Remove Health Care (keepalives) CSS 11503

Similar Messages

• Installing an SSL certificate for a CSS 11503

  I'm having the hardest time searching for clear instructions on how to request and install an SSL certificate for a CSS 11503 Content Switch. Can anyone help or point me in the right direction?
  I'm also looking for instructions on how to replace an SSL certificate once it's been installed. Thanks!

  Allen,
  The portion of the configuration guide related to SSL certificates and keys can be found here:
  http://cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801eea82.html#1422544
  To replace an SSL certificate, you'll need to remove the current certificate and re-import/create the new one.
  ~Zach

• CSS 11503 does not ask confirmation

  Hi,
  Our CSS 11503 does not ask confirmation when I want to delete or add a service, owner or group.
  Here is the log of some deletion and addition a service:
  11503_Master(config)# sh run ser mtsopa01-9700
  service mtsopa01-9700
  ip address A.B.C.D
  protocol tcp
  port 9700
  keepalive type http
  keepalive port 9700
  active
  11503_Master(config)# no service mtsopa01-9700
  11503_Master(config)# (As you see there is no confirmation)
  11503_Master(config)# service mtsopa01-9700
  11503_Master(config-service[mtsopa01-9700])# (As you see there is no confirmation)
  11503_Master(config-service[mtsopa01-9700])# ip address A.B.C.D
  11503_Master(config-service[mtsopa01-9700])# protocol tcp
  11503_Master(config-service[mtsopa01-9700])# port 9700
  11503_Master(config-service[mtsopa01-9700])# keepalive type http
  11503_Master(config-service[mtsopa01-9700])# keepalive port 9700
  11503_Master(config-service[mtsopa01-9700])# active
  Have you any idea?
  PS:
  Version: sg0750103 (07.50.1.03)
  Product Name: CSS11503-AC J0

  do a 'show profile'
  You are probably in expert mode.
  CSS11503-2# sho prof
  @no terminal more
  @prompt CSS11503-2
  @expert <=====
  do 'no expert' to revert to normal mode and don't forget to do a save profile.
  Gilles.

• Routing issue with CSS 11503

  The senerio contains a PIX 515 E firewall,4507R Chassis switch and a CSS 11503. The servers in inside zone of the PIX is load balanced using a vip with default route specified in the CSS is the inside zone interface IP of the PIX
  Now I would like to load balance the servers in the DMZ zone of the PIX with a separate vip(from DMZ zone) in the same CSS. Since the default route in CSS is towards the inside zone of the PIX, I am unable to see the load blanced pages from dmz. Is there any solution to load balance the servers of the 2 zones with 2 different vip's using a single css ?

  The default behavior is to use the calling device's CSS for the redirected calls. In your case it sounds like you want to use the redirecting device's CSS. I haven't tried this myself but I believe you will need to change the following registry entry on your PGs. You will want to use option 2 (ROUTEADDRESS_SEARCH_SPACE).
  HKEY_LOCAL_MACHINE\SOFTWARE\Cisco
  Systems,Inc.\ICM\IPCCL\PG1B\PG\CurrentVersion\JGWS\jgw1\JGWData\Dynamic
  "UseRouteAddressSearchSpace"=dword:00000000
  - Used to control behavior on CTI Route Points for Route Selects.
  UseRouteAddressSearchSpace can be to set 0, 1, or 2 where :
  DEFAULT_SEARCH_SPACE = 0
  CALLINGADDRESS_SEARCH_SPACE = 1
  ROUTEADDRESS_SEARCH_SPACE = 2

• Health Care Adapter Installation Error - SQLException: ORA-00439

  Hello,
  While attempting to install the SOA Health Care in Windows development environment against an XE database the below error was seen. Any thoughts?
  Oracle_SOA1\bin>ant -f ant-soahc-postinstall.xml
  replaceSqlScript:
        [sql] Executing resource: C:\Oracle\MiddlewareHCA\Oracle_SOA1\soa\thirdpar
  ty\healthcare\b2b_mv.sql
        [sql] Failed to execute:     CREATE MATERIALIZED VIEW LOG ON b2b_business_
  message WITH ROWID, SEQUENCE (ext_business_message, channel_name, direction, cre
  ated, native_msg_size, doctype_name, doc_protocol_version, doc_protocol_name) IN
  CLUDING NEW VALUES
  BUILD FAILED
  C:\Oracle\MiddlewareHCA\Oracle_SOA1\bin\ant-soahc-postinstall.xml:92: The follow
  ing error occurred while executing this line:
  C:\Oracle\MiddlewareHCA\Oracle_SOA1\bin\ant-soahc-postinstall.xml:314: java.sql.
  SQLException: ORA-00439: feature not enabled: Advanced replication

  Shreekant,
  would you mind sharing the solution.
  prakash

• CSS 11503 load-balancing with MS Print Servers

  We are trying to load-balance print server connections between 2 MS print servers. When we try to connect to the print servers name, (\\PS01) or even the VIP address, we get a Path not found error. However, if we direct the path to the actual name or ip address of the print servers (not the VIP), we can view all the queues and connect/print to them. Is this possible to do on the CSS 11503? Thanks.

  Pete- Here is our config. See any problems?
  configure
  !*************************** GLOBAL ***************************
  ip route 0.0.0.0 0.0.0.0 1.100.100.100 1
  !************************* INTERFACE *************************
  interface 1/2
  bridge vlan 2
  !************************** CIRCUIT **************************
  circuit VLAN1
  ip address 1.100.101.110 255.0.0.0
  circuit VLAN2
  ip address 10.100.249.1 255.255.255.0
  !************************** SERVICE **************************
  service ps01
  ip address 10.100.249.5
  active
  service ps02
  ip address 10.100.249.6
  active
  !*************************** OWNER ***************************
  owner printserver
  content L3_Basic
  add service ps01
  add service ps02
  vip address 1.100.100.35

• CSS 11503 - question on version

  We're about to do an annual OS update to our CSS 11503, and I noticed that there are two current versions of WebNS, both released in the same month: 8.10.4.01 and 8.20.2.01. Could anyone outline for me the differences between the two (or point me to the right release notes)? I usually upgrade to the latest release, but having two at the same time is awfully confusing.
  Thank you!

  They are essentially the same.
  We always port all fix to both of them.
  Release notes are here :
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/release/note/RN810_X.html
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/release/note/RN820_X.html
  Gilles.

• CSS 11503 in Active Active mode

  Can we configure CSS 11503 in Active/Active mode, means can multiple context would be configured?
  Thanks & Regards,
  Shahzad.

  Here you go
  Assumptions:
  VIP 10.10.10.100 is Master on the CSS 2 and backup on the CSS1
  VIP 10.10.10.101 is Master on the CSS1 and backup on the CSS1
  Vlan 10 is the Server Vlan (Redundant Interfaces here)
  Vlan 20 is the Client vlan (Redundant Vips here)
  Services for VIP 10.10.10.100 (real server) have default gateway pointing to redundant interface 172.20.40.253
  Services for VIP 10.10.10.101 (real server) have default gateway pointing to redundant interface 172.20.40.254
  CSS #1
  circuit VLAN10
  ip address 172.20.40.1 255.255.255.0
  ip virtual-router 1 priority 101 preempt
  ip virtual-router 2
  ip-redundant-interface 1 172.20.40.253
  ip-redundant-interface 2 172.20.40.254
  Circuit VLAN20
  ip address 10.10.10.1 255.255.255.0
  ip virtual-router 3 priority 101 preempt
  ip virtual-router 4
  ip redundant-vip 3 10.10.10.101
  ip redundant-vip 4 10.10.10.100
  CSS #2
  circuit VLAN10
  ip address 172.20.40.2 255.255.255.0
  ip virtual-router 1
  ip virtual-router 2 priority 101 preempt
  ip-redundant-interface 1 172.20.40.253
  ip-redundant-interface 2 172.20.40.254
  Circuit VLAN20
  ip address 10.10.10.2 255.255.255.0
  ip virtual-router 3
  ip virtual-router 4 priority 101 preempt
  ip redundant-vip 3 10.10.10.101
  ip redundant-vip 4 10.10.10.100
  More details at
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20_v8.10/configuration/redundancy/guide/VIPRedun.html#wp1112245
  Syed Iftekhar Ahmed

• CSS 11503 Users using a proxy

  I currently have a CSS 11503 LB that I am using to balance 443 and 80 traffic and I have it working but my question is if a users are coming from a proxy should I continue to use Layer 3 LB technique? Also is it possible to see the real IP address instead of the IP of the proxy server?

  the problem with proxy is if you use some form of stickyness like sticky src ip.
  Since the src ip is always the proxy, you end up with all your traffic going to a single server.
  If you are doing sticky src ip, I would suggest to use arrowpoint-cookie instead.
  To see the real-ip you need your proxy to insert in the http header a 'x-forwarded-for' line with the client ip.
  Your servers can then extract this value to determine the client ip.
  On the CSS you won't be able to see the client-ip.
  Gilles.

• Health care benefit plan -- Smoker

  Hi all ,
  While configuring the benefit plans under health care I create cost variants where none of them selected the option Smoker. IN the infotype 376 I marked my employee as smoker. While trying to enroll to benefits from HRBEN0001 my assumption is that none of the plans will be offered since my employee is smoker and none of the cost variants checked smoker. But still I am able to enroll in one of the plans.
  How is this cost variant controlling the employee in the enrollment process. can anyone please explain me .
  Thanks,
  Daniel.

  Hi,
  I believe when specifically checked as smoker, the plans will be only available to employee with smoker checked. Though never tried this.
  Regards,
  Somar

• Apparently "Canadian Health&Care" hacked my computer and send out a message to everyone on my address list. I need to have them blocked.

  Apparently "Canadian Health&Care" hacked my computer and sent out a message to everyone on my address list. I need to have them blocked.

  Email may not be the best way to move pictures.
  There are lots of ways of moving files.
  A simple and popular way to copy files and share files among your devices.
  https://www.dropbox.com/
  "Box lets you store all of your content online, so you can access, manage and share it from anywhere. Integrate Box with Google Apps and Salesforce and access Box on mobile devices" Rated the most secure cloud storage by SkyHigh Networks.
  https://www.box.com/
  Using iTunes to transfer files:
  http://support.apple.com/kb/HT4094?viewlocale=en_US&locale=en_US
  Files Connect -- "Cloud Storage services like Dropbox, MobileMe iDisk, Google Docs/Picasa, Facebook photos, FTP, SFTP, WebDAV ... AFS (Apple File Shares) SMB (Windows shares)  protocols"
  https://itunes.apple.com/us/app/files-connect/id404324302?mt=8
  Windows File server
  http://itunes.apple.com/us/app/filebrowser-access-files-on/id364738545?mt=8
  "The kiteworks mobile file sharing solution provides secure creation, viewing, and sharing of enterprise content on smartphones and tablets while providing IT and security teams the administrative controls to manage user privileges and access rights necessary to ensure enterprise security and compliance."  " Includes choice of private cloud on-premise."
  http://www.accellion.com/solutions/mobile-enablement/mobile-file-sharing
  "Dukto is a simple application that allows you to share files between devices connected to the same (wireless) LAN network."
  http://www.tidal.it/?page_id=309&lang=en
  http://www.msec.it/blog/?page_id=11

• Adding a Health Care Provider

  I would like to know how to ask to add a Health Care Provide to Health Vault ? I use Facey Medical Group as my current provider. They have a web site called MyFacey Connect which has all of my medical records. It would be very helpful if they
  would be able to sync with Health Vault.

  Hello,
  At this time Facey Medical  Group does not sync directly with HealthVault, but you can upload your medical records into HealthVault. To do this contact Facey Medical and request your records in either a CCD (Continuity of Care Document, or CCR Continuity
  of Care Record) and then you can upload to your HealthVault account.
  To upload
   your data as CCD or CCR, please follow these steps:
  Download
   the CCD or CCR to your local computer
  Then go to  http://healthvault.com
  Once signed in, select Documents and under Documents select either CCD or CCR
  then select add
  Your medical info will then be added to your HealthVault account
  Thanks and please let us know if you have further questions
  Tomas
  MS HealthVault Support

• Global Cerificate on CSS 11503

  Hi
  I am planning to enable https for few web servers behind a CSS 11503. I have tested the functionality with the trial cert every thing works as desired.
  Now I need to buy a certificate from Verisign to make it work in production.
  At verisign they offer two different certs (Secure Site --40 bits encryption) and (Secure Site Pro -- 128 bit encryption).
  1. Is this 128 bit cert a "global cert"? and I need to concatenate the "intermediate cert" and "server cert" to make it work?
  2. If all my users are in USA then does it make sense to buy this 128 bit certificate?
  3. Verisign website also asks for "server Platform" and cisco is not mentioned as an option (I can see other LB as F5 in the list). What should I select for the server Platform when I am requesting it for CSS 11503 (I have generated the CSR on CSS 11503).
  Thanks in advance
  Glenn

  1.The guy who picked the phone at verisign had no clue.Verisign website says the following
  Secure Site Certificate (40bit minimum)- SSL Certificates without SGC
  To install your SSL Certificate, go to the instructions below for your server software. If your server is not listed or you need additional information, refer to your server documentation or contact your server vendor
  Secure Site Pro Certificate(128bit minimum) - SSL Certificates with SGC
  If you are installing an SSL Certificate with SGC, you need to copy an Intermediate CA Certificate before proceeding to the installation instructions for your server software.
  2.My understanding was that 40 bit is minimum encryption level and only old browsers (exported ones) will us 40/56 bit ciphers. Other wise even with 40 bit certificate the new browsers will establish a 128 bit session.
  Verisign says about their 40 bit certificate
  "40-Bit to 256-Bit SSL Encryption Non-SGC SSL Certificates provide a minimum of 40-bit and up to 256-bit SSL encryption. Site visitors using certain older browsers and many Windows 2000 users will only receive 40- or 56-bit encryption unless they’re connecting to an SGC-enabled SSL Certificate"
  I found a document on net in favor of buying 40 bit certs.
  http://www.whichssl.com/myths_about_sgc.html
  Gilles I am a bit confused here.Need HELP :)

• Health care sends out call for more IT security pros

  The only problem I see, and the reason they may be clamoring for help, is they are always posting jobs requiring Health Care industry experience.  My wife who is a nurse at several hospitals says most of the I.T. staff are nurses who have transitioned into I.T.  If they aren't open to hiring qualified people without clinical experience or background they will continue to have problems hiring qualified I.T. staff. 
  This is common for many industries in the U.S. They keep saying they can't find qualified I.T. staff, yet they are not willing to bend a little on their requirements.

  If you're a security pro looking for a mid-career industry switch, you might want to look into the health care industry.With the fast-paced introduction of electronic medical records (EMR), electronic health records (EHR), wearables, health-monitoring devices, and data analytics,CSO reportshealth care industry leaders are "scrambling to catch up with the demand forstaff to manage and support these technological advances." Health care facilities are consequently looking for IT security pros that understand the intricacies of the HIPAA privacy laws.Speaking with CSO, Brad Elster, president of Health care IT Leaders, explains, "EMR installations at U.S. hospitals, fueled by federal incentives, have been a major catalyst for IT job growth in health care. Many of our hospital and health system clients have seen their IT departments grow by...
  This topic first appeared in the Spiceworks Community

• Routing non-TCP/UDP traffic while using FWLB on CSS 11503s

  Hello all,
  I've been tasked to setup up FWLB with CSS 11503's as shown below. The issue is that intranet workstations use VPN client software when connecting to certain sites through the Internet and other times they use http or https (for connection to different sites). Because no flow is setup for ipsec and ECMP uses per packet routing for non TCP/UDP traffic, I'm concerned that load balancing through the firewalls will occur on a per packet basis. If that is true, stateful inspection in the firewalls will block asymmetrical traffic flows.
  Is my understanding correct? And, if so, is there a way to configure the CSS units to deal with this?
  Thanks in advance.
  (sorry for the dots in the drawing but the spaces kept getting deleted)
  .| Internet |
  ..........|
  .| CSS-outside |
  .............|
  ........|...............|
  .| FW1 |.....| FW2 |
  .......|................|
  ............|
  .| CSS-inside |
  ............|
  .| Intranet |

  for non-flowy traffic like IPSEC, we use a hash algorithm to decide where to send the traffic.
  So, it's not per packet loadbalancing.
  The same source/destination ip/port will always go to the same firewall.
  Gilles.