Recommendation hosts in a single subnet for agents in IPCC
Hi,
i am looking for designing the subnets for agents in an IPCC deployment, could someone help me in understanding the best practice/recommendation from Cisco on the number of hosts which is best to keep in a single subnet.
Thanks.
Hello:
If the cluster multicast address is set to default it works fine. When it is
set to 239.192.24.123 it does not work.
regards,
Ravi
Ravi Krishnamurthy wrote:
> Hello:
> In a cluster with nodes from different subnet ( with weblogic 7.0 sp1)
> there is an application deployed with mdb's. The jms server is not
> clustered and is targetted only on one server in the cluster.
>
> When the second node is starting, it is not able to comminicate with the
>
> jms server running in the other node. The connection factories are
> clustered.
>
> What I may be doing wrong.
>
> regards,
> Ravi
Similar Messages
-
I am looking for a design guide to help me split up a large subnet for a Cisco Wireless network. We have a Campus with a centralised Wsim and a single SSID. We are hoping to be able to keep the single SSID but split the subnet as it is now quite large and we would like to reduce the broadcast domain to a manageable size. I have found a number which have different SSID but we would like to keep only 1 as it simplifies the user experience.
Adding to Scotts post. If you are doing 802.1x you can use dynamic VLAN assignment to achieve the results as well.
AAA returns attributes 64/65/81 to the WLC, to change the VLAN the user gets put into. You do still need to create the dynamic interfaces on the WLC.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
Multiple RAC databases on same GI using different subnets for Public i/face
Hello. We are configuring a 2 node cluster. That cluster will host several RAC databases. For security reasons our networking team want to create separate subnets for the application traffic to each specific RAC database on the cluster.
E.g. application 1 has 2 application servers that will connect to RAC database PROD1 via one subnet, application 2 has 3 application servers that will connect to RAC database PROD2 via a different subnet, etc.
In addition the networking team want to configure a separate management subnet that DBAs etc. will use to administer all RAC databases and infrastructure in the cluster.
Grid Infrastructure version 11.2.0.2. Database versions will vary from 10.2.0.x to 11.2.0.2. All databases will utilise RAC.
We want to take advantage of SCAN listener functionality to support connectivity to all databases on the cluster. Forum thread 2199620 [https://cn.forums.oracle.com/forums/thread.jspa?threadID=2199620] suggests that 11gR2 supports multiple subnets, which looks to be exactly the feature we need. Please can you confirm how this works and point us to any documentation (standard docs, white papers, MOS, etc.) that might help us configure this.
Document referenced in thread 2199620 was not exactly what we were looking for, and didn't translate too well in Google Translate.
Any guidance much appreciated. Thanks, Rich.
Similar threads:
https://cn.forums.oracle.com/forums/thread.jspa?messageID=9846298? (Dual SCAN on multi homed cluster)
https://cn.forums.oracle.com/forums/thread.jspa?threadID=2199620 (scan listener in OAM VLAN)
Edited by: 887449 on 26-Sep-2011 01:41Thanks Levi. Your advice is very much appreciated.
Your statement that we can only have one SCAN listener listening on one public network is actually the clarification I was looking for.
For anyone else reading this thread I believe this gives us 3 options:
1) Configure a SCAN listener and have all applications, and all management/administration, connecting to the corresponding database on the same cluster via that SCAN listener, all on the same subnet.
2) Configure a SCAN listener for use by all applications connecting to the corresponding database on the same cluster, and use TNSNAMES/VIP for management/administration traffic, both on separate subnets (by configuring the LISTENER_NETWORKS parameter)
3) Configure a SCAN listener for use by applications connecting to one of the databases on the cluster via one subnet, use TNSNAMES/VIP for all other applications connecting to other databases, each using their own subnet. Plus, the management/administration could be via another subnet utilising TNSNAMES/VIP.
From our perspective we will work out the best one for us and implement accordingly.
Thanks again for your timely and comprehensive response. -
Single-signon for multiple sites or sub sites
Does anyone know of some good articles/publications or suggestions for
implementing a single signon for multiple very secure internet sites in
weblogic type environments.
For example, bank1 has a internet site and bank 2 has an internet site.
Bank 2 has some cool features they want to offer bank1's customers. They
agree but, bank1 wants to present bank2 as a tab or part of bank1 site.
IN order to do this there are lots of fun things, but the things Im
interested in are how to authenticate between them and handle timeouts.
timeouts seem particularly tricky in that if I dont hit a page on bank2
for a while, it could time out its session for the guy on bank1. Also if
im in the bank2 section of the site, then bank1 could time me out as
well.
any ideas let me know.
thanks
JoelI've been informed ;-) that a pure Java solution is also available from
Entegrity. So here are a couple of URLs for you to research
anagrammatically:
http://www.netegrity.com
http://www.entegrity.com
Cameron Purdy
Tangosol, Inc.
http://www.tangosol.com
Tangosol: How Weblogic applications are customized
"Cameron Purdy" <[email protected]> wrote in message
news:[email protected]...
Netegrity?
Cameron Purdy
Tangosol, Inc.
http://www.tangosol.com
Tangosol: How Weblogic applications are customized
"Tim Funk" <[email protected]> wrote in message
news:[email protected]...
This is long winded and I tried to have this make sense, if it doesn't
just mark this as read ...
I am running into the same issue. Out of need, different applications
need to be hosted on different boxes/JVM's/web applications. I am
experimenting with a customer single sign on process which is
independent of Java but lends itself nicely to it. Here is my thoughts:
1) All applications need to run under the same domain. For example:
foo.redrose.net, www.redrose.net, bar.redrose.net, app1.redrose.net
all reside under redose.net.
2) You have a database table (secure) that contains the following:
user id, password, session id, last access time.
3) This database table contains all of the valid sessions across the
domain (in this exmaple .redrose.net)
4) There is a daemon running which runs every ?? seconds that deletes
any records older than ?? seconds/(or minutes/hours) in the
database.
5) There exist a cookie which is set to the domain level that contains
the session id.
6) The session id provides a way to obtain the id and password for the
user to authenticate to the container. For example in WL5.1SP8 there
exists: weblogic.servlet.security.ServletAuthentication.weak(...) to
authenticate to your container. By using this you will get the
capability of setting up your roles and ACLS etc in you web.xml and
weblogic.xml to handle authorization.
7) All requests to any applications participating in this philosophy
must do the following for EVERY request (or appropriate):
Even if you are logged authenticated to the container and authorized,
you may have timed out or logged out of another application. So the
database table must be checked to see if the session id exists. At the
same time, you must also update the last access time to prevent timeout.
8) If the user tries to access a different application which he has not
authenticated to yet - the user will be forwarded to a servlet whichwill:
a) Look for the cookie at the domain level
b) If the cookie is found - get the UID and PWD from database
b2) Present login form if cookie is invalid/not exists
c) Authenticate to container
d) Forward back to original page and let the container handle
authorization since you have already authenticated.
I use have encapsulated the database activity into 3 stored functions:
1) isValidSession(session_id) - Returns null or the user id and pwd
concatentated which will need split apart if needed
2) makeSession(user_id, password) - Returns a new unique session id and
creates the appropriate record
3) cleanUpSessions() - Arguements not yet determined. This will delete
any records older than a certain time. I would like to have the proc
know what to delete without being given a parameter but time to the
second level can be tricky for some DBMS's.
There is a concern of storing the user id and password in the database
but this can be eliminated with a good design to restrict access to the
database table and using encrypted connections.
Hope this helps. Hopefully - a similar philosphy will be adopted by an
application container so I may not have to worry about this and I can go
back programming business functionality.
-Tim
Joel Nylund wrote:
Does anyone know of some good articles/publications or suggestions for
implementing a single signon for multiple very secure internet sites
in
weblogic type environments.
For example, bank1 has a internet site and bank 2 has an internetsite.
Bank 2 has some cool features they want to offer bank1's customers.They
agree but, bank1 wants to present bank2 as a tab or part of bank1site.
IN order to do this there are lots of fun things, but the things Im
interested in are how to authenticate between them and handletimeouts.
>>>
timeouts seem particularly tricky in that if I dont hit a page onbank2
for a while, it could time out its session for the guy on bank1. Alsoif
im in the bank2 section of the site, then bank1 could time me out as
well.
any ideas let me know.
thanks
Joel -
No ping between host in the same subnet
Hello,
I have a question about the ASA and the ARP traffic in IOS 9.1.2 for ASA 5585-X and multicontext. I have discovered a curious behaviour about the traffic ARP in the my CLUSTER of ASA's. When I try to send a ping between host in the same subnet and these host have as Gateway the interface of the ASA (ASA is his router) don't works, if I mark the check to enable the comunications between host connected to the same interface this cotinues without work. The only way to get my aim (ping between host), I need to implement and Access Rule allowing the traffic IP between my origin network and destination the same network.
I think that this is some feature of ASA that filter the ARP Request but I don't understand!!! Can I help me, please?
Thanks.Hi,
Your firewall should not see any traffic between the hosts on the same subnet.
If it is seeing traffic between the hosts then its likely that Proxy ARP on the ASA is the problem. Proxy ARP is enabled on the ASA by default on all interfaces. This essentially means that when the host connecting to the other host on the same subnet sends an ARP request the ASA might reply to that ARP request instead of the actual destination host. This is why traffic might get forwarded to the ASA instead of the actual host.
If you want to disable the Proxy ARP on some ASA interface then you can use
sysopt norpoxyarp
Where you replace the with the actual name you have given to the interface on the ASA. This disables the Proxy ARP
- Jouni -
Can anyone recommend a duplicate file finder application for OS10.6 systems? All the apps I find on the App Store are only for 10.7 and later. I don't know how to filter a search on the App Store by operating system (if this is even possible). I currently have a MacBook running OS10.6.8. If you can recommend an app, please post the URL. Would appreciate any helpful suggestions....
<Email Edited By Host>Launch the Console application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Console in the icon grid.
Make sure the title of the Console window is All Messages. If it isn't, select All Messages from the SYSTEM LOG QUERIES menu on the left. If you don't see that menu, select
View ▹ Show Log List
from the menu bar.
Click the Clear Display icon in the toolbar. Then try the action that you're having trouble with again. Select any messages that appear in the Console window. Copy them to the Clipboard by pressing the key combination command-C. Paste into a reply to this message by pressing command-V.
When posting a log extract, be selective. In most cases, a few dozen lines are more than enough.
Please do not indiscriminately dump thousands of lines from the log into this discussion.
Important: Some private information, such as your name, may appear in the log. Anonymize before posting. -
I got the following error with trying to install agent
# java -jar agent.jar -d /u01/avagent/
Agent host is not registered.
Agent host must be registered before an agent can be installed or upgraded. Agent deployment failed.
database firewall ip address is 10.0.0.10 (for management) and 192.168.0.10 (for traffic source)
auditvault server ip address is 10.0.0.11 (for management)
I have 2 IP address on my DB 10.0.0.9 and 192.168.0.9
when i register host with ip 192.168.0.9 i will get the error
but if i register host with ip 10.0.0.9 installation is fine with no error
i want to monitor audit traffic on 192.168.0.9 interface which is for client to access so i need to register host with ip 192.168.0.9hi Stefan,
this is expected behaviour, or at least it's better to say : in a multi homed system the choice of the network path that is used is determined by the underlying tcp network,
it doesn matter which path the sqlnet connection from agent to AV server takes as long as it is able to connect. Your statement about 'monitor audit traffic on 192.168.0.9'
does not make sense, the agent / collection framework is the part that fetches audit records from secured targets and has nothing to do with monitoring network traffic since
that part of the functionality is done by the firewall component. Anyway if you want to change the nework path you need to use 'route' and force it,
greetings,
Harm ten Napel -
Existance of two different domain in a single subnet
Hi..i have a query...Is it possible to create two domains say A.com and B.com in a single subnet(in the same network)?sujit mohanty
Yes, there is no problem to perform that.
You have to give more details about what you want to accomplish exactly so that we can help you more.
Note that it is recommended to have at least two DC/DNS/GC servers per domain.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows 7, Configuring
Microsoft Certified
IT Professional: Enterprise Administrator -
Please recommend a 2TB USB external HD for my MacBook Air.
Please recommend a 2TB USB external HD for my MacBook Air.
Probably better to put this in the MacBook Air Forums. Hope you don't mind. but I have asked the hosts to consider doing this.
-
Please recommend best quad i7 & intel mb for PP cs5.5
Please recommend best quad i7 & intel mb for PP cs5.5
Looking for best bang for the buck. 6 sata drive connectors, usb3 also.
doing mostly avchd. Utilizing software 2 drive raid0. Win 7 64bit. I usually convert my avchd footage to more editable formats before i edit them.Steve,
I assume that you already have a single non-RAID OS disk in addition to the 2-disk aid0. If that's the case, I'd strongly recommend two additional disks and create a second aid0 array.
If on the other hand the 2-disk aid0 are the only disks that you have (and used for absolutely everything including the OS and programs), then get at least three more disks: One single non-RAID disk for the OS and programs plus two identical disks and create a second aid0 array with that pair.
With either of those configurations, if you are going to transcode AVCHD to a format with an intermediate codec, then you can get away with the "Budget" quad-core i5 system (however, I would change the 192-core GTX 550 Ti to a 336-core non-Ti GTX 560 since the prices for those two right now are closer together than the differences in performance between them). But if you're going to edit AVCHD directly in Premiere Pro CS5.5, you will need at least the "Economical" (i7-2600(K)) system in order to edit smoothly.
Oh, I see that you are actually looking for an i7. In this case, then, unless you are willing to spend at least $1,000 just for the CPU and mobo, the only current choices would be in LGA 1155: the i7-2600, 2600K and 2700K. The non-K CPU is limited-overclockable (meaning that you'll get only 3.9GHz out of that CPU maximum) while the other two can be overclocked further (to 4.4GHz and up with most chips). The i7-3820 isn't on reseller shelves yet, but from what I read it should perform on a par with a slightly overclocked i7-2600K.
For the motherboard, I'd recommend a Z68 board from Asus, MSI or Gigabyte. (Or, if you choose the i7-3820 when it begins shipping to resellers, your only feasible choices would be an X79 / LGA 2011 mobo from Asus or Intel since the X79 boards from Gigabyte suffer from quality issues with the VRMs used on those boards.) Keep in mind, however, that the lower-priced Z68 boards from the three brands are more difficult than pricier Z68 mobos to achieve a high stable overclock because the budget boards often lack manual CPU core voltage adjustments per se (they have only voltage offsets instead). Pricier Z68 mobos have fixed manual CPU voltage settings in addition to offsets. -
Single URL for internal and external CRM access when using IFD
Hello,
At one of our client site I have setup IFD on CRM 2011. This IFD is behind TMG. My client is a big corporation therefore all CRM components including CRM, ADFS and SQL are on separate servers.
I have configured IFD using single url https://orgname.contoso.com Their IT staff wants to know why can't they use single URL for internal and external access where internal users are nto prompted for authentication
when logging on to the CRM server. I know you can do URL re-write in ADFS but they want to know the reason "why internal users can't use the same IFD URL and don't get prompted for their credentials". Text below is from their IT staff.There are several approaches to your question. You need to set up both an internal and an external relying party trust. If you use the external URL, it will always direct you to the signin page, if you use the internal URL, it will resolve you single
sign on.
I've configured IFD for CRM multiple times, and this is how it works. CRM looks at the URL. If you use the external URL (org.domain.com), it will prompt for credentials. So what you are asking for, a single URL that works single sign on internally and prompts
externally really isn't possible.
What I recommend is:
1. make the external URL available internally
2. Configure all outlook clients against the external URL, that way you won't have to reconfigure when someone goes internal to external
3. Have users who are primarily internal use the internal URL for the web client, which will resolve single sign on
4. Have users who are primarily external use the external URL for the web client
For #1, since you only need to enter the credentials when you first configure CRM, it is in all effects single sign on.
One thing I haven't tried that may work is using IIS redirect internally to redirect the external URL to the internal URL. There is also a powershell script in the IFD guide that you can use to make the outlook client switch between the internal and external
URL's, but nothing that will give you a single URL that works as the internal relying party trust when internal and the external relying party trust when you are external. -
Installing Valid SSL Certificate for Agent Reskilling Tool
Has anyone done this? I'm looking for documentation and can't find anything. There's documentation for UCM/CUIC, but nothing for agent reskilling. The Cisco Security Best Practices seems to just gloss over this subject and not really provide any good data.
davidHi David, I recently tried to do this and I think I figured out a solution. This is on ICM 8.5(4). Let me know if this works for you.
Open SSL Encryption Utility. Select All Instances. Click Certificate Administration tab. Click Uninstall. Close SSL Encryption Utility.
Create Certificate request in IIS Manager.
Complete Certificate request in IIS Manager.
Export Certificate in IIS to c:\icm\ssl\[yourfile.pfx]. Remember password you use.
Open command prompt
Cd c:\icm\ssl\bin
Openssl.exe
pkcs12 -in c:\icm\ssl\[yourfile.pfx] -nocerts -out keyfile-encrypted.key
pkcs12 -in c:\icm\ssl\[yourfile.pfx] -clcerts -nokeys -out [host.crt]
Exit
Copy c:\icm\ssl\bin\host.crt to c:\icm\ssl (overwrite if necessary)
Copy c:\icm\ssl\bin\keyfile-encrypted.key to c:\icm\ssl (overwrite if necessary)
Open SSL Encryption Utility. Select All Instances. Click Certificate Administration tab. Click Install. Click no when it asks to create a new certificate. Close SSL Encryption Utility. I got one error but certificate imported successfully.
Verify by going to https:///reskill
Openssl commands taken from http://www.markbrilman.nl/2011/08/howto-convert-a-pfx-to-a-seperate-key-crt-file/ -
Single inovice for TAN and TAS ITEMS ?
HOW TO SETUP SINGLE INVOICE FOR THE SALES ORDER WITH LINE ITEMS TAN AND TAS.? PLZ HELP WITH SEETINGS AND PROCEDURE.
REGARDS,Hi
Copy Item Category TAS to ZTAS and for ZTAS Item Category,do the following changes delivery relevant billing,Also maintain
Copy controls.
Also make sure that in the sales order split invoice should not take place because of the billing split parameters.It is recommended not to go with the same sales order as it is related to third party sales process
Regards
Srinath -
Coldfusion 9 Recommended Hosting Providers
i am with flinthosts.co.uk and the service is really bad, its been over 2 days and they cant seem to sort out the issue with the server and below is the answer they gave for the issue they have with the server
"It's not a simple problem - u seem to think that every issue is straight foward and solvable with the flick of a switch. Some things are rarely like that.
We are investiating and trying to find the cause of the issue and will update you at a later stage"
so till they can figure it out, the site is having errors and i am stuck in limbo and thats not an answer i can give the client.
would anyone know alternative coldfusion 9 recommended hosting providers.We're running ColdFusion 9 Enterprise on our newest servers, one physical host running five different ColdFusion virtual machines for optimum usage of the Java heap.
As for a guarantee if your application will not work on our platform due to a technical limitation our end then yes, we'll give you your money back no problem. However you can't just change your mind and get a refund, no.
In saying that, I think we've had maybe five people in the five years need a refund, and that includes ASP, PHP, and other platforms as well
If there's anything you need that's out of the ordinary that you think specifically might not work let me know and I'll take a look. -
Create a single delivery for different schedule lines in the scheduling agr
Hi
I want to create a single delivery for different line items with different delivery dates in the scheduling agreement, as Iam aware it is possible to combine different line items into one delivery through sales order.
Need your inputs
AravindHi,
Try with below solution and see I am not confirm about this
VL01N >>> Menu outbound delivery >>> Deliver sales order
Here you put order number and selected date as your ANOTHER SCHEDULE LINE
Kapil
Maybe you are looking for
-
On how many systems can i install dreamweaver cs6
About a month ago i have format my whole old pc with also dreamweaver cs6 deleted (i had troubles with my whole pc, thats the reason to format the whole pc) I sell the empty pc. only windows 7 on it. Now i have an new pc. and i have installed dreamwe
-
How to read text file content in portal application?
Hi, How do we read text file content in portal application? Can anyone forward the code to do do? Regards, Anagha
-
Chart: Changing the color of a bar
Hello Experts, We would like to change the color of a particular bar in the chart. Can someone share a code snippet to achieve the same? If we use color-pallete aggregation then color change is getting reflected to all the bars. We are using makit li
-
I can't open my Mac. After I downloaded the update and I restarted it I can't log in
It's just in the start screen with my computers my computer's name and Guest user. With sleep restart shutdown on the bottom. Now my iPhone is lagging
-
Help Regarding a Picture Display in Customer Container.
Hi, I am generating a ALV report output with an ICON in every line to show the corresponding picture of the material in a Pop-up window. Now for displaying the picture at usercommand from ALV , HTML browser is placed on the custom container screen a