Migrate network object group members; risk

       We upgraded to new 5555 hardware and jumped from 8.2 to 9.1 last year. Our objects listing is now a bit messy. I have never run the "Migrate Network Object Group Members" menu option in asdm. I see what it is going to do, I am not sure it really helps me clean old objects, it seems low risk, but when I walk up to execution, there are a lot of changes it wants to make. We always save backup configurations but, if there are "gotchas" I don't want to put the company in that position. What has been the communities, Cisco's experience? Thanks for any feedback. jc

John,
if you feel that is risky, you can always go for plan B.
- you can take closure look at the object groups and decide new object naming convention policy.
- from ASDM or CSM, you can see overlapped or duplicate rules, so you can start with reducing them
- you can see same services used in couple of rules with different service groups.
     - like object-group service WEB-PORTS tcp
                    port-object eq http
                    port-object eq https
             object-group service APPLICATION-PORTS tcp
                    port-object eq http
                    port-object eq https
               object-group service APPS-PORT tcp
                    port-object eq www
                    port-object eq https
- you can replace all these different object-group with one object group. like WEB-PORTS.
- same way you can do excercise for network group as well.
hope this helps.
JD...

Similar Messages

  • Easy way to detect unused network objects/groups on ASA

    Hello,
    I find that every 6-12 months I will log on to the ASDM and go to the Network Objects/Groups section and spend ages right clicking on each object and seeing if it is still being used and if it isn't I then delete it.  It can take a long time as our config is large, are there any better ways of keeping the ASA update to date?
    Thanks

    Hello,
    I know that this is a very old post, however, starting in ASDM 7.1(3), there is a "Not Used" button in the app.  Click it and it will provide you list of objects/groups that are not being used in ACLs.  You can then choose which objects to delete (they're all checked by default).
    As of 7.1(4), however, there is no such feature for protocols/protocol groups.
    Hopefully this helps someone - I know that it saved me a lot of time in a few firewall migration projects!
    Rob.

  • Object-group with network-object containing an IP address range

    Hello,
    Does the ASA treat an object-group with a network-object containing a range of IP addresses as a netmask? For example, I can apply this configuration without the ASA throwing any errors though the configuration calls for a 'net mask':
    object-group network test
    network-object 192.168.0.0 192.168.63.255
    network-object-group mode commands/options:
      A.B.C.D  Enter an IPv4 network mask
    sh run ob id test
    object-group network test
    network-object 192.168.0.0 192.168.63.255
    I found that in the documentation it requires a netmask as oppose to a range. Is this a bug in the code? I am running code version 8.0(5)23 on a 5520. If this is not a bug how does the ASA treat this type of configuration when applied to an access list? When I ran a quick packet trace and denied access from that range it looks like the ASA doesn't read that configuration properly. Thank you.
    -John

    Hello,
    Thank you for your replies. In code version 8.0(5)23, it appears I am able to define a "range" of IP addresses as in:
    192.168.0.0 192.168.63.255 as opposed to defining a range with a netmask like 192.168.0.0 255.255.192.0.
    With the "range" of IP address applied to the "object-group network test" with sub command "network-object 192.168.0.0 192.168.63.255" the ASA does not pick up on said "range" when this object group is applied to a DENY access list. It only reads it properly when the netmask is attached, which is the correct configuration, as in: "network-object 192.168.0.0 255.255.192.0".
    To clarify, I mean range as in 192.168.0.0 - 192.168.63.255.
    Hope this helps to understand. I am just curious as to why this is even able to be applied in such a way or if it is a bug in this particular code version? I can also confirm that this can be done in code version 8.4(2). See below snippets of my configuration in the 8.4(2) code version:
    access-list 101 line 3 extended deny ip object-group testmask any 0x577f55a8
      access-list 101 line 3 extended deny ip 192.168.0.0 192.168.63.255 any (hitcnt=0) 0x0623b0c4
    access-list 101 line 4 extended permit tcp any any eq 89 (hitcnt=1) 0x36f1e5cd
    Packet trace results in allowing the "range" of IP address:
    Result:
    input-interface: outside
    input-status: up
    input-line-status: up
    output-interface: dmztest
    output-status: up
    output-line-status: up
    Action: allow
    Now with the "correct" configuration:
    access-list 101 line 3 extended deny ip object-group testmask any 0x577f55a8
      access-list 101 line 3 extended deny ip 192.168.0.0 255.255.192.0 any (hitcnt=1) 0xa31c6bbd
    access-list 101 line 4 extended permit tcp any any eq 89 (hitcnt=1) 0x36f1e5cd
    Result:
    input-interface: outside
    input-status: up
    input-line-status: up
    output-interface: dmztest
    output-status: up
    output-line-status: up
    Action: drop
    Drop-reason: (acl-drop) Flow is denied by configured rule
    Thank you.
    -John

  • Add network object to access list

    Can someone please show me how to add existing network objects to existing access control lists in a network object group using the cli in the asa version 9.x on the inside interface? The source is an already existing network object and the destination is an existing network object group. Thanks.

    Hi,
    I am not entirely sure of what you are asking.
    What I undertood is that you have the following already
    An "access-list" that is attached to the "inside" interface
    An existing "object network " configured that will be used as the source for the "access-list" rule
    An existing "object-group network " configured that will be used as the destination for the "access-list" rule
    If the above is true then you would simply configure
    access-list permit ip object object-group
    The above though would permit all TCP/UDP traffic
    If you want to only allow specific ports for either TCP or UDP then you would use the format
    access-list permit tcp object object-group eq
    access-list permit udp object object-group eq
    Naturally if you want to allow multiple ports there would be further ways to group those ports together also inside "object-group" to make the configuration smaller/cleaner.
    Please let me know if you were looking for something else and I missunderstood
    Hope this helps
    - Jouni

  • ASDM multiple network objects vs group for rules

    I was just curious if there are any performance benefits of using multiple network objects on multiple rules vs consolidating them into fewer rules by grouping them? 
    For example, I have about 10 lines of NAT exempt rules from the same source to multiple destinations.  Is there anything to be gained if I consolidated those into a single rule using an object group for the multiple destinations aside from cleaning up the clutter in ASDM?
    Thanks

    Hello Tony,
    Of course, it will be better because the processing that the ASA is going to use to determine witch rule to match would be decremented, also it would take less space on the configuration file (memory). those are some of the pros regarding creating groups for particular rules.
    Sometimes a huge configuration file can increment the CPU usage,etc,etc. so it is better to keep it as small and organized as possible.
    Please rate helpful posts.
    Regards,
    Julio

  • Forms10g Migration : Sub-Clasising Object Groups again.

    While performing the forms10g migration , is it necessary to Subclass the object groups from the referenced forms in the referencing forms again. If so , what for is this necessary.
    Please advise.

    U dont need to subclass again. However make sure that the form from which u have subclassed is upgraded first.
    Rajesh ALex

  • ASA 5520: Create Network Object for range of hosts?

    Hi,
    I'm new to Cisco Firewalling. I'm migrating our network objects from our current firewall to a new ASA 5520 configuration. I'm using ASDM 6.4 for configuration.
    We have a range of IP addresses for hosts that we need to add to a firewall rule/ACL. In the previous FW software I could create an object that was a range of IP address. For example there is an object called emailservers that is defined as 192.168.2.25-192.168.2.50.
    Is there a way to do a similar thing on the ASA 5520?
    I can see how to create subnets, but in this case I only have a range of IP addresses, no subnet mask.
    Any help greatly appreciated.

    Sure there is,
    hostname(config)# object network TEST2
    hostname(config-network-object)# range  10.1.2.1 10.1.2.70
    No need for subnet masks, this will be a Object network, not an Object-group of type network. Now in 8.3 they are a lot different.
    http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_objects.html
    Check this doc for reference.
    Cheers,
    Mike

  • Get Password Expiration Date of Group members in Active Directory

    hi,
    How can I get password Expiration date of Group members in Active Directory – please advise me
    Fasil CV

    Or DSQUERY Commands.
    dsget group "CN=Group1,DC=myinfralab,DC=com" -members | dsget user - -acctexpires
    Santhosh Sivarajan | Houston, TX | www.sivarajan.com
    ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
    Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
    Blogs: Blogs
    Twitter: Twitter
    LinkedIn: LinkedIn
    Facebook: Facebook
    Microsoft Virtual Academy:
    Microsoft Virtual Academy
    This posting is provided AS IS with no warranties, and confers no rights.

  • How can I set up an SMS group so that all group members can dial a group number and have a text sent out to all members of the group

    How can I set up an SMS group so that all group members can dial a group number and have a text sent out to all members of the group
    This would be an SMS group similar to an email listserv but running on the SMS network
    I have seen private individuals offering this service
    It seems strange to me that no internet site like Apple, Yahoo or Google offers this as a free service much as the email group services are free services.
    Steve

    I think the app GroupMe might do what you want. You might also try contacting your carrier. My carrier offered some fancy group texting service for a while but they never really advertised it so, unless you asked, you never would have known. But, GroupMe is available in the app store. There are lots of other apps that also do group texting but it seems to be the one that gets recommended the most.

  • Can I create a network object from CIDR format or do I need to use IP - netmask?

    Have a cisco ASA running ASA V 8.3
    Wondering what the correct syntax is or even if it is possible to create a network object from a list of IP's in CIDR format? 
    Typically just do this:
    Create network-object
    object-group network name
    network-object 1.2.3.0 255.255.255.0
    Would like to do this: 
    network-object 1.2.3.0/24
    thanks!

    Hi,
    As far as I know the ASA does not support entering a network/subnet mask in such format in any of its configurations.
    - Jouni

  • How to restrict users working on Windows 7 clients from accessing Windows Explorer and other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2

    Dear All,
    We are having an infrastructure setup of around 500 client computers managed through group policy.
    Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
    Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
    It would be great if you can assist me with the following query.
    How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
    Can we disable Network Tab on the left hand pane ?
    explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.

    >   * explorer.exe is blocked already, but users are able to enter the
    >     Windows Explorer by clicking on the name which is visible on the
    >     Start Menu.
    You cannot block explorer.exe when you do not replace the shell - the
    desktop you see effectively IS explorer.exe...
    Your requirement sounds like you need a custom shell:
    http://gpsearch.azurewebsites.net/#2812
    Martin
    Mal ein
    GUTES Buch über GPOs lesen?
    NO THEY ARE NOT EVIL, if you know what you are doing:
    Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

  • Issue with Migration of Users/groups in Essbase

    Hi,
    am trying to migrate the users specific to the application using Advanced option through Migration Wizard (EAS 716)..But i see the users with the application on old box and when i check it after migration, am not able to see the users related to that application..
    Moreover, i have copied the users specific to that application on old box into new box and after that tried of migrating the same application from old to new box...Even then am not able to see the users with application access..
    Is this the right approach which am following? or Kindly suggest me the best way of migrating users/groups...
    Thanks

    If you chose the advanced option, you should have no problem migrating users and groups along with the application. You probably may have omitted those groups or members from the list. When you migrate do not change anything except server, App and DB names.

  • NAT 0 using Network Object NAT in OS 8.6

    Hi,
    I am trying to create an IPSEC remote access vpn and am working for the first time with Network Object NAT on a 5512 X architecture with 8.6 OS. I would like to know how to create a NONAT scenario with users on the other side using a NAT 0 nat entry so that traffic going to subnets on the other end of the VPN do not get NATTED?
    Thanks,
    Vick.

    Hi,
    It would be the following then
    object-group network LAN-NETWORKS
    network-object 192.168.1.0 255.255.255.0
    network-object 192.168.2.0 255.255.255.0
    network-object 192.168.4.0 255.255.255.0
    network-object 192.168.5.0 255.255.255.0
    network-object 192.168.7.0 255.255.255.0
    network-object 192.168.8.0 255.255.255.0
    network-object 192.168.11.0 255.255.255.0
    network-object 192.168.12.0 255.255.255.0
    network-object 192.168.14.0 255.255.255.0
    network-object 192.168.16.0 255.255.255.0
    network-object 192.168.21.0 255.255.255.0
    network-object 192.168.31.0 255.255.255.0
    network-object 192.168.33.0 255.255.255.0
    object-group network REMOTE-NETWORKS
    network-object 192.168.10.0 255.255.255.0
    nat (inside,outside) source static LAN-NETWORKS LAN-NETWORKS destination static REMOTE-NETWORKS REMOTE-NETWORKS
    - Jouni

  • Access list with multiple object groups

    Hello Everyone,
    I am using a cisco ASA 5525 with 8.6 code.  I am trying to setup access list for oubound access meaning hosts accessing the internet.  I have created an access list called outbound_access and did "access-groupc outbound_access in interface inside "
    I am trying to use object-groups where ever i can.  Here is an example.
    object-group service obj_Meraki_outbound
    service-object tcp destination eq 443
    service-object tcp destination eq 80
    service-object tcp destination eq 7734
    service-object tcp destination eq 7752
    service-object udp destination eq 7351
    object-group network obj_Meraki_lan
    network-object 10.2.11.0 255.255.255.240
    network-object 10.5.11.0 255.255.225.240
    object-group network obj_Meraki_pub
    des This group lists all hosts associated with Meraki. 
      network-object host 64.156.192.154
      network-object host 64.62.142.12
      network-object host 64.62.142.2
      network-object host 74.50.51.16
      network-object host 74.50.56.218
    object-group service obj_Meraki_outbound
    service-object tcp destination eq 443
    service-object tcp destination eq 80
    service-object tcp destination eq 7734
    service-object tcp destination eq 7752
    service-object udp destination eq 7351
    object-group network obj_Meraki_lan
    network-object 10.x.x.x 255.255.255.240
    network-object 10.x.x.x 255.255.225.240
    object-group network obj_Meraki_pub
    des This group lists all hosts associated with Meraki. 
      network-object host 64.156.192.154
      network-object host 64.62.142.12
      network-object host 64.62.142.2
      network-object host 74.50.51.16
      network-object host 74.50.56.218
    I have tried tying all these groups together in multiple ways but cannot figure out how to do this.  This what i think it should be "access-list outbound_access extended permit object-group obj_Meraki_outbound object-group obj_Meraki_lan object-group obj_Meraki_pub"
    What i want is the use the service objects and the source network would be obj_Meraki_lan and destination would be obj_Meraki_pub.   It seems the rules completely change when you use object groups.  Can someone explain this maybe with a few examples.  I am already using object groups in many acls but not for every element.
    Thanks

    Hi,
    Seems to work on my test ASA
    Attached it to my current LAN interface.
    ASA(config)# packet-tracer input LAN tcp 10.2.11.1 12345 64.156.192.154 80
    Phase: 1
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   0.0.0.0         0.0.0.0         WAN
    Phase: 2
    Type: ACCESS-LIST
    Subtype: log
    Result: ALLOW
    Config:
    access-group outbound_access in interface LAN
    access-list outbound_access extended permit object-group obj_Meraki_outbound object-group obj_Meraki_lan object-group obj_Meraki_pub
    object-group service obj_Meraki_outbound
    service-object tcp destination eq https
    service-object tcp destination eq www
    service-object tcp destination eq 7734
    service-object tcp destination eq 7752
    service-object udp destination eq 7351
    object-group network obj_Meraki_lan
    network-object 10.2.11.0 255.255.255.240
    network-object 10.5.11.0 255.255.255.240
    object-group network obj_Meraki_pub
    description: This group lists all hosts associated with Meraki.
    network-object host 64.156.192.154
    network-object host 64.62.142.12
    network-object host 64.62.142.2
    network-object host 74.50.51.16
    network-object host 74.50.56.218
    Additional Information:
    access-list outbound_access line 1 extended permit tcp 10.2.11.0 255.255.255.240 host 64.156.192.154 eq www (hitcnt=1) 0x4d812691
    Also have used such configuration in some special cases where the customer has insisted on allow specific TCP/UDP ports between multiple networks. And nothing is stopping from adding ICMP into the "object-group service" also.
    - Jouni

  • How to migrate the Objects from 3.1c to BI7

    Hi,
    We are in Functional Upgradation.
    How to Migrate the Objects( Infocubes,DSO,Datasources,Rules...etc...) from 3.1C to BI 7.0
    Please help me to doing this....
    regards,
    anil

    BW Upgrade tasks (BW 3.1C to BI 7.0)
    Prepare Phase:
    Task     How-To     Who
    Review BI 7.0 feature lists     Review BI 7.0 feature lists for possible inclusion in developments.     Basis/BW
    Obtain the BI 7.0 upgrade guide     Download the upgrade guide from http://service.sap.com/inst-guides -> SAP NetWeaver -> Upgrade
         Basis/BW
    Review all upgrade SAP notes     In addition to the upgrade guide, check, download, and review all SAP notes for your upgrade
         BI 7.0 Upgrade notes
         SAP Web Application Server 6.40 upgrade notes
         OS and DB specific upgrade notes
         SAP BW Add-on upgrade notes
    (e.g. SAP SEM, ST-PI, etc)
         Plug-In upgrade SAP notes
         Other notes identified in above notes and/or upgrade guides.
         Basis/BW
    Check DB and OS requirements for the target SAP BW release     Check DB version/patch level and OS version/patch level required for upgrade
         First check the most current information from the SAP BW homepage http://Service.sap.com/BW  -> <SAP BW release> -> Availability
         Additionally, the u201CPlatformsu201D link will take you to the main DB/OS page for BI 7.0 and SAP Web AS 6.40.
         Note: In some cases there are differing requirements for SAP BW 3.0B/SAP BW 3.1 Content and BI 7.0
         Basis
    Check SAP BW Add-on upgrade requirements     Do you have SAP BW add-ons installed that require additional handling (e.g. SAP SEM, Enterprise Portal Plug-in, etc)?
         SAP SEM (SAP BW based components) requires SAP SEM 4.0 which is part of the mySAP ERP 2004 suite.
         WP-PI release must be at 6.00 before the upgrade begins. As mentioned before this add-on is merged with PI_Basis after the upgrade.
         Basis
    Check SAP BW upgrade requirements          Minimum Support Package and kernel levels for upgrade
         SAP BW Frontend requirements for new SAPGUI, SAP BW BEx Frontend and SAP BW Web applications.
         Source system Plug-In requirements     Basis
    Check compatibility requirements with 3rd party software          3rd Party Reporting tools (example: Crystal)
         ETL Tools (example:  Ascential, DataStage, etc)
         Scheduling tools (example. Control-M, Maestro, etc)
         Monitoring tools (example: HP OpenView, Patrol, etc)
         Other OS or DB related tools     Basis
    Check new component requirements for BI 7.0          If SAP BW web reports were developed in SAP BW 2.x, a windows version of IGS 6.40 (Internet Graphics Service) is required for conversion and future rendering of web graphics (i.e. Charts and GIS Maps).
    The IGS chart migration will also be required after the SAP BW web report conversion.
         If you used or activated any SAP BW Web Applications in SAP BW 3.x, or if you have used charts in SAP BW 2.x web reports, you will need a windows version of IGS 6.40 (Internet Graphics Service) to execute the IGS chart migration after the upgrade.
         If ESRI GIS software is in use, a different version of ESRI software maybe required for BI 7.0.  (ArcView 8.2?).
         If you plan to use Information Broadcasting, please review the requirement for additional infrastructure components such as EP, KMC, Workbook pre-calculation service, and Web AS connectivity to your mail servers.
    Detailed information is available in the SAP NetWeaver u201904 master planning guide (http://service.sap.com/instguides  -> SAP NetWeaver).
         Basis
    Test and distribute new SAP BW Frontend
              Install and test the new BI 7.0 Frontend (including the new version of SAPGUI for Windows if applicable).
         A detailed FAQ on the new BI 7.0 Frontend is available on the SAP service marketplace alias BWFAQ (http://service.sap.com/BWFAQ).
         After successful testing, the new SAPGUI for Windows and SAP BW Frontend can be distributed to the BW teams and end users.
         Basis
    Alpha Conversion:
    Ensure that your InfoObject data is consistent from a u201Cconversionu201D perspective (Alpha Converter tool)      Check that you have executed the Alpha Converter tool to check the consistency of your InfoObject definitions and data for InfoObjects that utilize the ALPHA, NUMCV and GJAHR conversion exits.
    Note: The Alpha conversion is not part of the SAP BW upgrade itself, but the upgrade simply checks to ensure you have successfully executed the check tool.
    Transaction RSMDCNVEXIT
    Check the system status:
         u201CAll Characteristics Have Correct Internal Valuesu201D: The Alpha converter has been successful executed. The upgrade preparation can continue.
         u201CNo Check yet/Inconsistent Internal Vales existu201D:
    The Alpha converter check has not been executed.
         u201CCharacteristics have Inconsistent Internal Valuesu201D:
    The Alpha converter tool check has been executed and data problems have been detected. The InfoObject and data must be processed before the upgrade can be started.
         BW
    Upgrade SAP Note updates     Check for newer versions of your SAP notes for the Upgrade.
    Tip: The SAP service marketplace offers an option to subscribe to OSS notes so you can be notified of changes when you log on.
         Basis/BW
    Confirm SAP BW support package, kernel and DB/OS configuration     Analyze current Support Package and DB/OS/Kernel configurations in your SAP BW landscape in relation to the SAP BW 3.x upgrade requirements.
         Apply necessary support packages, kernel patches, and DB and OS patches to meet upgrade requirements
         Basis
    Alignment of SAP BW objects within your SAP BW system landscape     Check and, where required, re-align SAP BW Objects and developments in your SAP BW system landscape (Development, Quality Assurance and Production).
    SAP BW Object differences can impact the quality of testing in the Development and Test environment and can lead to change management issues.
         This check is to minimize risk and ensure productive objects are being tested prior to the Production upgrade.
    Where alignment issues exist and realignment is not possible, alternative testing plans should be devised.
         Basis/BW
    Confirm all developments are deployed.     Ensure that all SAP BW developments are deployed or they are to be re-developed/tested after the upgrade.
         In the DEV system, all SAP BW development transports should be released (i.e. transport created and released) and imported to all downstream systems (i.e. QAS and PRD systems).
    For SAP BW developments not already collected in the transport collector, a decision must be made:
    Deploy the developments or wait until the upgrade has completed to deploy.
    o     Development to be deployed should be collected, released, and imported into the QAS and PRD systems.
    o     Developments that should be deployed after the upgrade should be re-tested/re-developed after the upgrade.
         In the QAS or PRD systems, ensure that all SAP BW development transports have been imported prior to the upgrade.
         BW
    Implement BI 7.0 Business Explorer Frontend     Install, evaluate, test and distribute the new BI 7.0 Business Explorer Frontend.
         Basis/BW
    Pre-upgrade Process:
    Download required BI 7.0 support package Stack for inclusion in the upgrade     Determine the equivalent support package level of the source SAP BW release and the target SAP BW release.
         There is a minimum requirement that you upgrade to at least the equivalent support package level on the target SAP BW release so that you do not lose functionality, corrections, and data.
         It is recommended to upgrade to the latest version of all support packages during the upgrade via the upgradeu2019s support package binding functionality.
         BI 7.0 Support Packages are delivered via SAP NetWeaver u201904 Support Package stacks (SP-Stacks). It is not recommended to partially apply some of the SP-Stacksu2019 individual support packages. You should apply all of the SP-Stacks support packages at once.
    For more information on the SP-Stacks and SAP NetWeaver SP-Stacks, please see the SAP service marketplace alias SP-Stacks (http://service.sap.com/sp-stacks)
         You should also review, download, and bind in support packages for all add-on components that are installed on SAP BW and will be upgraded during the SAP BW upgrade (e.g. SEM-BW, ST-PI, etc)
         Basis
    Apply latest Support Package tool patch     Apply latest SPAM patch before executing PREPARE     Basis
    Validate the SAP BW (ABAP) Data Dictionary and the Database Data Dictionary for consistency     Check Database consistency
         Transaction DB02:
    o     Execute ABAP SAP_UPDATE_DBDIFF and re-execute DB02 check. This gives a truer view of the SAP BW objects in DB02.
    o     Check missing database objects (indices, tables, etc)
    o     Missing indices may identify erred data loads or process problems
    Tip: Missing indices on InfoCubes can be restored by RSRV or ABAP SAP_INFOCUBE_INDEXES_REPAIR
    Note: check for running data loads before executing a repair!
    o     Check DDIC/DB consistency
         Verify database objects and consistency
    (e.g. SAPDBA check for offline data files)
         BW
    Remove unnecessary SAP BW temporary database objects     Delete all SAP BW temporary database objects:
         Execute routine housekeeping ABAP SAP_DROP_TMPTABLES.
         This reduces the numbers of database objects that need to be copied during the upgrade.
         Note: take care not to delete objects that are in use as this will cause queries, compressions, etc to terminate.
         BW
    Validate your SAP BW Objects for correctness prior to your upgrade     Using the SAP BW Analysis Tool (transaction RSRV), perform extensive tests on all important SAP BW Objects to ensure their correctness prior to the upgrade.
    Note: this test should be repeatable so you can re-validate after the upgrade!
         Ensure that any inconsistencies are identified and corrected
         RSRV has a number of extensive tests and if all checks are executed will consume a large amount of time. Multiple tests can be performed in parallel.
         Tip: Some corrections in development can be deployed to other systems via transport in advance of the next upgrade.
         BW
    Ensure DB Statistics are up to date prior to the upgrade          Check DB statistics for all tables.
    Tables without statistics, especially system tables, can seriously impact upgrade runtimes.
         Check DB statistics for missing Indexes for InfoCubes and Aggregates
    o     User transaction RSRV to check      BW
    Check SAP BW Support Package status     Check the status of all support packages (via transaction SPAM)
         Ensure the Support Package queue is empty
         Confirm all applied Support Packages     Basis
    Check all u2018Repairsu2019     Check for unreleased repair transports
         Release all unreleased transports
    In your QAS and PRD system, check if all repair transports have been imported (i.e. systems are aligned)
         Import missing repair transports into down stream systems. This will avoid differing message and/or errors during the upgrade.
         BW
    Check InfoObject status          Check for revised (modified) InfoObjects that have not been activated.
    All InfoObjects should be active or saved (not activate):
    o     Check all inactive InfoObjects:
    Transaction RSD1 (Edit InfoObjects),
    click on u201CAll InfoObjectsu201D radio button and click the u201CDisplayu201D button.
    Modified InfoObjects are denoted by yellow triangles!
    o     Determine if revision should be activated or removed.
         'Reorgu2019 or u2018Repairu2019 all InfoObjects
    This checks and repairs any discrepancies in the InfoObject definition and structures. It is common to have obsolete DDIC and table entries for InfoObjects after multiple upgrades and definition changes. These obsolete entries normally do not effect normal SAP BW operations.
         Transaction RSD1 (Edit InfoObjects), Select u201CExecute Repairu201D or u201CExecute Reorgu201D Use expert mode for selective executions.
         BW
    All ODS data loads must be activated.          Activate all inactivated ODS Object requests.
    All ODS u2018Mu2019 tables must be emptied prior to the upgrade as a new activate process is implemented
    o     Inactivated ODS request can be located via the Admin workbench -> u2018Monitoringu201D button -> u2018ODS Status Overviewu201D
         BW
    All Transfer and Update rules should be active          Check for inactive Update and Transfer Rules
    o     All update rules and transfer rules should be active or deleted.
    o     Look into the table RSUPDINFO for update rules and search for the version "not equal" to "A". Likewise use the table RSTS for Transfer rules/structure.     BW
    All InfoCubes should be active          Check for inactive InfoCubes and Aggregates (Aggregates are InfoCubes too!)
    o     All InfoCubes should be activated or deleted.
    o     Execute ABAP RSUPGRCHECK to locate any inactive InfoCubes. See SAP note 449160.
         BW
    All Web Report objects should be consistent prior the upgrade.          Check the consistency of your SAP BW web objects (web reports, web templates, URLs, roles, etc). All objects should be consistent prior to web object conversion after the upgrade. It is recommended to ensure consistency before the upgrade.
    o     For Original release SAP BW 3.x:
    A SAP BW web reporting objects check can be executed via a new check in RSRV. This is provided via a SAP BW support package.
    Please see SAP note 484519 for details.
         BW
    Backup your system before starting PREPARE     Before execution PREPARE, perform a full database backup (including File system). Ensure you can recover to the point in time before PREPARE was executed.
         Database admin
    Address any instructions/errors generated by PREPARE          Address any issues listed in log files Checks. Log generated by PREPARE.
    o     Repeat PREPARE until all checks are successful.     Basis
    Complete any Logistic V3 data extractions and suspend V3 collection processes          Extract and empty Logistics V3 extractor queues on SAP R/3 source systems.
    o     The V3 extraction delta queues must be emptied prior to the upgrade to avoid any possible data loss. V3 collector jobs should be suspended for the duration of the upgrade.
    They can be rescheduled after re-activation of the source systems upon completion of the upgrade.
         Note: If you perform any data loads after executing PREPARE, re-check the status of all delta queues in SAP BW and the source systems(s).
         BW
    Complete any data mart data extractions and suspend any data mart extractors          Load and Empty all Data mart Delta Queues in SAP BW. (e.g. for all export DataSources)
    o     The SAP BW Service SAPI, which is used for internal and u2018BW to BWu2019 data mart extraction, is upgraded during the SAP BW upgrade. Therefore, the delta queues must be emptied prior to the upgrade to avoid any possibility of data loss.
         Note: If you perform any data loads after executing PREPARE, re-check the status of all delta queues in SAP BW and the source systems(s).
         BW
    Check that your customer defined data class definitions conform to SAP standards          Check all customer created Data classes used by SAP BW Objects (i.e. InfoCubes, ODS Objects, Aggregates, InfoObjects, and PSAs) to ensure they conform to SAP standards.
    o     Check your data class definitions as detailed in SAP Notes 46272 and 500252.
    o     Incorrect data classes could create activation errors during the upgrade.
         BW
    Remove unnecessary SAP BW temporary database objects     Delete all SAP BW temporary database objects:
         Execute routine housekeeping ABAP SAP_DROP_TMPTABLES.
    For more information see SAP note 308533 (2.x) and 449891 (3.x).
         This reduces the numbers of database objects that need to be copied during the upgrade.
         Note: take care not to delete objects that are in use as this will cause queries, compressions, etc to terminate.
         Basis/BW
    Backups!     Before executing the upgrade, ensure that you have a backup strategy in place so you can return to the point where loading was completed and the upgrade started.
    Ensuring you can return to a consistent point in time (without having to handle rollback or repeats of data loads) is key to having a successful fallback plan.
         Database Admin
    Before Execution:
    All SAP BW administration tasks should have ceased          Cease all SAP BW administration tasks such as Object maintenance, query/web template maintenance, data loads, transports, etc at the beginning of the upgrade.
    The Administrators Workbench and the Data Dictionary are locked in the early phases of the upgrade.
         Reminder: Users can execute queries until the time that the upgrade determines that the SAP BW System should be closed*
    - timing depends on the type of upgrade selected
         Basis/Admin
    Remove unnecessary SAP BW temporary database objects     Repeat the deletion of all SAP BW temporary database objects after you have stopped using the SAP BW Admin workbench*
         Execute routine housekeeping ABAP SAP_DROP_TMPTABLES.
    For more information see SAP note 308533 (2.x) and 449891 (3.x).
    - timing depends on the type of upgrade selected
         BW
    Check system parameters     Check OS, DB, and Instance profile parameters.
         Check System Instance parameters for new BI 7.0 specific parameters. See SAP note 192658 for details
         Check for any DB specific parameters for BI 7.0
         Check for any new OS parameters     Basis
    Check Database archiving mode     Turn database archive log mode back on if it was disabled during the upgrade!
         Database Admin
    After Execution:
    Check the systemu2019s installation consistency     Execute Transaction SICK to check installation consistency
         BW
    Check the system logs     Perform a technical systems check.
         Example: Check system and all dispatcher logs (inc. ICM logs)
         Basis
    Apply latest executable binaries     Apply the latest 6.40 Basis Kernel for all executables
         Tip: use the SAP NetWeaver u201904 SP-Stack selection tool to find all binaries. (http://service.sap.com/swdc)
         Basis
    Review BI 7.0 Support Packages for follow-up actions.          Review SAP Notes for all SAP BW Support packages applied during (bound into the upgrade) and applied after the upgrade:
    o      Search for Note with the keyword u201CBWu201D, u201CSAPBWNEWSu201D, and u201C<BW release>u201D
    o     Follow any required instructions identified in the SAP Notes
         Basis
    Apply latest patches          Apply the latest SPAM patch
         Apply any required support packages that were not bound into the upgrade.
         Basis
    Apply additional BI 7.0 Support Packages
    (if required)          SAP recommends that customer remain current on SAP Support Packages.
         Review SAP Notes for all SAP BW Support packages applied in previous task.
    o      Search for Notes with the keyword u201CBWu201D, u201CSAPBWNEWSu201D, and u201C<BW release>u201D
    o     Follow any required instructions identified in the SAP Notes
         Basis
    Resolve any modified SAP delivered Role issues      If SAP delivered Roles were modified, then these modifications may incorrectly appear in the upgrade modification adjustment tool (SPAU).
         Review and implement SAP note 569128 as required     Basis
    Configuring Information Broadcasting EP/KMC Connections
         If you plan to use the EP integration functionality of Information broadcasting (Broadcast to the EPu2019s PCD, Broadcast to KMC, or Broadcast to Collaboration Rooms):
         Ensure the SAP EP is at the same SP-Stack level as your SAP BW system.
         Follow the online help documentation to configure and connect the SAP BW system and the SAP EP system. (http://help.sap.com).
         For broadcasting to KMC, ensure that KM has the u2018BEx Portfoliou2019 content available.
         Basis
    Re-check SAP BW Object and consistency     Execute RSRV to check SAP BW Object consistency
         Repeat tests that we executed prior to the upgrade.
         Validate results      BW
    Check InfoCube views for consistency     Check consistency of InfoCube fact table views
         It is possible that fact table view /BIC/V<InfoCube>F is missing if a number of SAP BW upgrades have been performed before. See SAP Note 525988 for instructions for the check and repair program.
         BW
    Perform SAP BW Plug-in (SAPI) upgrade follow-up tasks          If required, Re-activate the SAP BW u201CMyselfu201D source system in SAP BW.
         The SAP BW internal plug-in (SAPI), which is used for internal data mart extraction and u2018BW to BWu2019 communication, is upgraded during the SAP BW upgrade. The source system is de-activated to prevent extractions and loading during the upgrade.
         It may be required to replicate export DataSources and reactivate transfer structures/rules for internal data loads (i.e. ODS Object to InfoCube objects).
    o     Tip: It is advised to do this step for all export DataSources to avoid possible errors during execution of InfoPackages
         Check that all other Source Systems are active.
    o     Activate as required.     Basis/BW
    Check SAP BW Personalization is implemented     (SAP BW 2.X upgrades will have performed this in the previous task).
    Validate that personalization has been activated in your SAP BW system.
    Note: It has been observed that in some cases, BEx Personalization has to be re-activated after an upgrade from SAP BW 3.x to BI 7.0. It is advised to check the status of personalization after the upgrade.
         Enter the IMG (transaction SPRO), select SAP Business Warehouse -> Reporting relevant settings -> General Reporting Settings -> Activate Personalization in BEx
    Check the status of the Personalization settings. All entries should be active u2013 highlighted by an unchecked check box.
         To activate highlighted Personalization, click Execute.     BW
    For SAP BW 2.0B/2.1C -> BI 7.0 Upgrades:
    Convert ODS secondary indexes to new standard     For SAP BW 2.0B/2.1C -> BI 7.0 Upgrades:
    Convert any customer created ODS Object secondary indexes to the new ODS Object index maintenance process.
         Re-create all indexes in the ODS Object definition screen in transaction RSA1.
         ODS indexes must conform to the new naming convention
         BW
    Converting IGS chart settings
         Convert you existing IGS chart settings (converts IGS chart settings from BLOB to new XML storage format)
         Ensure you have the latest SAP Web AS 6.40 IGS (stand alone windows version) installed and working
    o      Test via transaction RSRT
         Execute the conversion process as directed the BI 7.0 upgrade guide.
         Note: This step is required for all BI 7.0 upgrades     Basis
    Backup your SAP BW system     Perform a full database backup (including the File system)
    Remember to adjust your backup scripts to include new components such as the J2EE engine, pre-calculation service, etc.
         Database Admin

Maybe you are looking for

  • "photo stream" isn't working

    Hi guys, I bought a Macbook Pro in Augest. As soon as I got it, I tried to use photo stream. It worked perfectly when I use my iPod touch to take a picture; it will automatically send my photo to the mac. But, now the photo stream is not working. I w

  • Can we practice SAP EP on ECC 6.0..!

    Hi, Please guide me..! Actually I am learning SAP EP online from SAP. When I checked with my company for an IDES version of EP server. They are giving me the SAP ECC 6.0 IDES version details. Now I got confused that I was practicing my training sessi

  • MRP- Forward Scheduling

    Hi Team, I have requirement that during MRP run (MD02), planned order to be created for my FERT item with "Forward schedjuling". I understand that MRP always performed with "Backward Scheduling" by default. But i have below clarifications. Q1: If i s

  • How do I stop Messages reading out my messages?

    Everytime I receive a message on my Mac, the Messages app reads it out to me.  This is getting very irritating.  Does anyone know how I stop this happening please?

  • X240 with windows 8.1 has ".exe bad image virus"

    Hi, All,   my X240 with windows 8.1 had this ".exe bad image" error messages for couple weeks. it keeps showing up when I want to open program or start up the machine.  I googled online, it is said this is a malware or virus. but I have not found an