUA in place, then switching the IdM to provision the master CUA is the recommended migration path. You can change your process (with IdM as front end) in one go without any parrrellel processes, then migrate the child systems without any stress of having to hunt down IDOCs in future..
If you do not have an existing CUA, then it is a different ball game and depends on how exotic your systems are outside of the SAP landscapes, whether the existing user names are unique, whether you want workflows and automation rules, etc.
If you only have SAP ABAP systems to provision to (also for the double-stack Java UMEs) then CUA is done in about a day or so (for technical implementation, and you only need to train the central admins, normally).
IdM in contrast is a project, but offers much more.
eCatt is IMO not an option for user administration. SU10 and BAPIs are a better (stable) option.
Cheers,
Julius

Include xi integration process statistics into slr report

Hi,
I have XI 3.0 and Solution Manager 7.0 EHP1. Is there a possibility to add statistics about integration processes (these are visible under SXI_CACHE -->Integration Processes) into SLR report? I have similar info in EWA report but I cant find a way to include ir into SLR also.
I.e. I need to get an SLR report stating certain integration process max and average runtime duration in milliseconds.
br,
erki
Edited by: Erki Hallingu on Dec 18, 2009 10:28 AM

Hi,
Probably based on the time that IDOC was processed and the the IDOC pushed from XI after processing at the receiver end you can get the time.
Or even in End-toEnd monitoring you caould verify.
If you will be talking about IDOC adapter then it will not be available in RWB that you need to verify in either SXMB_MONI or in IDX5 tcode.
Thanks
Swarup

Downgrade back to OS X 10.7.5?

I recently upgraded My 2012 MacBook Pro to Yosemite, and I have to say it is just awful. While the upgrade process itself was fine, ever since the upgrade:
It's slow to start and much slower to shut down
The battery life is 30-40% less than with 10.7.5
Regularly locks up (pinwheel) in browser sessions - Safari, Chrome, Firefox, doesn't matter which browser
Less frequently locks up in apps like Evernote, iCal, Mail, etc.
Bottom line is this MacBook Pro is no longer a usable laptop, and I want to go back to 10.7.5. Is this possible?
Thanks in advance for any guidance on this.

John,
Did the Time Machine backup and tried Safe Mode as you recommended. Thought I had made some progress - deleted Chrome and McAfee End Point Encryption and my Mac Book Pro was still slow but seemed more stable. Then, same symptoms returned. So, downloaded & installed EtreCheck & the diagnostic report follows. Per your instructions, I haven't taken any actions based on this report - for example I have not (yet) removed VirtualBox.
Thanks for any further ideas you might have, based on this report.
Problem description:
Slow startup, slow shutdown, poor battery life, and regular locking up of Safari, Thunderbird, Evernote, and other apps after upgrading my 2012 Mac Book Pro to Yosemite. Last ditch attempt to fix before reverting to 10.7.5 - which worked great BTW.
EtreCheck version: 2.1.8 (121)
Report generated March 26, 2015 at 4:52:15 PM PDT
Download EtreCheck from http://etresoft.com/etrecheck
Click the [Click for support] links for help with non-Apple products.
Click the [Click for details] links for more information about that line.
Hardware Information: ℹ️
    MacBook Pro (15-inch, Mid 2012) (Technical Specifications)
    MacBook Pro - model: MacBookPro9,1
    1 2.7 GHz Intel Core i7 CPU: 4-core
    8 GB RAM Upgradeable
        BANK 0/DIMM0
            4 GB DDR3 1600 MHz ok
        BANK 1/DIMM0
            4 GB DDR3 1600 MHz ok
    Bluetooth: Good - Handoff/Airdrop2 supported
    Wireless: en1: 802.11 a/b/g/n
    Battery Health: Normal - Cycle count 184
Video Information: ℹ️
    Intel HD Graphics 4000
        Color LCD 1680 x 1050
    NVIDIA GeForce GT 650M - VRAM: 1024 MB
System Software: ℹ️
    OS X 10.10.2 (14C1514) - Time since boot: 0:5:41
Disk Information: ℹ️
    APPLE HDD HTS727575A9E362 disk0 : (750.16 GB)
        EFI (disk0s1) <not mounted> : 210 MB
        Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
        Macintosh HD (disk1) / : 748.93 GB (670.45 GB free)
            Encrypted AES-XTS Unlocked
            Core Storage: disk0s2 749.30 GB Online
    MATSHITADVD-R   UJ-8A8
USB Information: ℹ️
    Apple Inc. FaceTime HD Camera (Built-in)
    Apple Inc. BRCM20702 Hub
        Apple Inc. Bluetooth USB Host Controller
    Apple Inc. Apple Internal Keyboard / Trackpad
    Apple Computer, Inc. IR Receiver
Thunderbolt Information: ℹ️
    Apple Inc. thunderbolt_bus
Gatekeeper: ℹ️
    Mac App Store and identified developers
Kernel Extensions: ℹ️
        /Applications/Toast 10 Titanium/Toast Titanium.app
    [not loaded]    com.roxio.BluRaySupport (1.1.6) [Click for support]
    [not loaded]    com.roxio.TDIXController (1.7) [Click for support]
        /Library/Application Support/HASP/kexts
    [not loaded]    com.aladdin.kext.aksfridge (1.0.2) [Click for support]
        /Library/Extensions
    [not loaded]    org.virtualbox.kext.VBoxDrv (4.2.8) [Click for support]
    [not loaded]    org.virtualbox.kext.VBoxNetAdp (4.2.8) [Click for support]
    [not loaded]    org.virtualbox.kext.VBoxNetFlt (4.2.8) [Click for support]
    [not loaded]    org.virtualbox.kext.VBoxUSB (4.2.8) [Click for support]
        /Library/Parallels/Parallels Service.app
    [not loaded]    com.parallels.kext.prl_hid_hook (7.0 15106.786747) [Click for support]
    [not loaded]    com.parallels.kext.prl_hypervisor (7.0 15106.786747) [Click for support]
    [not loaded]    com.parallels.kext.prl_netbridge (7.0 15106.786747) [Click for support]
    [not loaded]    com.parallels.kext.prl_usb_connect (7.0 15106.786747) [Click for support]
    [not loaded]    com.parallels.kext.prl_vnic (7.0 15106.786747) [Click for support]
        /System/Library/Extensions
    [not loaded]    com.wacom.kext.wacomtablet (6.3.2) [Click for support]
Startup Items: ℹ️
    VirtualBox: Path: /Library/StartupItems/VirtualBox
    Startup items are obsolete in OS X Yosemite
Launch Agents: ℹ️
    [not loaded]    com.adobe.AAM.Updater-1.0.plist [Click for support]
    [loaded]    com.cisco.anyconnect.gui.plist [Click for support]
    [loaded]    com.google.keystone.agent.plist [Click for support]
    [running]    com.mcafee.menulet.plist [Click for support]
    [running]    com.mcafee.reporter.plist [Click for support]
    [loaded]    com.oracle.java.Java-Updater.plist [Click for support]
    [loaded]    com.oracle.mydesktophelper.plist [Click for support]
    [failed]    com.parallels.desktop.launch.plist [Click for support] [Click for details]
    [loaded]    com.parallels.DesktopControlAgent.plist [Click for support]
    [running]    com.parallels.vm.prl_pcproxy.plist [Click for support]
    [running]    com.wacom.wacomtablet.plist [Click for support]
    [failed]    Dell_1355cn_Startup_Fax.plist [Click for support] [Click for details]
    [failed]    Dell_1355cn_Startup_Printer.plist [Click for support] [Click for details]
Launch Daemons: ℹ️
    [loaded]    com.adobe.fpsaud.plist [Click for support]
    [loaded]    com.adobe.SwitchBoard.plist [Click for support]
    [running]    com.aladdin.aksusbd.plist [Click for support]
    [running]    com.aladdin.hasplmd.plist [Click for support]
    [running]    com.cisco.anyconnect.vpnagentd.plist [Click for support]
    [running]    com.crashplan.engine.plist [Click for support]
    [loaded]    com.google.keystone.daemon.plist [Click for support]
    [running]    com.mcafee.agent.cma.plist [Click for support]
    [unknown]    com.mcafee.ssm.Eupdate.plist [Click for support]
    [unknown]    com.mcafee.ssm.ScanFactory.plist [Click for support]
    [unknown]    com.mcafee.ssm.ScanManager.plist [Click for support]
    [running]    com.mcafee.virusscan.fmpd.plist [Click for support]
    [loaded]    com.microsoft.office.licensing.helper.plist [Click for support]
    [loaded]    com.oracle.java.Helper-Tool.plist [Click for support]
    [loaded]    com.oracle.java.JavaUpdateHelper.plist [Click for support]
    [running]    com.oracle.mydesktopservice.plist [Click for support]
    [running]    com.parallels.desktop.launchdaemon.plist [Click for support]
    [running]    com.xrite.device.xrdd.plist [Click for support]
User Launch Agents: ℹ️
    [loaded]    com.adobe.AAM.Updater-1.0.plist [Click for support]
    [loaded]    com.adobe.ARM.[...].plist [Click for support]
    [loaded]    com.digitalrebellion.SoftwareUpdateAutoCheck.plist [Click for support]
    [not loaded]    org.virtualbox.vboxwebsrv.plist [Click for support]
User Login Items: ℹ️
    iTunesHelper    Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
    Dropbox    Application (/Applications/Dropbox.app)
    CrashPlan menu bar    UNKNOWN (missing value)
    CrashPlan menu bar    Application (/Applications/CrashPlan.app/Contents/Helpers/CrashPlan menu bar.app)
Internet Plug-ins: ℹ️
    DirectorShockwave: Version: 11.6.5r635 [Click for support]
    WacomNetscape: Version: 1.1.1-1 [Click for support]
    Default Browser: Version: 600 - SDK 10.10
    Flip4Mac WMV Plugin: Version: 2.4.4.2 [Click for support]
    WacomTabletPlugin: Version: WacomTabletPlugin 2.1.0.1 [Click for support]
    AdobePDFViewerNPAPI: Version: 10.1.13 [Click for support]
    FlashPlayer-10.6: Version: 17.0.0.134 - SDK 10.6 [Click for support]
    Silverlight: Version: 5.1.10411.0 - SDK 10.6 [Click for support]
    Flash Player: Version: 17.0.0.134 - SDK 10.6 [Click for support]
    QuickTime Plugin: Version: 7.7.3
    iPhotoPhotocast: Version: 7.0 - SDK 10.8
    SharePointBrowserPlugin: Version: 14.2.5 - SDK 10.6 [Click for support]
    AdobePDFViewer: Version: 10.1.13 [Click for support]
    JavaAppletPlugin: Version: Java 7 Update 75 Check version
User internet Plug-ins: ℹ️
    WebEx64: Version: 1.0 - SDK 10.6 [Click for support]
    RealPlayer Plugin: Version: Unknown [Click for support]
    Google Earth Web Plug-in: Version: 7.1 [Click for support]
Safari Extensions: ℹ️
    Evernote Web Clipper
3rd Party Preference Panes: ℹ️
    Flash Player [Click for support]
    Flip4Mac WMV [Click for support]
    Java [Click for support]
    Perian [Click for support]
Time Machine: ℹ️
    Skip System Files: NO
    Auto backup: YES
    Volumes being backed up:
        Macintosh HD: Disk size: 748.93 GB Disk used: 78.48 GB
    Destinations:
        HD-PCTU2 [Local]
        Total size: 499.76 GB
        Total number of backups: 25
        Oldest backup: 2015-03-25 20:06:29 +0000
        Last backup: 2015-03-26 22:04:33 +0000
        Size of backup disk: Adequate
            Backup size 499.76 GB > (Disk used 78.48 GB X 3)
Top Processes by CPU: ℹ️
         4%    WindowServer
         0%    cma
         0%    fontd
         0%    CrashPlanService
         0%    prl_disp_service
Top Processes by Memory: ℹ️
    335 MB    com.apple.WebKit.WebContent
    146 MB    Finder
    137 MB    Safari
    120 MB    WindowServer
    112 MB    Dropbox
Virtual Memory Information: ℹ️
    1.76 GB    Free RAM
    4.96 GB    Active RAM
    844 MB    Inactive RAM
    1.03 GB    Wired RAM
    1.68 GB    Page-ins
    0 B    Page-outs
Diagnostics Information: ℹ️
    Mar 26, 2015, 04:46:36 PM    /Library/Logs/DiagnosticReports/fmpd_2015-03-26-164636_[redacted].crash
    Mar 26, 2015, 04:45:23 PM    Self test - passed
    Mar 26, 2015, 10:16:27 AM    /Library/Logs/DiagnosticReports/fmpd_2015-03-26-101627_[redacted].crash
    Mar 26, 2015, 10:05:13 AM    /Library/Logs/DiagnosticReports/ScreenSaverEngine_2015-03-26-100513_[redacted]. cpu_resource.diag [Click for details]
    Mar 26, 2015, 09:03:33 AM    /Users/[redacted]/Library/Logs/DiagnosticReports/FaceTime_2015-03-26-090333_[re dacted].crash
    Mar 25, 2015, 11:14:08 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111408_[redacted].c rash
    Mar 25, 2015, 11:13:56 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111356_[redacted].c rash
    Mar 25, 2015, 11:13:46 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111346_[redacted].c rash
    Mar 25, 2015, 11:13:36 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111336_[redacted].c rash
    Mar 25, 2015, 11:13:25 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111325_[redacted].c rash
    Mar 25, 2015, 11:13:14 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111314_[redacted].c rash
    Mar 25, 2015, 11:13:04 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111304_[redacted].c rash
    Mar 25, 2015, 11:12:54 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111254_[redacted].c rash
    Mar 25, 2015, 11:12:43 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111243_[redacted].c rash
    Mar 25, 2015, 11:12:33 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111233_[redacted].c rash
    Mar 25, 2015, 11:12:23 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111223_[redacted].c rash
    Mar 25, 2015, 11:12:13 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111213_[redacted].c rash
    Mar 25, 2015, 11:12:03 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111203_[redacted].c rash
    Mar 25, 2015, 11:11:52 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111152_[redacted].c rash
    Mar 25, 2015, 11:11:42 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111142_[redacted].c rash
    Mar 25, 2015, 11:11:01 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111101_[redacted].c rash
    Mar 25, 2015, 11:14:17 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111417_[redacted].c rash
    Mar 25, 2015, 11:11:31 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111131_[redacted].c rash
    Mar 25, 2015, 11:11:21 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111121_[redacted].c rash
    Mar 25, 2015, 11:11:11 AM    /Library/Logs/DiagnosticReports/MyDesktopService_2015-03-25-111111_[redacted].c rash

Loadbalancing ldaps on ACE module

Is it possible to configure loadbalancing of ldaps with end-to-end mode (encryption from end to end) on ACE module ?
And if yes, do i have to use a special script for health checking ?

Please correct me if this is wrong or bad design: I have ldaps running just by permitting the port in the ACLs and VIP class. Customer says it works fine.
I'm sure you're aware of the health probe scripts you can get from Cisco (attached). This script defaults to ldap port (386) if none is specified. So you can specify the port under the "probe scripted LDAP_PROBE" config to use ldaps (636). Perhaps you should use both scripted probes together so that if one port is unavailable the server will be taken out of service.

Extended Identity Manager User Attributes

Howdy,
I'm trying to add some attributes to the user accounts stored local to the Identity Manager. I went to the configure menu, and set up the attributes under the Identity Attributes tab. I set the attributes to be stored locally and saved them. I also made sure to indicate that the attributes should be available to the IDM admin and end user interfaces. However, the attributes do not show up when I list the users. When I go to the users attribute tab, it contains only the Account ID attribute. Shouldn't I be able to add a new attribute and edit it?
Much thanks in advance for any help you may be able to provide.

It is an XML object so I dont think it has a limit as such, though the system will get slower to checkout and checkin if you overextend it.
there usually isn't any reason to extend it extensivly... I believe it stores most of that, if the querable flag is set at least, in the user attributes table
if you need a lot of data connected to a user you could always have an extra table and store it in, you dont need to store everything in the user object unless you need it every time the user is checked in/out etc etc

IDM 6.0 End-toEnd Encryption

Similar Messages

Maybe you are looking for