Internal Zone Configuration

Similar Messages

• Anomaly Detection Internal Zones

  Hello,
  I have specified my corporate full IP subnet in internal zone, but i have not configured any TCP or UDP port for any destination also i have kept the default thresholds,
  Is it necessary to configure  destination port for the TCP and UDP protocol.???????????????
  Thanks

  Hello,
  Uptill now i m not facing any issues with IPS but i want IPS to monitor all the ports for the Internal zone so this is the reason i m asking that while configuring the Internal zone we have to mentioned specific port of tcp and udp for anomaly detection.
  If i m not specifying any port than what does it monitor?? is it this incomplete configuration OR it monitors all the ports (1-65535)
  Thanks

• ZONE configuration steps in solaris 10

  Hi
  Please help me to setup the zone configuration in solaris10
  Thanks
  Abi................................

  Looks like they've updated the man page for new work before it is available.
  This feature is not in any version of Solaris 10. I don't know when it is scheduled to appear. It is a portion of the project Crossbow and gives zones separate access to the IP layer (rather than only at the TCP layer).
  It is present in at least nevada build 61, so you could play with this feature in any version of Solaris Express with that build or higher.
  My guess is that this will be backported into Solaris 10, but someone on that project would likely need to talk about the timeline for that. You might ask on the project discussion board.
  http://www.opensolaris.org/jive/forum.jspa?forumID=110
  Darren

• Internal disk configuration for oracle

  Hi experts
  I need some guidance for internal disk configuration for oracle
  requirements are for 2 node clustered VM on linux OS OEL
  the OS will be for RAC, OEM
  will RAID 5 be optimal setting
  this is not production env
  thanks

  912919 wrote:
  Hi experts
  I need some guidance for internal disk configuration for oracle
  requirements are for 2 node clustered VM on linux OS OEL
  the OS will be for RAC, OEM
  will RAID 5 be optimal settingFor most definition of "optimal" the answer is "NO"
  RAID+10 provides better performance.
  Handle:     912919
  Status Level:     Newbie
  Registered:     Feb 7, 2012
  Total Posts:     135
  Total Questions:     74 (46 unresolved)
  why do you waste time here when you rarely get your questions answered?

• Trusted Network Zone Configuration Tool is not there!

  I've installed Solaris 10 x86 11/06 and Trusted Extensions, and when I open SMC and try to navigate to the "Trusted Network Zone Configuration Tool" that is supposed to be in the "Computers And Networks" section, it's just not there. Trusted Extensions are installed, I get the special Trusted dialogs during login, but this tool is missing. I've verified that all related packages were installed with Trusted Extensions. This is a stand alone machine (for development). Does anyone have suggestions as to why this tool is missing and how to get it working?

  Found the problem, I feel stupid, I was opening the non-TSOL toolbox in SMC.

• Internal its configuration

  Hi all ,
  can someone let me know where can i find an internal its configuration guide or installation guide ?

  Hi,
  Check this link !
  http://help.sap.com/saphelp_nw04/helpdata/en/4f/2e6a52c3cdc44d83169b181a9c62ba/frameset.htm

• Hanging job on faulty zone configuration

  Hi forum,
  I have scheduled a few update jobs on a system with a zone configured.
  The problem was, that the zone itself was unable to boot because its root-FS was unavailable.
  So the update process wasn't able to start and update the zone.
  The end effect is now, that the 8 updates were applied to the base system successfully, but the update jobs at the Update-Connection website are still marked as "in progress". Although I can't reapply the jobs because they are already on the system, I'm not able to archive the running jobs.
  This is just an optical issue, updates still apply perfectly well to the system.
  Is there a way to send the web-site the "job successful/failed" flag for these jobs from the system?
  Thanks
  Mathias

  The 'In Progress' updates should disappear after a while - there is a cron job run on the updates.sun.com site which takes care of this.
  If the updates aren't gone in, say, a week then I'd raise a support case.

• ASA for internet edge and internal zones

  Hi,
  Has anyone used a pair of ASA 5520s in HA to firewall the internet edge and to firewall traffic between internal security zones such as web and application layers? If so, is this best done using different security levels or contexts?
  I'm thinking of using a routed context for securing the internet edge and then using seperate contexts for the web and application networks. Conexts will route via a L3 switch.
  Thanks,

  Thanks Varun
  I will probably configure the ASA in routed single mode and use security levels between the different zones. There is only 1 ISP in this enviroment and I also need to support VPN termination on the internet edge.
  In terms of sizing, the internet connection will be 300Mbps and the firewall throughput between zones needs to be above 500Mbps. I'm just thinking that the 5520 in active/standby will handle the internet bandwidth requirements but not the inter-zone requirements. Which model of ASA will be a good fit here?
  Thank you.

• What Is an Appropriate Hostname & DNS Zone Configuration for External DNS Setup?

  I setup servers that are hosted on a secure external data centre. The data centre has its own DNSS, so the DNS service is never setup on the server itself, and is handled by the data centre. I have already setup a handful of servers, and they all seem to be working well. Nevertheless, a couple of people in these discussions have told me, that I'm not setting the servers up 'properly' because of the way I'm naming the server - ie., they believe I'm assigning a 'wrong' hostname - and because of the way I'm setting up subdomains in the zone file. Here is how I'm currently doing it:
  CURRENT SETUP:
  The server is public, and it is also the ONLY machine publicly in the domain zone. So, if the client's domain is "example.com", there is only one machine that will respond to all services in that domain. Because of this:
  - Server Hostname: "example.com"
  - reverse DNS PTR record points to "example.com"
  -  'mail.example.com', 'www.example.com', 'ftp.example.com', etc, are all setup as A records that point to the same IP address as "example.com".
  This has been working fine so far. I have not had any problems with any service, including mail. However, a couple of people suggested that "example.com" is not a fully qualified domain name, and that this setup is therefore  'incorrect', and that it will cause me problems in the future. They suggest I should be setting these servers up like this:
  SUGGESTED SETUP:
  - Server Hostname: "server.example.com"
  - reverse DNS PTR record points to "server.example.com"
  - setup "www.example.com" as a record pointing to the same IP address as "server.example.com", but avoid setting up other subdomains unless absolutely necessary - ie., tell client to use "server.example.com" as the 'proper' address for mail/ftp/etc.
  Technically, 'net', 'company.net' and 'server.company.net' can all be fully qualified domain names, if each one of them points unequivocally to a single IP address. An domain name is not fully qualified, for instance, when it points to a subnet instead of a single IP address. Using "example.com" as a FQDN is technically correct. However, what is 'technically correct' and what Server considers acceptable are not always the same thing....
  I certainly don't want my clients to have problems in the future, and if OS X Server is going to misbehave because of the way I'm setting up my hostname and zone files, I need to know for sure NOW rather than later!

  I'm the "other people" referenced here.
  For general information on DNS, please acquire and skim a copy of Cricket Liu's DNS and BIND book.  It was on its fifth edition when last I checked.  DNS server on OS X Server is the ISC BIND server, which is discussed in that book in some detail.
  If configuring OS X Server in a data center, the OS X Server box probably does not want (nor need) to be running a local DNS server.  (Running local DNS services just means that DNS server will potentially become part of a DNS DDoS, if who can issue queries to the server isn't carefully controlled.)  Use the DC DNS server(s).
  If you want the domain itself to be used as an IP address (eg: example.com), then that's usually an A record, particularly if you're getting email via that domain (and not an MX record going elsewhere).  Some versions of OS X Server have had some issues with setting up this record within Server Admin.app and Server.app.
  The previous issues were likely due to stale DNS translations lurking within the configuration, and caching of that data up to the TTL.  (FWIW, this discussion is related to this thread and this thread.)

• Trying to optimize eSATA and internal disk configurations

  I'm trying to optimize the HD setup on my dual 2.5GHz G5 with 4.5GB RAM
  major considerations.
  - massive itunes library (260GB), and big iphoto lib (25GB) as well
  - lots of video editing in Final Cut with large capture files and many video exports
  - regular podcasting and other media creation with all my music and photos
  - need for regular COMPLETE backups
  - speed
  Here's the current setup. I have six disks as part of the system
  1. internal 160GB disk (maps simply to a MACHD volume)
  2. internal 250GB disk (maps simply to a COMMONS volume for Democracy player files, torrent downloads etc)
  then on my 4-port eSATA controller card
  4x 500GB SATA drives from Western Digital for a total of 2TB eSATA disk space
  they are in 2 eSATA enclosures from FirmTek
  I'm managing the disks with SoftRAID
  Before I get into the problem, how would YOU use this incredible amount of disk space, considering the goals I have? (video, media storage, backup).
  Now, The problem
  I've been disappointed with the speed of my system and suspect its my HD configuration. I have enough RAM right!?
  I've got some raid stripes going on
  2 of the 500GB disks (disk2 and disk3) support two "active" volumes
  a) a striped ATLAS volume of 800GB (holds itunes, documents, iphoto, basically all media files)
  b) a striped VIDEO SCRATCH volumn of 200GB (for working files in FCP, imovie, etc)
  the other 2 of the 500GB disks (disk0 and disk1) support two "clone" volumes
  a) a mirror MACHDCLONE volume on both disk0 and disk1 (to protect the system drive. I run Super Duper 3x per week)
  b) a striped ATLAS_CLONE volume to backup the active ATLAS volume
  the COMMONS volume is not backed up in any way. figure i can live without my Democracy files and torrents, etc.
  My ideas:
  based on my performance observations, my setup above is just wrong, and I don't know where to turn for the best advice. Google is very poor at dealing with such complexity in search results. There are some video advice sites, but they only cover part of my problems. I have a few theories of how I should be using these drives
  1. use the eSATA drives strictly for performance benefits, not for backup. consider a USB2.0 drive for backups and use Mozy for offsite backup
  2. simplify the disk allocation. No single disk should support more than one volume
  3. the video scratch SHOULD be striped in order to benefit from speed. and should be on its own physical disk(s) separate from ANY other function
  So I'm thinking
  a) stripe two of the eSATAs into a single 1 TB array for my media or ATLAS volume
  - this solves me running out of space on the volume (getting closer with the iTunes video downloads every day)
  - it's also just physically easier to deal with. I can SEE what drives make up ATLAS alone
  - will be easier for me to eventually replace the G5 with an MBP running its own eSATA pc card with easy access to the same ATLAS volume
  this still leaves two 500GB eSATA disks around
  b1) I could extend the ATLAS volume to an array including a 3rd eSATA disk for a 1.5TB volume. this would allow me to bring COMMONS files onto ATLAS
  b2) the remaining 500GB eSATA disk can be video scratch
  OR
  c1) dedicate 1 500GB disk to VIDEO SCRATCH
  and
  c2) partition the other 500GB disk as a clone of both COMMONS and the internal System drive
  see how CONFUSING THIS IS ?
  there are too many permutations of things.
  I know I like keeping the system drive simple and internal. Ideally, the second internal disk would mirror this volume, but they do not match in size or brand
  part of me wants to stripe all FOUR eSATA drives into a blazing 2TB masterpiece, but it seems like a bad idea to put VIDEO SCRATCH on the same array as ATLAS
  Other questions:
  should the itunes library get it's own disk altogether? is striping of benefit here?
  are there some sites that explain HD management well?
  PowerMac G5 2.5GHz 4.5GB RAM   Mac OS X (10.4.9)   also own a blacbook

  Thanks so much for that awesome feedback.
  A few points.
  I have the dual processor G5, not the quad core. Purchased in Jan 2005.
  My RAM pageouts are fine (didn't know what that was until you mentioned it)
  Love the idea of moving COMMONS "outside the box"
  I used to have my system volume boot from an external RAID, but didn't notice a big improvement, and it meant my G5 would ONLY boot if the eSATAs were powered up. I just didn't like that feel. I want the tower to work in a self-contained fashion, even if I don't have access to all media. I want access to the OS and apps.
  I'm unlikely to buy more SATA controllers and enclosers or too many new disks. I'm on a serious budget and want to work with as much of what I have as possible. That said, i just checked out the Drobo and am drooling. I'll wait to see how well it performs for data access (and video) and not just storage.
  It sounds dreamy to stripe all four of the eSATAs into a 1.8TB storage megaplex. I imagine they would scream in an ATLAS_BADASS volume, but then I've got nothing left for VIDEO SCRATCH used to capture and render.
  The VIDEO_SCRATCH doesn't need to be large, and I think that's where I'm having a conflict. My eSATA drives are way too big to use even ONE as a video scratch, much less striping two of those bad boys just for that purpose
  Purchasing a 10K drive for video scratch (or system volume) is not really in the cards yet.
  So here's where I sit now:
  1. My Media Storage
  ++ the 4 eSATA drives (2.0TB raw)
  I go with the badass steroid injected ATLAS volume striped across all four.
  this is my media array and holds all the contents of ATLAS and COMMONS (iTunes, iPhoto, Documents, FCP training videos, ripped DVDs, the works)
  2. My System Volume
  ++ the 250GB internal SATA
  move COMMONS out
  migrate system volume to this disk
  better storage-to-free space ratio
  3. My Scratch Disk
  a) use the now-spare 160GB internal Maxtor (probably weak and slow)
  b) get an external FW800 RAID disk from OWC
  http://eshop.macsales.com/shop/firewire/hard-drives/EliteAL/StripedRAID
  I'd go with the 160GB or 320GB
  4. Backup Plan - level 1 - local
  ++ use my spare external Maxtor 250GB FW drive
  clone the system volume regularly
  ++ get an external FW drive (like the 1TB My Book Premium II from WD)
  clone ATLAS_BADASS regularly
  the WD is just $400
  i know it's capacity is lower than my super striped RAID, but i don't know of any cheap way to clone ATLAS_BADASS to a 1.5TB drive
  5. Backup Plan - level 2 - remote
  pay for a Mozy storage account which has unlimited capacity
  upload system and ATLAS_BADASS every few weeks
  any new thoughts? and thanks again!

• How to recover from a lost trust relationship (or zone configuration) between the linux ZCM agent to the Primary Zone server running on the same machine?

  I have tried:
  zac retr, which fails as it says there is no zone to which this agent
  is connected
  zac reg, which fails because of error 34 Invalid device authentication
  information
  zac rereg GUID, which fails because of missing zone (as zac retr)
  zac unr, which fails because of the same error.
  zac ci shows the correct certificates
  almost everything is working except registration refresh and location
  refresh.
  What to do in this situation?
  ZCM 11.2 with latest update (Monthly update 1)
  W. Prindl

  This was yesterday resolved by NTS - you see the "quick" resolution
  time of NTS if you subtract the date of the initial post from the date
  of this post - with an absolutely simple trick, which obviously nobody
  did know of. The support engineer got it from the developer team.
  There is a switch in the
  /opt/novell/zenworks/share/tomcat/webapps/zenworks-registration/WEB-INF/
  config.xml configuration file, with which you can switch authentication
  off for device registration.
  You just need to add <Authenticate>false<\Authenticate> into the only
  configuration this file contains.
  This suppresses the error 34 on device registration and the device gets
  registered correctly upon restart of the zenworks suite. After this is
  done one can change back the above mentioned file to the original state
  and restart the zenworks suite again.
  The solution was really easy to deploy - the time till this resolution
  was found was IMO too long.
  W. Prindl
  W_ Prindl wrote:
  >I have tried:
  >
  >zac retr, which fails as it says there is no zone to which this agent
  >is connected
  >
  >zac reg, which fails because of error 34 Invalid device authentication
  >information
  >
  >zac rereg GUID, which fails because of missing zone (as zac retr)
  >
  >zac unr, which fails because of the same error.
  >
  >zac ci shows the correct certificates
  >
  >almost everything is working except registration refresh and location
  >refresh.
  >
  >What to do in this situation?
  >
  >ZCM 11.2 with latest update (Monthly update 1)

• Solaris 10 zone configuration with sysidcfg and dhcp and hostname

  Hi
  Excuse me if I look like a n00b... it's probably because I'm a n00b.
  I've been struggling in the dark for more than 2 days now and I'm wondering if I'm thinking about this all wrong...
  I have stand-alone server where I need to run zones. I want to create zones and automagically configure them at boot (read: by running a script). So here's what I need...
  A zone
  starting from unconfigured state
  whose hostname is not the same as the zone name
  using corporate DHCP to get its IP address
  with DNS config coming from the DHCP server
  registering its address the DNS
  with a preconfigured root password
  (I don't own the corporate DHCP or DNS servers, I can't put my own DHCP or DNS servers on the network.)
  I would lke to create the zone, throw some config at it, then boot the zone and walk away. I am using zones with exclusive-IP. I can construct the zones and manually configure them once they're started to have DHCP, my own name, registered IP address with DNS and everything else I have specified above. But I don't want to do it manually...
  Sysidcfg seems to do some of what I want but not entirely.
  In sysidcfg I can set the root_password, the primary interface using DHCP, DNS server. I can't set a hostname in sysidcfg AND use configure it for DHCP. So the hostname is not what I want it to be after the zone is started and ready to go. The DHCP server is providing the DNS configuration, Solaris does not seem to honour it, but i'll ignore that for the moment.
  I have tried various combinations of using sysidcfg, /etc/nodename, /etc/hostname.+interface+ and /etc/dhcp.+interface+ but I can't find any combination that actually works.
  I can write to the zonestorage/etc/nodename to set the nodename, that works. But it does not match the DHCP address, so I get prompted for a new name service because it can't find a DNS entry for the name.
  I can write to the zonestorage/etc/hostname.+interface+ and /etc/dhcp.+interface+ (to get the system to register its name with the DNS server after getting its DHCP address) but then I get a system with no root password and no DNS configuration, even though they are set in the sysidcfg file.
  I can write a script that gets part of the way using sysidcfg and /etc/... files, then boots the zone and then runs a bunch of voodoo via zlogin commands to fix all the stuff that couldn't be done 'properly', but that's not a 'boot and walk away' environment. I can write a script that uses sysidcfg and hacks around with other files in /etc (like nsswitch.conf, resolv.conf), but that just feels likes a dirty hack to fix something that wasn't done properly in the first place.
  So where am I going wrong and how do I do it right (within the constraints defined)? Why can't I configure, boot and walk away?
  Thanks

  Thanks abrante
  Thanks for your response!
  I don't think the config is messed up after the installation. I think the installation is fine, it's just not what I want :-)
  I'm trying to decouple the zonename from the system name and get DNS registrations working. After installation, a DHCP client can get its hostname from DNS but I'm trying to do it the other way around. I want the DHCP client specify its own hostname, get an address from the DHCP server and then register its hostname with DNS. If the system gets its name from DNS/DHCP then I have to configure those to provide the system name and I don't own the DHCP/DNS infrastructure. These zones are for a development/QA environment, so we create and reconfigure these frequently. Hence the need to specify the system name within the zone and register that name in the DNS.
  I have tried fiddling with the PARAM_REQUEST_LIST but it does not seem to be working as I expect. :-$ Removing 12 did not help with setting the hostname from the system. DNS does not have a registered name for this system anyway, so even if it tried to get a name for this system, it would get nothing.
  I also do want the DHCP to change the DNS server and domain name, but this does not happen even though my dhcpagent includes 6 and 15 in the PARAM_REQUEST_LIST. I still have to set them in the sysidcfg file because it is always ignored in Solaris (S10u8 with 10_Recommended 30-Jul-2010)
  As stated, I know I can hack around with the system after it has booted. But I'm trying to configure the system before it starts and let it take care of itself and not have to touch it. Frankly I'm surprised that the sysidcfg does not allow you to set a hostname name when you are using DHCP, that the default DHCP configuration does not register the system name with the DNS server, and the DNS config from the DHCP response is ignored. Even a sys-unconfiged system requires DNS configuration during initial boot, when I know that the DHCP response contains DNS information.
  FYI: Windows systems using DHCP work as expected in this respect by default, i.e. set system name, use DHCP --> system gets address from corporate DHCP, DNS settings are set from DHCP information, DNS registration is made for system name.
  I'm working around this at the moment... I call my zone by the system name I want, I hardcode the DNS settings in the sysidcfg file and I create the hostname.+nic+ and dhcp.+nic+ files in the zone storage to get the system to register its name with DNS, them boot.
  Edited by: cydonian on Aug 19, 2010 7:45 PM

• OTV Internal Interface Configuration

  Hi
  I am trying to implement OTV between 2 sites. I am slightly confused about the config for the join interface and site VLAN. Attached is the basic setup on one of the sites, I am using ASR 1002X routers to perform the OTV functions. 
  There seem to be limited sources for the ASR OTV configs, but on source states the internal interface on the ASR router should be configured as follows for each vlan
  no ip address
  service instance 10 ethernet
    encapsulation dot1q 10
    bridge-domain 10
   service instance 20 ethernet
    encapsulation dot1q 20
    bridge-domain 20
   service instance 30 ethernet
    encapsulation dot1q 30
    bridge-domain 30
  I guess on the internal switch it will just be a trunk port allowing the above VLANs?
  Thanks

  Thanks Minh,
  So it is possible to have switchports configured as routed, fabricpath and trunk/access in a fabricpath configuration? Do i need to add any spanning-tree pseudo or priority configuration?
  Sample configs:
  #ASR
  interface GigabitEthernet0/0/1
   no ip address
   service instance 1 ethernet
    encapsulation dot1q 1
    bridge-domain 1
   service instance 2 ethernet
    encapsulation dot1q 2
    bridge-domain 2
   service instance 3 ethernet
    encapsulation dot1q 3
    bridge-domain 3
  #Nexus 56xx
  interface e1/5
    switchport mode trunk
    switchport trunk allow vlan 1,2,3

• Mac newbie trying to figure out best internal HD configuration

  Greetings,
  I've been trying to educate myself about internal hard drives by reading some of the posts here and doing a search about RAID but unfortunately I'm still a little confused. I'll try to post my questions about what I'd like to accomplish and if these have been answered before I'll gladly go read a post if someone can direct me to the right place.
  First, I have only one internal hard drive on my MacPro and I'm tired of living dangerously! I need to install another hard drive to use as a backup of my work, digital images, music, etc.
  1. Can someone explain (or link me to an explantion) the differences of RAID and which one i would want for the above scenario?
  2. Given my original aim with the backup disc, can someone recommend a make/model that works well as a backup? (for example i read about differences between an SE and an RE drive from one manufacturer, and how one works better in this or that situation, but it all went right over my head)
  3. Is there a software application I should consider that will help me automate my backup process on a daily (nightly) basis? (I'm more than a little forgetful)
  Thanks very much for dealing with the newbie on these issues!
  Enjoy the day,
  Pedro
  MacPro 2x2.66 GHz   Mac OS X (10.4.9)  

  I don't use raid myself so I'll leave that explanation to others. I configure my Mac Pro with 4 drives. My main drive is my boot drive and has about 300+ gigs free. I have a backup drive for that which I use SuperDuper for backup, creating a fully bootable backup drive in the event my main drive has a problem. I only back up to that drive when my machine is "good and solid". That allows me to throw on the most recent update without much concern. If there is a problem then I just boot from my backup drive and I'm back up and running just fine. I also use the backup of my main drive for my Final Cut Pro scratch drive. I copy the files for my movies to external drives for archive when needed. For my data drives I use another set of 500 gig drives. One for data (mostly photos) and one to backup using superduper whenever I feel like it. You could automate it all with Retrospect for the data drives if you wanted to. I don't think Retrospect will make a bootable backup of a main drive. I use Western Digital WD5000KS ddrives, 500 megs each. They make another model for those wanting RAID. Set up RAID, by all means, if squeeking every ounce of speed is your goal to be sure. My setup is conservative, redundant and very safe. A simple search here or on google for RAID0 or such will turn up much info on raid configuations.

• Internal Order Configuration for a new company

  Dear Experts,
  Hi! I need help on the Internal Order creation for a new company which previously not maintained the Internal Order. Can Experts can provide me the T-code for the configuration. Any guidance given is very much appreciated. Thank you! _

  Hi,
  What figures do you have in mind? I/O is a cost collector, thus, if you have a cost which is to be posted on the I/O you should mention when creating a FI/MM document. For example, if you have FI doucment which is posted, let's say, via FB50, you enter your relevant I/O in the document line.
  Regards,
  Eli