Thursday, July 28, 2011

Basic OS and Hardware Knowledge for SAP Basis

Most Basis are from IT Administrator or DBA staff. They should have good knowledge on their field. Network Administrator has good knowledge on network stuff, router such as Cisco, 3COM, Nortell, etc, OS Administrator has specific knowledge about OS specific command, and DBA has well knowledge about database design, database query, database performance, database daily administration, etc.

If you have one of those knowledge, then that's good point and has great advantages for you. But if you don't have it, don't be shame. All you need is start to learn. Make it fast. That's all.

Depend on what kind of you SAP server and database your company will use, then you'll need to master them. Some operating system are very popular as SAP server such as IBM AIX, HP HPUX, Microsoft Windows, SUN Solaris, Redhat RHEL, and Novell SLES. You need to master specific configuration. Sometime you may tune some OS kernel.
IBM provide great books via redbooks website. You just need to download some of them. HP also provide some books although not as complete as IBM does. You need to buy some books if your company use SUN Solaris. If your company use Linux then you're lucky guy. Linux has numeruous books on internet which freely available to download. You also can start learning before SAP implementation because you can download Linux OS freely from internet.

Database software which are popular as SAP database software are Oracle, IBM DB2 and Microsoft SQL Server. You can start learning them by buying some books. Oracle is the most popular on the planet. There are many books about Oracle on bookstore. Many website and blogs explain Oracle tips and tricks. You can start learning IBM DB2 by downloading some ebooks from Redbooks website. Microsoft also provides some good books about SQL Server.

After you master some of basic configuration about operating system and database then you should be ready to start SAP implemenation. Let's SAP implementaion begin !!


SAP Basis Reference

Tuesday, July 26, 2011

WinXP RDesktop License Reset

Delete the mslicensing key from the registry in the path


delete the complete MSlicensing key from the client computer which tries to establish a remote session.

after u delete this key , the client machine would once again be issue a temp license and it would be valid for another 120 days in case of 2003 licensing server .

If the previous solution does not resolve this problem, create a backup of the MSLicensing registry key and its subkeys on the client, and then remove the original key and subkeys by doing the following:

1. On the client, navigate to the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing.

2. Click MSLicensing.

3. On the Registry menu, click Export Registry File.

4. In the File name box, type mslicensingbackup, and then click Save.

5. If you need to restore this registry key in the future, double-click mslicensingbackup.reg.

6. On the Edit menu, click Delete, and then click Yes to confirm the deletion of the MSLicensing registry subkey.

7. Close Registry Editor, and then restart the computer.

When the client is restarted, the missing registry key is rebuilt.To resolve this problem automatically, click the Fix this problem link. Then, click Run in the File Download dialog box.

Configure Cisco Port Security on Switches and Router Interfaces

Cisco Port Security is a features that can help secure access to the physical network. Any Network admins nightmare is an unauthorised device or a PC connecting to the network. This could be as simple as an innocent guest plugging his PC into a floor port hoping to get an internet connection or a malicious intruder connecting to the network trying to gain access to confidential information.
Consequences could as bad as

• Virus, Spyware or malware infection from a PC unprotected PC
• A malicious hacker or an intruder gaining access to the network
• A malicous attacker launching a Denial of Service attack using MAC Address flooding

Cisco IOS has the port-security feature which can be used to restrict the MAC-Address of the devices that connects to each of the physical switchports.
Cisco Port-Security can help to

• restrict the MAC-address or addresses that can connect through a switchport [default: first connected device MAC Address]
• restrict the number of MAC-Addresses that can connect through a switchport [default is 1 and maximum is 128]
• set aging in minutes of the MAC Addresses registed
• Action to take when there is a violation detected (default is to disable the port and send an SNMP Trap message to the SNMP management server (if any))

For a switch port to be security enabled,
• the switchport cannot be a Trunk Port
• the switchport cannot be a destination port for a Switchport Analyzer (SPAN)
• the switchport cannot belong to an EtherChannel port-channel interface
• the switchport cannot be an 802.1X port

If you try to enable 802.1X on a secure port, an error message appears, and 802.1X is not enabled. If you try to change an 802.1X-enabled port to a secure port, an error message appears, and the security settings are not changed.
To enable Port Security on a Cisco Switch or router interface
Enter the interface config mode (say fa0/1)

Switch# conf t
Switch(config)# interface fastethernet 0/1
Switch(config-if)# switchport mode access

This sets the switchport to access mode. Default mode of "Dynamic desirable" cannot be configured as a secure port

Switch(config-if)# switchport port-security

This enables the port security on the switchport with the defaults [1 MAC Address allowed, 1st connected MAC Address, disable port if there is a violation]
If you know the MAC Address of the device and that thats the only device that connects to the swicthport (for example, A server on a Serverfarm switch) then you can set the MAC-Address manually.

Switchport(config-if)# switchport port-security mac-address 1111.2222.3333
Where 1111.2222.3333 is the MAC Address of the server. This will disable the secure port, if any other device other than the one with the above MAC-Address connects to the switch port.

If there is a switch or a hub (say 12 port or a 24 port) that connects to the switchport which you want to secure then you can set the maximum number ofMAC-Addresses that connects to the port and/or set the MAC-Address optionally.

Switchport(config-if)# switchport port-security max 12
This sets the maximum number of mac-address allowed on the secure port (default is 128).

One step further, if you want to manually add some or all of these MAC-Addresses then you can specify using the following command one for each MAC-Address

Switchport(config-if)# switchport port-security mac-address 0000.0000.0000
Switchport(config-if)# switchport port-security mac-address 0000.0000.1111

If now, you need to set the maximum number of MAC Addresses on the switchport but are aware that some or most of them are temporary ones (guest users or temporary workers) then you can set the aging time on the port-security which allowsMAC-Addresses on the Secure switchport will be deleted after the set aging time.

This helps to avoid a situation where obsolete MAC-Address occupies the table and saturates causing a violation (when the max number exceeds).

Switchport(config-if)# switchport port-security aging time 10
Where time is specified in minutes (10 mins in the above)

Now, you can set the action to be taken when there is a violation. The default is to shutdown the port and mark the port err-disabled.
For example,

Switchport(config-if)# switchport port-security violation protect

Where protect is the action taken when a violation event is triggered.
The actions are

protect — Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.

restrict — Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the Security Violation counter to increment.

shutdown (default) — Puts the interface into the error-disabled state immediately and sends an SNMP trap notification.

To show the port-security,
Switch# show port-security interface fastethernet 0/1
Switch# show port-security
Switch# show port-security address

VMWare ESX License

To check VMWare ESX License
(vim-cmd vimsvc/license --show | more)

Windows 2008 R2 - SP1 (Direct Download Link)

Monday, July 4, 2011

VMWare ESXi Server Implementation

What is VMWare ESXi and Features?

- VMware ESXi is the latest hypervisor architecture from VMware.
- ESXi can be Consolidate all the servers to one physical Machine.
- Not relying on Host’s Operating System (Pure Virtualization OS).
- Start from ESX Vsphere 4.x (Support Only 64 Bit Hardware)
- Support up to 2 TB of Physical Memory.
- Support up to 256 guests machines.
- Can support 32 bit or 64 bit Guest OS (i.e Windows, Linux, Unix)
- ESXi can be run from Server’s SD RAM (Do not need to waste Host’s Storage Space)
- With VMWare Converter, we can convert all the physical machines to VMware ESXi.
- With VSphere Client, we can manage all our virtual machines from one host.
- ESXi’s thin provision technology, can eliminate unnecessary disk usage.
- Can be backup and restore all the virtual machines while servers are still running.
- Can attach with iSCSI and Fiber Channel (External Storage)
- Can add or remove RAM while the virtual servers still running.
- No more hardware cost for New Development Servers.
- We can test new software and patches on Virtual machines.
- Reduce of Electrical Power usage.

Further more information