ISE Deployment - Your Feedback

Similar Messages

• Cisco ISE Deployment

  Dears,
  We have 2  ISE server. I configured wired, wireless,vpn, guest user authentication from ISE server. All of them are normal working. Both of ISE server have same Image.(ver 1.2) I deployed ISE servers as HA.  I register second ISE server at primary ISE server.  I attached the configuration files. 
  I want one ISE device is primary( Administration, Monitoring and Policy are active in primary ISE) and the other ISE server  is backup or standby. (Administration, Monitoring and Policy are standby). When the Primary ISE server is  going to down then all AAA process is going  through the secondary ISE server( it is like redundancy on  ASA) 
  Is it possible to configure? If yes how I do this configuration? 
  Thank for your helping.

  ISE 1.2 does not have an Automatic Failover for the Admin Nodes.  If the primary node goes down, you have to manually promote the secondary node.
  Until you promote the secondary, the deployment has very serious limitations:
  So, you see, there is no true HA with Automatic Failover for ISE 1.2.You have to have both ISE servers on anyway and the Monitoring Persona is the only one that does support Automatic Failover, so it really does make sense to deploy your nodes as noted here:
  Node1:  Admin (Primary), Monitoring (Secondary), Policy Service
  Node2:  Admin (Secondary), Monitoring (Primary), Policy Service
  The notes I referenced can be found in the ISE 1.2 User Guide.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• ISE Deployment - Limit on Radius Sources?

  Greetings, 
  I am planning a change to our ISE deployment, and I am curious if there is a limitation to the number of Radius sources that can be added to the running config on the switches and APs.
  The majority of the switches are 2960 series and the APs are 2602 models.   
  Currently, we have two Radius Sources configured as follows:
  aaa group server radius rad_eap
   server X.X.X.X auth-port 1645 acct-port 1646
   server X.X.X.X auth-port 1645 acct-port 1646
  I need to know if I am able to add a third entry to that list, or if there is a hard limitation I am unaware of.
  Thank You.

  ISE questions will probably get more traction in the Security forum.
  That said, the answer is "it depends". It all depends on your design. Is your third server a Policy Services Node or an Inline Posture Node (IPEP)? Either way, one of those would generally be positioned so as to provide profiling, posture and enforcement services working in conjunction with the Admin server(s). If a server is not part of the overall architecture, it will not.
  All new ISE designs should be based on the Cisco-approved High Level Design (HLD) template. If you follow that and develop your Low Level design based on it, many of the typical questions should be answered.
  Hope this helps.

• 7.0 and your feedback on the new chat UI

  Totaly agree that it would also be nice to be able to hide the useless "Home" and "Call phones" buttons on the contact list.It can be a part of a "compact list" mode or as a separate option. I never use them. 

  Hi Skype Community,
  Since releasing the new chat experience on desktops to users on Windows and Mac we've looked closely into the feedback you've shared with us. Since September we've released multiple updates to Skype for Windows and Skype for Mac to incorporate smaller changes based on your feedback.
  Today we are making Skype 7.0 for Windows desktop available for download from Skype.com.
  New in 7.0.0.100:
  Compact sidebar: Some of you asked us to see more contacts and conversation in the left hand sidebar. Enable the option "Compact Sidebar View" from the "View" menu for a more compact layout.
  Compact Chat View: If you can live without your chat message having some whitespace around them to give them room to breathe you can now increase your "message per inch" ratio drastically by activating "Compact Chat view" in Skype Options - "IM & SMS" - Advanced settings. Also don't miss out on the other available tweaks to the UI we wrote about earlier.
  Toggle for large emoticons: Some users prefer not to show emoticons sent in an individual messages in a larger size. You can find an option to toggle this in the Skype Options - "IM & SMS" - "IM appearance"
  Toggle for unread messages: You can now quickly switch between your conversations that contain unread messages and all by using the dropdown on top right of your "Recent" list. See the screenshot on the right
  Touch scrolling: If you are sporting a device with a touch screen like a tablet you can now use vertical finger swipes to scroll in conversations. Better have a screen wipe at hand all the time though
  Disabling chat formatting: Especially role players using Skype have shared that they'd prefer the new text formatting options introduced in 6.22 to not apply to their IMs. This formatting is based on the use of wrapping parts of the message in characters like *, _ or ~. You can disable this permanently for all of your chats, by sending the following chat command to any of your chats:
  /setupkey *Lib/Conversation/EnableWiki 0
  To enable the formatting again please use this command:
  /setupkey *Lib/Conversation/EnableWiki 1
  This setting doesn't seem to stick reliably in 7.0 over restarts of the app. Skype is looking into this.
  Please give the new 7.0 version a spin and customize Skype layout and design closer to your liking. We are looking forward for your feedback.

• Error -1074384569; NI-XNET: (Hex 0xBFF63147) The database information on the real-time system has been created with an older NI-XNET version. This version is no longer supported. To correct this error, re-deploy your database to the real-time system.

  Hello
  I have a VeriStand-Project (VSP) created with my Laptop-Host (LTH) which works with my PXI, while
  deploying it from my LTH. Then I have installed the whole NI enviroment for PXI and VeriStand use on a
  industrial PC (iPC). I have tried to deploy my VSP from the iPC to the PXI but the following error
  message arose on my iPC:
  The VeriStand Gateway encountered an error while deploying the System Definition file.
  Details: Error -1074384569 occurred at Project Window.lvlibroject Window.vi >> Project
  Window.lvlib:Command Loop.vi >> NI_VS Workspace ExecutionAPI.lvlib:NI VeriStand - Connect to System.vi
  Possible reason(s):
  NI-XNET:  (Hex 0xBFF63147) The database information on the real-time system has been created with an
  older NI-XNET version. This version is no longer supported. To correct this error, re-deploy your
  database to the real-time system. ========================= NI VeriStand:  NI VeriStand
  Engine.lvlib:VeriStand Engine Wrapper (RT).vi >> NI VeriStand Engine.lvlib:VeriStand Engine.vi >> NI
  VeriStand Engine.lvlib:VeriStand Engine State Machine.vi >> NI VeriStand Engine.lvlib:Initialize
  Inline Custom Devices.vi >> Custom Devices Storage.lvlib:Initialize Device (HW Interface).vi
  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * • Unloading System
  Definition file... • Connection with target Controller has been lost.
  The software versions of the NI products (MAX/My System/Software) between my LTH and the iPC are
  almost the same. The only differences are:
  1. LabView Run-Time 2009 SP1 (64-bit); is installed on LTH but missing on iPC. The iPC has a 32-bit system.
  2. LabView Run-Time 2012 f3; is installed on LTH but missing on iPC.
  3. NI-DAQmx ADE Support 9.3.5; something strage on the LTH, because normally I am using NI-DAQmx 9.5.5 and all other DAQmx products on my LTH are 9.5.5. That means NI-DAQmx Device Driver 9.5.5 and NI-DAQmx Configuration 9.5.5.. On the iPC side all three products are 9.5.5.. That means NI-DAQmx ADE Support 9.5.5, NI-DAQmx Device Driver 9.5.5 and NI-DAQmx Configuration 9.5.5..
  4. Traditional NI-DAQ 7.4.4; The iPC has this SW installed. On the LTH this SW is missing.
  In order to fix this problem I have formatted my PXI and I have installed the following SW from the iPC:
  1. LabVIEW Real-Time 11.0.1
  2. NI-488.2 RT 3.0.0
  3. NI_CAN 2.7.3
  Unfortunately the above stated problem still arose.
  What can I do to fix this problem?
  I found a hint on http://www.labviewforum.de/Thread-XNET-CAN-die-ersten-Gehversuche.
  There it is written to deploy the dbc file againt.
  If this is a good hint, so how do I deploy a dbc file?
  I would feel very pleased if somebody could help me! :-)
  Best regards
  Lukas Nowak

  Hi Lukas,
  I think the problem is caused by differenet drivers for the CAN communication.
  NI provides two driver for CAN: NI-CAN and NI-XNET.
  NI-CAN is the outdated driver which is not longer used by new hardware. NI replaced the NI-CAN driver with NI-XNET some years ago, which supports CAN, LIN and the FLEXRAY communication protocol.
  You wrote:
  In order to fix this problem I have formatted my PXI and I have installed the following SW from the iPC:
  3. NI_CAN 2.7.3
  NI CAN is the outdated driver. I think that you should try to install NI-XNET instead of NI-CAN on your PXI-System, to get rid of the error message.
  Regards, stephan

• Your Feedback please on GUI design/development

  Hi everyone,
  I am doing some research on GUI development in java and I would
  like your feedback on a few things:
  (1) Do you consider GUI development in java complex and
  time consuming(more than what it should be)?
  (2) How satisfied are you with existing tools(IDEs like
  Visual Cafe,JBuilder or any other ones) for developing
  GUIs?
  (3) If the answer to question 2 is no, do you think a tool
  that would offer a level of abstraction between the
  design process and the actual swing API thus providing
  the ability to design GUIs in a fast and easy way, would
  be a useful addition to java? (Consider Visual Basic as
  an example for fast & simple GUI development)
  Thanks a lot for your time,
  SC

  I've been handrolling GUIs for over 10 years (first in X/Athena/Motif)
  and now Java.
  I have never found a builder that lets you get exactly what you want
  plus I've always found the source they generate to be rubbish (ie
  you can't modifiy it to do exactly what you want)
  If there was a tool that did give me complete access to do everything
  I wanted plus produced usable/reusable source code - would I use it ?
  I'd probably try it and see if it was faster than doing it by hand, if
  yes then I would certainly use it.
  I don't honestly think a builder will ever be a complete replacement
  for a GUI developer though.
  Last (silly) point: Is there an Athena L&F for Java ? - not that I want
  one, purely interested to know if there is one !

• Give us your feedback on v1.2 of the ILM Assistant

  Please give us your feedback on v1.2
  What would you like us to do next?
  Lilian

  Lillian,
  I had sent you information back on 02/29/2008 as a reply to this thread but it must have got deleted.
  Here is the thread from that day.
  I finally got this to work in my 11g database with Database Vault.
  I got to the ILM login page when I exchanged p=4550:10:2805095104274743
  for p=737677:10:2805095104274743.
  i.e.
  http://oraprod-dr.lodgian.com:8080/apex/f?p=737677:10:2805095104274743
  The documentation for logging into ILM 1.2 seems to be not quite accurate.
  What I saw on that page were 2 boxes:
  1. Database User
  2. Password
  So you actually need to login with a "database" user account.
  Initially I logged in as "SYS" just to see what would happen.
  Then I was able to see the ILM tabs and menus.
  I then went into OEM and created a new database user "ILM_DB_ADMIN".
  I followed the instructions for executing the grant_privs.sql script to that newly created database account.
  I was then able to login with that database account.
  Now the url http://oraprod-dr.lodgian.com:8080/apex/f?p=737677 immediately refers to the ILM login page.
  I would not think that this is a "backdoor" login method into ILM since the documentation does mention that you must use a "database" account.
  Regards,
  Bruce Hawkins

• Confuse on document "Packaging and Deploying Your Providers"

  Hi..
  I am refering to articel in PDK Jan 2003, "Packaging and Deploying Your Providers".
  In Part "Packaging Your Provider"
  No2 = Where can i find the template war file?
  = How i extract them to my working directory.
  Overall..can anybody explain a little more detail about this?
  I am using Portal 9.0.2 V2...
  Thanks.

  The template application is located under pdk\jpdk\v2. Copy templte.war to a working directory and extract it with a unzip tool (like Winzip). Then I imported the files into jDev, and tried stuff out with that tool. There it's easy to pack and deploy template.war (or template.ear) againg too.
  Good luck!

• Cisco ISE Deployment suggestion required

  Require Assistance on Cisco ISE Deployment for below scenario
  -- We have Three Cisco ISE Appliances and Client has taken Advance Subscription License for 500 users
  -- Client has DC & DR and needs to deploy the Cisco ISE in one Main Office which connects to DC & DR on MPLS Links
  -- Client suggestion was to deploy one ISE node ( Admin + M&T + Policy Server ) in DC and its Standby Secondary in DR
       and only deploy Policy Server in Main Office.
       Idea behind the design is that ,
       1) If DC fails , Cisco ISE related logs will get generated on DR and any Cisco ISE related request will be taken care by Local Policy Server in Main Office .
        2) If Local Policy Server Fails , then ISE node in DC will act as Secondary backup and DR will act Teritary Backup
        below is view
                                       DC
                          Primary Node with Role
                     [Admin , M&T , Policy Server]
                                                                                                               Main Remote Offic
                                                                                                                Cisco ISE Node ( Only Policy Server) -----------> Network Devices
                                 DR
                         Secondary   Node with Role
                     [Admin , M&T , Policy Server]
  Please let me know is it possible

  Yes, The scenario is quite achievable also please  review the below link for assistance on deployment of ISE.
  http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_50_ise_deployment_tg.pdf
  http://www.cisco.com/en/US/docs/security/ise/1.0/install_guide/ise10_deploy.pdf

• Send your feedback to Apple if you want Cover Flow sorted by Album

  I know this is a hot topic, but I really would prefer to have Cover Flow sorted per Album rather than per Artist. I don't buy the same album for each artist so I think Cover Flow should be per Album, it just makes sense.
  As there's no real way around it and if you agree send your feedback to Apple so at least they know it's something people want and maybe they'll work on a way to fix it for us.
  http://www.apple.com/feedback/ipod.html

  I would support an option to sort by album or artist but if it were only 1 way, i'd like it to be by artist. Assuming the fix the compilation problem, I want the coverflow to work like going to a 'record' store so that i can easily go artist by artist and each artists albums are sorted together. compilations would either be grouped together at the end or under various artists ( but each album would appear once). I know my collection way better by artist than i do by album name.

• "Help Adobe - Your Feedback is Important" Messages

  Should we just go ahead and assume recent spam from [email protected] titled "Help Adobe - Your Feedback is Important" and offering a chance to win an iPad Air is a result of Adobe's entire client list getting hacked?  Every member of my account has been hit with this; not just the admin which is the only one marketing should have permission to 'bother.
  On the other hand if legit it's pretty unprofessional for such a large, profitable company to have so little control over it's digital identity that it can't muster up the skills to send an email from @adobe.com
  #Marketing101
  #Security101
  #trust

  I have iCab.  As well all those other versions as well. Haven't had any issues with Chrome. Though I don't use it terribly much. All the other browsers are free.
  The fastest one is OmniWeb, though I am using the beta version. Knocks the socks off of Chrome which is supposed to be the fastest Browser around, but OminWeb runs rings around. But because I am using the Beta version which is the one so fast, it does crash periodically.
  The fellow that writes iCab, also has Newsreader out for iPad and a version of iCab for iPad

• Feeback error: "Your feedback seems to contain a URL. Please remove this and similar personal data from the text, then try again."

  error when using feedback: "Your feedback seems to contain a URL. Please remove this and similar personal data from the text, then try again. Thanks!"
  Using FF4.0 b10 with MS XP sp3

  well, for starters, is there a URL (link) in the text? if so, you will have to take it out, and include it in the little link area under the comments box.
  If not, check to see if you have 'Http://' or '.com' or something similar in the text.

• Need your feedback

  hi everyone
  i have created this small game for toddlers as part of class
  assignment. It is meant for young children to explore different
  sounds.
  http://www.baylinks.net/rudi/lobster.html
  please take your time to have a look at it and give me your
  feedback and any suggestion for improvement.
  thanks

  Something that I'd recommend...
  As you're sitting at a piano, the farther you go to the
  right, the higher pitch the key is going to be, and the farther you
  go to the left the lower the pitch is going to but you have it
  switched.

• Wiki your feedback?

  hi,
  I am in a process to select a wiki software, While there is a lot of choice out there ,
  I was interested by Leopard Wiki your feedback, easy of use, do you have any reference to a review....
  It looks great from Apple web sites but info are limited though
  Thanks

  Visit the [Free Wiki packages|http://en.wikipedia.org/wiki/Category:Freewikisoftware], and pick some candidate packages. I'd suggest looking for an active community around the package, for bug reporting and security mailing lists, stable, established, and at the add-ons and customizations and theming. Then look to see what prerequisite software is involved, and what the effort might be in installing, maintaining and upgrading the Wiki.
  [Here's another view|http://www.siteground.com/comparebestwiki.htm] on picking a Wiki.
  Wikis that are protected behind a firewall are easier to deal with than open Wikis; allowing the world at a Wiki can be a maintenance and security issue. If you're running an external Wiki, look for reports of vulnerabilities to cross-site scripting and related database attacks, and responses to same from the maintainer(s) of the Wiki.
  If you want to configure and basically ignore the Wiki, the Leopard Wiki is probably going to be tough to ignore. Apple then gets to deal with critical security issues, etc., through the existing downloads mechanism for updates.
  Other potential options you can consider include the Wiki capabilities and the organic groups capabilities available in various of the web content management systems; classic content management systems are getting quite powerful. Locally, I use [Drupal|http://www.drupal.org], and Drupal can provide organic and Wiki capabilities (and many other add-on modules), and the Drupal embedded syntax is generally straight HTML.

• Appreciate your feedback: Usability - A good UI is revitalizing

  Dear experts,
  I would appreciate your feedback and rating for the blog http://scn.sap.com/community/best-built-applications/blog/2012/03/21/usability--a-good-ui-is-revitalizing#
  Thanks in advance,
  Regards,
  Leon

  Hi,
  There are some mistakes in your procedure
  1) you are passing the object verison number to the api from the per_all_people_f which should not be the case. you need to pass from the per_all_assignments_f object version number as your updating assignment screen not people screen.
  2) Use the Date track mode as Update , so that old superviosr data or any record will be end dated and new record will be created.
  3) In exception it is always advisable to write dbms_output.put_line(SQLERRM). so that it will give u the exact error if any occurs during execution of program.
  there is no table with per_assignments_x , use the table per_all_assignments_f which is a date track table for assignments
  see the below eg : pass the parametres where ever required. which will help you writing your procedure.
  declare
  l_assignment_id number:=> pass the assignment id of the employee;
  l_obj_version_number number:=>fetch and pass the object version number of the assignment
  begin
  hr_assignment_api.update_gb_emp_asg
  (p_validate => false
  ,p_effective_date => pass the date from which u want to update the assignment
  ,p_datetrack_update_mode => 'Update'
  ,p_assignment_id => l_assignment_id
  ,p_object_version_number => l_obj_version_number
  ,p_supervisor_id => pass the supervisor_id
  ,p_cagr_grade_def_id => l_cagr_grade_def_id
  ,p_cagr_concatenated_segments => l_cagr_concatenated_segments
  ,p_concatenated_segments => l_concatenated_segments
  ,p_soft_coding_keyflex_id => l_soft_coding_keyflex_id
  ,p_comment_id => l_comment_id
  ,p_effective_start_date => l_effective_start_date
  ,p_effective_end_date => l_effective_end_date
  ,p_no_managers_warning => l_no_managers_warning
  ,p_other_manager_warning => l_other_manager_warning
  ,p_hourly_salaried_warning => l_hourly_salaried_warning
  commit;
  exception when others then
  dbms_output.put_line(SQLERRM);
  end;
  Hope it helps
  Cheers