Scenario – Multi Tenant ConfigMgr 2012 R2 and Same IP Address range for multiple customer

Similar Messages

• In an upright and landscape folio Can i have multiple (custom) page sizes?

  In an upright and landscape folio Can i have multiple (custom) page sizes?
  i.e if 99% of pages are 768x1024 each with a landscape version when you rotate, can the folio also contain bespoke long pages i.e 768 x 2048.....??
  It appears not...

  *FACE PALM* YES! that works, of course it does, simple when you know how ;-)   ......  Thank you Alastair i was missing the obvious answer

• ConfigMgr 2012 R2 and SQL Collation

  I am planning to install a new ConfigMgr 2012 R2 server and use SQL Server 2012 SP2.
  Does ConfigMgr 2012 R2 already support other SQL Collations than "SQL_Latin1_General_CP1_CI_AS"?
  In other System Center 2012 R2 products "SQL_* collations are being deprecated for their Windows equivalents" according to
  http://technet.microsoft.com/library/dn281933.aspx

  Generally speaking, no. There are two exceptions for use in China, see also:
  http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigSQLSrvReq
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• ConfigMgr 2012 R2 and managing clients in untrusted forest

  I have read documentations and I'm still not 100% sure what are the possible limitations in my situation. I have 2 AD forests without any trusts between them. I'm planning to deploy ConfigMgr 2012 R2 in forest A. I also have clients in forest B.
  I need to install operating systems via PXE, applications and windows updates to clients in untrusted forest. I'm also planning to support internet clients. 

  You can manage clients in un-trusted forests. This blog is a good place to start.
  http://blogs.technet.com/b/manageabilityguys/archive/2012/09/05/system-center-2012-configuration-manager-and-untrusted-forests.aspx
  Managing internet clients is called IBCM (Internet Based Client Management). You can read about it here
  http://blogs.technet.com/b/configurationmgr/archive/2013/12/11/a-closer-look-at-internet-based-client-management-in-configmgr-2012.aspx
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• 2 BBs with two numbers and same email address

  Hello,
  I have a BB with a Vodafone number from Portugal. I want to buy now
  another BB to use with another Vodafone number, this case from
  Ireland.
  My question is whether I can have both phones working with the same
  gmail address at the same time? When an email is received it will go
  to both phones at the same time?
  thanks for your help
  Manuel
  Solved!
  Go to Solution.

  Jameskemp is correct.
  When you set up an email address on your BlackBerry, you're associating the delivery of that email address to your phone's PIN.  You can't have one email address going to two different PINs simultaneously.
  Now you know. 
  - If my response has helped you, please click "Options" beside my post and mark it as solved. Clicking the "thumbs up" icon near the bottom of my response would also be appreciated.

• Connecting 2 WAN clouds on the same IP address range.

  Hello, I have a problem connecting my office to two third party companies.
  I have two Cisco 1700 series WAN links to my office from these companies, Both routers are fully managed by their respective companies, both use static routing, and both are using the 10.0.0.0/8 IP address range.
  The first company assigned my office the address range 10.212.1.0/24.
  The second company assigned my office the address range 10.215.1.0/24.
  My office can be set to any IP address range.
  My questions are:
  Is it possible to have a connection from my office to both networks at the same time? If so how?
  Do I require these companies to provide me with their static routing information? or can I use routing protocols?
  Do I need to perform NAT?
  Can I use a PIX 515e firewall with three interfaces?
  Sample configuration would be greatly appreciated

  It's possible to have connections to your offices at the same time with the usage of subinterfaces.The usage of static and dynamic protocols depends totally based on the size of the topology of your network.If it's a very very small network static routing will do. Performing a nat totally depends upon ypur decision whether to use a public ip or not.If required you can use a pix firewall

• OWSM and Webservices -Define policies once for multiple web services

  I thought that through using OWSM we had the possibility to use the same Policy Lines for multiple web services.
  Mostly when web services are used/integrated within an application, the same rules need to be defined and I thought this requirement could be met when using OWSM.
  But you need to define the policy requirements on each web service that's passing through a gateway or agent, why isn't it supported to define policy lines one level higher to be able to use the same requirements for multiple web services?

  Nathalie,
  For this purpose OWSM allows you to use Template Policy Pipelines.
  For individual services, you can than replace the pipeline with the Template.
  But I have to agree with you here: the templating functions are rough on the edges, e.g. limited editing capabilities.
  Hope this helps.
  Best regards, Sjoerd

• ConfigMgr 2012 R2 and DMZ Questions

  I am working with a client who's security team has been a challenge.  They do not want to open any of the RPC Dynamic Range ports needed for communication between certain roles on the Primary Site server and a server they want setup in one of their
  DMZ's. 
  They have a domain in the DMZ and all devices are a member of that domain.  We successfully setup a management point but can't publish since the ports from the primary site server to a DC in the DMZ are not open.  We placed a DNS service locator
  record in the DMZ and when we manually install the clients add the DNSSUFFIX and point to the MP in the DMZ.  The clients are reporting at this point.  However, they are not getting any software updates since the DP can't install and we don't allow
  failover to any other DP.
  The client has said that there has to be other solutions.  The solution we are using isn't best practice I know that.
  I guess there are three solutions here, correct?
  1.  Open DMZ site ports for clients to communicate only to ConfigMgr Server.  (Not secure)
  2.  Keep current design of MP/DP/SUP in DMZ?
  3.  Put a secondary site in DMZ?
  I have two questions about 2 and 3.  Why should we add the SUP?  Shouldn't the client talk to the Management Point and the management point sends the request to the SUP on the ConfigMgr?   So can't we ditch that extra SUP?  
  Also, even if we put a secondary site in the DMZ, we will still run into port issues since the client is refusing to open RPC Dynamic port ranges?
  Kristopher Turner | Not the brightest bulb but by far not the dimmest bulb.

  Yes 3 is out ConfigMgr wise.
  I would not call 1 insecure though. Open ports are not insecure, that's a myth perpetuated by those who don't know what a port is. Network security is about controlling the traffic and securing the endpoints. Ultimately, that may be a battle you won't win
  though because of political reasons and the perpetuation of myths in network security and the purpose of DMZs.
  Option 2 is what most/nearly all folks go with. If one port is open, you may as well open them all because security wise there is no true difference so any resistance here is ignorance. As long as the traffic is confined to a single endpoint, the port its
  using makes no difference and the level of security comes down to, as mentioned, the security posture and controls in place on that endpoint itself -- who cares that the traffic has a data field set to 80 or 443 or 1024 as long as the target is well controlled, "secured", and
  monitored.
  There ultimately aren't any other ways (besides 1 and 2) to accomplish this using only ConfigMgr proper. The ports required are well documented on TechNet so there's no magic to make these go away.
  Another architectural solution however is to use reverse proxy. This is a twist on choice 1 except that all client traffic passes through the reverse proxy instead to reach the internal site systems.
  Jason | http://blog.configmgrftw.com

• Static NAT and same IP address for two interfaces

  We have a Cisco ASA 5520 and in order to conserve public IP addresses and configuration (possibly) can we use the same public IP address for a static NAT with two different interfaces? Here is an example of what I'm refering too where 10.10.10.10 would be the same public IP address.
  static (inside,Outside) 10.10.10.10  access-list inside_nat_static_1
  static (production,Outside) 10.10.10.10  access-list production_nat_static_1
  Thanks for any help.
  Jeff

  Hi Jeff,
  Unfortunately this cannot be done, on the ASA packet classification is done on the basis of mac-address, destination nat and route, and here you are confusing the firewall, to which interface does the ip belong to. I haven't ever tried to do it, but it should cause you issues.
  Thanks,
  Varun Rao
  Security Team,
  Cisco TAC

• Dual Boot and Same IP Address

  Hi there,
  thinking of installing XP on boot camp in my corporate environment, can anyone give me any indication that it would be problematic to have both the windows and mac os IP setting as the same, considering they will not both be on at the same time,
  We are running low on our IP allocation from our Local Education Authority and wondered if this would work or cause issues, our Mac's are bound to OD and authenticate with AD, hoping to bind XP to AD domain for docs and windows programs
  any thoughts welcomed
  timaceuk

  Hi Jeff,
  Unfortunately this cannot be done, on the ASA packet classification is done on the basis of mac-address, destination nat and route, and here you are confusing the firewall, to which interface does the ip belong to. I haven't ever tried to do it, but it should cause you issues.
  Thanks,
  Varun Rao
  Security Team,
  Cisco TAC

• Scripting to replace a layer in a psd file and save as a tiff for multiple images in a sequence

  I have over a hundred images, all the same size, that I need bring into photoshop as a designated layer, one at a time, flatten the image and save as a tiff file with a sequential number, then repeating the process. I have not used javascript before but it seems like it should work. I'm using CS5. Thanks

  It is possible to do that via Scripting.
  If you are unable to create such a Script maybe you should look up the chapter »Creating data-driven graphics« in the documentation.

• How to use the same mask, stencil, etc., for multiple layers? Photoshop equivalent of masked group?

  Hi I spent more than half an hour to search manual, forums, and Internet and still can't find the answer. Please help!
  For example, in a comp with 5 or more layers I want to use the same mask or stencil or what ever can hide areas of the layers 2,3, and 4 but layer 5 and any other eventual layers below should not be affected.

  Pre-compose the layers you want to mask and apply a track matte to the pre-comp using the mask. Think of pre-composing as an equivalent of creating a layer group.
  Use Set Matte effect on each of the layers you want to mask. This is easiest to do if you apply set matte once and then create an animation preset to apply to the other layers. Just get set matte to do what you want it to do on the first layer, Select Set matte in the ECW or in the Timeline, then go to Animation>Save animation preset. Then select all of the other layers you want to apply the set matte to and apply the preset.
  Put the mask at the bottom of the layers you want to mask and enable the preserve transparency switch, then nest this group in the composition with the other layers.
  Here's another tip. You could define a custom color for all of the layers you want to use the matt on, then use the custom color for a group selection. This may make things easier down the line.

• Same ALE logical system for multiple BP

  Hello,
  we are using two processes to deal with the messages we receive from an external partner.
  For our system this partner is a logical system.
  My problem is now that we cannot give the same name to to processes.
  Do you have an idea how to solve it?
  Greets,
  Helge

  Hi,
  I now tried a bit with your input and the result is that I know gave the adapter specific identifier to one process (A) and in the receiver agreement I used a header mapping with A as the sender.
  I dunno why but now its working. Whatever the difference with the external partner my be ...
  Greets,
  helge

• Global Address List for multiple people with same name?

  When writing a new email, I want to add a name from the global address list of my microsoft exchange Contacts group. I select the blue plus button and type in the name. If there is more than one person in my company with the same name, both people will show up. However, Mail is not letting me see the details of either of the two people so I don't know which one is the right one.
  However, if I start from Contacts, Groups, Exchange and type in that person's name, when I select a name, a second screen will show up with the details (email address, title, etc) of the person. That way, I know which one is the correct person who I want to email. Why can't I do this directly from Mail? If I need to send an email to multiple people from the GAL, I don't want to have to search for them via Contacts.
  Thanks!

  I don't know the exact and complete specification of your intended schema...
  anyway, from what I can see in your post, I assume that
  <deed>
      <deed_type>
          <name>Quit Claim</name>
          <value>Sheriff</name>
      </deed_type>
      <deed_type>
          <name>sheriff's deed</name>
          <value>Sheriff</value>
      </deed_type>
      <deed_type>
          <name>Warranty</name>
          <value>W</name>
      </deed_type>
  </deed>would be the "proper" way to go...
  which makes your "deed_type" a complexType, including a sequence of two kinds of xs:string elements : "name" and "value"

• Misleading and Restrictive Product Information Provided, for inducing customer to buy – by Apple Premium reseller  - Unicorn Info Solutions Private Limited

  Facts of the Case
  IPHONE 3GS – Serial QRxxxxxY7H
  We have visited the apple premium reseller M/s Unicorn Info Solutions Private Limited, Himalaya Mall, Ahmedabad, hereinafter called as “reseller”. On 10th August 2012, the sales representative at the store informed us that since we have an old apple phone, we were offered a scheme whereby against payment of Rs. 10000/- a new apple 3GS phone was to be provided against return of the old phone.
  We have an MTNL Sim and on our return to Mumbai, we were surprised to find that the product showed No Service. We visited the I store in Mumbai, Ghatkopar, R – City Mall and were asked to contact the apple care. Accordingly we contacted the apple care and we were assigned case id xxxxxxx, whereby we were informed to contact Vodafone.
  On contacting the Vodafone gallery at Ghatkopar, Mumbai, we were asked to wait for two days. After 2 days Vodafone informed us to contact the apple care only.
  Upon again contacting apple care we were asked to contact the apple reseller M/s Unicorn who has sold the product.
  M/s Unicorn, Ahmedabad, directed us to contact support office in Mumbai, Andheri where the issue would be resolved. We visited the Andheri office, but we told that nothing could be done, and neither the product could be returned back, even if it is no use to us and was sold by adopting misleading and fraudulent information.
  Grievance
  At no point we were informed that this phone will work with only Vodafone. The important legal principle of caveat emptor (let the buyer beware) was obviously absent and not followed by the reseller.
  Moreover, the payment was made for an Apple phone and there was no mention of Vodafone, or of any agreement of whatsoever nature with the said company.
  Firstly, to sell a product (Iphone) with a restrictive covenant to use complimentary product (Vodafone) without the knowledge of the buyer and in the absence of any legal contract, is a “Restrictive trade practice” under the Competition Act and erstwhile MRTP Act.
  Secondly, the irresponsible attitude adopted by the reseller (M/s Unicorn) who sold the product, (M/s Apple Inc) the manufacturer and M/s Vodafone, which has put restriction on the product use without any valid contract is not at all appreciated. More so they have made us to run from pillar to post without even the product being able to start its usage.
  <Edited By Host>

  Posting a review on Unicorn Infosolutions Pvt Ltd, Third Floor, Himalaya Mall, Gurukul Road, Near Drive In Cinema, Ahmedabad, Gujarat - India
  Person whom I spoke to - Ritesh Chauhan (I think, not sure of this first name)
  My Macbook pro battery has given up, its time for replacement.
  I happened to visit this store a few days ago, store is not the IMAGINE Retail store at Ground floor instead on the opposite side wing its on third floor, and a small board outside called Unicorn.
  The executive whom I spoke with turned out to be really rude. Didn't understand my concern and went on forcing his views on me.
  Although my laptop was still under warranty and having spoken to Apple Technical Support, I already gave him the information on phone prior to my visit, things were just not alright even then.
  He was just way to busy explaining me how he does things and what are the procedures and so on, very bad behaviour, no care towards their customers and because we are customers who are not going to pay them anything as our products are still under warranty, they are really not interested in us, we are more like a liability on them (at least that's what I felt from my visit).
  Refrain from going there guys, look out for an alternative Apple Authorised Service Centre. My positive experience was with the one at Galaxy Mall, Nehru Nagar, Near Shiromani Complex.
  Their office is located at second floor in that mall, the person whom I met with was very humble and actually cared for me queries to get them resolved in a manner that would be best for me.