Multi-Tenant

Similar Messages

• Unable to send to external email recipients - Multi Tenant Exchange 2013 - MultiRole servers in DAG

  Greetings all, I hope someone can help.
  I have created a Exchange 2013 multi-tenant organization, with two servers, both multi-role - CAS and Mailbox roles.
  Internal mail flow is fine (external email addresses can send to the domain).
  External firewall port forwards ports 443 and 25 to the Internal DAG IP address.
  There are two multi-role Exchange servers that are members of the DAG.
  I am able to connect to OWA and ECP via https://externalIP/OWA and https://alias.domain.com/OWA
  No SSL certificates have been purchased or installed yet.
  Exchange URLs have not been changed since default configuration at install.
  OWA and ECP works both internal and external.
  External DNS works with SPF and PTR records correctly configured
  Exchange RCA - Send test only fails with one Spam Listing (this Blacklist provider now flags all domains and you cannot ask to be removed)
  Send Connectors are the default ones created during install. Receive connector is standard configuration with  - * - 
  When sending email to an external address, I receive a failure notice
  ServerName.test.corp.int gave this error:
  Unable to relay 
  Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.
  More Info - 
  ServerName.test.corp.int
  Remote Server returned '550 5.7.1 Unable to relay'
  I have been troubleshooting this for many hours with no progress.
  I have created new Send Connectors for the server that is advising that it is unable to relay, but they have all failed.
  I have tried setting the Internal IP address for Exhange Server 1 (Exchange Server 2 reports failure), with most combinations of Security (Anonymous, Exchange Users, etc).
  I have also tried with the IP range 192.168.11.0/24 to allow the whole the subnet, I still receive the unable to relay failure notice.
  I have tried this guide - hxxps://glazenbakje.wordpress.com/2012/12/30/exchange-2013-how-to-configure-an-internal-relay-connector/ - with different combinations, still no resolution.
  I am at a loss as to why I can't send out with the default configuration. I would assume that email would flow out without any changes, but this does not happen.
  Can someone please assist before I lose my sanity.
  Thanks in advance,
  Terry

  Greetings all, I hope someone can help.
  I have created a Exchange 2013 multi-tenant organization, with two servers, both multi-role - CAS and Mailbox roles.
  Internal mail flow is fine.
  Incoming mail from external senders is also fine. - 
  external email addresses can send to the domain).
  External firewall port forwards ports 443 and 25 to the Internal DAG IP address.
  There are two multi-role Exchange servers that are members of the DAG.
  I am able to connect to OWA and ECP via https://externalIP/OWA and https://alias.domain.com/OWA
  No SSL certificates have been purchased or installed yet.
  Exchange URLs have not been changed since default configuration at install.
  OWA and ECP works both internal and external.
  External DNS works with SPF and PTR records correctly configured
  Exchange RCA - Send test only fails with one Spam Listing (this Blacklist provider now flags all domains and you cannot ask to be removed)
  Receive Connectors are the default ones created during install. Send connector is standard configuration with  - * - 
  When sending email to an external address, I receive a failure notice
  ServerName.test.corp.int gave this error:
  Unable to relay 
  Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.
  More Info - 
  ServerName.test.corp.int
  Remote Server returned '550 5.7.1 Unable to relay'
  I have been troubleshooting this for several days with no progress.
  I have created new Receive Connectors for the server that is advising that it is unable to relay, but they have all failed.
  I have tried setting the Internal IP address for Exhange Server 1 (Exchange Server 2 reports failure), with most combinations of Security (Anonymous, Exchange Users, etc).
  I have also tried with the IP range 192.168.11.0/24 to allow the whole the subnet, I still receive the unable to relay failure notice.
  I have tried this guide - hxxps://glazenbakje.wordpress.com/2012/12/30/exchange-2013-how-to-configure-an-internal-relay-connector/ - with different combinations, still no resolution.
  Even more info - Further troubleshooting -
  I found my one of my Exchange servers had an extra NIC. I have since added a second NIC to the other server, so now both Exchange servers have dual NICs. I removed the DAG cleanly and recreated the DAG from scratch, using this link -
  hxxp://careexchange.in/how-to-create-a-database-availability-group-in-exchange-2013/ 
  The issue still exists, even with a newly created DAG. I also found that the Tenant Address Books were not 'applied'. I applied them but still no resolution
  I think the issue is related to multi-tenant configuration even though the error says that it can't relay. The unable to relay message can appear when sending from a domain that the Organization does not support. Like trying to email as [email protected]
  when you domain name is apple.com - But through extensive research I still can't resolve the issue.
  Can someone please assist before I lose my sanity.
  Thanks in advance,
  Terry

• Can anyone explain what "multi-tenant" means with respect to OAM and OIF?

  Hi,
  I noticed that OAM 11gR2 has several additional authentication modules and schemes out-of-the-box for "MT" or multi-tenant. I've actually tried them, but am not clear exactly what their purpose is?
  As a test, I configured the FederationMT module and FederationMTScheme to protect a test resource in OAM, and then when I access the resource, I first get a page with one field for username and a "Sign In" button. After I enter a user name, it goes to a form login page and I can log into the OIF IdP, and that's about it. I guess that I don't see what this accomplishes?
  If anyone is familiar with this, please advise.
  Thanks,
  Jim

  Hi,
  Thanks for the metalink article. I've read that, and I can understand what the article is describing, but I'm not 100% clear how that relates to the configuration parameters in the FederationMTPlugin. The article talks about a mapping file, but I don't see something like that for configuring the TenantDismbiguationPlugin?
  The first step in FederationMTScheme plugin is a TenantDisambiguationPlugin, which takes two parameters:
  KEY_IDENTITY_STORE_REF
  KEY_FEDERATED_TENANTS (a comma-separated list of "some things")
  The steps/orchestration for the FederationMTPlugin has:
  Initial Step: FedUserAuthenticationPlugin
  TenantDisambiguationPlugin OnSuccess: FedAuthenticationPlugin OnFailure: UserIdentificationPlugin
  UserIdentificationPlugin OnSuccess: UserAuthenticationPlugin OnFailure: failure
  UserAuthenticationPlugin OnSuccess: success OnFailure: failure
  FedAuthnRequestPlugin OnSuccess: success OnFailure: FedUserAuthentication
  FedUserAuthenticationPlugin OnSuccess: success OnFailure: TenantAmbiguationPlugin
  [The OnError results for all steps are failure, so I haven't shown them.]
  So, the first step is the FedUserAuthenticationPlugin (AssertionProcessing), and if that fails, the next step is the TenantDisambiguationPlugin.
  I guess all of my questions are around what that TenantAmbiguationPlugin does, and how it works?
  I'm guessing that what you enter on the 1st webpage, which asks for a Tenant, is matched against the comma-separated list that is in the plugins "KEY_FEDERATED_TENANTS" parameter.
  Is that correct?
  But:
  a) What happens if there is a match of what you entered vs. what's in the "KEY_FEDERATED_TENANTS" list?
  b) What happens if there is NOT a match of what you entered vs. what's in the "KEY_FEDERATED_TENANTS" list?
  That article you mentioned calls for a mapping file, that maps what is entered (the tenant) to a user identity store, but where is that in the TenantDisambiguationPlugin's parameters? The only other parameter for that plugin is the "KEY_IDENTITY_STORE_REF" parameter.
  Having said that, I described the steps and step orchestration in the FederationMTPlugin above. If the TenantDisambiguationPlugin is suppose to somehow map what's entered to a user identity store name, then, with respect to the FederationMTPlugin, is that mapped user identity store used for the UI and UA steps (i.e., as the "KEY_IDENTITY_STORE_REF" for the UI and UA steps)?
  Thanks for your help with this. Oracle's documentation certainly merits some improvement :(...
  Jim

• How to make multi-tenant business rules

  hi'
  I want to write tenant specific Business rules in multi-tenant application, please give me some tips of making multi-tenat business rule.
  I know how to write common business rule for all the tenants.
  thanks
  Yatan

  I'd suggest using Flash Media Interactive Server if you wish to make this type of application and use Flash as the interface.  I can't give you the details on exactly how to implement it, but using Remote Shared Object and FMIS would serve as the basis.  I believe that the package comes with examples of Shared Objects that can serve as a simple basis from which to proceed.  After that you might want to see if you can find an available whiteboard app that can be leveraged to do as you wish.
  I apologize in advance if using this type of solution is a non-starter, I've been using FMIS locally and have plans to eventually implement something similar to this type of drawing app as well.

• SQL pricing for Migrating an existing multi-tenant application

  We have a client with an ~10 year old multi-tenant application running on a traditional dedicated hosting environment.  The client is interested in migrating to Azure but only if they can benefit from PAAS features (managed backups, snapshots, scaling,
  etc).
  Their application automatically creates a new SQL database with each new customer signup.  As such, there are 886 databases which would need to be moved.  The total size on disk of all DBs together is only 3.82 GB.  Only 3 DBs are more than
  100 MB.  862 of the DBs are less than 10MB each (794 of those are less than 5MB).
  The way I read Azure pricing, each of these 883 DBs less than 100 GB would cost $5/month.  The only other alternative is to get a VM with SQL server on it -- but I can't see the advantage of that vs. the dedicated host they are already using.
  Is there any other alternative to consider when contemplating an application made up of many small databases?
  Thanks in advance for any advice,
  Jason

  Hi,
  If you have existing applications or workloads you simply want to grab and move to the cloud, SQL Server in a Virtual Machine is the easiest path to realize the benefits of the cloud. If you are looking to innovate and build new relational applications running
  in the cloud or extend parts of on-premises applications into the cloud, SQL Database is the best long-term solution.
  In your scenario, if use azure SQL, you must pay for each database per month, refer to
  http://azure.microsoft.com/en-us/pricing/details/sql-database/for more information about SQL Azure, cost too much.
  About use SQL VM, I suggest you read the following article.
   #http://blogs.msdn.com/b/windowsazure/archive/2013/06/04/the-top-10-things-to-know-when-running-sql-server-workloads-on-windows-azure-virtual-machines.aspx?Redirected=true
  Best Regards
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• AD RMS for multi tenant domain environment

  Hi,
  I have successfully configure the AD RMS with lots of work around. now i want to use multi tenant domain environment. i have multiple domains running on my production env. Now can anyone help me out to configure the RMS Server to add multiple URLs for licensing
  and certifications in AD RMS Server on windows Server 2012. i need a proper step by step configuration roles to activate on immediate basis. 
  Any help in this regards will be highly appreciated,
  Attahcments screent shots might help you what i want ;)
  Regards,
  Imran Bashir
  MCSA 2008, MCITP, MCTS, MCP
  JNCIA ER,EX
  Brocade Certified
  Imran Bashir Network Administrator MCP, JNCIA-EX,ER,JNIOUS +92-333-4330176

  Hi,
  in a single forest you can have only one RMS SCP. You could create more RMS clusters but those are not discover-able that way, only over using RMS templates or overwriting the clients registry.
  If you say multi-tenant I assume every tenant should have its own RMS key, correct? If you have only one RMS cluster the cluster admin will have control over all documents.
  Hope that helps,
  Lutz

• Webex Node Multi-Tenant Configuration

  Hi,
       We are currently deploying webex node on ASR for a client, in the UC 8.x it mentions the ability to multi-tenant the node capabilityes e.g
  Page 22-9
  "There is also the potential to deploy the WebEx Node for ASR in a multi-tenant capacity, in which two
  businesses working closely together with staff working on each other's premises could have the other's
  WebEx site defined on their ASR Nodes. This means that, when staff for Enterprise B access their
  company's WebEx site through Enterprise A, they can use the local ASR Node to accelerate their
  meeting while saving bandwidth for Enterprise A. This feature can also benefit organizations that have
  multiple WebEx sites."
  This is the only reference in any guide I can find to being able to do this.
  Has anyone actually done this? Is it actually possible? and if so does anyone have any documentation that they can point out that may be of use trying to deploy this type of solution.
  I know it's a long shot but any help is much appreciated.

  Hi A.Zarei,
  Based on your description, I recommend to check if the Managed Metadata service application is associated with the web application where your My Site hose site exists.
  Please double check if the service account of the My Site host site web application and the user profile service application has read permission on the Managed Metadata service application.
  Best regards.
  Thanks
  Victoria Xia
  TechNet Community Support

• Move hana db from single tenant to multi tenant

  Hi experts,
  I have read that, for the moment, we cannot do an upgrade of a SAP system + conversion to a multi tenant Hana database in one shot. We have to deploy it on a single tenant and then move it to a multi tenant environment (where we can put a series of systems). Am I right? Right now we have a single tenant environment (A), and a multi tenant environment (B).
  How can we move the database from a single tenant to a multi tenant?
  - do we need to 'upgrade' the single tenant (A) to a multi tenant and then put it to our other multi tenant (B) environment? Problem here is that we then lose our single tenant environment for deploying new systems. We then need to redeploy everything, no?
  - or do we just need to restore the system database to the multi tenant database?
  Regards,
  Kenny

  Hi,
  Have you changed the <sid>adm user environment variables?
  You can resolve this problem using system copy procedure.
  Use installation master,, export database and Instance files ..
  Regards
  Ben

• Lync 2013 Multi-tenant Hosting Pack third-party solutions available for features listed as "Via Thirdparty"

  Hi,
  Who are all the third party vendors that can integrate with Lync 2013 Multi-tenant hosting pack V2  features that are supported Via 3rd party.
  1) Call park
  2) Outgoing DID manipulation
  3) E-911
  3) Dialplans & Policies
  4) Support for Analog devices (e.g. FAX)
  5) Response groups
  6) Network QoS - DSCP
  7) Phone number management
  8) IM/P & Voice with Skype. 
  9)Inteoperability with on-premises video conferencing systems
  Regards,
  SR

  Hi,
  Base on my understanding, as it is the Mutli-Tenant environment, in internal DNS server, there is no need to add the DNS A record
  lyncdiscoverinternal. However, you can try to add the DNS record in internal DNS server to test the issue as well.
  Also, please make sure you have updated both Lync Server 2013 and Exchange 2013 to the latest version. If not, update it and then test again.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Adobe Drive 3 with Alfresco in multi-tenant mode!

  Hi,
  I am trying to use Adobe Drive 3 with Alfresco CE 3.4 and have difficoulty accessing files when I use multi tenant mode on the alfreso side?! Anybody seen this before? Anybody know a solution to it?
  Regards
  Fred

  Hi Fred,
  On my enviorment, i use AD 3.0 and alfresco-community-3.4.d on Windows XP. there is no difference after set up the multi tenant mode.
  i still can assess  files on  Alfresco server.
  So can you please show your setting up for the multi tenant mode? And what's detail issue for your accessing files?
  Thanks,
  Jianfeng

• Can SCSM2012 be used as multi-tenant solution?

  Hello,
  I was wondering if the SCSM2012 can be used for multi-tenant purposes + monitoring of separated tenants.
  Situation:
  Deploying SCSM2012 to several customer sites(non-trusted domain) then providing the service from one location(1 console) to multiple (separated) customer sites. Customer will have own separated self service portal with pre configured (automated)workflows.
  For the monitoring case, the information needs to be collected from the customers site(deployed agents) and displayed at our centralized site(maybe 1 big screen for all tenants )
  Any ideas ?

  Hello Ayman,
  thank you for the quick reply. I was already afraid for this answer :(. But there could be scenarios where it is implemented already.
  The requirements that are needed are  complex. The deployement scenario will need to cover whole customers (complex) infrastructures. We want to deploy the SCSM2012 to manage (remote)the infrastructures.. Hereby is the monitoring also important part
  of our solution. The most common incidents,changes,problems will be automated(this is not the problem), but the collection of the data from the customer site and access it on our site is the issue. So this would be implemented as on- promise solution and we
  would manage (as needed) remotely.
  Not sure if the solution can be like this:
  Implement SCSM2012 at customer site, cache the data from CMDB into some tool that can be replicated to our site, whereby we could get the data out of this tool to use it for monitoring purpose. Then, when needed(as alert is popped up for random customer)
  we could log in remotely to solve this(if its not solved automatically). This is just idea please put some "better" idea(s). Thank you

• Multi-Tenant & DC Directory

  Hi There,
  We need to run a multi-tenant environment on a CallManager 4.1 cluster.
  How do I go about setting up a different corporate directory for each tenant within DC Directory?
  Regards Jay

  Unfortunately you cannot do this within DC Directory. There are third party tools out there that I have used/hacked to accomplish this task:
  http://ccmstuff.org/
  There are two free services and both can be used to provide customer directories.
  The first one you can create customer "search.asp" files and the other service will allow you to create seperate services for each directory.
  please rate posts.
  andy dignan - berbee

• Multi Tenant Application with Subdomains

  I have set up a multi tenant application on azure active directory. This all works fine. Lets say the url is https://www.myapp.com. Currently my "reply url" is therefore
  https://www.myapp.com.
  I then updated my application to create a sub domain for each tenant. e.g. customer1.myapp.com, customer2.myapp.com etc. This works but the trouble is that I need to manually add each customers url to the list of allowed reply urls which isn't
  very scalable. Is there any way around this. Some kind of wild card would be great but doesn't seem to work. e.g.
  https://*.myapp.com. Or is there another way that I am missing.

  Hi Paul,
  One option would be to do this would be
  by adding conditional logic in the application itself(in the redirecttoidentityprovider event), or by hard-coding a reply attribute with the URL of the application in the wsFederation element of the application's web.config before deploying.

• Multi-Tenant Environment

  what is Multi-Tenant Environment and who are providing services for Multi-Tenant Enviroment.
  Thanks, Avaneesh

  In Oracle E-Business Suite Release 12.1 Oracle introduced multi-tenancy features for HRMS (I think it only applies to HRMS). This uses a new 'Enterprise' Organization Classification to partition each tenant on a database and then applies that security using row-level VPD.
  This document provides more information:
  Oracle HRMS Multi-Tenant Functionality - An Oracle White Paper [ID 760500.1]
  This is an important step for Oracle E-Business Suite - it means that HRMS can be provided as a true SaaS offering. Some providers are already doing this - KBACE's Mentor offering is a good US example (see http://mentor.kbace.com).

• Implementing Multi-Tenant  Portal

  Hi,
  Thanks in advanced
  Anyone have any Configuration Documents Related to "Multi-Tenant Portal".
  Please send me on my mail id [email protected]
  thanks & regards
  Chittya

  Hi
  Refer to these links.
  These links give u some idea to start with.....
  All for One and One for All - New Functions for the SAP NetWeaver Portal in 2004s  Part II
  All for One and One for All - New Functions for the SAP NetWeaver Portal in 2004s
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/daa51a96-0b01-0010-738f-a0ecfd06104e
  Regards
  Bhargava
  points are welcome if useful

• 1. Is your service multi-tenant? Can an enterprise manage their users and data independent of other enterprises using their service   or is your service more like a consumer service Do you support any sort of enterprise identity? If so, do you support SAM

  1. Is your service multi-tenant? Can an enterprise manage their users and data independent of other enterprises using their service is your service more like a consumer service ?
  2. Do you support any sort of enterprise identity? If so, do you support SAML, openID or user provisioning APIs?
  3. What level of audit logging do you perform? All read/write of data? Do you support ability for customers to view only their activity logs?
  4. What level of penetration testing do you perform? Is it done by 3rd parties? How often are these tests performed?

  1. Is your service multi-tenant? Can an enterprise manage their users and data independent of other enterprises using their service is your service more like a consumer service ?
  2. Do you support any sort of enterprise identity? If so, do you support SAML, openID or user provisioning APIs?
  3. What level of audit logging do you perform? All read/write of data? Do you support ability for customers to view only their activity logs?
  4. What level of penetration testing do you perform? Is it done by 3rd parties? How often are these tests performed?