ESXi Server and the DMZ security

Similar Questions

• Best way to lock a security server in the DMZ

  Hello

  Are there best practices or recommendations of VMware for the locking of a security server in the DMZ?

  Any suggestions are welcome.

  THX,

  -sf

  There is a Project Server View of Security hardening guide referenced here - http://communities.vmware.com/thread/300885

  Mark

• LOB compression secure between the server and the client

  Hi all
  According to the doc:

  SecureFiles LOB compression is performed on the server and enables random
  reads and writes to LOB data. Compression utilities on the client, like
  utl_compress, cannot provide random access.

  I don't know about the server and the client model in compression. This means that when has a table with a column of compress instance A and instance B accesses the table, the compression is performed on the server? How to do an instance a server or client, in this context? What he means by "random access"? How can we ensure that if a server is running live?
  
  Best regards
  TA.

  How do with random reading and writing? What is random and write anyway?

  LOB manipulation - see DBMS_LOB. e.g. DBMS_LOB. WRITING, WRITEAPPEND, READING, etc

  You couldn't use these on something that has been compressed to the outside.

• Is it possible to put a server on the DMZ SQL

  Hi all

  He would ask about the deployment of PIX. Is it possible to put a server on DMZ SQL (or one of 5 exclusion inside the interface interfaces) and simply define a NAT to allow inside the user access to the DMZ? Also without allowing the outside user access to SQL server. We intend to set a SQL on a DMZ server, such that unathourized internal users will not be able to know the actual address of the SQL Server.

  Are there problems which should be considered on this deployment?

  Thanks in advance,

  udimpas

  Hi Udimpas,

  Yes, your scenario is possible. You can put SQL Server on the DMZ network and allow access to inside users. at the same time, you can also block the access from the outside.

  Let's say, your sql IP address is 192.168.1.10 & your home LAN is 10.1.1.0/24. You can do the following:

  NAT (inside) 0 access-list sheep

  access-list allowed sheep ip 10.1.1.0 255.255.255.0 host 192.168.1.10

  by doing this, you have not nat all traffic from your inside sql server. In case you have defined everything inside your network access lists, you must open port 1433.

  list of access within permit udp 10.1.1.0 255.255.255.0 host 192.168.1.10 eq 1433

  You should not add the ACL above, if you have no restrictions from the inside, from now.

  I hope this helps... all the best...

  REDA

• second Web server on the DMZ not visible outside

  With the help of a PIX 515e

  I have several Web servers in the DMZ, the first web server and the mail server are set up with the port mapping for the PIX outside IP address of the interface.

  The second and third (inside interface) of the Web servers are configured with static mappings and access lists.

  I can see the first n the mail very good server webserver, but I can not see servers in second or third.

  What have I done wrong?

  I suggest you analysze traffic with the command to 'capture' PIX and sniff traffic on the DMZ and outside traffic.

  Check if packets arrive to the external interface, if it reaches the web server and is at - it a response.

  example of

  IP access-list 120 allow any HOST 207.236.60.35

  capture the access-list 120 vpncap OUTSIDE interface

  See the access-list 120 retail vpncap capture

  or

  https://PIX-IP-address/capture/vpncap [/pcap]

  To remove the capture:

  No vpncap capture

  sincerely

  Patrick

• I have 40 ESXi server and must be installed very quickly...

  We request the customer to install 40 ESXi server and need to be installed soon. Which is the best way and the documents of step by step?

  See also http://virtualkenneth.com/2010/07/21/setting-up-vsphere-esxi-4-1-scripted-installation/

  André

• How can I retrieve the name of the server and the database to a system dsn

  Hello

  I am trying to create a database that will be used by many stores. Each store has its own server and the database and the access runtime version. I want to create a system dsn name, but allowing the administrator to modify the server and the database for that dsn and then, when you connect to the database, the database must be able to find this DSN and the 'new' name of the server and name of 'new' database and connect to point to this server and the database tables. I don't have a login form and I can get the name of the dsn, but I can't find a way to get the server name and database name for that dsn. Does anyone know a way to retrieve this from the registry. I can see it using regedit but have no idea on how to get this in vba access.

  This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)
  *
  http://social.technet.Microsoft.com/forums/en-us/home s/fr-U.S./Accueil
  http://social.msdn.Microsoft.com/Forum

• Media Center Question can I have set up as a server and the other two as clients, each using two of the tuners of the card?

  I have 3 computers running Windows 7 Professional, one of them has a four installed tuner DVB - s2 card. I want to configure it as a server and the other two as clients, each using two of the tuners of the card. I understand the media library is able to use the basic network TV tuning cards, so there must be some way for me to configure the server to send the information over the network.

  Any ideas?

  On Fri, September 19, 2014 12:28:56 + 0000, SamJ008 wrote:
   
  > I have 3 computers running Windows 7 Professional, one of them has a four installed tuner DVB - s2 card. I want to configure it as a server and the other two as clients, each using two of the tuners of the card. I understand the media library is able to use the basic network TV tuning cards, so there must be some way for me to configure the server to send the information over the network.
  >>
  >>
  >>
  > Any ideas
   
   
  Start reading here
  http://TheDigitalLifestyle.com/w/index.php/2010/01/29/why-all-the-excitement-over-network-tuners/
   
  You will not be able to use your existing tuners like tuner network. Microsoft has
  arrested development of Media Center, so don't expect any new hardware/software to
  appear.
   
   
   
  __________________________________________________________________________________________________
  Barb
  MVP Windows Entertainment and connected home
  My Blog - http://digitalmediaphile.com/
   
  Please mark as answer if that answers your question
   
   
   

• Is it OK for the test server, and the server signs Local point to the same location?

  There seems to be three places where the files of my site: local files, server assessment and remote server.  I am happy with the remote server.  What I'm confused about are the other two.

  I understand that to build a site using mysql databases that I need to set up a test server.  Here is my configuration: Windows 10, CBWMS 2015.1 using XAMPP with the folder root of my site in htdocs.  I tested FormMail, hence the name of the site is formmail

  

  So, I open one of my files from the local files (right) Panel, modify it and it save (in the local files Panel).  I then use a preview in the browser to see my changes.  It seems that I didn't need to use was ABLE to move the file to the test server, because the file/s are already here, because as shown in the screenshot, the display of local files as the testing server view are in the same place.  What is the point of the testing server Panel?

  I know that I can put the Panel on the left with the remote server. This will allow me to sync with my ISP host.  If I put the left - and probably testing server Panel a sync is useless because the files are in the same place as the Local file?

  Maybe my setup is incorrect.  I guess my question is, is it OK for the test server, and the server signs Local point to the same location?

  Thank you gentlemen (and Lady!) I'll go forward with newfound confidence, Bravo.

• "Try to connect with the server" and the update bar remains at 2%

  Hello, my creative cloud is not updated, there simply to appear the message "Try to connect with the server" and the update bar remains at 2%. How could I solve this problem? Thank you.

  Mac or Windows and EXACTLY what version of the operating system?

  Recent Mac AND Windows operating systems have been known to cause problems "weird."

  Please read https://forums.adobe.com/thread/1499014

  -try some steps such as changing browsers and disable your firewall

  -also clear the cache of your browser if you start with a fresh browser

  -check the file hosts for blocked entries https://forums.adobe.com/thread/1912777

  http://myleniumerrors.com/installation-and-licensing-problems/creative-cloud-error-codes-w ip.

  https://helpx.Adobe.com/creative-cloud/KB/creative-cloud-desktop-application-failed.html

  http://helpx.Adobe.com/creative-cloud/KB/failed-install-creative-cloud-desktop.html

• ERPI configuration: data server and the physical schema

  Hello
  
  I use ERPI11.1.2.1.
  
  I try to configure ERPI following the documentation of erpi_admin.
  
  It is said that to create the database server and the physical schema for ERPI, I must develop 'ERP Integrator' in the tab 'Physical Architecture' in the Manger of the topology of the ODI.
  
  But I have no 'Integrator of the ERPI' node 'Technical' below in physical architecture :-(
  
  Thanks in advance for your help
  
  Fanny

  You need technology that works on the basis of data of the ERPI. So if your the ERPI on Oracle database, expand the Oracle technology and then right-click and choose Insert database server.

• ISA server in the DMZ Cisco Firewall box

  Hi all

  I have an ISA Server that is behind the firewall, and it is connected to the Internet with the command: static public static (inside, outside) 192.x.x.x 10.x.x.x dns netmask 255.255.255.255 0 0 in my firewall. Is it possible to add the server to a DMZ Firewall at the same time with the command: static (dmz, outside) 192.x.x.x 10.y.y.y netmask 255.255.255.255 0 0? I appreciate for any help.

  Hello

  It is necessary for your server, or on both segments and this is possible only if your server has 2 network cards, but why would you choose to deploy it?

• Cannot access the Web server in the DMZ from the inside using IP global

  Hi all

  I hope it's a very simple question.

  I'm running a PIX 515 firewall v6.3. I set up a Web server in my DMZ and use static NAT for re-branded it overall static IP address. Access from the outside of the demilitarized zone works remarkably well. I can access inside the interface Web site using the internal IP, but I can't access it from inside interface using the global IP are entrusted to him.

  Is there a particular reason why this would not be allowed? My feeling was that the request would be forwarded via the external interface (as it is a global IP address) and then be bounced back by my sense of the ISP the request would come to the new external interface (as the static NAT is applied to the external interface).

  However if I try and access the global IP from my inside interface, then the browser can not find the server.

  can someone explain why this is so? Any information would be appreciated.

  see you soon,

  Wayne

  ---------------------------------

  6.3 (3) version PIX

  interface ethernet0 100full

  interface ethernet1 100full

  interface ethernet2 100full

  ethernet0 nameif outside security0

  nameif ethernet1 inside the security100

  nameif dmz security50 ethernet2

  hostname helmsdeep

  domain p2h.com.sg

  fixup protocol dns-length maximum 512

  fixup protocol ftp 21

  fixup protocol h323 h225 1720

  fixup protocol h323 ras 1718-1719

  fixup protocol http 80

  fixup protocol they 389

  no correction protocol rsh 514

  fixup protocol rtsp 554

  fixup protocol sip 5060

  fixup protocol sip udp 5060

  fixup protocol 2000 skinny

  fixup protocol smtp 25

  No fixup protocol sqlnet 1521

  fixup protocol tftp 69

  names of

  acl_out list access permit tcp any host 203.169.113.110 eq www

  access-list 90 allow the host tcp 10.1.1.27 all

  pager lines 24

  debug logging in buffered memory

  Outside 1500 MTU

  Within 1500 MTU

  MTU 1500 dmz

  IP address outside pppoe setroute

  IP address inside 192.168.1.1 255.255.255.0

  dmz 10.1.1.1 IP address 255.255.255.0

  no failover

  failover timeout 0:00:00

  failover poll 15

  No IP failover outdoors

  No IP failover inside

  no failover ip address dmz

  location of PDM 202.164.169.42 255.255.255.255 inside

  location of PDM 202.164.169.42 255.255.255.255 dmz

  location of PDM 10.1.1.26 255.255.255.255 dmz

  location of PDM 10.1.1.26 255.255.255.255 outside

  location of PDM 172.16.16.20 255.255.255.255 outside

  location of PDM 192.168.1.222 255.255.255.255 inside

  history of PDM activate

  ARP timeout 14400

  Global 1 interface (outside)

  Global (dmz) 1 10.1.1.101 - 10.1.1.125

  NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

  NAT (dmz) 0-list of access 90

  NAT (dmz) 1 0.0.0.0 0.0.0.0 0 0

  static (dmz, external) 203.169.113.110 10.1.1.27 netmask 255.255.255.255 0 0

  Access-group acl_out in interface outside

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

  H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

  Timeout, uauth 0:05:00 absolute

  GANYMEDE + Protocol Ganymede + AAA-server

  RADIUS Protocol RADIUS AAA server

  AAA-server local LOCAL Protocol

  Enable http server

  http 192.168.1.222 255.255.255.255 inside

  enable floodguard

  string fragment 1

  Console timeout 0

  Terminal width 80

  Code v6 pix or less don't let you have traffic "back" or return flow via the same interface on which it was sent. Having also your bounce back off of an external server traffic is never a good idea, because you won't be able to distinguish which and rogue attacks by spoofing someone outside your network.

  Since you are using pix 6.3 code, you may be able to outside the NAT. Add this static to your config:

  static (dmz, upside down) 203.169.113.110 10.1.1.27 netmask 255.255.255.255 0 0

  You may need to run a clear xlate after adding the new static statement. Note that the interfaces: it's demilitarized zone, inside inside, dmz.

  I would like to know if it works.

• Server and the agent must be running as root (under centos linux)?

  I have not seen anything in the installation documentation that mentions that it is advisable to run the Actual process and agent as root.  I noticed that, when is not running as root, the agent was unable to analyze certain directories, which seems a bit undesirable.
  
  My plan was to create a simple script to call HQ - agent.sh power in /etc/init.d (for example) and then use symbolic links to standards in /etc/rc3.d to start and stop the agents and the server automatically.
  
  Is this normal practice?  A bad idea?
  
  Thanks for any advice.
  Jay

  As you have noted, there are many parts of the system that require privileges to access and monitor. The simplest solution seems to be to use the root user to run the agent, although more complex solutions using a properly assigned permissions, sudo for specific orders, or him are more synchronized with security best practices. I have personally not yet explored all the possibilities, but know has endeavoured to ensure the process is running as root is not a hard requirement.

  A start/stop script looks like a very good idea. All right, in fact, you should find an example called agent.rc in the hyperic-agent-2.x.x/rcfiles directory. A point of departure in any way.

• Problem with El Captain (5.1.7 server) and the management of permissions

  Hello world

  I have a big problem with our Mac Mini Server (El Captain) and the server program.

  In recent weeks, the server didn't give the permissions of a folder.

  for example:

  Mr. X had permission to read and write to a folder.
  Mr Y too.

  Mr. X has create a new folder one record something in it.

  Mr Y had the permission to read or write to the folder create Mr. x. But he should have.

  Or

  Mr. X has save a file to a folder

  When he opens it again it is write protected and cannot be replaced.

  So you have to save under a different name in the same folder.

  And every time he save/close the file.

  Anyone know what could be the problem?

  Thank you

  Greetings from the Germany

  Chris

  My guess:

  A few weeks ago someone messed with the permissions on your server and made a mistake. So, you got an inappropriate list ACL (Access Control), which is rampant in the file and must be removed or fixed.

  http://www.TechRepublic.com/blog/Apple-in-the-enterprise/introduction-to-OS-x-AC cess-control-lists-ACL.

  C.