VMS in an external facing DMZ

Similar Questions

• SSL certificate for the Security Server external facing

  Dear all,

  Today, I bought an external SSL certificate of DigitCert for our security server. I imported the certificates in the personal certificate (computer account) on the Security Server store. DigiCert provided three certificates, root CA, CA server and the other with the name of our domain. I renamed the vdm to the friendly name of the existing self-signed certificate and used the friendly name for the certificate vdm has our domain name. Subsequently, I rebooted consulting on the Security server. They are all released on except the "Display Blast Secure Gateway" service which entered the suspended state.

  On our facility, we have a connection to the server and a security server. To the Security Server, we use a different domain name for connecting to the server. We have an internal PKI and the connection to the server uses an SSL certificate.

  connection to the server = server01.internaldomain.com

  Security Server = server02.externaldomain.com

  Why the certificate cannot be loaded to view Blast Secure Gateway? I missed something?

  Thank you

  Edy

  I solved it. It was with the private key of the certificate. This is the reason that the Blast Secure Gateway could not load.

• Need help with my problem of DirectAccess

  I have configured Windows 2012 DirectAccess with 2 NIC, one as an external connection (DMZ) and internal connection. All operational status is check green Remote Access - Access Remote Management Console Dashboard. But the directaccess to my windows 7 enterprise client does not work correctly:

  

  

  Really grateful if someone could help me.

  This issue is beyond the scope of this site and must be placed on Technet or MSDN

  http://social.technet.Microsoft.com/forums/en-us/home

  http://social.msdn.Microsoft.com/forums/en-us/home

• With an ASA 5520 port forwarding

  Hi all

  I recently bought a Cisco ASA 5520 on eBay for study and I decided to only use it as a firewall between my home LAN and Internet. Wow, what a learning curve! I managed to add my internal networks as objects and create a rule (thanks to youtube) NAT to PAT my internal devices out of the Internet with ASSISTANT Deputy Ministers, but I am really struggling to do the following:-

  -allow all incoming traffic that hits the outside interface for port 38921 and nat at 10.1.10.101:38921

  -allow all incoming traffic that hits the outside interface for port 30392 and nat at 10.1.10.101:30392

  Can someone guide me on how to do it, because I have a couple of services that run behind these ports on a server I want to get when I'm not at home? My (rather messy) config is as follows:-

  hostname FW1

  activate the encrypted password

  encrypted passwd

  names of

  !

  interface GigabitEthernet0/0

  Description * externally facing Internet *.

  nameif outside

  security-level 0

  IP address dhcp setroute

  !

  interface GigabitEthernet0/1

  Description * internal face to 3750 *.

  nameif inside

  security-level 100

  IP 10.1.10.2 255.255.255.0

  !

  interface GigabitEthernet0/2

  Shutdown

  No nameif

  no level of security

  no ip address

  !

  interface GigabitEthernet0/3

  Shutdown

  No nameif

  no level of security

  no ip address

  !

  interface Management0/0

  nameif management

  security-level 100

  IP 192.168.1.1 255.255.255.0

  !

  passive FTP mode

  the VLAN1 object network

  subnet 192.168.1.0 255.255.255.0

  Legacy description

  network of the WiredLAN object

  10.1.10.0 subnet 255.255.255.0

  Wired LAN description

  network of the CorporateWifi object

  10.1.160.0 subnet 255.255.255.0

  Company Description 160 of VLAN wireless

  network of the GuestWifi object

  10.1.165.0 subnet 255.255.255.0

  Description Wireless VLAN 165 comments

  network of the LegacyLAN object

  subnet 192.168.1.0 255.255.255.0

  Description Legacy LAN in place until the change on

  the file server object network

  Home 10.1.10.101

  Description File Server

  service object Service1

  tcp source eq eq 38921 38921 destination service

  1 service Description

  the All_Inside_Networks object-group network

  network-object VLAN1

  network-object, object WiredLAN

  network-object, object CorporateWifi

  network-object, object GuestWifi

  network-object, object LegacyLAN

  object-group service Service2 tcp - udp

  port-object eq 30392

  object-group service DM_INLINE_TCPUDP_1 tcp - udp

  port-object eq 30392

  Group-object Service2

  object-group Protocol TCPUDP

  object-protocol udp

  object-tcp protocol

  Outside_access_in list extended access allowed object-group TCPUDP any inactive FileServer object-group DM_INLINE_TCPUDP_1 object

  Outside_access_in list extended access allowed object Service1 any inactive FileServer object

  pager lines 24

  Enable logging

  asdm of logging of information

  Outside 1500 MTU

  MTU 1500 internal

  management of MTU 1500

  no failover

  ICMP unreachable rate-limit 1 burst-size 1

  ASDM image disk0: / asdm - 714.bin

  don't allow no asdm history

  ARP timeout 14400

  service interface NAT (inside, outside) dynamic source FileServer Service1 inactive Service1

  NAT (all, outside) interface dynamic source All_Inside_Networks

  Access-group Outside_access_in in interface outside

  Internal route 10.1.160.0 255.255.255.0 10.1.10.1 1

  Internal route 10.1.165.0 255.255.255.0 10.1.10.1 1

  Internal route 192.168.1.0 255.255.255.0 10.1.10.1 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  identity of the user by default-domain LOCAL

  Enable http server

  http 10.1.160.15 255.255.255.255 internal

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start

  Telnet 10.1.160.15 255.255.255.255 internal

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  interface ID client DHCP-client to the outside

  management of 192.168.1.2 - dhcpd address 192.168.1.254

  enable dhcpd management

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  WebVPN

  username privilege of encrypted password of Barry 15

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  !

  global service-policy global_policy

  context of prompt hostname

  no remote anonymous reporting call

  Cryptochecksum:19be38edefe8c3fd05e720aedee62c8e

  : end

  1. This is just one example of configuration and another option with to reason and avoid to send us the complete configuration of NAT:

  network of the 10.1.10.101 object

  Home 10.1.10.101

  service object 38921

  tcp source eq 38921 service

  service object 30392

  tcp source eq 30392 service

  NAT (inside, outside) 1 static source 10.1.10.101 38921 38921 service interface

  NAT (inside, outside) 1 static source 10.1.10.101 30392 30392 service interface

  Let me know if it works

• Site to Site ASA translation problem

  Hello

  I would like to ask how to solve this problem:

  Site A is ASA5520 (v7.2) with:
  Interface backwards
  External interface

  On site B is ASA5520 (v8.2) with:
  Interface backwards
  External interface
  DMZ interface

  There's a L2L IPSec tunnel between network ASAs - tunnel is and the correct work of the networks within the ASA networks inside the ASA B.
  -----------------
  I can do a ping to the server (172.25.106.221) on UI inside the ASA A for server (192.168.1.5) within the Interface of the ASA b.

  But I can't do a ping to the server (172.25.106.221) on the UI inside the ASA A server (192.168.0.31) on the Interface of the DMZ of ASA B with a pattern of ASA B: log % ASA-3-305005: no outside group translation not found for icmp src: 172.25.106.221 DMZ:192.168.0.31 (type 8, code 0) dst

  No doubt is there a problem with the static translation on ASA B, so im looking how to solve this problem.

  I posted configuration files (I omitted a few unnecessary configuration line to resolve this problem, I think).

  Thank you much for the help.

  Hey there,

  Checked the config and I noticed he was missing a sheep of the DMZ, there is one for the inside very well.

  : so you can add the following to the ASA B

  NAT (DMZ) 0-list of access ACL_NONAT

  Let me know how it goes, if it helped you can give then replied

  See you soon,.

  MB

• Why we use JMS instead of using HTTP/SOAP WebService

  Hello

  Why we use JMS/SOAP instead of using HTTP/SOAP HTTP being more good on the Protocol TCP/IP (why seller enjoy JMS)

  Why we use JMS rather than to use the direct database because the database JMS use internally to store its payload.

  I've read these post

  < http://Java.dzone.com/articles/performance-soaphttp-vs-soapjm > and

  < http://it.Toolbox.com/blogs/the-SOA-blog/Web-Services-http-vs-JMS-19110 >

  But in reality most of the things we can achieve in the two example

  Consider using SOAP http:
  
  • Externally facing web services (for example, customers or suppliers) ( ) in JMS also is good, that we can do )
  • For simple point-to-point and services stateless ( ) we have point to point in JMS queues using )
  • Where you need a thin client with no installation of MOM
  
  

  Consider using SOAP over JMS for:
  
  • High-volume distributed messaging ( ) Why for high volume JMS is required for HTTP based Web Service ? )
  
  • Asynchronous messaging (based HTTP web service can also be asynchronous and we can use the correlation machining inside()

  • Where a transaction limit is necessary in the middleware (which is operation limit, it is not possible with the basic HTTP web service ? ) )

  
  • Where the message consumers are slower than the producers (the location of that point in difference( )
  • Guarantee deliver ()that we can achieve in web service basic HTTP using the WS-Reliable messaging standard so how this point said difference( )

  • A one-time delivery of messages (what back "only once, sending a message" threat and is not possible with the web service HTTP based ? ) )

  
  • Publish/subscribe ( ) this mechanism broad casting can be done using HTTP based web service also if all applicant read only the recording of database ) (Same JMS use the internal database)

  
  • Distributed systems of peers who can sometimes be disconnected ( ) This also good for basic HTTP web service, we can use correlation sets (asynchronous service) then even if the following resource is not in service expect that it will be available and continue run more. so, how that pint is indicative of difference )

  
  

  Someone tell me really what is the real benefits or difference and why and where we use JMS Web service instead of HTTP based Web (real difference) service base

  
  

  
  

  Thank you

  Hello

  It is difficult to understand your point with this discussion... I don't see what exactly you're trying to lawyer he y... You can obviously use a table knife to unscrew a screw, it will probably work for 90% of cases... But you do not use the right tool for the job, and it can potentially become very difficult... You can even cut a finger and wish you had used the tool that was actually designed to work you have to do... What you're trying to find that it is the best tool for your use case, the options are endless...

  See you soon,.

  Vlad

• Internal access to the servers of the network security

  Hi all

  I'm trying to set up a html to Internet to our internal virtual desktop computer connection.

  From our internal network, all network traffic through the login server located on the internal network, no problem.

  On the Internet, the connection is established with the Security Server, but when we try to access our desktop from view, security server tries to join the bureau with his private address that is not reachable from the demilitarized zone.

  Blast Secure Gateway seems to be configured correctly, and we try to avoid the NIC pluging 2nd on security for access to our private network server.

  Any idea about this problem?

  I read a lot of literature on this type of configuration, and it seems, that it should be possible without a second network adapter is not recommended.

  Thanks a lot for your help.

  Kind regards

  Sylvain

  To establish the Blast session via the Security Server, the SS will attempt to connect to the machine via TCP 22443 vDesktop, then Yes, you need to create a firewall rule that allows a NIC SS create a TCP 22443 with any IP virtual desktop connection.

  This is essentially the reason why people add 2 interfaces to SS - a Public-facing DMZ network (can connect on the internet) and another private-DMZ in front of a network (not exposed to the Internet, only life SS here).

  In the case of a single adapter, you must allow the Public DMZ network connections on your virtual desktop, which is not desirable in most cases.

  Architecture 2nic 'Typical' or town:

  Mighty Internet |   Public-DMZ |  Private-DMZ |   Internal network

  Customer > 443, 8443 |   SSPubNic |  SSPrivNIC > 22443 |  Any virtual office

  + firewall rules that allow the communication of the SS (above SSPrivNic probably deal) with CS

  Direct connections to the internal network from the Internet or Public-DMZ net are not allowed.

  In case of a single NETWORK adapter for your SS:

  Mighty Internet |        DMZ                 |   Internal network

  Customer > 443, 8443 |   SSPubNic > 22443 |  Any virtual office

  + firewall rules that allow the communication of the SS with CS

  In case of a single NETWORK adapter for your SS, you're allowing direct connections to a wide enough area of your network private directly from the network to the DMZ, which is exposed to the Internet and that should be attacked.

  It should work. If it is acceptable from the point of view of security is something different and more likely to your security administrator.

  Hope this helps and I hope that I forgot something important...

• Is it possible to have 2 subnets acess internet and eachother?

  Hi guys, thanks for reading!

  
  

  So, I take a VMware class right now, but it's really simple. They don't go much in networking, but being me I always try to learn as much as I can whatever it is. I was tinkering around with the editor of network virtual and understood how to use.

  
  

  Here's the thing though, I have a server Win2k12 and my own machine. My home network is 10.10.1.100

  My virtual machine is on VmNet2 (10.5.1.100), however I wish I could connect my VM to the internet.

  It is only allowing a host only link, I guess I'm not too savvy network.

  
  

  Basically, what I'm trying to accomplish is to have my computer that has an IP address and the subnet of 10.10. 1.101

  connect to my virtual computer which is 10.5 .1.101. While maintaining connectivity to the internet and other devices on the network if necessary.
  

  
  

  
  

  How, or 'can' do this?

  
  

  Thank you for your time!

  Welcome to the community,

  with hosted VMware products, there are essentially 3 different options of networking available in the virtual network, Host-Only, NAT editor and connected by a bridge. Host-Only - as its name suggests - is used if only required network communication between the virtual machines in the guest only network and the host system. Bridged is generally used if the virtual machine requires external access and must also be accessible from the outside. NAT - which could be the option you're looking for - is used for the VMs that need external access, but do not need to be accessible (except for the host system). So what you can do is to configure NAT (default vmnet8) networking with the settings you need.

  André

• How NAT with pfsense on ESXI

  I have install esxi 4 on my server with 1 ip (xxx.xxx.xxx.xxx) public static

  Then, I created 1 vswitchs named 'DMZ' with no attached NICs.

  I have therefore 2 vswitch (vswitch 0 (GRPE Managerment ports) and VM Machines (WAN)) and 1(For DMZ) vswitch). I installed PFsense by using 2 NICs (Machines (WAN) VMS on vswitch 0 and DMZ on vswitch 1)

  Once installed, I put the on pfsense wan interface to Nic WAN and he attributed ip xxx.xxx.xxx.xxx (the same as the IP for the esxi host).

  But the pfsense can not connect to internet and also move towards the gateway.

  Could someone please help me in this case?

  Can I NAT for virtual machines via pfsense comes with a single IP (xxx.xxx.xxx.xxx)?

  Here are the pictures.

  

  

  

  Thanks in advance

  Once installed, I put the on pfsense wan interface to Nic WAN and he attributed ip xxx.xxx.xxx.xxx (the same as the IP for the esxi host).

  You cannot use the same IP address for ESXi host and pfSense... WAN interface that will generate a duplicate IP problem and a server (or both) will not work correctly.

• Determination of needs memory to SQL Server

  Hi all

  I've looked everywhere and can't seem to find the answer to this question.  And it seems strange because I really can't believe I'd be the first person in this situation.

  The situation:

  I pull some data on about 30 servers perfmon to size a new farm to run some of our external facing infrastructure.  I get good data most of the boxes (ui, search, intermediate level, etc.) but not the SQL servers.  Regardless of the load on the server, SQL seems to devour almost all available memory.  Read about managing memory SQL, it is not surprising that he would show the way in perfom and/or the Task Manager, but I need to get a handle on the amount of memory, these servers will need to function properly.

  I know that there is much more to the issue of performance, but a SQL Server in particular has 32 GB of physical memory and SQL is actively filling 30 of it.  It would make a horrible candidate (like less because our host record and consolidation target ratios) for virtual server.  That said, I like the impression that this server might work on much less and uses this 30G because he can.

  There are people who would say "Start with 4 G, test, and add more than necessary".  Unfortunately, this is not really an option for us given the timeline and the visibility of the migration.

  Thanks in advance to anyone who can provide assistance here!

  -Brent

  Personally I start with 1 GB and work toward the top, but this depends on how active do you think that the server is.  If you think its quite busy then try using 2 GB for the operating system and give 1.5 GB to SQL and see how it behaves.

  Unfortunately, SQL will use given to her in the SQL Manager properties before you begin to re - use all available memory.

  The only way to really tell is to determine if your server is under memory pressure and adjust accordingly.  Unfortunately, this means start low and going back as things are going to hell.

  This will help to see if your server knows the memory pressure

  http://www.4penny.NET/SQL-Server-Troublshooting.aspx

  Memory

  • Memory: Available bytes

  • Memory: Pages/sec reads

  • Process: Working together: sqlserver

  • SQL Server: Buffer Manager: Buffer Cache Hit Ratio

  • SQL Server: Memory Manager: Total memory of the server (KB)

  The memory: available bytes indicates the amount of physical memory, in bytes.

  immediately available for allocation to a process or for system use. It is a memory

  not currently in use by the system.

  The memory: pages/sec reads shows the rate, in incidents per second, at which the

  disk was read to resolve hard page faults. This counter indicates the number of read operations, without

  with regard to the number of pages retrieved in each operation. Hard page faults occur when a process

  fact refers to a virtual memory page that must be retrieved from disk because it is not in his

  working set or elsewhere in physical memory. This counter is a primary indicator for types

  defects that cause delays throughout the system.

  A low number of available bytes indicates that there may be not enough memory available;

  or processes, including SQL Server, may not be free memory. A high number of faults Pages/sec

  indicate excessive paging. A more in-depth look at individual instances of process: Page

  Defects/s, to see if the SQL Server process, for example, has an excessive paging can be

  necessary. A low rate of defects of Pages/sec (usually 5 to 10 per second) is normal, as the

  operating system will continue to make a home on the range of work.

  Ideally, we'd like for SQL Server to be the only application on the server and with most of

  the memory in the box. Add memory to a server and configure SQL Server to use is

  beyond the scope of this article, but the more, the better.

  The process: working together: sqlserver instance indicates the amount of memory that SQL Server

  use, in bytes. If the number is always less than the amount of SQL Server is configured

  for use by the MIN SERVER MEMORY and MAX SERVER MEMORY options, and then SQL Server is

  configured for too much memory. Otherwise, you may have to increase the RAM and MAX SERVER MEMORY.

  Buffer Cache Hit Ratio should be constantly greater than 90. This indicates that the

  data provided 90 per cent of requests for data cache. If this value is always

  low, it is a very good indicator that needs more memory to SQL Server. If it is available

  Bytes is low, which means that we should add more RAM.

  If the total memory of the server for SQL Server is always higher than the total memory of the server,

  It indicates that there is not enough RAM. This counter is in KB, as opposed to bytes for the process: working together: sqlserver

• vShield network rules

  Hello

  We have just started to have a game with vShield in our demo environment. We plan setting up a hosted FRO solution some of our customers. We would like to do is as secure as possible. I have a few questions.

  1. we will be separating most of the customers on their own local VIRTUAL private network. We want to ensure this a little more and provide logging of limiting traffic to oneVLAN the other. My thought is to create a default rule on the WALL of the VM for each VLAN which does not allow all traffic on the local VIRTUAL network to talk about the virtual computer on the same VLAN. The last rule would block all communications received this VLAN for all traffic for all areas of ogranisational.

  I hope that this will prevent traffic from a VIRTUAL local network to reach all the others and provide audit. All virtual machines on this VLAN must be able to communicate with their default gateway and talk to the rest of the world?

  2. is it possible to use vShield to apply IP addresses configured for a switch port or virtual? in some situations, it is not possible to place customerson a VLAN dedicated (with external facing IP users should be placed on the same VLAN). Or do we need to use the virtual Cisco to do this switch, if it supports this?

  We are concerned that customers have the ability to run attacks arp spoofing, or accidentally set external IP wrong which will conflict with another customer.

  See you soon

  Michael

  2. is it possible to use
  applied vShield configured IP addresses on a switch port or virtual? in
  some cases it is not possible to place a one customerson
  dedicated VLAN (with external facing IP users should be placed
  on the same VLAN). Or do we need to use the cisco virtual switch for
  to do this, if it supports this?

  Michael,

  For a base level area protection, vShield will probably do the job. More granular segmentation and policy, reflex Systems has a based vmSafe solution that can provide the level of protection you are looking for.  In fact, it can provide all the segmentation without using VIRTUAL LANs to all... Because it's vmsafe (kernel level), you can set the areas/sectors fully as policy without having to mess with the help of VLAN.  For more information and details usability release me to PM or read about it at http://www.reflexsystems.com/Technology/vTrust.

  -Mike

• PIX 515E external SMTP and POP access DMZ

  Hi all

  I need help to solve the problem I am facing with the configuration.

  config: PIX515E Ver 6.3 (1), with 6 interfaces outside the interface is connected to the Internet router and assigned public IP. Access to the Internet is configured for users connected inside Interface only using the command Nat & Global (Global off-1 Interface). I want to activate the access to electronic mail (SMTP & POP3) host couple in one of the demilitarized zone.

  1 NAT configured on the interface & access list applied. If I allowed SMTP & POP only I even don't get a kick on the access list. If I have IP enable any of these hosts, I can surf the net, E-mail etc. After that when I restict to SMTP & POP only, it works for a while, after some time, I don't see any future success to the access list.

  What could the case of such behavior, I missing something...?, I'm confused.

  Thanks in advance.

  Best regards

  Ensure that you allow DNS from these hosts too (UDP/53), as they're going to do queries DNS for the remote host IP address and the domain MX record before they can establish a connection to the mail host relevant external.

  If you allow all IP then they will be able to make the DNS query, then perform the connection SMTP/POP, and they will be cached DNS queries for awhile that's why it works for a while after the removal of the ACL. Once the DNS cache expires in these hosts, they must make another DNS query causing crashes so that you don't have him through the ACL permits.

• Management of the external/DMZ switch

  How do you suggest I manage external switches to a firewall. We have a switch on the outside of our firewall I want to be able to connect to SNMP and also use GANYMEDE, NTP, remote syslog, etc.. It would be preferable to give IP in the physical (read: external) subnet, or put one of the ports in a vlan separate and connect to this port to the segment internal. It seems as though this is precarious, because he crosses boundaries, but I'm not sure. Thank you.

  Hello

  As you mentioned on the firewall to the outside, the minimum configuration is a switch connecting your firewall outside interface for external devices like the router boxes and internet vpn.

  Side of the firewall, you need the static NAT address GANYMEDE, NTP, SNMP, syslog server to a public IP address to be accessible from the outside, more precisely by the switch. Create an ACL (or add existing) strictly for the switch (via its public IP address) to specific services such as GANYMEDE (tcp 49) / NTP(udp 123) /SNMP (udp 161/162) /Syslog (udp514) to your internal servers.

  On the side of the switch, you can public IP address assigned to the switch with all authentications by default points to the public IP of the internal server to GANYMEDE (NATted in the firewall). Your aaa configuration should point to your internal ACS server.

  Recommendation of Cisco switch, especially when you placed it outside the firewall, is more or less similar to the steps to secure your router. He talks about securing access to the box, services management/limit flooding, etc. Read the Cisco documentation on how to secure the router for a reference:

  http://www.Cisco.com/en/us/Tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

  http://www.NSA.gov/SNAC/downloads_cisco.cfm?menuid=scg10.3.1

  Rgds,

  AK

• How to copy templates VMs on external hard drive?

  It drives me crazy. I do this in a lab.

  I have created a host of vSphere with some invited there virtual machines. Now before I destroy it, I want to keep a copy of these models of vm for my next trial laboratory

  I can't find any way to copy these models to an external hard drive! It used to be an option in vCenter Converter to make the files ovf but who went too - or I can't find where is this option.

  Help!

  You should be able to export the virtual machine such as OVF with vSphere Client.

  File-> Export-> Export OVF model

• Facing many problems on the creation of directory and an external Table

  Question:
  
  The strange thing is that if you look at the question 10-b page 3-41, it says:
  (page 3-41 "Oracle Database 10g SQL Fund. II Vol.1")
  
  Merge the data into the EMP_DATA table that is created in the lab last in the data in the table emp_hist. assume
  EMP_DATA external table data corresponds to the EMP_HIST of table, update the email column
  table EMP_HIST to match the row in the EMP_DATA table. If a row in the EMP_DATA table is not
  match, to be inserted in the tables of EMP_HIST lines are considered as corresponding whenever his first and
  family name are the same.
  
  For me, this issue is built wrong. First of all in the last lab we have not been asked to create EMP_DATA. Secondly, EMP_DATA is empty.
  Thirdly, this question asks us to merge into the table EMP_HIST while EMP_DATA is empty.
  
  Table EMP_HIST currently copied data from the employees table. Structure EMP_HIST:
  
  FIRST NAME VARCHAR2 (20)
  LAST_NAME NOT NULL VARCHAR2 (25)
  EMAIL NOT NULL VARCHAR2 (45)
  
  Anway, I did the merger as follows:
  
  merge into e emp_hist
  with the help of emp_data d
  on (e.first_name = d.first_name)
  When matched then
  game update
  Select = d.last_name,
  e.email = d.email
  When not matched then
  Insert values (d.first_name, d.last_name, d.email);
  
  I get this error:
  
  Error report:
  SQL error: ORA-29913: error in executing ODCIEXTTABLEOPEN legend
  ORA-29400: data cartridge error
  KUP-04040: file emp.dat in EMP_DIR not found
  ORA-06512: at "SYS." ORACLE_LOADER', line 19
  29913 00000 - "error in the execution of %s legend".
  * Cause: The execution of the specified legend caused an error.
  * Action: Examine the error messages take appropriate measures.
  
  On the other hand, I said I'm going to try this:
  
  merge into emp_data d
  using e emp_hist
  on (d.first_name = e.first_name)
  When matched then
  game update
  d.last_name = select,
  d.email = e.email
  When not matched then
  Insert values (e.first_name, select, e.email);
  
  I get this error because the external table is final once its creation is as far as I know:
  
  Error report:
  SQL error: ORA-30657: operation not supported on external organized table
  30657.0000 - "operation not supported on external-organized table".
  * Cause: User attempted on the operation on an external table which is
  not supported.
  * Action: Don't do that!
  
  **********************************
  
  I don't know what to do. I did my best, please help.
  
  Published by: user11164565 on July 27, 2009 02:43

  user11164565 wrote:
  NOTE: I did my best, I've done everything I can do, but the problem persists. Help, please

  I'll mention all the steps that I made it clear...

  I gave scott the following grants:

  grant create any directory Scott;
  grant read on the directory emp_dir to scott;

  -----------------------

  1. create a directory and its been created successfully:

  create or replace directory emp_dir
  like 'F:\emp_dir ';

  Then I made just to make sure that my directory is recognized the following:

  SELECT *.
  OF dba_directories;

  I found the drive among the results...

  OWNER NOM_REPERTOIRE
  ------------------------------ ------------------------------
  DIRECTORY_PATH
  --------------------------------------------------------------------------------
  SYS EMP_DIR
  F:\emp_dir

  SYS SUBDIR
  D:\oracle\product\10.2.0\db_1\demo\schema\order_entry\/2002/Sep

  SYS XMLDIR
  D:\oracle\product\10.2.0\db_1\demo\schema\order_entry\

  ----------------------
  2. I created an external table emp_data (the script is given by the text book): successfully done

  drop table emp_data;

  CREATE TABLE emp_data
  (first name VARCHAR2 (20))
  , last_name VARCHAR2 (20)
  , email VARCHAR2 (30)
  )
  EXTERNAL ORGANIZATION
  (
  TYPE oracle_loader
  Emp_dir default DIRECTORY
  ACCESS SETTINGS
  (
  RECORDS DELIMITED BY NEWLINE CHARACTERSET US7ASCII
  NOBADFILE
  NOLOGFILE
  FIELDS
  (first name POSITION (01:20) TANK)

  
  , last_name POSITION (22:41) TANK
  CHAR POSITION (43:72) by email)
  )
  LOCATION ('emp.dat'));

  --------------------------------

  3. I went to drive F:\ to see if emp_dir file exist or not! I did not see it. I checked the files hidden, nothing. Anyway, I ignored and did step 4.

  "Anyway, I ignored him... "

  and so the rest of your problems. I do not see in the steps you told that acually you created a directory ("folder") named "\emp_dir" on your f: drive. Anything that you create the database will actually create this directory on the operating system. Uttering a directory in Oracle, uttering an external table in Oracle, don't create pointers to Oracle objects will assume just actually exists.