SAP LDAP Connector / UME LDAP and Global Site Selector (GSS)

Similar Messages

• Global Site Selector (GSS) support DNSSEC ?

  Hi all,
  When will GSS support DNSSEC ?
  Thanks
  Eric

  Last I heard  GSS currently does not support DNSSEC. It is a feature that is being
  discussed for inclusion in a future release.
  You should contact your sales contact at Cisco to get more information and/or express your need for this feature.
  Gilles.

• Global Site Selector(GSS)

  Hi all,
  This is regarding new cisco applience called GSS,can anyone share how to config the GSS in real time with example,I hope I will get the responce soon,coz I have to do one installation soon.
  Thankx@Regds
  saji k.s
  DOHA

  try here...
  http://cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_support_series_home.html

• Ask the Expert: Global Site Selector Configuration and Troubleshooting

  Welcome to this Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about configuring and troubleshooting the Global Site Selector (GSS) with expert Swati Chopra.
  GSS devices represent the next generation of application switches and global server load balancing (GSLB) appliances. Working together with the Cisco ACE Module and Cisco ACE 4710 appliance, these devices form an application-fluent networking solution that improves availability, acceleration, and security for data center applications.
  The primary role of Cisco GSS is to implement the business continuance and disaster recovery policies of a business by optimizing and securing the Domain Name System (DNS) infrastructure of the data center. It does this by integrating with the DNS infrastructure and responding to the client DNS requests, thereby directing the client to the site that is best able to serve its needs.
  Swati Chopra is a CCNA, CCNP, and VCP certified customer support engineer for content switching, covering technologies such as Cisco Application Control Engine, Cisco Wide Area Application Services, Global Site Selector, Cisco Content Services Switches, and Digital Media Suite. She has been with Cisco for more than three years and has worked with most of the high-end customers on content-related complex cases. She completed her master’s degree in finance, was heading an online education project in collaboration with e-Sylvan, and later moved to technical services because of her love for technology. She is actively involved with diverse Cisco initiatives such as Connected Women, WISE, and Cisco Career Connections and recently hosted a “Birds of Feather” table at Cisco’s Women of Impact conference.
  Remember to use the rating system to let Swati know if you have received an adequate response. 
  Because of the volume expected during this event, Swati might not be able to answer every question. Remember that you can continue the conversation in the Data Center community under subcommunity Application Networking shortly after the event. This event lasts through April 25, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hi Sarah,
  The load balancing mechanism for GSS requests is done via different methods. We can use these methods to define how the load is shared for different balance clauses within the same rule. The 6 methods we use are:
  –round-robin—The GSS cycles through the list of answers that are available as requests are received. Each resource within an answer group is tried in turn. The GSS cycles through the list of answers, selecting the next answer in line for each request. This is the default.
  eg: if we have 2 answers in answer group then GSS will provide them alternatively.
  –least-loaded—The GSS selects an answer based on the load reported by each VIP in the answer group. The answer reporting the lightest load is chosen to respond to the request.The least-loaded option is available only for VIP-type answer groups that use a KAL-AP or Scripted keepalive, as they provide the GSS with detailed information on the SLB load and availability.
  eg: if one answer has higher load than the other, than first answer will not be provided until its load goes down the other answers
  –ordered—The GSS selects an answer from the list based on precedence; answers with a lower order number are tried first, while answers further down the list are tried only if preceding answers are unavailable to respond to the request.
  for eg: answer with ordered number 1 will be provided first till it becomes unavailable. Once it is unavailable then answer with ordered list number 2 will be provided
  –weighted-round-robin—The GSS cycles through the list of answers that are available as the requests are received, but sends requests to favored answers in a ratio determined by the weight value assigned to that resource.
  eg: if one answer has more weight(80%) than the other answer(20%), then it will be used 8 times out of 10.
  –hashed— When the GSS uses the hashed balance method, elements of the client's DNS proxy IP address and the requesting client's domain are extracted to create a unique value, referred to as a hash value. The unique hash value is attached to and used to identify a VIP that is chosen to serve the DNS query.
  The use of hash values makes it possible to "stick" traffic from a particular requesting client to a specific VIP, ensuring that future requests from that client are routed to the same VIP. This type of continuity can be used to facilitate features, such as online shopping baskets, in which client-specific data is expected to persist even when client connectivity to a site is terminated or interrupted.
  The GSS supports the following two hashed balance methods. You can apply one or both hashed balance methods to the specified answer group.
  • By Source Address—The GSS selects the answer based on a hash value created from the source address of the request.
  • By Domain Name—The GSS selects the answer based on a hash value created from the requested domain name.
  for eg: a user using same source ip will get the same answer from GSS if we do source address hashing.
  -DNS Race (Boomerang) Method-The GSS supports the DNS race (boomerang) method of proximity routing, which is a type of DNS resolution initiated by the GSS to load balance 2 to 20 sites.
  The boomerang method is based on the concept that instantaneous proximity can be determined if a CRA within each data center sends an A-record (IP address) at the exact same time to the client's D-proxy. The DNS race method of DNS resolution gives all CRAs (Cisco content engines or content services switches) a chance at resolving a client request and allows for proximity to be determined without probing the client's D-proxy. The first A-record received by the D-proxy is, by default, considered to be the most proximate.
  Use case is mainly with CRA's.
  Hope this helps. Please feel free to revert if you have follow-up questions.
  Thanks,
  Swati

• LDAP Connector: SSL support and de-provisioning

  Hi guys
  I have two questions regarding the SAP LDAP Connector (LDAP client):
  1) Does the SAP LDAP connector support connections to SSL-enabled directories?
  2) Does the SAP LDAP connector make it possible to delete SAP users, when the corresponding user is deleted in the directory (which is the 'leading' system in such a scenario).
  BR
  Tom Bo

  Tom,
  The IDM LDAP connector does support SSL.  The LDAP connector will support add, modify and delete operations.
  This [thread|Provisioning to AD - Is SSL mandatory ?; might be helpful as well.
  Matt

• LDAP-Connector with LDAPS (Port 636)

  Hello everybody,
  i had read some answers but not the right in my opinion.
  I want to connect with the LDAP-Connector (T-Code: LDAP) with an LDAP-Server (OpenDS) over LDAPS (Port 636)?
  But I had read some Notes (456666 and 517755) which describs thats not poosible to connect on a LDAP-Server over LDAPS when the host-system is Linux-based, is it true?
  And one solution is to take the ldap_rfc.exe on a windows-based and use this, is this also right? and if it is rigth, how can i do this?
  The connection to OpenDS-LDAP-Server over Port 389 (LDAP) works fine also syncronisation of attributes.
  Eventually are exists other solutions for my very big problem.
  sorry for my bad english
  regards rene

  Hello René,
  SAP note 456666 is correct. Maintaining the LDAP (LDAPS) connection to the directory service is the task of the LDAP client library, which is not provided by SAP, but by the OS vendor of the system where the LDAP connector is located.
  Only the OS vendor can help on the task of configuring LDAPS with their implementation of the LDAP client library.
  If you intend to use a WIndows then yes, it should work: see the "Solution" section of note 456666.
  You can also refer:
  I hope this helps.
  All the best,
  Cristiano

• SAP Business Connector 4.8 and Webmethods EDI Package WmEDI

  Hello,
  we want to upgrade our SAP Business Connector to 4.8 and need to install the EDI package provided by Webmethods earlier.
  We now figured out, that the EDI package is not provided anymore for download in the SAP Service Marketplace.
  Any idea, how to get the EDI package (WmEDI)?
  Is it not free anymore?
  Kind Regards
  Tanja

  Hello Tanja,
  Go through these discussions..
  http://www.wmusers.com/forum/thread6212.html
  http://www.wmusers.com/forum/showthread.php?t=13377
  Thanks,
  Satya Kumar

• Cisco Global Site Selector

  Hello
  Looking at the datasheet for the Cisco ACE GSS 4492R GSS device, under Global Traffic Management
  " The Cisco GSS 4492R can be deployed as a standalone global traffic manager that globally load balances client requests across distributed data centers using network performance metrics such as content use, round-trip time (RTT) between client and the closest data center, routing topology, and any device performance values that are available through SNMP."
  The part that interrests me is the RTT between client and closest data center. Looking at the config guide and other documentation I can see how make balancing decisions based on the client DNS server and find nothing based on actual client.
  So the question - Is it possible to make balancing decisions based on round-trip time (RTT) between the actual client and the closest data center.

  Hi Neil,
  The feature you are referring to is Network Proximity.  The documentation could be a bit confusing because the "client" is relative.  To you and me, the client is the person (or application) making the original DNS request.  To the GSS, the client is that person's (or application's) local D-Proxy (DNS server).
  When an application makes a DNS request to it's local D-Proxy, the D-Proxy will then attempt to resolve the request, but will source the request with it's own IP address, not the actual client's.  Therefore, by the time the request reaches the GSS, the GSS has no information on the original "client" or application that originated the DNS request.  It only knows the source IP address of the requesting D-Proxy and the domain it is requesting resolution for.  So to answer your question, no, the GSS cannot make a load balancing decision based on RTT between actual "client" and data center because it does not have sufficient data to make such a decision.
  In most cases, each actual client will be using a D-Proxy that is local to them, so the effect is the same as what you are asking for.  But if the D-Proxy is remote to the actual client, then you could get unexpected results.
  Hope this helps,
  Sean

• On GSS(global site selector)network max configurable the number of backup?

  HI..
  I would like to know the max backup gss number when we configure gss network.
  I did two gss when I configure gss topology. there are no problem when I configure two gss to active and the other standby.
  but I read the cco document that the gss cluster is being max up to 8 gss box.
  is it possible topology?
  when I configure two more gss on one cluster, I occered the err log on primary gss.

  HI..
  I would like to know the max backup gss number when we configure gss network.
  I did two gss when I configure gss topology. there are no problem when I configure two gss to active and the other standby.
  but I read the cco document that the gss cluster is being max up to 8 gss box.
  is it possible topology?
  when I configure two more gss on one cluster, I occered the err log on primary gss.

• Cisco Global Site selector Issue

  Hi all ,
     I have  a cisco GSS-4492R-K9 in my network . Currently when I am trying to do any changes it is giving me a following error .
  Couls anybody pls let me know why it is happening
  GSS#copy run sta
  can't create lock file /etc/mtab~12368: No space left on device (use -n flag
  to override)
  Jul 24 07:09:30 SYS-4-LIB_UTIL_64[12369] Unable to 'unlock' safe-state:
  Read-only file system
  can't create lock file /etc/mtab~12412: No space left on device (use -n flag
  to override)
  Jul 24 07:09:31 SYS-3-LOCKSTATE[12413] Cannot remount
  /cisco/merlot/safe-state
  your help is highly appreciable .
  Rgds,

  Most likely the storage device has become corrupted thus you see the filesystem working in read only mode.
  There was a similar thread posted in the Application Networking forum about a year ago which suggested some remedies. Please see this link.
  (You can also recategorize your question into that forum by using the widget that should appear in the top right of your screen.)

• Anyone used the Global Site Selector yet ?

  I believe it came out a couple of months ago. I'm looking at one versus the F5 3DNS boxes. Any thoughts ?

  I haven't used it yet, but I am also interested if anyone else has some info on it.
  I guess it would be a good idea to use if Cisco devices such as CSS 11000,Local directors, CSM etc. are deployed in the network.

• UME LDAP Data - XML file not appearing

  Hi,
  I have configured the readonly ADS with DB for the user authentication. Now I want to restore back to the default datasource configuration (dataSourceConfiguration_database_only.xml). But in the dropdown box in the Configtool >> UME LDAP data under the "Directory Security" tab, I am not able see the config XML file for the DB only. I tried uploading the file, but its saying file already exists. After this I tried deleting the fils from the cluster_data\server\persistent\com.sap.security.core.ume.service and then uplaoded the XML file. Still this is not appearing in the List of Datasources available.
  Can you please let me know how shall I revert the Datasouce to DB only?
  Regards,
  Debasis

  Hi,
    Go to ConfigTool -> Global Server Configuration -> Services -> com.sap.security.core.ume.service.
  You can change the value of ume.persistence.data_source_configuration to dataSourceConfiguration_database_only.xml.
  Regards,
  Siva
  P.S: Award points if you find this useful.

• ACE 4710- Global Site load-balancing

  Does the 4710 have a feature like global site load balancing like the CSS?
  We have a site that will have 2 ISPs but we don't have our own block of IP addresses to advertise so we would need to use the ISPs IP blocks.  We've had issues in the past advertising one ISPs IP block out another ISP so I was wondering if there was a way we could configure the ACE similar to the way the CSS did global site load balancing.  Basically have the ACE act as a DNS server and respond back with the IP address of whichever ISP we wanted the end user to come in on and use a probe to ping the ISPs remote WAN IP to verify the circuit is passing traffic and resolve the correct IP if it's not.
  Thanks

  ACE does not have DNS server functionality.
  And these methods are not supported on the CSS anymore.
  The solution we offer is to install a Cisco GSS (Global Site Selector) which can interact with the ACE or CSS or CSM to determine which vip is up or down.
  Gilles.

• LDAP  connector for Customer masters With SAP..........

  Hi Experts ,
  Our requirement is we have certain applications which are integrated
  with SAP Portal.
  For these applications Data sources are maintained in two different
  LDAPS.
  One LDAP (enterprise directory) is for USER data and the other LDAP for
  Customer  data(in this senario customer  data is nothing but business
  partner role oragnization).
    MY task is to build an interface for Customer data with LDAP sync.
  So here the question is, Can we use SAP standard LDAP connectors to
  make connectivity to the enterprise directory(LDAP)and push business
  partners data from CRM to the enterprise directory.
  In Standard SAP system which are standard LDAP connectors support
  this functionality?
  Please advice me and also let me know if we have any SAP notes for this
  senario.
  Best Regards
  Prasad

  Thank you very much for the useful link Martin. Anyway, there are some things that I cannot find for NX Unigraphics integration:
  In the wiki you can find
  You can download the CAD-Integration-Software from http://service.sap.com/swdc and then goto
  Installations and Upgrades > Supplementary Components for Cross Industry Solutions > Life-Cycle Data Management > SAP PLM Integrations > select the desired integration
  But that path does not exist in SAP download software page.
  Also, in the availability matrix I can find integration with several systems (catia, solid edge, autocad...) but not unigraphics.
  Could you please provide some more information on the topic?
  Thanks a lot.
  Neil

• Ms-Active Directory integration with SAP 4.7 SR2 through LDAP Connector

  Dear Gurus,
  Let me clarify the scenario:
  At our end, we are planning for SSO, we are integrating Microsoft ADS with SAP 4.7 IDES
  Following are the system details:
  SAP: IDES 4.7, on Windows 2000 Advance Server, Oracle 8.1.7.,Kernel-620
  MS-Active Directory: Windows 2003 Enterprise Edition, with Service Pack-1
  With the above mentioned landscape we have integrated
  LDAP-Connector on MS-Active Directory, on MS-Active Directory OS
  side we have tested the command (ldap_rfc –a LDAP_ADS –g
  ides.ho.com –x sapgw00) then we are testing it through an
  RFC in SAP 4.7(IDES), with result success.
  Everything is fine Im able to Log ON thru the User but when I try to search objects in LDAP(ie. ADS) thru "FIND", but getting Error message "operation Failed".
  Referred note 511141 for the error.
  Can't find anything more.
  Required help...
  Regards,
  SHAH

  Dear Juergen,
  As of we have applied the SP-level till 40.
  Through LDAP tcode we are able to Logon to the Directory server, and we
  are also able to search, through FIND,
  the system displays all entries below the specified base entry.
  After that we are trying to Synchronize it, using report RSLDAPSYNC_USER through SE38, but its showing following errors:
  Connection created to Server LDAP_ADS (successfully with Green)
  Operation Failed (Error with Red)
  Error message: LDAPRC001
  LDAP_SEARCH failed (Error with Red)
  Error message: LDAPACCESS101
  The System could not create directory objects pool (Error with Red)
  Error message: LDAPSYNC005
  Connection to LDAP_ADS server terminated
  As for first Error: Error message: LDAPRC001, we referred Note 511141,
  Response: "This error msg does not mean that the SAP System sent incorrect data".
  For Error message: LDAPACCESS101 and Error message: LDAPSYNC005, we refferred 696021 and 695026
  Response: to apply the correction change, as our SP level is above the requirement, we have
  level-40.
  Unable to get further, any solution/suggestion.
  Bye for now.
  Regards,
  Shaibaz