Explanation of the policy of CVD

Similar Questions

• I have Asus EeeBox bought with XP preinstalled. I formatted and installed XP Home different reception of the CD of XP with key EeeBox COA. Is - this perfectly legal according to the policy of Microsoft?

  I have Asus EeeBox bought with XP preinstalled. I formatted and installed XP Home different reception of the CD of XP with key EeeBox COA. Is - this perfectly legal according to the policy of Microsoft?

  It is the key which is the basis of the license, rather than the disc.

• Inspect traffic over the policy apply

  Hi people

  I use Virtual Center of 64-bit version 5.3.1.4 defense and I'm trying to understand this option under the access control strategy - Advanced tab. What I try to do, is to allow the loss less than policy changes, at the moment with this option enabled, there are a few seconds interruption of network traffic when the policy is applied. I use inline module of firepower on an ASA5525 by the way. It seems natural that there should be an interruption while the configuration is reloaded on an online service, but the manual is not very clear about the box.

  Someone has a better idea what is this option?

  Concerning

  Fredrik

  Hi all

  Let me add in it.

  Power module of fire ASA because of changes in policy or any other reason causing snort recharge. Feature 'feature inspect during the policy applies"does not work for the SAA. The reason behind this is the architectural difference between the devices of firepower (material of the series 7000 and 8000) and modules ASA firepower. In devices, there is a charging wire that supports policy changes without affecting the current treatment of traffic.

  Old behavior (5.4.0.4, 5.4.1.3 and before)

  ASA in rescue mode is based on the heartbeat sensor dplane response to work around the packages. But what snort process restarts due to policy change or driver of any other ground of the sensor responds to the heartbeat ASA and ASA never understands if Snort processes are declining. In this case, ASA continue to send packets to sensor (with Snort down) as well as the packages are removed causing a breakdown of small network size.

  Ill CSCuv91730 (for ASA) and CSCuu68273 (firearms) were introduced to solve this problem.

  New behavior (5.4.0.5, 5.4.1.4 and later versions)

  With the new behaviors introduced ASA will send rescue configuration to sensor backplane header. This information is sent to basic package by the context. ASA expects this sensor to return the package if the flag is set, and even Snort fell. Then, when ASA will receive the same package the snort is down.

  ASA press release fixed side has been published on ORC, but we are still waiting for Sourcefire side fixed (it was fixed, we are waiting for fixed output but I guess a fix is available for this.)

  Thank you

  Dinkar

• Clarification of the policy of startup SAN

  I would like clarification on the policy of SAN Boot. I was always under the impression that you were supposed to use the storage port WWPN. But what happens if you have many ports of storage from the table (16 for example), this is not possible.

  The purpose of this policy is to simply force the HBA to open a session in the SAN fabric?

  If Yes, can I use one of my real picture or just make one, correct?

  Since all zoning is done by the SAN switch (Brocade/MDS/Nexus) and LUN masking to the level of the table, I think putting the real WWPN to a storage port is not necessary.

  Thanks for any clarification.

  Yes, a 'false' WWPN will work and they connect to the SAN infrastructure... Photos attached show 2 ways to do this... However, if you install Windows 2012/Hyper-V, I suggest using WWPN valid because it seems not to be able to manage multiple ESX possible access paths when you first install...

  

  

• IKE initiator unable to find the policy; Outside INTF, CBC: error

  I have a Cisco ASA 5505 having a tunnel at a remote office. I just put in place another identical to another tunnel and when I followed the VPN in ASDM I see that the VPN is active. But I can't ping through it. When I check the logs I see "IKE initiator unable to find the policy; Outside INTF, CBC:... "Nobody knows what might be the cause? Here is a copy of the configuration. Thank you.

  See the config of bdavpn1 #.
  : Saved
  : Written by admin in 17:54:11.823 HAA Monday, June 7, 2010
  !
  ASA Version 8.2 (2)
  !
  hostname bdavpn1
  domain.com domain name
  activate the encrypted password of OSaXLnYQKkAcBhYA
  2KFQnbNIdI.2KYOU encrypted passwd
  names of
  !
  interface Vlan1
  nameif inside
  security-level 100
  192.168.2.100 IP address 255.255.255.0 ensures 192.168.2.101
  !
  interface Vlan2
  nameif outside
  security-level 0
  IP 101.17.205.116 255.255.255.1018 Eve 101.17.205.117
  !
  interface Vlan3
  nameif dmz
  security-level 50
  IP 172.20.0.1 address 255.255.255.0 watch 172.20.0.3
  !
  interface Vlan4
  Failover LAN Interface Description
  !
  interface Ethernet0/0
  switchport access vlan 2
  !
  interface Ethernet0/1
  !
  interface Ethernet0/2
  switchport access vlan 91
  !
  interface Ethernet0/3
  switchport access vlan 3
  !
  interface Ethernet0/4
  switchport access vlan 3
  !
  interface Ethernet0/5
  switchport access vlan 4
  !
  interface Ethernet0/6
  !
  interface Ethernet0/7
  !
  passive FTP mode
  clock timezone AST - 4
  clock to summer time recurring ADT
  DNS domain-lookup dmz
  DNS server-group DefaultDNS
  Server name 172.20.0.99
  domain.com domain name
  permit same-security-traffic inter-interface
  permit same-security-traffic intra-interface
  object-group Protocol TCPUDP
  object-protocol udp
  object-tcp protocol
  object-group network Chicago-nets
  object-network 10.150.1.0 255.255.255.0
  object-network 10.150.55.0 255.255.255.0
  object-network 10.150.56.0 255.255.255.0
  object-network 10.150.57.0 255.255.255.0
  object-network 172.16.1.0 255.255.255.0
  object-network 192.168.26.0 255.255.255.0
  object-network 10.150.111.0 255.255.255.0
  the DM_INLINE_NETWORK_2 object-group network
  object-network 192.168.4.0 255.255.255.0
  object Group Chicago-nets
  the DM_INLINE_NETWORK_1 object-group network
  object-network 192.168.4.0 255.255.255.0
  object Group Chicago-nets
  the DM_INLINE_NETWORK_3 object-group network
  object-NET 172.20.0.0 255.255.255.0
  object-network 192.168.2.0 255.255.255.0
  the DM_INLINE_NETWORK_4 object-group network
  object-NET 172.20.0.0 255.255.255.0
  object-network 192.168.2.0 255.255.255.0
  outside_cryptomap to access extended list ip 192.168.2.0 allow 255.255.255.0 DM_INLINE_NETWORK_1 object-group
  inside_nat0_outbound to access extended list ip 192.168.2.0 allow 255.255.255.0 DM_INLINE_NETWORK_2 object-group
  inside_nat0_outbound to access extended list ip 192.168.2.0 allow 255.255.255.0 172.20.0.0 255.255.255.0
  inside_nat0_outbound list extended access allowed object-group ip DM_INLINE_NETWORK_3 192.168.4.0 255.255.255.0
  inside_nat0_outbound list extended access allowed object-group ip DM_INLINE_NETWORK_4 192.168.4.0 255.255.255.0
  Note to access list outside_to_dmz allow access to the citrix Server
  outside_to_dmz list extended access permit tcp any newspaper HTTPS host 101.17.205.123 eq
  dmz_to_inside allowed extended access list host 172.20.0.2 ip 192.168.2.0 255.255.255.0 connect
  Note to outside_access_in entering of Citrix access list
  outside_access_in list extended access permit tcp any host 101.17.205.123 eq https
  outside_2_cryptomap list extended access allowed object-group ip DM_INLINE_NETWORK_4 192.168.4.0 255.255.255.0
  pager lines 101
  Enable logging
  timestamp of the record
  logging paused
  logging buffered information
  asdm of logging of information
  Within 1500 MTU
  Outside 1500 MTU
  MTU 1500 dmz
  IP verify reverse path to the outside interface
  failover
  primary failover lan unit
  failover failover lan interface Vlan4
  failover interface ip failover 172.16.30.1 255.255.255.252 watch 172.16.30.2
  ICMP unreachable rate-limit 1 burst-size 1
  ASDM image disk0: / asdm - 625.bin
  don't allow no asdm history
  ARP timeout 14400
  Global 1 interface (outside)
  Global interface (dmz) 2
  NAT (inside) 0-list of access inside_nat0_outbound
  NAT (inside) 1 0.0.0.0 0.0.0.0
  static (dmz, external) 101.17.205.123 172.20.0.2 netmask 255.255.255.255
  Access-group outside_access_in in interface outside
  Access-group dmz_to_inside in dmz interface
  Route outside 0.0.0.0 0.0.0.0 101.17.205.115 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-registration DfltAccessPolicy
  AAA authentication enable LOCAL console
  AAA authentication http LOCAL console
  LOCAL AAA authentication serial console
  the ssh LOCAL console AAA authentication
  AAA authentication LOCAL telnet console
  LOCAL AAA authorization command
  Enable http server
  http 0.0.0.0 0.0.0.0 outdoors
  http 0.0.0.0 0.0.0.0 inside
  redirect http outside 80
  SNMP-server host inside 10.150.1.177 community survey * version 2 c
  SNMP-server host inside 10.150.2.38 community survey * version 2 c
  location of Server SNMP Hamilton, Bermuda
  SNMP Server contact René Bouchard
  Community SNMP-server
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Service resetoutside
  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
  Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
  Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  inside
  redirect http outside 80
  SNMP-server host inside 10.150.1.177 community survey * version 2 c
  SNMP-server host inside 10.150.2.38 community survey * version 2 c
  location of Server SNMP Hamilton, Bermuda
  SNMP Server contact René Bouchard
  Community SNMP-server
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Service resetoutside
  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
  Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
  Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
  Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
  Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
  Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  life crypto ipsec security association seconds 28800
  Crypto ipsec kilobytes of life - safety 4608000 association
  Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
  card crypto outside_map3 1 match address outside_cryptomap
  outside_map3 card crypto 1jeu peer 101.88.182.189
  outside_map3 card crypto 1jeu transform-set ESP-3DES-SHA
  card crypto game 2 outside_map3 address outside_2_cryptomap
  outside_map3 crypto map peer set 2 101.1.95.253
  card crypto outside_map3 2 the value transform-set ESP-3DES-SHA
  Crypto map outside_map3 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  outside_map3 interface card crypto outside
  Crypto ca trustpoint bdavpn1
  Terminal registration
  domain name full bdavpn1.domain.bm
  name of the object CN = bdavpn1.domain.bm, OR = Ltd, O is domain, C = US, St is of_confusion, L is Hamilton,[email protected] / * /
  Configure CRL
  Crypto ca certificate card domainincCertificateMap 10
  name of the object attr cn eq sslvpn.domain.com
  Crypto ca certificate chain bdavpn1
  certificate ca 00
  30820267 308201d 0 a0030201 02020100 300 d 0609 2a 864886 f70d0101 04050030
  32310b 30 09060355 04061302 5553310 300 b 0603 d. 55040 has 13 41 53311430 04414c
  12060355 0403130b 63612e61 6c61732e 636f6d30 35303130 31303630 1e170d39
  3335 30313031 30363031 31395 has 30 32310 b 30 170d 3131395a 09060355 04061302
  300b 0603 55040 5553310d has 13 04414c 41 53311430 12060355 0403130b 63612e61
  06092a 86 4886f70d 01010105 0003818d 00308189 819f300d 636f6d30 6c61732e
  c19012ed 02818100 4cf67378 c9347162 2bcf6519 a3ab748f 1c9cae07 5c232c93
  8a 625638 68416412 and 55808768 412675bc 5906ba4a 3ffd1d101 303d0ea7 d559ccf8
  0d425ffc edf1cee8 337ca5c7 5f718f2d 081551f8 fc742b78 8866de9b c82310b0
  89975e30 7ea7f047 bf518ac3 aa2dfd7e f93b1016 7d5261ea 34f18fa7 748d52c8
  7595ecb3 02030100 01a3818c 30818930 1 d 060355 1d0e0416 0414c1ab b8651761
  fc3f12d1 b132322e be36ff6a cecb305a 0603551d 23045330 518014c 1 abb86517
  61fc3f12 d1b13232 2ebe36ff 6acecba1 36 has 43430 32310b 30 09060355 04061302
  300b 0603 55040 5553310d has 13 04414c 41 53311430 12060355 0403130b 63612e61
  6c61732e 636f6d82 0100300c 0603551d 13040530 030101ff 300 d 0609 2a 864886
  f70d0101 818100ad 04050003 1d558eab 05d50f7b b656e2c4 213a9ac3 1cecee73
  0251f931 0b47e84f f3c0847e b2168562 d27330b3 72c8023f b83aeb4a 2db8fbf7
  f4575c8e c56300aa 6d5b0fd3 092e7747 76 76286 26e81b3e 4ca35b71 792380b 9
  ca480932 c58a8ee6 2fa62a73 aa1d209d 68662c 59 0b8a71f1 c2db0cbb 5aefc8c5
  bedcbda7 caf46f0c b01def
  quit smoking
  crypto ISAKMP allow outside
  crypto ISAKMP policy 10
  preshared authentication
  the Encryption
  sha hash
  Group 2
  life 86400
  crypto ISAKMP policy 20
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  crypto ISAKMP policy 30
  authentication rsa - sig
  3des encryption
  sha hash
  Group 2
  life 86400
  No encryption isakmp nat-traversal
  crypto ISAKMP ipsec-over-tcp port 10000
  Telnet 0.0.0.0 0.0.0.0 inside
  Telnet 0.0.0.0 0.0.0.0 outdoors
  Telnet timeout 120
  SSH enable ibou
  SSH 0.0.0.0 0.0.0.0 inside
  SSH 0.0.0.0 0.0.0.0 outdoors
  SSH timeout 60
  Console timeout 0
  management-access inside

  a basic threat threat detection
  threat detection statistics
  a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200
  prefer NTP server 192.168.2.116 source inside
  NTP server 192.168.2.117 source inside
  bdavpn1 point of trust SSL outdoors
  WebVPN
  allow outside
  enable SVC
  attributes of Group Policy DfltGrpPolicy
  Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
  LtdAdmin XRlF3jA1k3JEhNgr encrypted privilege 15 password username
  domainadmin encrypted E1zLpTPUtBADN9og privilege 15 password username
  tunnel-group sslvpn.domain.com type ipsec-l2l
  sslvpn.domain.com group of tunnel ipsec-attributes
  validation by the peer-id cert
  trust-point bdavpn1
  tunnel-group 101.88.182.189 type ipsec-l2l
  IPSec-attributes tunnel-group 101.88.182.189
  pre-shared-key *.
  tunnel-group 101.1.95.253 type ipsec-l2l
  IPSec-attributes tunnel-group 101.1.95.253
  pre-shared-key *.
  tunnel-Group-map enable rules
  Tunnel-Group-map domainincCertificateMap 10 sslvpn.domain.com
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  message-length maximum 10101
  ID-randomization
  ID-incompatibility action log
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the rsh
  inspect the rtsp
  inspect esmtp
  inspect sqlnet
  inspect the skinny
  inspect sunrpc
  inspect xdmcp
  inspect the sip
  inspect the netbios
  inspect the tftp
  inspect the icmp
  inspect the icmp error
  inspect the amp-ipsec
  !
  global service-policy global_policy
  context of prompt hostname
  Cryptochecksum:a23ada0366576d96bd5c343645521107

  Scott,

  When you check the status of the two tunnels of the CLI, check the following:

  HS cry isa--> of his watch as active or QM_IDLE

  HS cry ips his--> shows the packages encrypted/decrypted

  The second tunnel does not properly come upwards, should ensure that policies correspond to the two ends of the tunnel.

  If this second tunnel is started but does not traffic, we might have a problem NAT or routing.

  Federico.

• How descriptions or explanations of the rules and easily accessible rulesets for the end user?

  When rules/rulesets are not configured to run on record in forms, users must run manually, either via the form or via the Tools-Business Rules (BTW: aren't fair rules now that CalcMan is forced?).

  Is there a way to users could easily access a longer description of the different rules and rulesets?  I like that we can add accessible instructions for forms of data, but I can't seem to get more planning than the 'name' of rules / rulesets with the role of Planner.

  There is not a Lane exit from the box to provide a textual content on run from the section of business rules management rules.  There is a way of comments, instructions and explanations in the rule to put, but a user would need to go in Calc Manager to access.  It can also be given on the forms that you mention, and finally, instructions and explanations can be given text information using Task Manager so users will run the business through this interface rule.

• IPM. The weblogic user does not exist in the policy store

  We cannot connect to the MPI with the error: the weblogic user does not exist in the policy store.

  I updated COE field to add the Capture and Imaging.

  We have 11.1.1.8 patched with more late installed environment

  Related to the AD and SSO configured (kerberos)

  Providers are:

  SSO - provider WebLogic negotiate identity Assertion

  OrangeAD - provider that performs LDAP authentication

  DefaultAuthenticator - WebLogic authentication provider

  DefaultIdentityAsserter - provider of assertion of identity WebLogic

  Control for OrangeAD and DefaultAuthenticator flag is SUFFICIENT

  There is no problem with Capture (include SSO)

  Refreshment of the IPM security not solved the problem

  In the discussion that I found said that weblogic user must be added to the provider (AD in my case):

  https://community.Oracle.com/thread/2615536

  Should I do this?

  Is that it can be cause of problems for rest UCM, Capture, Admin servers?

  Thank you

  Leon

  Let me explain here:

  The link that you pointed out only responds by me

  Connection IPM problems

  By default, the WebCenter JpsProvider calls / user role API to retrieve a list of roles that a user is a member. API/user role Gets a list of roles from the leading provider of authentication and ignores other authentication providers.

  The Weblogic jps can be configured so that the user/role API goes against all configured authentication providers. This by adding a property, virtualize and it's true

  From the Enterprise Manager domain

  1. in a browser, go to the page of Weblogic Enterprise Manager

  The URL will usually be something like: http://YourDomainSystem:7001 / em

  2 expand Weblogic domain

  3 right-click the field, and then select security--> security provider Configuration

  4. click on the box to extend the identity store provider.

  5. click on the button set up

  6. in the custom properties, click the Add button.

  7. in the name of property filed enter: virtualize

  8. in the value field, enter: true

  9. click on the OK button

  10 restart the Weblogic Admin Server and the server managed by WCC

  Please find below the Agency's response all risks

  http://www.Ateam-Oracle.com/WebCenter-content-imaging-and-multiple-identity-providers-the-virtualization-issue/

  Thank you

  Ranjan

• Some VMDK of getting scratched twice when the policy States 1 stripe. Disc format 6.0 VSAN 2.

  So I noticed this strange problem on my virtual SAN. 99% of my VMDK are properly implemented with 1 witness and a raid 1 array with 1 disk of two hosts. Like in this picture.

  

  Now, here is an another VM, with the same storage policy, creating a raid 0 of mirrors and to use more space than I care to provide to the virtual machine.

  

  I tried to reapply policies and nothing changes. It's not a huge deal, but I'm just curious to know what would cause this. Oh yes and the kicker is still its in line with the policy says VSAN.

  

  It's perfectly normal in a number of situations and is not a bug. For example, let's do all this time, a VMDK is larger than 255 GB. We are also when there is not enough disk space. See the series of Cormac Virtual SAN (VSAN) - CormacHogan.com blog and specifically part 23: http://cormachogan.com/2014/04/23/vsan-part-23-why-is-my-storage-object-striped/

  I also want to clarify that, contrary to what you said that a RAID-0 doesn't consume additional disk space. It is simply a way to split a mirror into smaller pieces. In short, the size changes however.

  Regarding compliance, if you find the definition, StripeWidth is a _minimum_ of batteries by mirror number to use. VSAN is free to use several axes. Note also in previous cases where we use RAID-0, we can place two strips on the same disc, as long that satisfy the minimum of StripeWidth pins of the requested user.

  Christian

• What is the policy for free upgrades?

  What is the policy for free upgrades? I bought elements 13 Aug 25 and 14 items just came out.

  l https://helpx.adobe.com/x-productkb/Policy-Pricing/Upgrade-Policy-Product-Announcement.htm

• I ordered Lightroom for my PC (#AD005836462DK), but my order has not been approved. No explanation in the receipt e-mail. A wrong?

  I ordered Lightroom for my PC (#AD005836462DK), but my order has not been approved. No explanation in the receipt e-mail. A wrong?

  Hi per,.

  The payment is declined on the side of the Bank. Please contact your bank to get is resolved.

  You can also try to pay with a different credit card.

  Concerning

  Megha Rawat

• Grouping of NETWORK cards reverse the policy

  When I apply a profile esxi 5.0 to 5.1 host, I got the following configuration message. any ideas?

  Hello

  This is mentioned in the 5.1 version of vSphere notes:

  Compliance policy network outages continue to host profiles created from applied guests 5.1 ESXi ESXi 4.1 or ESXi 4.0 hosts
  After you apply a profile created from an ESXi 4.1 or ESXi 4.0 host host to a 5.1, the failures of compliance profile next host ESXi host could continue:

  For the network policy for the Group [NAME of GROUP of PORT] port spec.policy.nicTeaming.failureCriteria property does not match
  For the network policy for the Group [NAME of GROUP of PORT] port spec.policy.nicTeaming.reversePolicy property does not match

  
  

  Network settings above are not supported on ESXi 5.1 hosts and are configured is more when you apply a host profile with these settings.

  Solution: Two options are available:

  • After applying host initially created from an ESXi 4.1 host to a host profile ESXi 5.1, create a new profile of the host from the host ESXi 5.1 and which attach to this 5.1 ESXi host and other affected 5.1 ESXi hosts.
  • Change the policy of grouping of NETWORK adapters in the profile of the host to the option user must explicitly choose political instead of the strategy of grouping NIC specified.

  Now I know IVotre profiles are at the origin of 5.0 but the thought to mention it anyway

• Problem with OAM10g URLS while creating the policy

  We strive to protect a resource in OAM 10 g for this we have created political in this tab resources that we do not get the URL mentioned in the host identifier. Instead of the URL mentioned in the identifier of the host, we get the following URL.
  
  our URL is appearing - dc % 3d % testdc % 2d % com...
  
  Published by: Arii on 24 August 2012 08:15

  Prefix of the URL under the resource tab, is not because the host identifiers. It's because of the configuration you did when installing Policy Manager (after installing Policy Manager). During the Setup, it asks for prefix URI for the policy area and its default value is /.
  See your installation and verify.

• Cannot locate the policy files without restriction for the Sun JCE for download

  My platform:
  Java version "1.6.0_26".
  Java (TM) SE Runtime Environment (build 1.6.0_26 - b03)
  Oracle JRockit (R) (build R28.1.4-7-144370-1.6.0_26-20110617-2130-windows-x86_64, update mode)
  
  I can't locate the files of the PVE skill unlimited force.
  
  According to BouncyCastle for Java 1.6:
  ... "you need to download the policy files without restriction for the Sun JCE if you want the provider to work correctly." Policy files are in the same place as the JDK download. For more information on this can be found in the documentation on the Sun JCE. »

  The version at the bottom of http://www.oracle.com/technetwork/java/javase/downloads/index.html should work.

• Explanation of the BR

  Hi all
  
  First post - please, be gentle.
  
  I'm looking for an explanation of the syntax for code in a BR (we had consultants in the development of our system and I'm trying to tackle some of the rules they put in place, in the hope that someday, someone will pay me 1 trillion pounds per day to do the same for them.)
  
  There was some patches previously, definition of the members of the entity at the lowest level.
  
  The code as follows:
  
  "xxxx" * @MEMBER (@CONCATENATE (@SUBSTRING (@NAME (@PARENT (@CURRMBR ("Entity"))), 0, 4), "undisclosed")) *-> "xxxx".
  
  
  From what I can understand:
  XXXX will be multiplied by a member % undisclosed
  The % is generated by taking the entity dimension, using names of members of the Parent of the level 0 of entity members (as previously set) and the first 4 letters of the name of this member - I can see that the substring is working with 0 and 4. is it just the starting point (0) and (4) endpoint of the text to take?
  
  Making all that noise OK?
  
  I am compiling slowly my own list of orders with explanations as I work through the rules (from Internet research) and own understanding, are downloads Oracle my best bet for this?
  
  Anyone has the text of "look more intelligent that you are" for Essbase 11? Ask you to stick on the list for Santa...
  
  Thank all the time to answer.
  
  JB

  Hello

  The syntax below, it does the following
  1 CURRMBR returns the current entity specified in your fix
  2 PARENT returns the Member of the Member's parent returned by 1.
  3. NAME converts the Member returned by 2 to use as a parameter to substring
  4 SUBSTRING(your_member_name_here, 0, 4) returns 4 characters of your_member_name_here from position 1. So if your string is "your_member_name_here", the result will be "your."
  5. CONCATENATE will add 2 strings together, in your case, this is what is returned by 4 and "undisclosed".
  6 MEMBERS converts the string returned by 5 back to Essbase member since the form requires Essbase member to use and not a string.

  I've seen excerpts of the book Look more intelligent and it seems to be a good start for beginners.

  HTH,
  Gerd

• OAM11g - how to set the policy with the request for protected by URL

  I am trying to perform a configuration of the strategy to protect the following URL on OAM 11 g (11.1.1.5). (The Webgate is 10g, such that it runs on Apache)
  
  https://online.myCustomer.co.UK/dispatch/Portal/AppManager/myCustomer/WRP?_nfpb=true & _pageLabel = Page_AccReg_LoginService & pageid = MV_0000
  
  Given that the '? ' will not be allowed, can anyone suggest how I could build a resource definition to use in the policy?
  
  Following the guidance in Chapter 9 of the guide admin OAM (11.1.x) I thought that...
  
  
  /Dispatch/.../*PageID=MV_0000 in the resource URL field might do the trick.
  
  
  But I do not receive "format of the URL of the resource is not valid. I tried a number of other combinations - less - and were not surprised to see that they are not acceptable either.
  
  
  Anyone got any better suggestions?
  
  And having an old webgate out would cause problems I should know about?
  
  See you soon
  
  Jon.

  Jon,

  11.1.1.5, you can write policy based on query parameters.

  http://download.Oracle.com/docs/CD/E21764_01/doc.1111/e15478/app_domn.htm#AIAAG541

  When you set the OAM resource in your case, set the query string parameter:

  * pageID = MV_0000

  The 'hook' or '?' should appear in the resource when defined in the authentication as policy:

  HostID:/dispatch/.../*?**pageID=MV_0000

  You should be able to set your granularity of policy on query string values.