Recommendation/suggestions for server access
Hi, I do not know if I have ask the question in the correct thread or forum. So I decided to put into Windows server management.
My company does create website and also host for them, and we also have FTP services for some of the clients. currently we have about 6 servers, and all of them are stand alone web server,
with SQL installed in each and everyone of them. THis have been running for past 7 years and I am having a hard time managing it due to licensing and also too many web and ftp services spreading across all the servers.
We have decided to virtualize most of them and also have a centralize storage (SAN). we have bought the necessary hardwares (3x hosts and 1 SAN) and also licensing to do it.
Now this is my problem, i am the only one managing the whole infra. I have a group of developers who create the website and upload them to the respective servers (normally via FTP), I have
also clients who have FTP services with us for them to dump their files to their clients. There are many times where the servers is infected with viruses mainly due to the files they uploaded, or the server is compromised as they have leaked out their password
and of course many other reasons too. I am tired of clearing the shit every now each time the server is infected.
I need some suggestions or ideas or pointers, of the best and common practice that how i should managed the developers and users or their account. My new setup will be
3 Hosts, 1 SAN
1 Web VM - Shared hosting.
1 FTP VM
1 SQL VM
multiple Web VM - Dedicated hosting
1 DNS
1 Backup server
I have about 6 developers who need toremote access the above servers every now and then to upload files or edit the files for the WEB. I also have clients who pay for our FTP services.
I have a firewall, AV.
Dear experts, please kindly advise me.
Regards,
Knight
It depend on resources and operating system (unknown). For VM and host use
System Center or manage servers remotely from one server or workstation (after installing RSAT).
HTH
Milos
Similar Messages
-
Suggestions for remote access of Kiosks
I am starting planning a upgrade of a interactive kiosk and have been requested to include a number of additional options.
Current Setup
The Kiosk is a instore touchscreen unit that allows the customers to select and read product inforamtion, play video clips, and enter customer satisfaction feedback. Statistics of usage is stored in a text file that is retrieved form time to time.
The current aplication is +/- 160 Megs
22 Video clips ranging in size from 4Megs to 380Megs Currently Mpeg1, 720x576 Runs full screen
Created with Director 2004MX Ver10.1
OS Windows XP Pro
Kiosks; HP small formfactor AMD procesor, 1gig ram
17" touchscreens
The units are spead across the country, some in remote towns. +/- 60 kiosks in total
Currently updates, and statistic retrieval, is via USB memory sticks when Sales Representative vist the stores.
Updates Requested.
New format (22" widescreen)
HD Video
Remote Statistic Retrieval
Remote Update (load /replace information)
Remote Diagnostics
I relise that not all of this is possible but would like to here sugestions.
The HD Video will create even larger files and this will complicate the update proceedure, however the video files are not changed very often.
We have an extensive 3G/HSDPA data network across the country and most of the Kiosks will be able to access this network.
PUSH or PULL ??
The question is should each unit "send" its data to a central server or should a central computer "download" the data from each unit?
Like wise should each kiosk, on starting and at a set time, enquire if there is a update, and then download and istall?
The diagnostics have been requested since some of the store managers "forget" to turn them on or off or report eratic performance of the kiosk.
The current kiosks have been a great sucsess and have been operating for over 3 years with very few problems, however they are now looking old and the equipment is past its warrenty and we would like to increase the quality of the video inserts.
Windows 7?? better or worse. The kiosks are expected to be instores for at least 3 years...
Any comments most welcome
Rob HYou would need one of the machines to test if full screen HD video is possible... the video card would have to support HD video.
If you can upgrade to D11.5 then you can take advantage of native support of H.264 video.
If you use the Multiuser Xtra (or the free open source OpenSMUS) then you can have each of the units communicate with the server and vice versa for all your remote features.
You could upgrade to Windows 7, but it's not going to give you any better features/looks since it's a kiosk running a Director built front end... as well, there are the UAC security issues to deal with in Vista or Win7. I would think it's more important to upgrade the hardware to run the HD video smoothly.
In fact, all of your proposed upgrades are possible. The remote updates / diagnostics will probably be the most involved. -
My ain.js file is meant to work on and access server files for tracking all visitors to the site I am developing.
One way to access it, in my plan, is to use index.htm. when I open index.htm it displays correctly and presents a link to ain.js with a query line (?a=zzzzz--e2).
The entire file is displayed; but not executed.
Short of building my own server (prior to publishing what I am developing) how do you propose I test what I have written?
As a retiree, I have limited funds (the purpose of developing a website is meant to coorect that).This forum is for Firefox user support, very few of our contributors are developers.
Try posting at the Web Development / Standards Evangelism forum at MozillaZine. The helpers over there are more knowledgeable about web page development issues with Firefox. <br />
http://forums.mozillazine.org/viewforum.php?f=25 <br />
You'll need to register and login to be able to post in that forum. -
No saving my settings for server access
Every time I connect to my serve I have to go into
site->manage sites and re enter the server login and password
details to gain access. I have several web site I develop and have
to do this every time. I have the check box ticked to save but it
never happens, also how do I backup all these details in case of
crashes.
Many thanks
VoodooJaiSome versions of DW have "updaters" that resolve this known
issue.
"VoodooJai" <[email protected]> wrote in
message
news:g47rku$brr$[email protected]..
> Every time I connect to my serve I have to go into
site->manage sites and
> re
> enter the server login and password details to gain
access. I have several
> web
> site I develop and have to do this every time. I have
the check box ticked
> to
> save but it never happens, also how do I backup all
these details in case
> of
> crashes.
>
> Many thanks
>
> VoodooJai
> -
Help setting up Lion Server for remote access
I have been going in cricles for weeks trying to set this up correctly. Can anyone tell me what I'm doing wrong?
I got Lion Server and Server Admin Tools all updated and have been trying to follow Terry Walsh from We Got Served's guide but I missing something.
I purchased a domain from GoDaddy. Let's call it bradnet.com
My domain and dyn domain are not really what I have typed here but close enought that they should work for my example and trouble shooting.
Because my ISP (Comcast) doesn't provide a static IP I registerd for an account with dyn.com. This is where I get really confused. With dyn.com i created a host name: bradnet.dyndns-rocks.com and downloaded there updater software. It found my public IP address and said everything is ok.
I went back to GoDaddy and in my DNS manger page added the host: bradnet.dyndns-rocks.com and entered my public IP.
I then went to the server pane to edit the host name. I followed your instructions to edit the name and selected Host Name for Internet. I left the computer name as mini (what I had previously named it for file sharing before the server upgrade) and entered mini.bradnet.dyndns-rocks.com as the host name. When it takes me back to the server pane, in the bottom window it states:
Your Server's host name is mini.bradnet.dyndns-rocks.com, and its IP address is 192.168.1.10. You can change network settings in the Server pane.
I never get the your network is configured properly message.
I went and set my computer's IP to DHCP with manual address (although all of my machines are set up with DHCP reservations so I guess that is a little redundant) to 192.168.1.10.
I skipped the port forwarding step because I am using the latest AirPort Extreme as my router.
I then opened a browser and tried:
http://bradnet.com
http://mini.bradnet.dyndns-rocks.com
http://mini.bradnet.com
http://bradnet.dyndns-rocks.com
All of these got me the can't find the server response from Safari.
Also, I have not yet set up Directory Services. Terry's guide seems to suggest to do this step first.
I'm sure I have messed up some step somewhere can you see what I have done wrong?
Also, is it a problem to set up open directory services using a .local host and then go back and change it for internet access later or do you need to set that up from the start? My family is getting impatient with me trying to get this to work.
Thanks for any help anyone can offer!
BradThat manual page is not fully correct. There is written:
Public UDP Port(s): <enter the appropriate UDP port value(s)>
Public TCP Port(s): <enter the appropriate TCP port value(s)>
Private IP Address: <enter the reserved IP address of the host device (from step 1)>
Private UDP Port(s): <enter the same Public UDP Ports or your choice>
Private TCP Port(s): <enter the same Public TCP Ports or your choice>
But it should be:
Public UDP Port(s): <enter unique UDP Ports of your choice>
Public TCP Port(s): <enter unique TCP Ports of your choice>
Private IP Address: <enter the reserved IP address of the host device (from step 1)>
Private UDP Port(s): <enter the UDP Ports used by your device>
Private TCP Port(s): <enter the TCP Ports used by your device>
Make sure you use the same ports in the private settings as you have defined in your IP camera. Normally a camera will use port 80 by default, so use 80 here.
The Public ports must all be unique. If you have not defined a port 80 here, you can also use 80. This will fail however when using multiple cameras. I for instance have 5 IP cameras and use the public ports 8451, 8452, 8453 etc. -
LAN side firewall settings for Direct Access (Windows Server 2012 R2) in DMZ?
I am currently planning to set up our first Direct Access server (Windows Server 2012 R2). I will be in our firewall DMZ and we will be using the IP-HTTPS listener.
For the Internet facing rule only TCP 443 inbound/outbound is sufficient but for the LAN facing rules (not talking about the Windows server firewall) what would be the recommended firewall rules for a Direct Access server? Is there a best practice guideline
to follow for this? Appreciate any advice or comments. Thank you.Hi Barkley
Please see this Technet Link which will backup your requirements - https://technet.microsoft.com/en-gb/library/jj574101.aspx
Section Reads -
When using additional firewalls, apply the following internal network firewall exceptions for Remote Access traffic:
ISATAP—Protocol 41 inbound and outbound
TCP/UDP for all IPv4/IPv6 traffic
Also another link from http://www.ironnetworks.com/blog/directaccess-network-deployment-scenarios#.VO3tfvmsVrU
"I have had a number of conversations with security administrators and network architects who have expressed a desire to place the DirectAccess server between two firewalls (firewall sandwich) in order to explicitly control access from the DirectAccess
server to the internal corporate network. While at first this may sound like a sensible solution, it is often quite problematic and, in my opinion, does little to improve the overall security of the solution. Restricting network access from the DirectAccess
server to the internal LAN requires so many ports to be opened on the inside firewall that the benefit of having the firewall is greatly diminished. Placing the DirectAccess server’s internal network interface on the LAN unrestricted is the best configuration
in terms of supportability and provides the best user experience."
Kindest Regards
John Davies
Thank for your reply and information John. I find it somewhat disappointing that Microsoft does not provide much more in the way of documentation and information regarding this topic. I required more information to show to our security team so they will allow
us to have the internal facing NIC not have more restrictive rules in place as it is a security concern. -
I have tried the recommended remedies for the erratic behavior of the Magic Trackpad and the problem continues? Suggestions? Is the product defected?
Thank YouIt sounds like you disabled the guest network from your AirPort Express using AirPort Utility.....but you did not delete the network from the stored settings on your Mac.
We have no way of knowing what the "various instructions given by other members" might have included, but if you have not already done so on your Mac......
Open System Preferences (gear icon on the dock)
Open Network
Click on Wi-Fi on the left
Click Advanced at the lower right
Here you will see a list of networks that your Mac has joined in the past
Click on the name of the guest network to highlight it
Click the - (minus) button at the bottom of the network list to delete that entry
Do the same if there are other networks that you no longer need
Click OK at the lower right of the window
Click Apply at the lower right of the next window
Close the windows
Open Macintosh HD > Applications > Utilities > KeyChain Access
Locate a listing with the name of the guest network
Click on that listing to highlight it
Click the Delete key on your Mac
Click Delete in the window that appears
Close the windows
Restart your Mac now -
I have a mac mini server which I want to set up for remote access from windows and mac pcs. How do I do this. I can access it form my home network OK
Posted in error.
-
Suggestions for NAS for home network and remote access to clients
I have a photo studio in my home and will need to get the digital files to my clients roughly once a week. i am currently using dropbox, but was thinking of purchasing a NAS that I could use for this purpose,as well as for my home network needs, mainly itunes and photos of the kid...
any suggestions for a mac friendly NAS , and how it can be accesed by my client over the internet?
can a NAS be accessed like a FTP site, using fetch or another FTP client?
thank for any help.
-thomasHi Thomas,
I have had similar considerations and finally chose QNAP 439 Pro II over the many other ones out there (LinkSys, NetGear, Bufallo, etc.). Without going into technical details, the main reason for my choice were easy-of-use, functionalities and scalability:
http://www.qnap.com/prodetail_feature.asp?pid=148
It's not the cheapest solution out there, but works great with the Mac, even acts as storage solution for TimeMachine (with latest firm ware). And implementing client access is easy.
Hope this helps.
Kind regards,
Mark -
I have deleted a song from my library and want to re-download it. When I access my purchased items in the iTunes store, the song has the 'purchased' button next to it and won't let me re-download. Any suggestions for things to try?
While you can redownload most past purchases without charge, you can't redownload movies without paying again. See Downloading past purchases from the App Store, iBookstore, and iTunes Store: http://support.apple.com/kb/HT2519
-
Kerberos Configuration Manager for SQL Server: Access of system information failed!
I'm trying to use the new Kerberos Configuration Manager for SQL Server tool that was released recently to verify SPN on several SQL Servers, but any time I attempt to connect to a server I get the following error in the log:
6/24/2013 3:48:22 PM Info: Connect to WMI, \\<HOSTNAME>\root\cimv2
6/24/2013 3:48:25 PM Error: Access of system information failed System.DirectoryServices.AccountManagement.PrincipalOperationException: An error (1332) occurred while enumerating the group membership. The member's SID could not be resolved.
at System.DirectoryServices.AccountManagement.SAMMembersSet.IsLocalMember(Byte[] sid)
at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNextLocal()
at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNext()
at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.MoveNext()
at System.Linq.Enumerable.Contains[TSource](IEnumerable`1 source, TSource value, IEqualityComparer`1 comparer)
at KerberosCM.WMIHelper.isUserLocalAdmin(SystemInfo si, UserPrincipal user)
at KerberosCM.WMIHelper.getUserInfo(SystemInfo mi)
6/24/2013 3:48:25 PM Error: Error System.Exception: Access of system information failed!
at KerberosCM.WMIHelper.getUserInfo(SystemInfo mi)
at KerberosCM.SystemInfo.GetInfo()
at KerberosConfigMgr.Utility.Login(String serverName, String login, String password, Boolean isCmdLine, Form uiForm)
Things I have tried to resolve this:
1. Verified that my account is a Domain Admin.
2. Attempt to connect locally without inputting any information for server/user/pw
3. Attempt to connect remotely using server/user/pw
I always receive the same error message and log: Access of system information failed!
Has anyone else run into this issue?Update to this:
There were some invalid user accounts added to the Local Administrators group only showing up as a GUID. This caused the enumeration of the group to fail and generate the error in my original post. Removing those user accounts from the Administrators group
got past the enumeration error.
However, now when attempting to connect to the servers (locally or remotely) I get this error:
6/27/2013 10:24:24 AM Info: Connect to WMI, \root\cimv2
6/27/2013 10:24:38 AM Error: Access of system information failed System.Runtime.InteropServices.COMException (0x80070035): The network path was not found.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.SAMStoreCtx.ResolveCrossStoreRefToPrincipal(Object o)
at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNextForeign()
at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNext()
at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.MoveNext()
at System.Linq.Enumerable.Contains[TSource](IEnumerable`1 source, TSource value, IEqualityComparer`1 comparer)
at KerberosCM.WMIHelper.isUserLocalAdmin(SystemInfo si, UserPrincipal user)
at KerberosCM.WMIHelper.getUserInfo(SystemInfo mi)
6/27/2013 10:24:38 AM Error: Error System.Exception: Access of system information failed!
at KerberosCM.WMIHelper.getUserInfo(SystemInfo mi)
at KerberosCM.SystemInfo.GetInfo()
at KerberosConfigMgr.Utility.Login(String serverName, String login, String password, Boolean isCmdLine, Form uiForm) -
I have a SQL 2008 R2 system (10.50.4000) where I'm having problems connecting any user that is not a SysAdmin. Example: I setup a new SQL Login to use Windows Authentication and grant that user db_datareader on the target database. The user attempts
to connect using Excel client or Access or SQL Management Studio and receives Error 18456. The SQL Server Logs shows Error 18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
The strange part is that if I temporarily grant the user the sysadmin server role then the user can connect successfully and retrieve data. But, if I take away that sysadmin server role then the user can no longer connect but again receives the Error
18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
We've turned off UAC on the client machine to see if that was the problem, but no change.
I have dropped and re-added the user's SQL Login (and the related database user login info). No success.
The Ring Buffers output shows:
The Calling API Name: LookupAccountSidInternal
API Name: LookupAccountSid
Error Code: 0x534
Thanks for any help.
-WaltYes, you understand correctly. The user is logging onto a workstation (not the server) with a Windows Authenticated id. The user is using either Excel or Access or SSMS and connecting to the server using a Windows Authenticated SQL Login account.
If the account has sysadmin role (which is only for testing) then the connection is successful. If I take away sysadmin role from the account then the connection is unsuccessful and the SQL Server Log shows Error
18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
(SQL Authentication is not an option here. I must use Windows Authentication).
Any other troubleshooting assistance you can offer would be appreciated. Thanks.
-Walt -
Any suggestions for an all-in-one "cable modem router print server" (N)
any suggestions for an all-in-one "cable modem router print server" (N)?
If that's a problem with your cable company, change the company.
If your cable company is not able to provide you with a cable modem which gets you full performance for their service why would you bother with that company or try to make it better than them?
If you subscribe to a 100 Mbit/s service they must be able to provide you with a modem that does 100 Mbit/s and be able to demonstrate you 100 Mbit/s on your cable.
If they are unable to provide you with a modem which does 100 Mbit/s and thus cannot demonstrate that the service they have installed in fact can do 100 Mbit/s but only give you a 50 Mbit/s because that's the best they have, why bother buying yourself a better modem to find out whether or not their service does what it promises or not??
In addition, an integrated device won't get you better performance. On the contrary, consumer devices are generally single CPU (and core) devices. It's usually running some Linux or similar. If a single process gets overloaded it can drag down the performance of the whole device. For instance, let's say there is a bug in the print server software of the router. You print something and it hangs and the print server process on the router runs wild. Now the CPU is fully loaded and the routing performance will go down. If there is a bug in the routing software it will bring down the whole device and you can't even print.
You'll get the best performance if you use dedicated devices because then one device cannot overload another. Get a modem. Get a wireless ethernet router. Get a printer with integrated print server. That's far better.
It's like the all-purpose audio device compared to components... -
SAP Parameter Recommended note for SAP Content Server 6.40
Hi..
we are planning to installation of SAP Content Server 6.40 with SAP MAXDB 7.6 on Solaris, Kindly provide what are the recommendation need to perform before installation of Production system.
Like IO Buffer Cache[MB] , Number of Sessions or any SAP Parameter Recommended note for SAP Content Server 6.40 with SAP MAXDB 7.6.
Regards,
PanuHello,
Did you already check the preparations and parameters in the SAP CS 6.40 installation guide ?
You can find topics in the Installation Guide like :
- Planning and Sizing of the Database Instance
- Preparations
For more in depth tuning also have a look at the following document :
Operational Guide - SAP Content Server
This document contains the complete list of Content Server parameters.
Success.
Wim -
SAN certificate for external access for edge server and reverse proxy
Hello
I have a question related to the certificate planning for LYNC 2013 EDGE SERVER .
For external access and mobile user's , Iwant to enable all the feature for external user's .
im planning to purchase san certificate ,
my first question do I need only one SAN for both my edge server and the reverse proxy ?
my second question about the name's that shoud be added to the certificate ?
sip.mydomain.com
av.mydomain.com
webconf.mydomain.com
what else I should add ? I want to add the names for all feature access.
Kind Regards
MKYour Front End Pool should only contain front end servers, does it also contain your edge and back end? If so, this is a misconfiguration.
If you're planning to implement high availability, you'll want a different internal web services FQDN name than your pool name (unless you load balance the entire pool with a hardware load balancer).
You'll want your external web services FQDN to be different from your pool name if you want to use the mobile client on the internal network. Once you've come up with a new and otherwise unused FQDN for this purpose, you'll want that as additional
SAN on your cert.
Since you're not using this for the internal certificate, you can also pull admin.mydomain.com and LYNC2013-FE.mydomain.com off of the cert as those are needed internally only.
Lyncdiscoverinternal you can leave on if you need your internal mobile clients to not throw certificate errors because they don't trust your internal certificate authority, but this name would then need to be pointed to a reverse proxy or something that
can present the third party certificate.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications
This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Maybe you are looking for
-
The i pod will synch purchased songs to the new library but that would mean losing most of my songs. I tried home share but that only showed the purchased songs too. I would lie to un-synch the old laptop, de-authorise it and remove i tunes altogethe
-
SAPUI5 in SAP MII 14.0 - error on running index.html
Dear All, I am working on SAP MII 14.0. I am trying to run a sample example on SAPUI5 implementation in SAP MII 14.0 taken from link: http://scn.sap.com/community/manufacturing/mii/blog/2013/03/21/making-engaging-ui-on-sap-mii-with-sapui5 But I got a
-
JCAP512 and JCAP6 conflict with concurrent database connectivity
So here is the situation: Environment: - We have a production JCAP6 appserver (AIX server 1) running a project pulling data from database A - We have 4 JCAP512 domains on AIX Servers 2,3,4 running 4 distinct projects pulling data from server A - All
-
How to make audio playback auto stop
Hello! I am creating a widget for iBook that will be a cooking instruction step-by-step slides for the user to follow. I used the 'Gallery' object to create the slides so each step is a cell in the gallery, and the user can swipe left/right for the n
-
Acrobat stripping out clipping paths from jpegs in batch processing
Acrobat 8. I'm using the batch processing feature for watermarking both fpo jpegs (and low res pdfs) and I've noticed that when saving to jpeg, clipping paths in the original jpegs are lost. How do I get acrobat to retain the clipping paths? Thanks,