SSL Accelerated Service and device groups

Similar Messages

• SSL Accelerated Services

  Hi All,
  I'm about to create the first SSL accelerated services for my customer and need to confirm a design point in advance of my deployment window.
  I have one *.xyz.com wildcard domain and server port and 2 certificates.  One of the certs is for an interim environment and the other for the main environment which is not yet live.  Can I associate both certificates to the same wildcard domain & port?  I'd ideally like to do this to allow for a seamless transition between the two environments or do I need to delete the interim cert and install the main one on the transition date?
  Thanks
  Claire

  I dont think you can associate both certificates to the same wild card domain & port. You can use one at a time.

• WAAS statistics for SSL accelerated services

    Hi all,
  the customer has configured two SSL accelerated services on the core WAVEs. He would like to monitor both these services separatelly. He uses SSL accelerated report, but there is summary statistics from both services. Is possible to create an application per SSL service for the collection statistics? For example: when I will have two SSL accelerated services ssl1 and ssl2, is possible to monitor statistics for ssl1 and monitor statistics for ssl2?
  Thank you
  Roman

  I dont think you can associate both certificates to the same wild card domain & port. You can use one at a time.

• Register Relationships and Device Grouping

  Hi All,
  Can anyone provide me some documentation on Register Relationships and Device Grouping in IS-Device Management and the respective use of the same.
  Use means I mean: on which business cases we are going for register relationships and device grouping and the needed configuration needed to be done.

  Hi Niladri,
  Please go through the below link
  http://help.sap.com/saphelp_rc10/helpdata/en/9c/862f9c10df11d285250000e8200ef0/frameset.htm
  If you still face any problem do let us know.
  Regards,
  S

• Common Services and device removal

  Hello group,
  Just joined our new Ciscoworks server to our ACS server per the documentation and everything went fine except for the device import from LMS to ACS. Anyway, I have gone through and added a bunch of our devices to ACS manually and now they show up in CS, RME, etc. However, there is now a disproportionate amount of devices that are not in ACS versus devices in ACS.
  My question is simply, can I remove those devices that are listed as "Not configured in ACS"? I tried to use the dcrcli command from the LMS server, but I get an error resembling a permission denied. Is a purge of devices possible?
  Many thanks in advance,
  AJ Schroeder

  Here is the error that I get when trying to remove devices from the dcrcli command (this is with the local admin account):
  Exception in thread "main" com.cisco.nm.dcr.DCRException: Authorization Failed
          at com.cisco.nm.dcr.LocalDCR.getMatchingDevices(Unknown Source)
          at com.cisco.nm.dcr.DCRProxy.getMatchingDevices_DIRECT(Unknown Source)
          at com.cisco.nm.dcr.DCRProxy.getMatchingDevices(Unknown Source)
          at com.cisco.nm.dcr.DCRcli.performDel(Unknown Source)
          at com.cisco.nm.dcr.DCRcli.start(Unknown Source)
          at com.cisco.nm.dcr.DCRcli.main(Unknown Source)
  I also tried with the system identity account and got rejected as well:
  Error in Delete Device: User is not authorized to perform the task on device.
  Hope this helps,
  AJ Schroeder

• NCM Device Group owner

  We are currently running NCM 1.3 (Build 4045-112607). I am wondering if it is possible to define a default owner for Sites, Parent Device Groups, and Device Groups? Our dilemma is we have several engineers with the ability to create these containers. Once an engineer leaves you cannot delete their account as long as they are owners of a Site, Parent Device Group, or Device Group. I know if you have admin privileges you can select the owner of the Device Group at creation. Is there a way or is it possible to select/change the owner of a Site or Parent Device Group?

  Hello Thorsten, I checked your helpful link, but it doesn't change the situation.
  In my opinion I have an inconsistency in the ccr repository, but it is not my intention to edit it directly.
  On node is left, and the diskset is Online:
  ! root@pixtest1:/ # scstat -D
  -- Device Group Servers --
                           Device Group        Primary             Secondary
    Device group servers:  jboss-set           pixtest1            pixtest2
  -- Device Group Status --
                                Device Group        Status             
    Device group status:        jboss-set           Online
  -- Multi-owner Device Groups --
                                Device Group        Online Status
  ! root@pixtest1:/ # metaset -s jboss-set -d -h pixtest2
  metaset: pixtest1: jboss-set: host pixtest2 is not in the set
  ! root@pixtest1:/ # metaset -s jboss-set -d -h pixtest1
  metaset: pixtest1: Failed to delete hosts from DCS service: No such file or directory
  ! root@pixtest1:/ # metaset -s jboss-set
  Set name = jboss-set, Set number = 2
  Host                Owner
    pixtest1      No messages are logged in syslog as I execute the commands.
  -- Nick

• Shared services and Essbase Sync issue

  Hi,
  Today morning all of sudden lot of users raised an issue that they can't see few applications while connecting through Smart view. I have checked Shared services and the groups are already provisoned. Finally I ran alter system resync sss and after the syncing its fine.
  Any reasons why this morning Syncing was not there.
  Thanks..

  Its fascinating, if the users are provisioned too they can see other applications in smart view and that's what I heard but never checked on it, Is there any possible filters where they cant see it ?
  If so please let me know.

• CSM per admin group using per device group

  I am looking to see if multiple admin and device groups can be created to limit certain administrators to administrate only certain devices but not others.
  For example:
  admin group "ag_na" (including user admin1 & admin2)  can make changes to device group "dg_na" containing (device 1, device 2) only
  admin group "ag_ca" (including user admin3 & admin4) can make changes to device group "dg_ca" containing (device30 & device31) only
  Any tips on if / how to do this?
  Thanks

  You can do it by integrating the CSM into an ACS v4.2 and doing RBAC. There you can define for which NDGs a user has which access policy.
  http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.1/installation/guide/aduser.html#wp1063220
  Unfortunately this is a short-therm solution as ACS v4.2 has been put to EoS and no real alternative methods are available today. Hopefully Cisco will come up with a new solution on the long-therm.

• 2-Way SSL Web Service AssertionError

  I am using weblogic 9.1 and 2-way ssl-based web services. The issue is that when a stand-alone client accesses the web services, via the BEA recommended way, a host of errors occurs. Initially I had the webserviceclient+ssl.jar on the client classpath in addition to the weblogic.jar which were both in my development lib directory, and worked from there. Here is the progression of errors:
  1. ClassDefNotFound exception: weblogic.xml.schema.binding.util.ClassUtil$ClassUtilException
  Resolution = added webservice.jar to classpath
  2. ClassDefNotFound exception: com.bea.xml.XmlException
  Resolution = added xbean.jar to classpath
  3. java.lang.AssertionError: java.io.IOException
  This was a difficult one to figure out. I tried running the test client from both my IDE and command-line, and I narrowed it down to a really weird issue. The only way I was able to get it to work was to include the absolute reference to the weblogic.jar in the classpath of the client. i.e. BEA_HOME/weblogic91/server/lib/weblogic.jar. If I had a relative reference to weblogic.jar, i.e. ../lib/weblogic.jar, the above assertion error was thrown.
  Can anyone shed some light on this? I need to have a stand-alone client run a 2-way ssl web service and this client should not be expected to have a full blown weblogic 9.1 install.
  Cheers.

  WLS 9 does not have a separate client jar. So sorry, in the near future we might have to stick to the requirement of using the weblogic.jar.
  Just FYI, I have submitted a two-way ssl sample in dev2dev.
  https://codesamples.projects.dev2dev.bea.com/servlets/Scarab?id=S3
  thanks
  Jong

• Can I pilot SSL acceleration single subnet and exclude SSL acceleration on rest of network.

  I have a large WAAS deployment and would like test SSL acceleration on a single regional IP subnet pointing to the main Data Centre all in the same device group. The SSL feature seems to be either on/off per host/IP Address. I would like to do the rollout SSL acceleration in a phased manner if possible.                  

  Hi,
  Cisco WAAS has an option to create self-signed certificates and private keys/ Generate certificate signing request (Our own CA) or this can imported from existing certificate and key if we have them.
  When a connection is requested, the WAN optimization device in the data center splits the original SSL connection from the client to the SSL server into two SSL connections. To the client the connection appears as the SSL server, and to the SSL server it appears as the SSL client. To act as the SSL server, the data center WAN optimization device needs an authentication certificate for each SSL service it is optimizing. When the WAN optimization device intercepts a connection request from a client, it uses the SSL server IP address/domain name to associate the certificate with the client.
  You can refer below link for configuring the SSL and moreover you can view the white paper for example
  http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/configuration/guide/policy.html#wp1191888

• Apple Mobile Device service and Ipod Service both necessary?

  Do I need both Apple Mobile Device service and Ipod Service running on my Windows XP machine in order to use an iPod Touch Gen4?  I have to restart both of these services to get iTunes 11.0.4.4 to recognize it.  I wonder if they conflict with one another.

  Both need to be running.
  Try:
  Removing and Reinstalling iTunes, QuickTime, and other software components for Windows XP

• When i plug my ipod in it says ipod cant be read cuz the apple mobile device is not started.And i went to services and apple mobile device properties and start stops in the middle.and its on automatic.and there isnt a stop button.

  when i plug my ipod in it says ipod cant be read cuz the apple mobile device is not started.And i went to services and apple mobile device properties and start stops in the middle.and its on automatic.and there isnt a stop button.when i click start it says the apple mobile device services stopped in the middle then stopped.it said some services stop in the middle if not used by other services.and i just updated itunes before all a this and ever since ive had errors.

  Have you looked at this article:
  iPhone, iPad, iPod touch: How to restart the Apple Mobile Device Service (AMDS) on Windows

• I tried to restore my phone this morning, but the phone is stuck on the screen showing I'm plugged into itunes. I have no service, and although my device registers in itunes, the right side of the screen is blank. I can't use my phone. Help!

  I tried to restore my I Phone today but now its not working. The screen is stuck with the plug in picture, and only allows me to make emergency calls. It says I have no service and I can't use my phone.
  Why does the device show in the left hand side of I tunes, but the right hand side is blank and shows no options?

  Walter...seems to be a multiplying problem. My problem appears to be the same:
  (Original iPhone Restore...HELP !!!
  I was having syncing issues with my iPhone (an original) and ultimately took the step to restore the factory default settings in an attempt to start over from fresh...iTunes 'sees' the iPhone device and seems to go through all the requisite restore, load, verify steps, but I can't get the iPhone to load the main menu. I continue to get a window that shows a USB Cable pointing to iTunes...I have had 800 call support technicians and genius bar techs look at the problem without result.
  Anybody run into this problem or have any ideas how to resolve? Thanks in advance for any assistance you might offer! regards, mdh)
  That was a post I put in LinkedIn hoping to find someone with a similar experience and perhaps a solution. Had intended to post here...then saw your post of what appears to be the same issue.
  HEEEEEEEEEEEELP! I want my iPhone back (please)

• Services disabled for Group and individual

  I have just loaded OSX Server 10.6 onto a mini mac that was running OSX Server 10.5 and have upgraded to 10.6.1 As I was creating user accounts and testing capabilities I noticed that the ability to publish calendars did not work. Looking through WG Manager I notice that in the "Group Name" field in the "Basic" tab the "Enable the following Services for this group on:" has (none) in the drop down box and all 4 services, mailing, wiki, web cal, and Mailing list archive are grayed out. When I select the drop down box nothing appears.
  So I check the Users and ubder the "Advanced" tab the "Enable calendaring on" check box when checked displays only "No Calendar Host Selected" in the drop down. Saving does not do anything at this point. When I return to this User the checkbox is not checked anymore.
  So I check the iCal service, it is up and running. The Wiki server: text area is filled in with the FQDN.
  Just in case I check the Web service Sites Web Services and all four Wiki, Blogs, Calendar and Mail are checked.
  I have verified that Directory works on other computers to ensure DNS and Directory were functioning.
  Also, when thus User in this examples attempts to create an account in iCal on another computer the message "The username "username" has no configured principals." appears.
  Can anyone shed some light on this problem please?
  Thanks
  Carl

  I contacted Apple to seek a solution. I was informed that Apple engineers were aware of this and that the ability no longer exists in Snow Leopard for Groups. These boxes are grayed out and they should be grayed out. I did not get the same answer in regards to the User setting in Advanced. The "Enable calendaring on" check box functions but the drop down never shows any server selections only "No Calendar Host Selected". So it appears this may be the same as Group.
  The login problem was resolved by using the long notation for a User which enabled a User to log in.

• Printer device group and a label format in SAP AII

  Hello @ all,
  I try to configure a SAP OER System with SAP AII. Now I should configure the label printing with the transaktion /AIN/ASGN_PRF_FORMAT. I must take a profile name, a printer device group and a label format. The problem is now, that I can't chose a printer device group and also I don't know the label format. Where can I adjust the printer device group and which label format must be in that field?
  Can anybody help me?
  Thank you.
  Peter

  Hi Peter,
  SAP AII sends the label format filename as part of the Command message xml to the printer during tag commissioning.
  I assume you have configured the label format filename for SAP_PRINT_PROFILE using transaction /AIN/ASGN_PRF_FORMAT - Assign Format to Printer and Profile
  Now you have to assign that profile to an ID type or GTIN, etc. using the menus under Profiles for Tag Commissioning and Label Printing.
  Once this configuration is done, the xml command message containing the element WriteTagData is sent to the printer RFC destination configured against the Device controller as an HTTP message.
  This command message will contain the label format and  field names - value pairs as per the SAP_PRINT_PROFILE.