Secured Voip Deployment

Similar Messages

• What equipment is needed for secure voip environment?

  I have tried searching it but seems like i can't find any...
  I need to setup a secure voip environment for a demostration,with least costing. What equipment do i need?
  Can CCME handle or i need to go for callmanager at least, if so which version?
  As for voip phone, i just need 7960 with latest firmware?
  Regarding those certs and stuff, what do i need? A windows server , a ACS or ?

  I haven't secured CME but CCM can be secured out of the box with encryption for the phones. Here is the documentation for this.
  http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/4_1/sec_vir/ae/sec413/secugd.pdf
  Also Cisco provides a standalone version of their Security Agent for CCM. Here is the link.
  http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/4_2/sec_vir/csa/csa_ccmg.htm
  Lastly anti-virus protection is offered by 3rd party vendors. Here is a list of supported 3rd parties.
  http://www.cisco.com/en/US/products/sw/voicesw/ps556/prod_bulletin0900aecd800f8572.html
  Please rate any helpful posts
  Thanks
  Fred

• Setting security for deployment and connections to SSAS

  I've read that SSAS does not offer mixed mode security option as SQL Server does. Does this mean that every user/client desiring to connect via OLE DB must have a domain account? How does one get around this?
  Also what is the tool used to administer SSAS security. There is no option for these in SQL Server Management Studio 2014. I am developing cubes via the BI plug-in for Visual Studio 2012 but I am unable to deploy the .asdatabase packages due to security
  problems. I would appreciate if someone could point me to a good article on SSAS configuration/security. If I could just know the tool to invoke or PowerShell commands I would be good to go.
  Thanks

   Does this mean that every user/client desiring to connect via OLE DB must have a domain account?
  Hi Rmz,
  Microsoft SQL Server Analysis Services relies on Microsoft Windows to authenticate users. By default, only authenticated users who have rights within Analysis Services can establish a connection to Analysis Services. Which no mean that you need
  a domain account to access SSAS database. You can access to the cube using a local window user. This authentication model requires that all users be authenticated by the Windows operating system before they can access data. This the default setting on
  SSAS currently. Here is a article about Secure Deployment (Analysis Services - Multidimensional Data), please see
  http://technet.microsoft.com/en-us/library/bb500226(v=sql.105).aspx
  http://technet.microsoft.com/en-us/library/ms174927(v=sql.105).aspx
  Regards,
  Charlie Liao
  TechNet Community Support

• CSM Cisco Secure Manager - deploy a Blank configuration!

  Hi all,
  need some help. Its just installed a CSM, v.4.8. It adds a device and its configuration from the network, a FW ASA 8.3 correctly.
  i make a change on the local policy and as soon i make a deploy to device it start doing a:
  no xxxx
  no xxxx1
  no xxxx2
  for each line of the current configuration! so it deletes all!
  I am missing a point in here. User guide says that i have to bind a policy to the device but that easy step i do not know how to do it.
  thanks in advance for the help
  Regards
  José

  Security Manager does not currently leverage object groups for ACL objects used in VPNs. An enhancement bug has been filed under CSCsl20196 and is something we are looking to address in the upcoming Security Manager 3.2 release due late 1QCY08.

• Voip deployment over mpls link

  Hi
  we want to deploy voip for multiple location over the mpls lines we have between the multiple location can any body suggest the feasibility and how to do it and any related document and guidance for that
  Thanks
  Manish gaur

  Manish,
  That is probably the best way to connect multiple sites without having to connect each one with a T1, etc. Our MPLS vendor has an SLA on latency with 50ms or less guaranteed. With voice you want to make sure the latency is definitely less than 150ms. For ease of management we're using a router at each remote site with SRST capabilities so that all of the configuration remains at the main HQ callmanager, but if the connection ever goes down, the remote site phones will still be able to call each other (not main office until connection is restored) Alternatively you can put a router at each site with CallManager Express, you will just have to manage each site separately. Hope that helps a little.

• VoIP Deployment

  My company is going to deploy Voip to the network. We have about 10 major sites with about 10,000 phones. I hope someone could give me suggestion of what tools I should use for pre-deployment; for exampele, NetIQ or NetQos to analysis and remediate the network before we put ip telephony to the network.
  Any recommendation would be appreciated.
  Thanks

  I think the network piece of the picture is the easy part, its the documention of the existing PBX system configuration
  - ACD groups
  - number of lines on a phone. (determines 7940 or 7960 series to purchase, or even 7914 options)
  - voicemail migrations to Unity platform.
  - testing a dual platform with CCM running and old PBX.
  - PSTN services.. what stays, what goes
  - analog support.... modems, faxes, 1mbs, etc.
  - what type of training to support or provide
  - headset replacements
  - tie lines and existing routing patterns to other sites
  I have been at a client for the past 6 months preparing just preparing for migrating 1000 phones... at one site.... from a 15 year PBX.... it's much bigger than anyone every thinks.
  drop me a line if you need some advice
  cheers!

• Secure Package deployment. Protecting IP

  Is there a secure way to deploy an SSIS package to a client site so that the client / client admins can not open or modify the package. It's a very complex package that contains what we consider our companies intellectual property and we do not want
  the clients to have access.

  No. You will not be able to obfuscate a package. One way is to use DLLs via a Script Task, but it has its own limitation. A client would always be able to persist a package to disk and open in SSDT/BIDS.
  This is because SSIS is considered a not for client deployment technology.
  Arthur My Blog

• Security Exception deploying to App Server with Creator

  I'm trying to deploy a Spring/Hibernate application to the default app server with creator. I'm getting an exception which seems to be related to security settings on the server and the cglib library that Hibernate requires. Below is the full stack trace. Does anyone know what I can do to solve this problem? I had a brief look at the server.policy file but don't know what to modify or if I need to modify it at all.
  When I deploy the .war to Tomcat, I do not receive this exception.
  Thanks!
  Mike
  org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'sessionFactory' defined in ServletContext resource [WEB-INF/applicationContext.xml]: Initialization of bean failed; nested exception is java.lang.ExceptionInInitializerError: null
  java.lang.ExceptionInInitializerError
  at net.sf.cglib.core.KeyFactory$Generator.generateClass(KeyFactory.java:167)
  at net.sf.cglib.core.DefaultGeneratorStrategy.generate(DefaultGeneratorStrategy.java:25)
  at net.sf.cglib.core.AbstractClassGenerator.create(AbstractClassGenerator.java:215)
  at net.sf.cglib.core.KeyFactory$Generator.create(KeyFactory.java:145)
  at net.sf.cglib.core.KeyFactory.create(KeyFactory.java:117)
  at net.sf.cglib.core.KeyFactory.create(KeyFactory.java:108)
  at net.sf.cglib.core.KeyFactory.create(KeyFactory.java:104)
  at net.sf.hibernate.impl.SessionFactoryImpl.<clinit>(SessionFactoryImpl.java:237)
  at net.sf.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:805)
  at org.springframework.orm.hibernate.LocalSessionFactoryBean.newSessionFactory(LocalSessionFactoryBean.java:535)
  at org.springframework.orm.hibernate.LocalSessionFactoryBean.afterPropertiesSet(LocalSessionFactoryBean.java:470)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1065)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:343)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:260)
  at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:221)
  at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:145)
  at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:276)
  at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:317)
  at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:131)
  at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:224)
  at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:150)
  at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:48)
  at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4010)
  at org.apache.catalina.core.StandardContext.start(StandardContext.java:4522)
  at com.sun.enterprise.web.WebModule.start(WebModule.java:241)
  at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:827)
  at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:125)
  at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:147)
  at java.security.AccessController.doPrivileged(Native Method)
  at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:809)
  at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632)
  at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1279)
  at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1006)
  at com.sun.enterprise.server.WebModuleDeployEventListener.moduleDeployed(WebModuleDeployEventListener.java:160)
  at com.sun.enterprise.server.WebModuleDeployEventListener.moduleDeployed(WebModuleDeployEventListener.java:238)
  at com.sun.enterprise.admin.event.AdminEventMulticaster.invokeModuleDeployEventListener(AdminEventMulticaster.java:918)
  at com.sun.enterprise.admin.event.AdminEventMulticaster.handleModuleDeployEvent(AdminEventMulticaster.java:905)
  at com.sun.enterprise.admin.event.AdminEventMulticaster.processEvent(AdminEventMulticaster.java:427)
  at com.sun.enterprise.admin.event.AdminEventMulticaster.multicastEvent(AdminEventMulticaster.java:139)
  at com.sun.enterprise.admin.server.core.DeploymentNotificationHelper.multicastEvent(DeploymentNotificationHelper.java:288)
  at com.sun.enterprise.deployment.phasing.DeploymentServiceUtils.multicastEvent(DeploymentServiceUtils.java:155)
  at com.sun.enterprise.deployment.phasing.ServerDeploymentTarget.sendStartEvent(ServerDeploymentTarget.java:258)
  at com.sun.enterprise.deployment.phasing.StartPhase.runPhase(StartPhase.java:87)
  at com.sun.enterprise.deployment.phasing.DeploymentPhase.executePhase(DeploymentPhase.java:71)
  at com.sun.enterprise.deployment.phasing.PEDeploymentService.executePhases(PEDeploymentService.java:633)
  at com.sun.enterprise.deployment.phasing.PEDeploymentService.start(PEDeploymentService.java:361)
  at com.sun.enterprise.deployment.phasing.PEDeploymentService.start(PEDeploymentService.java:396)
  at com.sun.enterprise.admin.mbeans.ApplicationsConfigMBean.start(ApplicationsConfigMBean.java:702)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.sun.enterprise.admin.MBeanHelper.invokeOperationInBean(MBeanHelper.java:302)
  at com.sun.enterprise.admin.config.BaseConfigMBean.invoke(BaseConfigMBean.java:357)
  at com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213)
  at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
  at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
  at sun.reflect.GeneratedMethodAccessor24.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.sun.enterprise.admin.util.proxy.ProxyClass.invoke(ProxyClass.java:54)
  at $Proxy1.invoke(Unknown Source)
  at com.sun.enterprise.admin.server.core.jmx.SunoneInterceptor.invoke(SunoneInterceptor.java:272)
  at com.sun.enterprise.admin.jmx.remote.server.callers.InvokeCaller.call(InvokeCaller.java:38)
  at com.sun.enterprise.admin.jmx.remote.server.MBeanServerRequestHandler.handle(MBeanServerRequestHandler.java:92)
  at com.sun.enterprise.admin.jmx.remote.server.servlet.RemoteJmxConnectorServlet.processRequest(RemoteJmxConnectorServlet.java:69)
  at com.sun.enterprise.admin.jmx.remote.server.servlet.RemoteJmxConnectorServlet.doPost(RemoteJmxConnectorServlet.java:94)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:767)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
  at sun.reflect.GeneratedMethodAccessor71.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
  at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
  at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:257)
  at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
  at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
  at java.security.AccessController.doPrivileged(Native Method)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:132)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
  at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:185)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:653)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:534)
  at com.sun.enterprise.web.connector.grizzly.ProcessorTask.doTask(ProcessorTask.java:403)
  at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:55)
  Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission getProtectionDomain)
  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
  at java.security.AccessController.checkPermission(AccessController.java:427)
  at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
  at java.lang.Class.getProtectionDomain(Class.java:2074)
  at net.sf.cglib.core.ReflectUtils$1.run(ReflectUtils.java:42)
  at java.security.AccessController.doPrivileged(Native Method)
  at net.sf.cglib.core.ReflectUtils.<clinit>(ReflectUtils.java:40)
  ... 98 more

  Try this:
  //Required permissions for Hibernate
  grant codeBase "file:/path-to-web-project/Creator-project-name/build/web/-"{
  permission java.util.PropertyPermission "*", "read,write";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "getProtectionDomain";
  };Replace path-to-web-project with the path to your project's folder. For example,
  file:/C:/Documents and Settings/localuser/My Documents/Creator/MyCreatorProject/build/web/-

• Cisco security manager deployment issue with invalid command

  Running CSM 3.3.1, to manage an 800 series pre-configured router.
  The router has a number of policy ACL's and class-maps configured. When the config is imported to CSM a number of warnings are seen reporting that some of the interfaces are unprotected by ACL's, which is correct, no serious errors are reported and the device is succesfully imported.
  But, when I look at the configuration within CSM non of the ACL's or the class maps are shown.
  Also, when I configure some feature on the router, during the deployment phase I get an error indicating that there is an invalid protocol under one of the class maps associated with an interface. The protocol in question is bittorrent. This error prevents depolyment of my changes. In fact this causes my client to hang, eventually if I close the application windoes reports that the issue is caused by javaw.exe faiing to respond.
  If I take out the bittorrent protocol under the class map then all seems well.
  So, I though flexconfigs would resolve this, enabling me to import the config with the unsupported command. I created a flexconfig with the class map and the invalid protocol. When I re-imported the device there is still a lot of configuration features that are on the router but are missing in CSM.
  I'm not sure how to resolve this, the router was not configured through CSM in the first place.

  Update to this, the CSM is also altering firewall configurations, if I import a configuration from an ASA running 8.0.4 code, then compare that configuration to that running on the same ASA there are quite a few differencies. Some of these are not items that CSM reports as requiring Flexconfig support, which concerns me.
  This is not the first time I've seen this occur, customer is concerned about the reliability of the way this system handles configurations, and I cannot explain why it exhibits this process.
  Anyone else seen this, and found a work around?

• Best practice secure network deployment?

  Hello all, I have a few servers and am planning to rebuild our infrastructure to be more secure. We currently have 3 physical machines, (2 standalone servers and then a VM host (esxi, but might switch to Hyper-V - thoughts?)
  I run an exchange server, have AD, failover AD server, a number of web hosts and a couple of linux machines. I also have our work network on the same subnet (all one location)
  My question is this: I have an ASA and then some switches, modem goes to ASA, does NAT with our static, ASA goes to everything else. How should I rebuild the network to allow for the following. 1) Some sort of secure AD and web services which are accessible
  to the WAN and allow things like /owa acccess, LDAP integration, etc. 2) Secure internal systems (primary domain controller, workstations, etc) where they can browse the internet etc, but are not exposed by to any risks from exposing the other servers.
  This might rely more on virtual networking, which I'm not terribly familiar with, so if any recommendations could be made for virtual networking setups in esxi or hyper-v I'd gladly look those over too.
  Thanks!

  What ASA are you running? U need a security plus license to make use of the DMZ functionality. I will then recommend moving the servers that mostly servs users outside your organisation to the DMZ. Like web servers. Your exchange server could stay on inside.
  If your asa is just a 5505 I wouldn't let it do any vlan-routing. Consider using a l3 switch.
  Put your DMZ on a separate vlan. Servers in one vlan. The  admin-interfaces of your network gear in one. Create one vlan for wifi clients, and one or two for your clients. Then you need IP-helpers in each vlan that requires dhcp pointing towards your
  DHCP-server. Towards your vmware server you configure your switch for trunking as well as between switches. In vsphere you create portgroups that will tag each vlan, you will only need your DMZ-vlan and server vlan as the other ones is reachable through the
  vlan-routing.
  Putting your servers in a separate vlan will improve security and eliminate mitm attacks on the servers. Your next step is then to secure all access ports, but take that as another project.

• Looking for good docs for securing VoIP enviornment

  I'm looking for documents on securing IP phones. Mostly resricting the information available from the phone itself via the settings button.
  Also a document listing the required protocols for a functional voice VLAN would be helpfull.
  Thanks,
  Andy

  Hi Andy
  for Cisco IP Phones with CCM did you try Cisco Unified CallManager Security Guide, here is the link:
  CCM 5.x
  http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/sec_vir/ae/sec502/index.htm
  CCM 4.1
  http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/4_1/sec_vir/ae/sec413/index.htm
  hth
  /majdi

• Security for deployed Flex Apps

  I know that there are many decompilers available for .SWF
  files. How can you make your Flex apps secure ?
  I have seen this product, is this reccomened for flex
  http://www.amayeta.com/software/swfencrypt/

  Refer tohttp://www.oracle.com/technology/documentation/1012_solaris/install.1012/install/ports.htm

• Code security and deployment (.exe0

  Hi,
  I know a bit about obscutafors or whatever, but since they offer little security as far as how code works I was wondering if anyone knew if compiling a java application natively (i.e. into an .exe, or for mac, or linux), would make the java code more secure?
  Im trying to protect my work... as are many of you I am sure.
  Thanks for the advice.

  The class file format is clearly defined and hence "prone" to disassembling to a greater extent than a native executable.
  There are tools for native compilation. Java comes with a plethora of runtime classes, they have to be taken care of too.
  Also check (google) for "obfuscators".

• Problem with security in Weblogic 8.1

  Hi, my name is Jesús Chávez Reyes and it is my first time in this forum.
  My problem is related with security in WL 8.1 because I am new in this matter. My problem is :
  I work in change completely the security of an enterprise application that is deployed in WebLogic 8.1 and your security is a based in a RDBMS Custom Realm in Compatibility Security.
  This application is composed by 18 EJB and 4 web applications.
  The objective of this change is:
  1.- Use a external system for authentication (though a web service).
  2.- If is possible: unbind security of WL for in a future deploy the application in other Server(Jboss for example).
  I'm trying to implement security with Acegi and Spring in a one of the four web applications. I deleted all it has to do with security in deploy descriptors and deleted the realm.
  At this point I can login in , using the Web Service of the external application, without difficulty.
  The problem arises when the application makes an instance of the EJB's. This is the way how the application makes the instances of the EJB:
  InitialContext context = new InitialContext( null );
  Object   = context.lookup(name); // name=GroupSessionFacade   (JNDI Name of EJB)
  EJBHome home = (EJBHome) objref;
  +...+
  GroupSessionFacadeHome home = (GroupSessionFacadeHome) objref;
  groupFacade = home.create();
  In this point GroupSessionFacadeHome home = (GroupSessionFacadeHome) objref the application throws ClassCastException. This happens with all EJB.
  The application work fine before of to use Acegi and remove all it has to do with security. I inspect the Object " objref " before and after and this happen:
  BEFORE
  Class Name: control.ejb.GroupSessionFacadek1696tHomeImpl
  SuperClass : weblogic.ejb20.internal.StatelessEJBHome
  Implement : weblogic.ejb20.internal.StatelessEJBHome , control.ejb.GroupSessionFacadeHome
  AFTER
  Class Name: control.ejb.GroupSessionFacadek1696tHomeImpl
  SuperClass : weblogic.ejb20.internal.StatelessEJBHome
  Implement : weblogic.ejb20.internal.StatelessEJBHome
  Here The object no implements the InterfaceHome "control.ejb.GroupSessionFacadeHome" !!!!!!!!!, this is the cause of ClassCastException.
  What is the problem? Is it a security problem? and if so what do I need to remove or add in the application and has no dependence on anything for the security of Web Logic?
  The deploy descriptors are:
  IN THE WEB APPLICATION
  web.xml
  +<ejb-ref>+
  +<description>Reference to the GroupSessionFacade</description>+
  +<ejb-ref-name>ejb/GroupSessionFacade</ejb-ref-name>+
  +<ejb-ref-type>Session</ejb-ref-type>+
  +<home>control.ejb.GroupSessionFacadeHome</home>+
  +<remote>control.ejb.GroupSessionFacade</remote>+
  +</ejb-ref>+
  IN THE EJB
  ejb-jar.xml
  +<?xml version="1.0"?>+
  +<!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN' 'http://java.sun.com/dtd/ejb-jar20.dtd'>+
  +<ejb-jar>+
  +<enterprise-beans>+
  +<session>+
  +<description>GroupSessionFacade</description>+
  +<ejb-name>GroupSessionFacade</ejb-name>+
  +<home>control.ejb.GroupSessionFacadeHome</home>+
  +<remote>control.ejb.GroupSessionFacade</remote>+
  +<ejb-class>control.ejb.GroupSessionFacadeEJB</ejb-class>+
  +<session-type>Stateless</session-type>+
  +<transaction-type>Container</transaction-type>+
  +<ejb-ref>+
  +<ejb-ref-name>ejb/UserManager</ejb-ref-name>+
  +<ejb-ref-type>Session</ejb-ref-type>+
  +<home>control.ejb.UserManagerHome</home>+
  +<remote>control.ejb.UserManager</remote>+
  +</ejb-ref>+
  +<resource-ref>+
  +....+
  +     </enterprise-beans>+
  +<assembly-descriptor>+
  +<container-transaction>+
  +<method>+
  +<ejb-name>GroupSessionFacade</ejb-name>+
  +<method-name>*</method-name>+
  +</method>+
  +<trans-attribute>NotSupported</trans-attribute>+
  +</container-transaction>+
  +</assembly-descriptor>+
  +</ejb-jar>+
  weblogic-ejb-jar.xml
  +<?xml version="1.0"?>+
  +<!DOCTYPE weblogic-ejb-jar PUBLIC+
  +"-//BEA Systems, Inc.//DTD WebLogic 8.1.0 EJB//EN"+
  +"http://www.bea.com/servers/wls810/dtd/weblogic-ejb-jar.dtd">+
  +<weblogic-ejb-jar>+
  +<weblogic-enterprise-bean>+
  +<ejb-name>GroupSessionFacade</ejb-name>+
  +<transaction-descriptor>+
  +<trans-timeout-seconds>600</trans-timeout-seconds>+
  +</transaction-descriptor>+
  +...+
  +<enable-call-by-reference>True</enable-call-by-reference>+
  +<jndi-name>GroupSessionFacade</jndi-name>+
  +</weblogic-enterprise-bean>+
  +</weblogic-ejb-jar>+

  Hi,
  This is the forum to discuss questions and feedback for Microsoft Visio, I'll move your question to the SSIS forum
  http://social.technet.microsoft.com/Forums/sqlserver/en-US/home?forum=sqlintegrationservices
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
  George Zhao
  TechNet Community Support

• How to get Java source in applet stack trace to debug Java security manager

  How can I get line numbers for Java source in stack traces for my applet? I'm having a problem with my code-signing certificate. On one of my applets, I consistently get a NullPointerException inside the security dialog code in the JDK. As a result, either the "trust this applet" dialog never appears, or even though it appears, it defaults to untrusted because of the exception, so I can't access any local files (and that's a bit of a problem for an applet whose sole purpose is to upload files to our server). I unzipped src.zip in my JDK directory and set the debug flag for my Ant <javac> task as well as set debuglevel to "lines." Anything else? Here's the trace that I'm getting so far. See that after the NullPointerException it assumes that the user has denied permission. If I could read this Java source maybe I could figure out why it hates my code-signing certificate (jarsigner, BTW, never complains when I verify my jar).
  security: Blacklist file not found or revocation check is disabled
  security: Accessing keys and certificate in Mozilla user profile: null
  security: Loading Root CA certificates from D:\Program Files (x86)\Java\jre6\lib\security\cacerts
  security: Loaded Root CA certificates from D:\Program Files (x86)\Java\jre6\lib\security\cacerts
  security: Loading Deployment certificates from C:\Users\Rich\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
  security: Loaded Deployment certificates from C:\Users\Rich\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
  security: Loading certificates from Deployment session certificate store
  security: Loaded certificates from Deployment session certificate store
  security: Validate the certificate chain using CertPath API
  security: Obtain certificate collection in Root CA certificate store
  security: Obtain certificate collection in Root CA certificate store
  security: Start to check whether root CA is replaced
  security: The root CA has been replaced
  security: No timestamping info available
  security: Found jurisdiction list file
  security: Start checking trusted extension for this certificate
  security: Start comparing to jurisdiction list with this certificate
  security: The CRL support is disabled
  security: The OCSP support is disabled
  security: This OCSP End Entity validation is disabled
  security: Checking if certificate is in Deployment denied certificate store
  security: Checking if certificate is in Deployment permanent certificate store
  security: Checking if certificate is in Deployment session certificate store
  java.lang.NullPointerException
       at com.sun.deploy.ui.UIFactory.showSecurityDialog(Unknown Source)
       at com.sun.deploy.security.TrustDeciderDialog.showDialog(Unknown Source)
       at com.sun.deploy.security.X509Util.showSecurityDialog(Unknown Source)
       at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.isTrustedByTrustDecider(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.getTrustedCodeSources(Unknown Source)
       at com.sun.deploy.security.CPCallbackHandler$ParentCallback.strategy(Unknown Source)
       at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$700(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
       at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  security: User has denied the priviledges to the code
  security: Adding certificate in Deployment denied certificate store
  security: Added certificate in Deployment denied certificate store
  security: Loading certificates from Deployment session certificate store
  security: Loaded certificates from Deployment session certificate store
  security: Validate the certificate chain using CertPath API
  security: Obtain certificate collection in Root CA certificate store
  security: Obtain certificate collection in Root CA certificate store
  security: Start to check whether root CA is replaced
  security: The root CA has been replaced
  security: No timestamping info available
  security: Found jurisdiction list file
  security: Start checking trusted extension for this certificate
  security: Start comparing to jurisdiction list with this certificate
  security: The CRL support is disabled
  security: The OCSP support is disabled
  security: This OCSP End Entity validation is disabled
  security: Checking if certificate is in Deployment denied certificate store
  security: Checking if certificate is in Deployment denied certificate store

  Rats, now that I look at the stack trace and compare to what's in the JDK srce.zip, it appears that most of this code is not part of the JDK source. I don't see any com/sun/deploy, etc.