Search Results

Search found 4468 results on 179 pages for 'zone transfer'.

Page 33/179 | < Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40  | Next Page >

  • Improving Manageability of Virtual Environments

    - by Jeff Victor
    Boot Environments for Solaris 10 Branded Zones Until recently, Solaris 10 Branded Zones on Solaris 11 suffered one notable regression: Live Upgrade did not work. The individual packaging and patching tools work correctly, but the ability to upgrade Solaris while the production workload continued running did not exist. A recent Solaris 11 SRU (Solaris 11.1 SRU 6.4) restored most of that functionality, although with a slightly different concept, different commands, and without all of the feature details. This new method gives you the ability to create and manage multiple boot environments (BEs) for a Solaris 10 Branded Zone, and modify the active or any inactive BE, and to do so while the production workload continues to run. Background In case you are new to Solaris: Solaris includes a set of features that enables you to create a bootable Solaris image, called a Boot Environment (BE). This newly created image can be modified while the original BE is still running your workload(s). There are many benefits, including improved uptime and the ability to reboot into (or downgrade to) an older BE if a newer one has a problem. In Solaris 10 this set of features was named Live Upgrade. Solaris 11 applies the same basic concepts to the new packaging system (IPS) but there isn't a specific name for the feature set. The features are simply part of IPS. Solaris 11 Boot Environments are not discussed in this blog entry. Although a Solaris 10 system can have multiple BEs, until recently a Solaris 10 Branded Zone (BZ) in a Solaris 11 system did not have this ability. This limitation was addressed recently, and that enhancement is the subject of this blog entry. This new implementation uses two concepts. The first is the use of a ZFS clone for each BE. This makes it very easy to create a BE, or many BEs. This is a distinct advantage over the Live Upgrade feature set in Solaris 10, which had a practical limitation of two BEs on a system, when using UFS. The second new concept is a very simple mechanism to indicate the BE that should be booted: a ZFS property. The new ZFS property is named com.oracle.zones.solaris10:activebe (isn't that creative? ). It's important to note that the property is inherited from the original BE's file system to any BEs you create. In other words, all BEs in one zone have the same value for that property. When the (Solaris 11) global zone boots the Solaris 10 BZ, it boots the BE that has the name that is stored in the activebe property. Here is a quick summary of the actions you can use to manage these BEs: To create a BE: Create a ZFS clone of the zone's root dataset To activate a BE: Set the ZFS property of the root dataset to indicate the BE To add a package or patch to an inactive BE: Mount the inactive BE Add packages or patches to it Unmount the inactive BE To list the available BEs: Use the "zfs list" command. To destroy a BE: Use the "zfs destroy" command. Preparation Before you can use the new features, you will need a Solaris 10 BZ on a Solaris 11 system. You can use these three steps - on a real Solaris 11.1 server or in a VirtualBox guest running Solaris 11.1 - to create a Solaris 10 BZ. The Solaris 11.1 environment must be at SRU 6.4 or newer. Create a flash archive on the Solaris 10 system s10# flarcreate -n s10-system /net/zones/archives/s10-system.flar Configure the Solaris 10 BZ on the Solaris 11 system s11# zonecfg -z s10z Use 'create' to begin configuring a new zone. zonecfg:s10z create -t SYSsolaris10 zonecfg:s10z set zonepath=/zones/s10z zonecfg:s10z exit s11# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared - s10z configured /zones/s10z solaris10 excl Install the zone from the flash archive s11# zoneadm -z s10z install -a /net/zones/archives/s10-system.flar -p You can find more information about the migration of Solaris 10 environments to Solaris 10 Branded Zones in the documentation. The rest of this blog entry demonstrates the commands you can use to accomplish the aforementioned actions related to BEs. New features in action Note that the demonstration of the commands occurs in the Solaris 10 BZ, as indicated by the shell prompt "s10z# ". Many of these commands can be performed in the global zone instead, if you prefer. If you perform them in the global zone, you must change the ZFS file system names. Create The only complicated action is the creation of a BE. In the Solaris 10 BZ, create a new "boot environment" - a ZFS clone. You can assign any name to the final portion of the clone's name, as long as it meets the requirements for a ZFS file system name. s10z# zfs snapshot rpool/ROOT/zbe-0@snap s10z# zfs clone -o mountpoint=/ -o canmount=noauto rpool/ROOT/zbe-0@snap rpool/ROOT/newBE cannot mount 'rpool/ROOT/newBE' on '/': directory is not empty filesystem successfully created, but not mounted You can safely ignore that message: we already know that / is not empty! We have merely told ZFS that the default mountpoint for the clone is the root directory. List the available BEs and active BE Because each BE is represented by a clone of the rpool/ROOT dataset, listing the BEs is as simple as listing the clones. s10z# zfs list -r rpool/ROOT NAME USED AVAIL REFER MOUNTPOINT rpool/ROOT 3.55G 42.9G 31K legacy rpool/ROOT/zbe-0 1K 42.9G 3.55G / rpool/ROOT/newBE 3.55G 42.9G 3.55G / The output shows that two BEs exist. Their names are "zbe-0" and "newBE". You can tell Solaris that one particular BE should be used when the zone next boots by using a ZFS property. Its name is com.oracle.zones.solaris10:activebe. The value of that property is the name of the clone that contains the BE that should be booted. s10z# zfs get com.oracle.zones.solaris10:activebe rpool/ROOT NAME PROPERTY VALUE SOURCE rpool/ROOT com.oracle.zones.solaris10:activebe zbe-0 local Change the active BE When you want to change the BE that will be booted next time, you can just change the activebe property on the rpool/ROOT dataset. s10z# zfs get com.oracle.zones.solaris10:activebe rpool/ROOT NAME PROPERTY VALUE SOURCE rpool/ROOT com.oracle.zones.solaris10:activebe zbe-0 local s10z# zfs set com.oracle.zones.solaris10:activebe=newBE rpool/ROOT s10z# zfs get com.oracle.zones.solaris10:activebe rpool/ROOT NAME PROPERTY VALUE SOURCE rpool/ROOT com.oracle.zones.solaris10:activebe newBE local s10z# shutdown -y -g0 -i6 After the zone has rebooted: s10z# zfs get com.oracle.zones.solaris10:activebe rpool/ROOT rpool/ROOT com.oracle.zones.solaris10:activebe newBE local s10z# zfs mount rpool/ROOT/newBE / rpool/export /export rpool/export/home /export/home rpool /rpool Mount the original BE to see that it's still there. s10z# zfs mount -o mountpoint=/mnt rpool/ROOT/zbe-0 s10z# ls /mnt Desktop export platform Documents export.backup.20130607T214951Z proc S10Flar home rpool TT_DB kernel sbin bin lib system boot lost+found tmp cdrom mnt usr dev net var etc opt Patch an inactive BE At this point, you can modify the original BE. If you would prefer to modify the new BE, you can restore the original value to the activebe property and reboot, and then mount the new BE to /mnt (or another empty directory) and modify it. Let's mount the original BE so we can modify it. (The first command is only needed if you haven't already mounted that BE.) s10z# zfs mount -o mountpoint=/mnt rpool/ROOT/zbe-0 s10z# patchadd -R /mnt -M /var/sadm/spool 104945-02 Note that the typical usage will be: Create a BE Mount the new (inactive) BE Use the package and patch tools to update the new BE Unmount the new BE Reboot Delete an inactive BE ZFS clones are children of their parent file systems. In order to destroy the parent, you must first "promote" the child. This reverses the parent-child relationship. (For more information on this, see the documentation.) The original rpool/ROOT file system is the parent of the clones that you create as BEs. In order to destroy an earlier BE that is that parent of other BEs, you must first promote one of the child BEs to be the ZFS parent. Only then can you destroy the original BE. Fortunately, this is easier to do than to explain: s10z# zfs promote rpool/ROOT/newBE s10z# zfs destroy rpool/ROOT/zbe-0 s10z# zfs list -r rpool/ROOT NAME USED AVAIL REFER MOUNTPOINT rpool/ROOT 3.56G 269G 31K legacy rpool/ROOT/newBE 3.56G 269G 3.55G / Documentation This feature is so new, it is not yet described in the Solaris 11 documentation. However, MOS note 1558773.1 offers some details. Conclusion With this new feature, you can add and patch packages to boot environments of a Solaris 10 Branded Zone. This ability improves the manageability of these zones, and makes their use more practical. It also means that you can use the existing P2V tools with earlier Solaris 10 updates, and modify the environments after they become Solaris 10 Branded Zones.

    Read the article

  • How do I resolve an "Invalid Transaction" error saving a zone config in Brocade Web Tools?

    - by Frank Szczerba
    When trying to save zoning changes in the Zone Administration tool in Brocade Web Tools, I get the status "Failed to commit changes to fabric" and the messages window shows: --- start of commit (Enable Config) at: Fri Jul 23 2010 19:43:40 GMT+00:00 Invalid Transaction --- end of commit at: Fri Jul 23 2010 19:43:47 GMT+00:00 I've tried refreshing the config and just re-saving what is already on the switch, but can't get this message to go away.

    Read the article

  • The MsC gray zone: How to deal with the "too unexperienced on engineering/too under-qualified for research" situation?

    - by Hunter2
    Last year I've got a MsC degree on CS. On the beginning of the MsC course, I was keen on moving on with research and go for a PhD. However, as the months passed, I started to feel the urge to write software that people would, well, actually use. The programming bug had bitten me, again. So, I decided that before deciding on getting a PhD degree, I would spend some time on the "real world", working as a software developer. Sadly, most companies here in Brazil are "services" companies that seem to be stuck on the 80s when it comes to software development. I have to fend off pushy managers, less-than-competent coworkers and outrageous software requirements (why does everyone seem to need a 50k Oracle license and a behemoth Websphere AS for their CRUD applications?) on a daily basis, and even though I still love software development, the situation is starting to touch a nerve. And, mind you, I'm already lucky for getting a job at a place that isn't a plain software sweatshop. Sure, there are better places around here or I could always try my luck abroad, but then I hit the proverbial brick wall: Sorry, you're too unexperienced as a developer and too under-qualified as a researcher I've already heard this, and variations of that, multiple times. Research position recruiters look for die-hard, publication-ridden, rockstar PhDs, while development position recruiters look for die-hard, experience-ridden, rockstar programmers. To most, my MsC degree seems like a minor bump on my CV (and an outright waste of time for some). Applying for abroad positions is even harder, since the employer would have to deal of the hassle of a VISA process, which I understand that, sometimes, is too much. Now I'm feeling I've reached a dead-end. I'm certain that development (and not research) is my thing, so should I just dismiss my MsC (or play it as a "trump card") and play the "big fish on a small pond" role while I gather some experience and contribute on some open-source projects as a plus? Is there a better way to handle this?

    Read the article

  • Why are notifications appearing in the invisible black zone above my monitor ?

    - by Capt.Nemo
    I've got two monitors, with the right side one being slightly lower in the display settings. However any notifications I receive from notify-osd (including pidgin, notify-send etc) are sent to the top-most part of the right monitor screen, which results it in being invisible. And here's a pic of my monitor preferences : I'd earlier used the Wallpaper plugin in compiz to stitch my desktops, and then uninstalled compiz-extras. I'm using Ubuntu 11.04 in classic mode.

    Read the article

  • Is this ask ubuntu, or am i in twilight zone? [closed]

    - by user66987
    I had a question to canonical, but that got closed. Is this ask ubuntu? Sure doesn't seem like it. I had a valid question, but since it contained critisism of one of the ubuntu teams, it got closed down. All I am after is a 100% translated ubuntu into my language. But my local team do not work, so this will not happen. So much for an open community. Well, I will think real hard next time I can help someone, and I will probably not. Since I can't get any help. I have one question, and this is directed at someone in charge of ask ubuntu. Why does a valdid question get locked down? My closed question Yeah, this is such a good comunity. Don't expect any help from me in the future.

    Read the article

  • Cloudwatch alarms from Amazon AWS EC2 instance are always in UT, how can I change the alarm time zone to Eastern?

    - by RightHandedMonkey
    I am running an Amazon linux AMI and the alarms that I've setup are coming in all showing UT (universal time). It is inconvenient reading these alarms and I'd like them setup to read in eastern time zone (or America/New_York). I've already set my /etc/localtime to point to - /usr/share/zoneinfo/America/New_York ln -s /usr/share/zoneinfo/America/New_York /etc/localtime But it is still sending alarms in the UT timezone. Does anyone have a solution to this?

    Read the article

  • Data transfer from 12.04 to 14.04 using same hostname?

    - by Mark
    I've been using my 12.04 server for a year and a half. I'd like to install 14.04 on a new drive and transfer all my data over once that is complete. I have 720GB of files to to deal with. 12.04 was setup using LVM. I'd like to use the same hostname. I'd prefer a clean install as opposed to an upgrade. What would be the best way go about this? Is it as simple as booting to the new install and mounting the 12.04 VG? I suppose I'd have to manually set up LVM on 14.04 if I want to use the same hostname.

    Read the article

  • Does Control Zone touchpad in HP notebooks have standard LMB/RMB clicks at the bottom of touchpad?

    - by user1825608
    I wanted to buy: http://www.x-kom.pl/p/203762-ultrabook-15-6-hp-envy-15-x360-u000ew-i5-4210u-4gb-1000-win81.html# but now I see it does not have normal touchpad but this one which does not work as it should in Spectre 13. The deal is that every video says about those new features (which will be outdated when Windows 9 will come by) not about if it still has standard LMB/RMB click. Question: Does or does not Control Zone touchpade have mechanical left and right mouse button area at the bottom of it as every other touchpad?

    Read the article

  • Why is FTP file transfer from Android Phone Slow?

    - by Frychiko
    To transfer files from my Android phone to Ubuntu, I use an app that creates a FTP server on the phone. Copying files to Ubuntu 12.04 (same with 12.10) I get up to 260 KB/s. Copying files to Windows 7 I get up to 1050 KB/s. I am currently on a fresh install of 12.10 with barely anything installed with the same results. I have tested with both a Galaxy S3 and HTC Desire HD with identical results. I have tested about 5 apps with the same results. Why is it slow on Ubuntu?

    Read the article

  • Filling up the empty blocks when the player touches the safe zone again! using cocos2d

    - by user3445020
    Hi guys i am stuck with filling up the data of all the blocks which are empty like the ones in the image. As you can see there i have a pacman like object where i will be moving around. But when you are in the empty space where there are no Blue boxes available i should be able to add new blocks in the path of my pacman and when it touches any other blue boxes like in the below case if my pacman touches the top row of the blue box i should be able to fill all the empty boxed inside the border of the path created by pacman. For now i am using a 2d bool array to store all the filled boxed info like if there is a box inside i am making that cell in an array as true. But how to fill the area with blue boxes after player finishes his path ? Any help would be great thank you. More info about this problem is here: filling the empty spaces in a certain region in a grid using c++ Same problem

    Read the article

  • What file transfer protocols can be used for PXE booting besides TFTP?

    - by Stefan Lasiewski
    According to ISC's dhcpd manpage: The filename statement filename "filename"; The filename statement can be used to specify the name of the initial boot file which is to be loaded by a client. The filename should be a filename recognizable to whatever file transfer protocol the client can be expected to use to load the file. My questions are: What file transfer protocols, besides tftp, are available to load the file (e.g. What protocols "can be expected to" load the file)? How can I tell? Can I see a list of these protocols? Does my choice of DHCP server influence which file transfer protocols are in use? Pretend I want to use dnsmasq instead of ISC's dhcpd Are these features dependent on the PXE which is in use (e.g. My Intel NICs use an Intel ROM)? I know that some PXE-variants, such as iPXE/gPXE/Etherboot, can also load files over HTTP. However, the PXE rom needs to be replaced with the iPXE image, either by chainloading or by burning the PXE rom onto the NIC. For example, the iPXE Howto "Using ISC dhcpd" says: ISC dhcpd is configured using the file /etc/dhcpd.conf. You can instruct iPXE to boot using the filename directive: filename "pxelinux.0"; or filename "http://boot.ipxe.org/demo/boot.php";

    Read the article

  • Copy all installed programs & files in a hard disk (which has 32 bit Windows 7) and clone/transfer it to another computer which has 64 bit Windows 7

    - by galacticninja
    I recently got a new PC which has a 64-bit Windows 7 installed. The current PC that I am using has a 32-bit Windows 7 installed. I would like to know if there is a software that can copy all my installed programs and files in the hard disk with the 32-bit Windows 7 PC and transfer it to the newer PC's hard disk which has a 64 bit version of Windows 7. This is essentially like "cloning" a hard disk but I would like to use a 64-bit OS in the target drive, instead of also using the 32-bit OS of the source drive. I would like to do this I can avoid reinstalling and reconfiguring my installed programs and files again on the new PC. If possible, I would like the new PC to work as it was in my previous PC, with the installed programs, configuration and files intact except that the OS is now 64-bit and the hard disk has a larger capacity. I have heard of programs that can clone a hard disk, but my concern is that the 32-bit Windows 7 OS will also be cloned to the new 64-bit PC. If it is not possible to transfer my installed programs and settings like the way I described, are there software that can make it easier to migrate my installed programs, their configurations and my files from a 32-bit Windows 7 PC to a 64-bit Windows 7 PC? Details: I have a SATA to USB connector/adapter to copy files in the current hard disk to the newer one. The two PCs are connected through LAN, so I can also transfer files through LAN. Both PCs only have one hard disk.

    Read the article

  • Is domain-transfer inherently safe for downtime when the name servers remain the same?

    - by jlmt
    I've been reading around this topic towards understanding whether there's some or no chance of downtime during an upcoming domain transfer for 15 live and very critical domains. In our case there are three companies involved: CompanyA is the original registrar and DNS host, CompanyB is the new DNS host, and CompanyC is the new registrar. I've already changed the nameservers for all domains to those of CompanyB. We suffered some downtime because CompanyA deleted their hosted DNS for our domains directly after the change, but the changes propagated and we're now able to configure our DNS with CompanyB. From what I understand (please correct where wrong!): There exists an SOA record that points oneofourdomains.com to ns.companyb.com. That record is maintained and authoritatively hosted by the ccTLD registry for the domain (eg. Verisign for .com). CompanyA currently has the ability to change the SOA record because they're the registrar. There exist NS records for oneofourdomains.com, which are also related to the link from domain name to nameserver, are similarly hosted by the ccTLD, and which CompanyA are also able to change while acting as registrar. Neither CompanyB nor CompanyC currently have any control over the SOA or NS records. CompanyA are unable to cause us (DNS) problems during the transfer by dropping service early, because they are not the authoritative source for the SOA and NS records. When we transfer the domains, it's administrative control of the SOA and NS records that will be transferred to CompanyC. As long as we advise CompanyC that the SOA and NS records must not change (as regards pointing to CompanyB's nameservers), there's no need for any kind of DNS change, and therefore no possibility of downtime. Is my understanding of this correct? My fear is that CompanyA will somehow cut us off again, and their support dept hasn't given me much confidence in their understanding of the topic.

    Read the article

  • Can you declare <canvas> methods within a template in javascript?

    - by Binarytales
    Not entirely sure I posed the question in the best way but here goes... I have been playing around with the HTML5 canvas API and have got as far as drawing a shape in the canvas and getting it to move around with the arrow keys. I then tried to move my various variables and functions to a template so I could spawn multiple shapes (that would eventually be controlled by different keys). This is what I have: function player(x, y, z, colour, speed){ this.lx = x; this.ly = y; this.speed = 10; this.playerSize = z; this.colour = colour; } playerOne = new player(100, 100, 10, "#F0F"); function persona(z, colour){ zone.fillStyle = colour; offset = 0 - (z / 2); zone.fillRect(offset, offset, z, z); } function move(x, y){ playerOne.lx = playerOne.lx + x; playerOne.ly = playerOne.ly + y; zone.clearRect(0, 0, 500, 500); zone.save(); zone.translate(playerOne.lx, playerOne.ly); persona(playerOne.playerSize, playerOne.colour); zone.restore(); } window.onkeydown = function() { var direction = this.event.keyCode; var s = playerOne.speed; // Arrow Keys if( direction == 38 && playerOne.ly >= 10){ // Up move(0,-s); } if( direction == 40 && playerOne.ly <= 490){ // Down move(0,s); } if( direction == 37 && playerOne.lx >= 10){ // Left move(-s,0); } if( direction == 39 && playerOne.lx <= 490){ // Right move(s,0); } }; window.onload = function() { zone = document.getElementById('canvas').getContext('2d'); zone.save(); zone.translate(playerOne.lx, playerOne.ly); persona(playerOne.playerSize, playerOne.colour); zone.restore(); }; So what I tried to do was move the persona function into the player template like this: function player(x, y, z, colour, speed){ this.lx = x; this.ly = y; this.speed = 10; function persona(){ zone.fillStyle = colour; var offset = 0 - (z / 2); zone.fillRect(offset, offset, z, z); } } And then where before it said persona(playerOne.playerSize, playerOne.colour); it now just says playerOne.persona(); But this is just totally flaking out and not working and I can't figure out why. I'm probably going about it all the wrong way and I think the problem is that I'm trying to manipulate the canvas.context (call zone in my script) from within a object/template. Perhaps its nothing to do with that at all and I an just not declaring my persona functions properly in the context of the template. Documentation for the canvas API is very thin on the ground and any hint in the right direction will be very much appreciated.

    Read the article

  • Is it customary to write Java domain objects / data transfer objects with public member variables on mobile platforms?

    - by Sean Mickey
    We performed a code review recently of mobile application Java code that was developed by an outside contractor and noticed that all of the domain objects / data transfer objects are written in this style: public class Category { public String name; public int id; public String description; public int parentId; } public class EmergencyContact { public long id; public RelationshipType relationshipType; public String medicalProviderType; public Contact contact; public String otherPhone; public String notes; public PersonName personName; } Of course, these members are then accessed directly everywhere else in the code. When we asked about this, the developers told us that this is a customary performance enhancement design pattern that is used on mobile platforms, because mobile devices are resource-limited environments. It doesn't seem to make sense; accessing private members via public getters/setters doesn't seem like it could add much overhead. And the added benefits of encapsulation seem to outweigh the benefits of this coding style. Is this generally true? Is this something that is normally done on mobile platforms for the reasons given above? All feedback welcome and appreciated -

    Read the article

  • Working and Studying in Oracle, how I balance my time....

    - by anca.rosu
    Hi, my name is Laura. I am working as an Intern within Executive Administration at Oracle Denmark, whilst studying Information Management at Copenhagen Business school. I have recently handeding a paper on Information Systems which gave me exposure to Oracle. Once completing this paper I came across a job posting on my University’s intranet site and I applied directly online. When I submitted my application for the job offer, I wondered about what language I should use for the application form, as the job posting was in Danish, but the contact person and number looked Irish. I therefore chose English. Later that same day, Fiona, one of Oracle’s Graduates Recruitment Consultants based in Ireland, contacted me. This shows how global Oracle truly is. I went for my face-to-face interview in Oracle Denmark with Charlotte, one of the team managers. I spent 5 minutes waiting in the lobby, just looking around, thinking to myself, I really want to work here. The atmosphere seemed so pleasant with a relaxed approach between colleagues, employees and guests. The interview took about an hour, but we touched on a lot of different subjects. The profile I got of Oraclewas that this is a place where you are encouraged to think for yourself, and you are given the freedom to use your ideas. Later that evening, Fiona called and offered me the job. I was very happy. At Oracle Denmark we have 4 different zones: a Quiet Zone, a Project Zone, a Dialogue Zone and a Call Zone. Everyday when you arrive you consider what will be the most productive for the day’s task, and you take your toolbox and go find a desk in the zone you have decided on. It is therefore very unusual to be next to the same person two days in a row. At Oracle, people are located all over the world, and everybody has team members, colleagues or leaders in other countries, or even other time zones. Initially,I was worried about how I would adapt to this approach but I soon realized I had nothing to worry about and now I appreciate working this way. My colleagues have been very supportive and they have openly welcomed me into my new role. I typically work two days a week and have three days at University. During exam periods, I have the flexibility to work less hours and focus on the exams, in return for putting in more hours at work when needed. The first time I had to ask for time off before handing in a paper, my boss looked at me and said, ”Of course! Your education is the most important!” I hope that by sharing my experiences with you, I can inspire or encourage you to consider Oracle as a potential employer, where you can grow both professionally and personally. If you have any questions related to this article feel free to contact  [email protected].  You can find our job opportunities via http://campus.oracle.com Technorati Tags: Intern,Oracle Denmark,Information Systems,Business school,Copenhagen,Graduates Recruitment,Ireland,Quiet Zone,Project Zone,Dialogue Zone,Call Zone,University,flexibility

    Read the article

  • Security Access Control With Solaris Virtualization

    - by Thierry Manfe-Oracle
    Numerous Solaris customers consolidate multiple applications or servers on a single platform. The resulting configuration consists of many environments hosted on a single infrastructure and security constraints sometimes exist between these environments. Recently, a customer consolidated many virtual machines belonging to both their Intranet and Extranet on a pair of SPARC Solaris servers interconnected through Infiniband. Virtual Machines were mapped to Solaris Zones and one security constraint was to prevent SSH connections between the Intranet and the Extranet. This case study gives us the opportunity to understand how the Oracle Solaris Network Virtualization Technology —a.k.a. Project Crossbow— can be used to control outbound traffic from Solaris Zones. Solaris Zones from both the Intranet and Extranet use an Infiniband network to access a ZFS Storage Appliance that exports NFS shares. Solaris global zones on both SPARC servers mount iSCSI LU exported by the Storage Appliance.  Non-global zones are installed on these iSCSI LU. With no security hardening, if an Extranet zone gets compromised, the attacker could try to use the Storage Appliance as a gateway to the Intranet zones, or even worse, to the global zones as all the zones are reachable from this node. One solution consists in using Solaris Network Virtualization Technology to stop outbound SSH traffic from the Solaris Zones. The virtualized network stack provides per-network link flows. A flow classifies network traffic on a specific link. As an example, on the network link used by a Solaris Zone to connect to the Infiniband, a flow can be created for TCP traffic on port 22, thereby a flow for the ssh traffic. A bandwidth can be specified for that flow and, if set to zero, the traffic is blocked. Last but not least, flows are created from the global zone, which means that even with root privileges in a Solaris zone an attacker cannot disable or delete a flow. With the flow approach, the outbound traffic of a Solaris zone is controlled from outside the zone. Schema 1 describes the new network setting once the security has been put in place. Here are the instructions to create a Crossbow flow as used in Schema 1 : (GZ)# zoneadm -z zonename halt ...halts the Solaris Zone. (GZ)# flowadm add-flow -l iblink -a transport=TCP,remote_port=22 -p maxbw=0 sshFilter  ...creates a flow on the IB partition "iblink" used by the zone to connect to the Infiniband.  This IB partition can be identified by intersecting the output of the commands 'zonecfg -z zonename info net' and 'dladm show-part'.  The flow is created on port 22, for the TCP traffic with a zero maximum bandwidth.  The name given to the flow is "sshFilter". (GZ)# zoneadm -z zonename boot  ...restarts the Solaris zone now that the flow is in place.Solaris Zones and Solaris Network Virtualization enable SSH access control on Infiniband (and on Ethernet) without the extra cost of a firewall. With this approach, no change is required on the Infiniband switch. All the security enforcements are put in place at the Solaris level, minimizing the impact on the overall infrastructure. The Crossbow flows come in addition to many other security controls available with Oracle Solaris such as IPFilter and Role Based Access Control, and that can be used to tackle security challenges.

    Read the article

  • How to extend WPF hit testing zone for a Path object.

    - by user275587
    Wpf hit testing is pretty good but the only method I found to extend the hit zone is to put a transparent padding area around your object. I can't find any method to add a transparent area arround a Path object. The path is very thin and I would like to enable hit testing if the user clicks near the path. I can't find any method to extend the path object with a transparent area like the image below : I tried to used a partially transparent stroke brush but I ran into the problem described here : http://stackoverflow.com/questions/1412833/how-can-i-draw-a-soft-line-in-wpf-presumably-using-a-lineargradientbrush I also tried to put an adorner over my line but because of WPF anti-aliasing algorithms, the position is way off when I zoom in my canvas and interfere with other objects hit-testing in a bad way. Any suggestion to extend the hit testing zone would be highly appreciated. Thanks, Kumar

    Read the article

  • Guessing the time zone from an arbitrary "location" string?

    - by Thomas
    I'm trying to run some statistics over the Stack Overflow data dump, and for that I would like to know the time zone for each user. However, all I have to go on is the completely free-form "location" string. I'll stress that I'm only looking for an approximation of the time zone; of course, in general this is an unsolvable problem. However, many people fill out their country, state and/or city, which should give a pretty good indication. It's okay if it fails for other cases. It doesn't have to be reliable, it doesn't have to be accurate, it doesn't have to cover all bases. I don't want to waste too much time on this, so I'm wondering if there is some code out there that can make a reasonable guess. Any language, platform, API or library goes. Any ideas?

    Read the article

  • How can I move a load of zone records from a web based system to text based one?

    - by Chris Adams
    Hi there, I have a few domains with Dreamhost where I have set a load of records using their web based domain name system, and I've like to move them to another provider that lets me enter info directly as a text file for their name server, bind 9 to use. (If you're interested, I'm moving them to Gandi.net). Previously when I used a cpanel based system to do something similar, there was a tool that let me simply enter a domain name, and any available domains were automagically entered into a system, saving me typing it myself (and bringing down sites with silly typos in the process). What open source tool can I use to query a domain for all the relevant subdomains and records and list them in a format like a zone file, that I can use with other name servers?

    Read the article

  • how to create stub DNS zone for emulating my customer production environment ?

    - by Albert Widjaja
    Hi All, Is it possible to emulate my customer production environment inside my AD domain by just creating the same domain inside my primary DNS server ? Can I created mycustomer.com DNS zone (STUB) just for the sake of listing few database servers and application servers and then for the other DNS records eg. MX, NS and the other refer to the REAL MX record entry so that my Exchange Server email flow is unaffected to mycustomer.com ? because if I just create A record in my current domain for some of the servers, the FQDN is not exactly what I want. Thanks.

    Read the article

  • Very very slow transfer speeds between Windows 7 and samba server running on Ubuntu 11.10/12.04 minimal

    - by kuzyt
    As mentioned in the title I tried transferring files between Windows 7 and the samba server running on both Ubuntu 11.10 and 12.04 but both showed very slow transfer speeds. Can someone please guide me in the right direction to debug this problem ? wget --output-document=/dev/null http://tokyo1.linode.com/100MB-tokyo.bin --2012-08-21 22:02:17-- http://tokyo1.linode.com/100MB-tokyo.bin Resolving tokyo1.linode.com (tokyo1.linode.com)... 106.187.33.12 Connecting to tokyo1.linode.com (tokyo1.linode.com)|106.187.33.12|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 104857600 (100M) [application/octet-stream] Saving to: `/dev/null' 8% [=============> ] 8,923,980 64.8K/s eta 15m 0s wlan0 IEEE 802.11abgn ESSID:"TNET" Mode:Managed Frequency:2.462 GHz Access Point: 58:6D:8F:26:20:7A Bit Rate=117 Mb/s Tx-Power=20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:off Link Quality=57/70 Signal level=-53 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:101 Invalid misc:2448 Missed beacon:0 03:00.0 Network controller: Atheros Communications Inc. AR9300 Wireless LAN adaptor (rev 01) Subsystem: Atheros Communications Inc. Device 3112 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx+ Latency: 0, Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 16 Region 0: Memory at fea00000 (64-bit, non-prefetchable) [size=128K] Expansion ROM at fea20000 [disabled] [size=64K] Capabilities: [40] Power Management version 3 Flags: PMEClk- DSI- D1+ D2- AuxCurrent=375mA PME(D0+,D1+,D2-,D3hot+,D3cold-) Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME- Capabilities: [50] MSI: Enable- Count=1/4 Maskable+ 64bit+ Address: 0000000000000000 Data: 0000 Masking: 00000000 Pending: 00000000 Capabilities: [70] Express (v2) Endpoint, MSI 00 DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <1us, L1 <8us ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset- DevCtl: Report errors: Correctable- Non-Fatal- Fatal- Unsupported- RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop- MaxPayload 128 bytes, MaxReadReq 512 bytes DevSta: CorrErr- UncorrErr- FatalErr- UnsuppReq- AuxPwr- TransPend- LnkCap: Port #0, Speed 2.5GT/s, Width x1, ASPM L0s L1, Latency L0 <2us, L1 <64us ClockPM- Surprise- LLActRep- BwNot- LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- Retrain- CommClk+ ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt- LnkSta: Speed 2.5GT/s, Width x1, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt- DevCap2: Completion Timeout: Not Supported, TimeoutDis+ DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis- LnkCtl2: Target Link Speed: 2.5GT/s, EnterCompliance- SpeedDis-, Selectable De-emphasis: -6dB Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS- Compliance De-emphasis: -6dB LnkSta2: Current De-emphasis Level: -6dB Capabilities: [100 v1] Advanced Error Reporting UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol- UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol- UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol- CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr- CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr+ AERCap: First Error Pointer: 00, GenCap- CGenEn- ChkCap- ChkEn- Capabilities: [140 v1] Virtual Channel Caps: LPEVC=0 RefClk=100ns PATEntryBits=1 Arb: Fixed- WRR32- WRR64- WRR128- Ctrl: ArbSelect=Fixed Status: InProgress- VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans- Arb: Fixed- WRR32- WRR64- WRR128- TWRR128- WRR256- Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=01 Status: NegoPending- InProgress- Capabilities: [300 v1] Device Serial Number 00-00-00-00-00-00-00-00 Kernel driver in use: ath9k Kernel modules: ath9k

    Read the article

< Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40  | Next Page >