Setup AD integration With SGD

Similar Messages

• AD Integration with sap abap R/3 system

  Hi All,
  We are in the planning to setup AD integration with our present sap system, where ad user name is differently maintained and sap user ids are different. we don't have any java systems in our landscape. our requirement is simple , user id and password  authentication should be through AD.
  However was not able to find any specific implementation guide, it would be great if any one can share the best possible solution with steps to take an approach.
  I have already gone through many post but couldn't find any thing suitable for our scenario.
  Please help.
  Thanks and Regards
  JADS.

  Hi Patrick,
  Thanks for the link , we do not have SSO installed ,do we have to installation  sso. if yes could you please let me know  were can I find the installation Guide for the same.
  1. Our requirement is very simple we want achieve the user id disable unable locked unlock through AD and our ad user names and sap user names are different. and we have only abap systems as you mentioned abap does not support ad integration. what will be the best Approch if we have to achieve this in our landscape.
  Kindly help since im new to ad integration.
  Regards
  Jads.

• How To Setup A Local Exchange Server Integrated With Office365 For A Single Mailbox

  Hello,
  We recently migrated to Office365 but had an issue since we need more than 16 simultaneous connections to a single mailbox. Because of this, we need to deploy a local Exchange Server that will be used to host a single mailbox that requires up to 500 simultaneous
  connections for a Contact Center application. I'm looking for information on how to setup the local Exchange Server to basically create a local instance of a mailbox hosted on Office 365. So we can have our application open the numerous simultaneous connections
  to our local server which will then connection to Office 365 to send/receive email through the mailbox hosted on Office365.
  Please let me know if you have any information or resources you can direct me toward.
  Thanks,
  Chris

  Hi,
  To deploy local Exchange server integrated with Office 365, we can depend on Exchange Server Deployment Assistant:
  http://technet.microsoft.com/en-us/exdeploy2013/Checklist?state=2419-W-AAAAAAAAQAAAAAEAAAAAAAA%7e
  Please note that there may be 9646 error if there are many simultaneous connections at the same time.
  Thanks,
  Angela Shi
  TechNet Community Support

• Service desk integration with 3rd party tool

  Hi all,
  I've problems understanding the setup of connecting a 3rd party service desk tool with solman itsm.
  So far it's clear that I need to activate and configure the service provider and consumer in soamanager.
  The webservice then will be called by the 3rd party tool with corresponding data.
  However, according to spro I need to define a value mapping for incoming/outgoing calls.
  I do not understand this mapping... the WSDL of webservice ICT_SERVICE_DESK_API contains lots of fields, but in spro -> value mapping I can only define the following fields (which are hard coded in type pool AIICT):
  SAPCategory
  SAPComponent
  SAPDatabase
  SAPFrontend
  SAPIncidentID
  SAPIncidentStatus
  SAPInstNo
  SAPOperatingSystem
  SAPSoftwareComponent
  SAPSoftwareComponentPatch
  SAPSoftwareComponentRelease
  SAPSubject
  SAPSystemClient
  SAPSystemID
  SAPSystemType
  SAPUserStatus
  What about attachments, priority etc.?
  Will the interface parameters mapped to these ones?
  For what purpose do I need to maintain the value mapping?
  Can you give me a hint?
  Regards, Richard Pietsch

  can you please check the WIKI Solution manager Service Desk Integration with third party service desk - SAP Solution Manager - Security and Authorizat…

• Error on setup failover cluster with Windows 2008 R2 enterprise and SQL Server 2008 R2 (also with SP1)

  Hi!
  The setup process fails with this error:
    Configuration error code:     
  0x1C2074D8@1216@1
    Configuration error description: There was an error setting private property 'VirtualServerName' to value 'CLUSTER02' for resource 'SQL Server'.  Error: Value does not fall within the expected range.
  I have found some hints by google, but nothing really helpfull.
  Has anyone had a simular problem when installing SQL server 2008 R2?
  All posts I found are about sql server 2008 (no R2!).
  The cluster itself is working (storage, network, msdtc, quorum...).
  Any hints?
  Andreas
  Here is the complete log:
  Overall summary:
    Final result:                  Failed: see details below
    Exit code (Decimal):           -2067791871
    Exit facility code:            1216
    Exit error code:               1
    Exit message:                  Failed: see details below
    Start time:                    2012-04-06 11:23:57
    End time:                      2012-04-06 12:01:21
    Requested action:              InstallFailoverCluster
    Log with failure:              C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120406_112205\Detail.txt
    Exception help link:           http%3a%2f%2fgo.microsoft.com%2ffwlink%3fLinkId%3d20476%26ProdName%3dMicrosoft%2bSQL%2bServer%26EvtSrc%3dsetup.rll%26EvtID%3d50000%26ProdVer%3d10.50.2500.0%26EvtType%3d0x625969A3%400x294A9FD9
  Cluster properties:
    Machine name: OC-SQLCL02ND01
    Product              Instance             Instance ID                   
  Feature                                  Language            
  Edition              Version         Clustered
    Machine name: OC-SQLCL02ND02
    Product              Instance             Instance ID                   
  Feature                                  Language            
  Edition              Version         Clustered
  Machine Properties:
    Machine name:                  OC-SQLCL02ND01
    Machine processor count:       32
    OS version:                    Windows Server 2008 R2
    OS service pack:               Service Pack 1
    OS region:                     United States
    OS language:                   English (United States)
    OS architecture:               x64
    Process architecture:          64 Bit
    OS clustered:                  Yes
  Product features discovered:
    Product              Instance             Instance ID                   
  Feature                                  Language            
  Edition              Version         Clustered
  Package properties:
    Description:                   SQL Server Database Services 2008 R2
    ProductName:                   SQL Server 2008 R2
    Type:                          RTM
    Version:                       10
    Installation location:         G:\x64\setup\
    Installation edition:          STANDARD
    Slipstream:                    True
    SP Level                       1
  User Input Settings:
    ACTION:                        InstallFailoverCluster
    AGTDOMAINGROUP:                <empty>
    AGTSVCACCOUNT:                 MANAGEMENT\sqladmin
    AGTSVCPASSWORD:                *****
    ASBACKUPDIR:                   S:\OLAP\Backup
    ASCOLLATION:                   Latin1_General_CI_AS
    ASCONFIGDIR:                   S:\OLAP\Config
    ASDATADIR:                     S:\OLAP\Data
    ASDOMAINGROUP:                 <empty>
    ASLOGDIR:                      S:\OLAP\Log
    ASPROVIDERMSOLAP:              1
    ASSVCACCOUNT:                  MANAGEMENT\sqladmin
    ASSVCPASSWORD:                 *****
    ASSVCSTARTUPTYPE:              Automatic
    ASSYSADMINACCOUNTS:            MANAGEMENT\administrator
    ASTEMPDIR:                     S:\OLAP\Temp
    CONFIGURATIONFILE:             C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120406_112205\ConfigurationFile.ini
    CUSOURCE:                     
    ENU:                           True
    ERRORREPORTING:                False
    FAILOVERCLUSTERDISKS:          Cluster Disk 3,Cluster Disk 4,Cluster Disk 5
    FAILOVERCLUSTERGROUP:          SQL Server (MSSQLSERVER)
    FAILOVERCLUSTERIPADDRESSES:    IPv4;172.29.2.122;Cluster Network 2;255.255.255.0,IPv4;172.29.3.122;Cluster Network 3;255.255.255.0
    FAILOVERCLUSTERNETWORKNAME:    CLUSTER02
    FARMACCOUNT:                   <empty>
    FARMADMINPORT:                 0
    FARMPASSWORD:                  *****
    FEATURES:                      SQLENGINE,REPLICATION,FULLTEXT,AS,RS,BIDS,CONN,IS,BC,SSMS,ADV_SSMS
    FILESTREAMLEVEL:               0
    FILESTREAMSHARENAME:           <empty>
    FTSVCACCOUNT:                  NT AUTHORITY\LOCAL SERVICE
    FTSVCPASSWORD:                 *****
    HELP:                          False
    INDICATEPROGRESS:              False
    INSTALLSHAREDDIR:              C:\Program Files\Microsoft SQL Server\
    INSTALLSHAREDWOWDIR:           C:\Program Files (x86)\Microsoft SQL Server\
    INSTALLSQLDATADIR:             S:\
    INSTANCEDIR:                   C:\Program Files\Microsoft SQL Server\
    INSTANCEID:                    MSSQLSERVER
    INSTANCENAME:                  MSSQLSERVER
    ISSVCACCOUNT:                  NT AUTHORITY\SYSTEM
    ISSVCPASSWORD:                 *****
    ISSVCSTARTUPTYPE:              Automatic
    PASSPHRASE:                    *****
    PCUSOURCE:                     d:\install\mssql\sp1
    PID:                           *****
    QUIET:                         False
    QUIETSIMPLE:                   False
    RSINSTALLMODE:                 FilesOnlyMode
    RSSVCACCOUNT:                  MANAGEMENT\sqladmin
    RSSVCPASSWORD:                 *****
    RSSVCSTARTUPTYPE:              Automatic
    SAPWD:                         *****
    SECURITYMODE:                  SQL
    SQLBACKUPDIR:                  <empty>
    SQLCOLLATION:                  SQL_Latin1_General_CP1_CI_AS
    SQLDOMAINGROUP:                <empty>
    SQLSVCACCOUNT:                 MANAGEMENT\sqladmin
    SQLSVCPASSWORD:                *****
    SQLSYSADMINACCOUNTS:           MANAGEMENT\administrator
    SQLTEMPDBDIR:                  <empty>
    SQLTEMPDBLOGDIR:               L:\MSSQL10_50.MSSQLSERVER\MSSQL\Data
    SQLUSERDBDIR:                  T:\MSSQL10_50.MSSQLSERVER\MSSQL\Data
    SQLUSERDBLOGDIR:               L:\MSSQL10_50.MSSQLSERVER\MSSQL\Data
    SQMREPORTING:                  False
    UIMODE:                        Normal
    X86:                           False
    Configuration file:            C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120406_112205\ConfigurationFile.ini
  Detailed results:
    Feature:                       Database Engine Services
    Status:                        Failed: see logs for details
    MSI status:                    Passed
    Configuration status:          Failed: see details below
    Configuration error code:     
  0x1C2074D8@1216@1
    Configuration error description: There was an error setting private property 'VirtualServerName' to value 'CLUSTER02' for resource 'SQL Server'.  Error: Value does not fall within the expected range.
    Configuration log:             C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120406_112205\Detail.txt
    Feature:                       SQL Server Replication
    Status:                        Failed: see logs for details
    MSI status:                    Passed
    Configuration status:          Failed: see details below
    Configuration error code:     
  0x1C2074D8@1216@1
    Configuration error description: There was an error setting private property 'VirtualServerName' to value 'CLUSTER02' for resource 'SQL Server'.  Error: Value does not fall within the expected range.
    Configuration log:             C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120406_112205\Detail.txt
    Feature:                       Full-Text Search
    Status:                        Failed: see logs for details
    MSI status:                    Passed
    Configuration status:          Failed: see details below
    Configuration error code:     
  0x1C2074D8@1216@1
    Configuration error description: There was an error setting private property 'VirtualServerName' to value 'CLUSTER02' for resource 'SQL Server'.  Error: Value does not fall within the expected range.
    Configuration log:             C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120406_112205\Detail.txt
    Feature:                       Analysis Services
    Status:                        Passed
    MSI status:                    Passed
    Configuration status:          Passed
    Feature:                       Reporting Services
    Status:                        Passed
    MSI status:                    Passed
    Configuration status:          Passed
    Feature:                       Integration Services
    Status:                        Passed
    MSI status:                    Passed
    Configuration status:          Passed
    Feature:                       Client Tools Connectivity
    Status:                        Passed
    MSI status:                    Passed
    Configuration status:          Passed
    Feature:                       Management Tools - Complete
    Status:                        Passed
    MSI status:                    Passed
    Configuration status:          Passed
    Feature:                       Management Tools - Basic
    Status:                        Passed
    MSI status:                    Passed
    Configuration status:          Passed
    Feature:                       Client Tools Backwards Compatibility
    Status:                        Passed
    MSI status:                    Passed
    Configuration status:          Passed
    Feature:                       Business Intelligence Development Studio
    Status:                        Passed
    MSI status:                    Passed
    Configuration status:          Passed
  Rules with failures:
  Global rules:
  There are no scenario-specific rules.
  Rules report file:               C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20120406_112205\SystemConfigurationCheck_Report.htm

  Hi Andreas Plachy,
  Please make sure that the Virtual Server Name ‘CLUSTER02’ is unique on the network. In addition, are there any resources named ‘SQL Server’ on the Windows cluster? If that is the case, you may need to rename the related resources to avoid conflicting with
  SQL Server, and try again.
  Stephanie Lv
  TechNet Community Support

• Integration with mm,sd ,pp

  HI,
  ALL
  I need to now the integration betwwen sd mm pp with fi co i am going to work on an implementation project pls give clear explanation with all steps in all modules related to integration with fi/co. and pls give the effect for field selection in other modules except fi. i am an fi consultant but never worked on integration area . pls send the needful information to this mail id
  [email protected] .
  thank u all
  Regards
  chandra.

  Dear Chandra,
  Visit the following links:
  http://surya-padhi.net/documents/fi_mm_integration.pdf
  http://surya-padhi.net/documents/fi_sd_integration.pdf
  http://www.sap-img.com/sap-sd/link-between-sap-sd-mm-and-fi.htm
  FI_MM:
  1) Define plant OX10
  2) Define division OVXB
  3) Define storage location OX09
  4) Maintain purchasing org
  5) Assign plant co code OX18
  6) Assign bus area to plant/valuation area and division OMJ7
  7) Assign purchasing org to co. code OX01
  8) Assign purchasing to plant OX17
  9) Create material grp OMSF
  10) Creation of purchasing grp OME4
  11) Maintain co. codes for material mgt OMSY
  12) Define attributes of material types OMS2
  13) aintain plant parameters
  14) Set tol limits for price variance for purchase order
  15) Set tol limits for goods receipt OMC0
  16) Maintain default values for tax codes OMR2
  17) Set tol limits for invoice verification OMR6
  18) Define automatic status change for invoice verification in background
  19) Group together valuation areas OMWD
  20) Define valuation class OMSK
  21) Creation of G/L masters FS00
  22) Assignment of accts for automatic postings OBYC
  23) Doc types and No. ranges OBA7
  24) MM vendor master creation XK01
  25) Material master creation MM01
  26) Creation of purchase order ME21N
  27) Goods receipt MIGO
  28) To view material doc MB03
  29) Invoice verification MIRO
  30) Goods issue for consumption MB1A
  31) To view material ledger MB5B
  FI-SD:
  • The basis of the sales process is the sales order. After receiving an inquiry from a customer a sales order has to be created to start the process.
  • The sales order is generated on the level of the distribution chain. The ordered items may belong to different divisions. The sales order is an SD document and does not lead to posting in Financial Accounting.
  • After the sales order is entered, the system performs an availability check for the desired delivery date.
  • At the day of the shipping , a delivery document is created. The delivery is not ready for billing before the goods are picked from the warehouse inventory and posted as goods issue.
  For the picking process, the warehouse management functionality is used. A warehouse transfer order has to be created which generates the picking request. The requested goods are picked from the warehouse and prepared for the delivery.
  The goods to deliver are posted as goods issued . A goods issue document is created in MM and an accounting document is created in FI to post the goods issued on the right G/L accounts.
  • The concluding activity in Sales and Distribution is billing . A billing document is created in SD and a printed invoice is sent to the customer. Simultaneously, an FI document is generated to post the receivables and revenues on the right accounts.
  1)Insert regions OVK2
  2)Define sales organization OVX5
  3) Define distribution channel OVX1
  4) Define shipping point OVXD
  5) Assign sales organization to co.code OVX3
  6) Assign distribution channel to sales organization OVXK
  7) Assign division to sales org OVXA
  8) Assign sales org/distribution channel to plant OVX6
  9) Assign shipping point to plant OVXC
  10) Setup sales area OVXG
  11) Define rules by sales area OVF2
  12) Define pricing procedure determination
  13) Define tax determination rules
  14) Creation of G/L accts FS00
  15) Assign G/L accts VKOA
  16) Setup partner determination
  17) Assign shipping points OVKC
  18) Creation of SD customer master XD01
  19) Creation of finished goods material master MM01
  20) Maintain condition types VK11
  Regards,
  Naveen.

• SAP B1 8.8 integration with Crystal report

  Hi Experts,
  Is there different Installer for SAP B1 8.8 version.
  I installed crystal report for SAP B1, but I am getting following error
  " External connection to database failed. SAP Crystal add on may not function properly. Please rerun the Account setup with Superuser login"
  I am login as Super User & When i am trying to open Account Setup , i am getting following error -
  " Item - Could not commit action because the item is currently in focus. [ 66000-23]
  could you please suggest, possible solution
  tks,
  Sb1

  Hi Sb1,
  There is no external addon and installer for Crystal report integration with SBO 8.8. Just install SBO8.8 and CR2008 is using for only designing the reports. SAP already incorporated all the related integration in SBO 8.8 version.
  Thanks
  Sachin

• CRM IC email integration with Google

  Dear all,
  We have a CRM IC („OnPrem“) prospect. The customer's corporate email system is based on Google.
  Would anybody be able to share some information regarding the feasibility of CRM IC ERMS integration
  with Google for in and outbound email communication (SCOT interface).
  Your input is very much appreciated.
  Best regards,
  Henrik
  Mit freundlichen Grüßen / Best
  Regards,
  Henrik Vogt
  Senior Consultant
  SAP Deutschland SE & Co. KG I
  Rosenthaler Str. 30 I 10178 Berlin I Germany
  M   +49 160 90819696 I mailto:[email protected] I http://www.sap.de

  Hello,
  I think you're missing one setup step in the client-side groupware integration: the customizing.
  In SPRO>CRM>CRM Middleware and related comp-->Settings for client-based synchronization.
  The reason why your reply button is inactive is probably due to the missing custo setting. In the custo activity mentioned above you must specify which transaction types you'll use for incoming and outgoing e-mails. If eg the outgoing email transaction type is disabled, the buttons on the screen to send an outgoing e-mail (reply) will also be disabled.
  P.S. The setup of client-based groupware integration is also described in building block C31 Activity Management (chapter 3.6) of the SAP best practices on help.sap.com. An installation guide is also available on service.sap.com.
  Hope this helps,
  Kind regards,
  Joost

• Autodiscover not working correctly when Office 365 integrated with Server Essentials 2012 R2

  Hello!
  This last weekend I setup our server as new and to ease the creation of users, integrated with our Office 365 (which to this point has worked fine) and imported the users. This had a somewhat unexpected side effect in that the import used the email address
  as for the user forename and then synced that change back to Office 365 and so needed to enter this information back in on the dashboard which synced back to Office 365. This may or may not have any relevance to our issue below.
  I should also point out that we have our own domain name so within the original Office 365 setup we had just one .onmicrosoft.com user with all the rest setup with our own domain name.
  At the weekend when it came to the client install, Outlook (2010 or 2013) would fail on the autodiscover with it asking again for credentials but critically displaying a server name of .contoso.com rather than the office365srvr.contoso.com . As I mention,
  Office 365 had been operating fine for some time and DNS records where checked and have been set for sometime. I spoke to Office 365 support and after a while come up with a temporary solution (so that I could complete the client installs) of assigning each
  user a onmicrosoft address, using that in the new account wizard to pick up the server correctly and then signing in the the Office 365 .contoso.com credentials.
  This worked OK to get us past the weekend (although I am having to reset up profiles on quite number of users where they get disconnected but with no credentials box appearing) but isn't a solution. The clients do not see public folders or their archives
  and of course we don't want to keep having to reset the profiles.
  I'm think that there must be something in the internal network that needs reconfiguring but I don't know what. I have tried pointing the client to an external DNS server just in case the internal DNS server was throwing the autodiscover out but this has
  made no difference.

  Ah - solved my own problem.
  Despite the domain DNS record looking OK and the Office 365 Portal domain checker not highlighting any issue, it looks as though the autodiscover is picking up an imap account provided by the web host.
  I've added an alias on the local DNS server to point to the Office 365 autodiscover server and this has solved the problem.

• Steps: SNC (Supplier Network Collaboration) Integration with ECC through XI

  Hi,
  Has anyone worked on the SNC(Supplier Network Collaboration) integration with SAP ECC via SAP XI.
  Could you pls share any documentation related to this. And also could anybody tell me the setup required to go ahead with the integration.
  Thanks,
  S

  Hi Xavier,
  SNC integration with XI has predefined mappings. So ask your basis guys to download the XI content for SNC using with PI. Once they deployed you will have a builtin predefined content in XI. Within the predefined content mostly they all are xsl mappings.
  If your requirement is with the standard idocs then you can use them directly. Else if their is customization they you may need to change the mappings according to your requirements.
  Also check this help:
  http://help.sap.com/esoa_scm_snc2007/helpdata/en/index.htm
  Regards,
  ---Satish

• MeetingPlace Video Integration with 3515MCU problem

  Hi,
  I am trying to setup MeetingPlace Video Integration with a Cisco 3515 MCU and cannot get it to work. The eventlog for MeetingPlace Gateway is giving me errors about the initialization problems. A couple of such errors are:
  MPAgent (0x0150) Warning: Conference technology provider initialization failed (0x80040201). err=1
  MPVidSvc MPVideo 11:05:52-> CMcuController::processCmdRegAuthorize() Register as administrator failed. UNregistering....
  MPVidSvc MPVideo 11:06:02-> CMcuController::uninitialize() Uninitializing CMcuController.......
  Both MeetingPlace and MCU conferencing are working as they should, but I can't get the Video Integration working. From what I can tell by these messages, MeetingPlace cannot talk to the MCU to administer conferences. I have setup and configured a user on the MCU for MeetingPlace to use.
  Has anyone got MeetingPlace working with a 3515 MCU?
  Thanks,
  Richard.

  Richard,
  I'm having the same problem but with MCU 3540. This problem begin occur after I change the service number 70. My scenario is 2 sites. Each site have 1 cluster?s CCM, 1 MCU?s 3540 and the main site I have 1 MP system with 1 MP IP gateway and web conference in the same server. What the version of MP and MCU you are using ? I'm using MP V 5.3.333.0 and MCU V 4.2.10.

• ISE integration with Mobile Device Management ( MDM ) help required

  Dear Techies,
       Am here bring to your notice an different issue and no much resources to support even in PEC or Cisco Document.
       We are conduction a Proof Of Concept (PoC) on  Secure Bring Your Own Device ( BYOD ) using Cisco ISE and gonna test all the scenarios like Wired, Wireless and VPN user access.
  Setup Brief :
  =========
        Our Setup has  ISE VM acting as Admin, Monitor and Profiling Device, we have NAC 3315 physical Appliance as Inline posture Device, Wireless LAN controller, Access point and the Identity source as Microsof Active Directory
       Having Plans to Integrate Mobile Device Management ( MDM ) and Citrix VDI setup also.
  Activity Brief:
  =========
       As of now we have tested the Wired Scenario Authentication and authorization for guest users and gonna carry out the profiling and posture.
  Clarifications Required
  ================
  Wired Scenario - Require some configuration / steps on how to carryout posture for the guest wired users i.e. LAPTOP.
  Wireless Scenario
  MDM can be integrated to ISE ? 
  How the MDM can be integrated to Cisco ISE configuration or Guide to show the same?
  What is the demarcation between MDM and ISE ( i.e. What is the role of ISE and MDM on Mobile Devices ) ?
  If MDM is available so then when the control of ISE ends, does MDM do management or ISE will do management of the devices ?
  Is MDM will do client provisioning or ISE should do ?
  Is MDM send or update patches of Mobile Devices ?
  As of now these are the scenarios, kindly revert if any good documents to show this or share your expertise on the Integration Part.
  Thanks for Reading...
  Arun

  I would like to avail your valuable inputs to understand on the  Client provisioning part for the Mobile Devices/ Laptop. I understand  from your reply that MDM integration is not available in the current  release ISE 1.1 - That is correct.
  Kindly let me know your views or any documents on the following scenarios with the current release in mind
  1. User  with Mobile devices connecting to Wireless  ( both Employee  and Guest ) , How the Flow differs for the Employee and Guest.  How the  client provisioning is done ( i.e. Like Posturing  or Compliance Check  ).
  The posturing and compliance check is done based on the user authentication information (i.e. AD memberOf vs Guest user) combined with the users endpoint (windows, mac osx, or a mobile device), ISE then has a few decisions to make based on the authorization policies. For example, if a Domain User coming from a Windows 7 machine joins the network, then can either use the nac agent, or the web agent. Then you can scan for registry settings, file settings, program requirements, hotfix compliance...and the list goes on. If the user fails a check then you can either assign an acl for the user so they only have guest access, or you can place them into a remediation vlan the options are entirely up to the requirements and however the solution is implemented.
  2. User  with Laptop  connecting to Wireless  ( both Employee  and Guest ). How the client provisioning is done ( i.e. Like Posturing   or Compliance Check ).
  Guests are usually redirected to the guest portal which they authenticate and their user group falls within the Guest container that is on the ISE internal database, that is usually coupled with an authorization profile that grants them internet access. For the client provisioning, that is usually done based on the operating system, via profiling (dhcp, and user agent string., netmap...etc) and can be fine tuned for all laptops or to a specific set of users based on their group membership.
  3. What are advantages of having ISE also in  place for Mobile devices, since most of the Mobile related tasks ( like  Authentication, Authorization, Profiling and  Posture ) are carried out  by MDM. I am checking for the significant advantage of having ISE for  Client network having only Mobile devices. Kindly clarify.
  Currently the advantage of Cisco ISE is that it supports profiling within wireless and really fits well within a network that has mostly Cisco products since they are all part of of the Borderless security initiative being driven on the backend. The product teams for wireless, wired, security (vpn..etc) and ISE are pretty close in building their solutions so that you can get connected with any device any where (sorry for the sales pitch). The latests wireless code is improving and is going to have support similar to the ios sensor for wired devices where dhcp, cdp, and other attributes can be sent in the radius packet for better profiling decisions. With integration for an MDM platform coming soon, and also support for TACACS rumored (have to verify with your account rep) you have options that really stand out from a unit that only supports MDM. Cisco ISE also comes with a wireless product ID so that makes the budget work when it comes to deploying ISE if you arent looking for enforcement on your wired devices.
  4. Do you recommend 802.1X Authentication to use for the Employee and Contractor? The Guest user  authentication as Open ?
  For internal users and vendors the best option by far is dot1x, almost all operating systems are capable of performing dot1x and the 1.1.1 MR has a piece now that can provision the supplicant for the users, by using scep to enroll certificates or configure peap settings.
  There is a feature within the guest portal that allows you to statically assign guests into endpoint group, that feature is called device registration web authentication. It seems like an open network but uses mac filtering to assign these devices to an endpoint without requiring users to enter any credentials. They are presented with an AUP page, once they accept their mac address is mapped to the endpoint group
  5. How can we ensure the Encryption of traffic from the Guest user to the NAD ( Network Access devices ) ?
  This may be a wireless question but I am sure the encryption is done using AES and using dot1x as the key management here is a brief background for this - http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#L2
  You can also use the anyconnect client which can provide macsec which is layer 2 encryption for wired - http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-622477_ns1049_Networking_Solutions_Q_and_A.html
  6. We are also looking for VDI  ( Citrix, VMware ) solution for the  client  ( both Employee and Guest ) , how ISE can play a role in  securing the VDI environment.
  For most thin clients you can perform dot1x authentication on the device itself, however that is something the manufacturer will have to support. This is a little gray for me.
  7. Is that any integration required  with Citrix or VMware. How the  VDI can be offered based on the User  role ( i.e. Employee, Contractor or Guest ), since Guest database is  available only with ISE, how the checks are made from the VDI  environment.
  IN ISE there is an identity sequence which can authenticate users in AD first, if the user is not found then it can look in the internal database.
  Our solution demands  MDM in the integrated  solution, As on today ISE cant be integrated with MDM. so what kind of  solution we can propose to have MDM and Cisco ISE .Do the clients now  enter the network should have already installed the MDM agent (or) any  other way of pushing the same to the Client.
  Today there is no integration between the devices, the last release time I heard was December for this feature. However it would be best to confirm with your Cisco Account rep on this issue.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• SiteMinder integration with the internal and external facing portals

  Hi ,
  We are in development phase for SiteMinder integration with the internal and external facing portals.The proposed dual authentication scheme which requires both SiteMinder for External facing portal (EFP) and LDAP for Internal portal .is it possible?
  and is it possible to main to diff LDAP directories one is external users and one is for internal users.?
  If you maintain  2 diff(external & internal) LDAP Directories in Siteminder Policy Server  what about  external users which are  not exit in portal data source .
  I appreciate if anyone  can help me for my above query .
  Regards
  Tag

  Hey Tag,
  We do have a physical external Portal and a physical internal portal.  The both the external and internal are connected to 2 LDAP directories.
  For example the External Portal is connected to the Employee LDAP Direcotry and the Customer LDAP Directory.  The Internal Portal is connected to the US Employee LDAP Direcotry and the EMEA LDAP Directory.
  So each one of them is connected to 2 different LDAP Directories.
  I believe that the Siteminder Policy is setup such that the Internal portal has a policy and the External portal has a seperate policy on the same Siteminder Server.  Then each of the Policies is configured to connect to the approiate LDAP Directories.
  You have to maintain the LDAP Directory information in both the portal and Siteminder Policy Server.  It is required in the policy server so that it can authenticate the user and it is required in the Portal server so that it can authorize the user and display content based on thier assigned roles.
  Hope that helps.
  Regards,
  Keith

• Ale master data scenario integration with non sap syetem i.e seebeyound

  hi
  we have a business process scenario integrating with non sap system (i.e seebeyound)
  action code      itemnumber    plant code
  a(add)          material1     plant 2
  d(delete)       material 3    plant 6
  etc
  we have upto one million materials assigned to 300 plants
  we have to send all the above data to non-sap system (see beyound)
  should we go for a custom idoc and setup the rfc configuration for the two sytems.
  or can you please help how to go for this scaneriao

  this is not one time.it is on daily basis.
  please look at this scenario.what i need is how should i go for ale/idoc scenario for this one
  Business case for Heiler Part/Plant Interface:
  A key function of the Heiler PBC tool is to provide users a choice
  between a "Global Catalog View" (e.g. all parts in the catalog) or a
  "Local Catalog View" (e.g. the subset of parts in the catalog that have
  a Material Master established for the user's plant in SAP).  The "Local
  Catalog View" is the default condition and encourages users to procure
  parts that are on contract for their plant and potentially already
  stocked as an inventory item at their plant.  Parts that are not in a
  user's "Local Catalog View" can only be procured as a spot buy purchase
  order, requiring processing by a buyer.
  The new Part/Plant interface is required in order for the Heiler PBC
  tool to provide this "Local Catalog View" function.  The Heiler
  Part/Plant table will document what plants in SAP have a Material Master
  record established for each part.  SAP will maintain the Heiler
  Part/Plant table using this interface.  When a user performs a part
  search in the Heiler PBC tool, the Part/Plant table determines if a part
  is included in the user's "Local Catalog View".

• Performance problem with Integration with COGNOS and Bex

  Hi Gems
  I have a performance problem with some of my queries when integrating with the COGNOS
  My query is simple which gets the data for the date interval : "
  From Date: 20070101
  To date:20070829
  When executing the query in the Bex it takes 2mins but when it is executed in the COGNOS it takes almost 10mins and above..
  Any where can we debug the report how the data is sending to the cognos. Like debugging the OLEDB ..
  and how to increase the performance.. of the query in the Cognos ..
  Thanks in Advance
  Regards
  AK

  Hi,
  Please check the following CA Unicenter config files on the SunMC server:
  - is the Event Adapter (ea-start) running ?, without these daemon no event forwarding is done the CA Unicenter nor discover from Ca unicenter is working.
  How to debug:
  - run ea-start in debug mode:
  # /opt/SUNWsymon/SunMC-TNG/sbin/ea-start -d9
  - check if the Event Adaptor is been setup,
  # /var/opt/SUNWsymon/SunMC-TNG/cfg_sunmctotng
  - check the CA log file
  # /var/opt/SUNWsymon/SunMC-TNG/SunMCToTngAdaptorMain.log
  After that is all fine check this side it explains how to discover an SunMC agent from CA Unicenter.
  http://docs.sun.com/app/docs/doc/817-1101/6mgrtmkao?a=view#tngtrouble-6
  Kind Regards