Are SAP clients 000, 001, 066 present in all environments? - sap-basis

As it is known that in SAP system there are 000, 001, 066 as default clients.
Suppose we do have separate systems for Development, Quality assurance and production so will those 3 default clients be present in all the systems?

Yes, these clients will exist in all SAP Netweaver ABAP systems.
Each client has specific roles:
Client 000 is the main admin client, where your basis team will install/upgrade the system.
Client 001 is a copy of client 000 which was created during the installation of the system.
Client 066 is used by EWA (Early Watch Alerts), if it's configured on your SLD (System Landscape Domain). This client is not mandatory anymore after 7.40 as explained below.
That's necessary too for a maintenance planner at SAP site.
It's possible to remove clients 001 and 066 as explained in note 1749142 - How to remove unused clients including client 001 and 066 and the same is publicly available in this blog post. This note & post also say that:
SAP NetWeaver 7.40 is the last release delivering the client 066 with the installation or upgrade.

Yes they are part of the standard install for all instances.

All these clients(000,001 and 066) are created by default when you install any SAP system.
These clients will be present in all dev,test and production as well

Related

GCP VM Instance compromised. How to secure it?

So last night I got a mail from google-cloud-compliance that one of the VM instances have some critical problems and it will be suspended after 72 hours if the pattern is continued and appeal not filed. Below is the mail I received.
We have recently detected that your Google Cloud Project has been
performing intrusion attempts against a third-party and appears to be
violating our Terms of Service. Specifically, we detected port
scanning on remote port 22 originating from your Compute Engine
project targeting more than 4451 IP addresses between 2019-04-02 09:31
and 2019-04-02 09:55 (Pacific Time). Please check the traffic
originating from all your instances and fix any other instances that
may be impacted by this.
To access the VM via ssh you've to add your public key in the instance itself and A minimal Django project is deployed in the instance so I don't think it was due to both of these things. So my question is what caused it and how I can secure my VM instance.
I will strongly recommend you to delete your VM instance, as you cannot be completely sure about until what extent it has been compromised.
Once everything has been recreated again, you can take some measures to try to prevent this from happening again. As stated in the comments, I will use strong passwords and I will make sure that all the software you are using is properly updated and patched, especially Django.
Also, I would take a look to the firewall rules, using the least privilege best-practice. For example, you can make sure that only the IPs you are using to access your instance are allowed in port 22.
Finally, I would suggest you to take a look to this. It is a new Beta feature that allows you to detect “DDoS attacks originating inside your organization”. Besides you can check this best practices in order to harden SSH access. Especially remarkable among them is https://www.sshguard.net/ which is able to recognize patterns such as several login failures within a few seconds and then block the offending IP.

Network automation: Difference between Salt and ONOS

What is the difference between 'networking operating systems' like ONOS, ONAP, Opendaylight and 'configuration management' platforms like Salt, Ansible, Puppet? More specifically, when would I choose one over the other? I have done some research on all these, and as far as I can tell, the configuration management platforms are, as the name implies, for configuring the network, and the operating system platforms are an actual software defined network that can also configure networks/networking devices plus more.
You're really talking about 3 different things.
OpenDaylight and ONOS are network controller platforms. While ONOS is starting to become feature parity with OpenDaylight, OpenDaylight is more widely deployed (over 1 billion people in production using it) and more supported.
ONAP is a is used to design, create, orchestrate, monitor, and perform life cycle management of open source and commercial VNFs and legacy networks. ONAP uses OpenDaylight MD-SAL at it's core.
I don't have much experience with SALT but it, Ansible and Puppet are flexible DevOps configuration utilities for managing users, services and general automation.

what is the difference between IBM API manager & IBM Data power?

I recently entered into some API management tools. I could see these API management tools can do whatever Data-power is doing and these are also placed in front of back-end services to protect the back-end servers.
So,what makes Data-power unique?Or is it fair to compare Data-power with API management tools as its competitors?If yes, why IBM itself brought in a tool named IBM API management?
Ok, so the API solution from IBM, now called IBM API Connect (APIc) is more or less just the GUI to handle, set or view your APIS and statistics about them.
The actual HTTP requests (or IBM MQ requests) when using one of your API's goes through the API run-time.
IBM offers two different run-times today, MicroGateway (former StrongLoop) or IBM DataPower. DataPower comes as either hardware appliance, a virtual appliance or as a Docker container.
If you select to run APIc on DataPower you will be able to use all of the other features of Datapower as well (and there is a ton of them!).
MicroGateway is a Node.js runtime so it requires its own server and cluster obviously.
DataPower has built in cluster support and of course a DataPower appliance is built to sit Internet facing in the DMZ so all security is covered!
You will also have a few more functions/features in APIc using DataPower as the runtime.
So, to answer your question; No, it is not fair to compare APIc on DataPower with the competitors of "just" API solutions as DataPower brings in so much more to the deal. DataPower is a full grown gateway solutions for all your integration needs and it comes with FTP, sFTP, IBM MQ, Node.js runtime, HTTP server, SOAP WS-I, AS1-4, EDI (X12 and EDIFACT), etc.
If you want to compare to other API vendors you should really compare APIc on MicroGateway in my opinion...
You can test both APIc and DataPower (Docker) for free in "non-production" use:
https://developer.ibm.com/apiconnect/getting-started/
https://hub.docker.com/r/ibmcom/datapower/

Which options are there for ip phone provisioning servers?

I want to know which options exist to provision (configure) multiple VoIP phones from multiple vendors for use with an Asterisk server. I'd like some kind of interface to manage extensions, configuration templates and so on.
Here's what I found so far:
FreePBX has a commercial module called Endpoint Manager which seems to do what I want. However, I don't like the idea of having to run a web server on the same machine (or container) that runs Asterisk. It seems like a bad idea which increases the attack surface of the Asterisk server. I would much rather have an endpoint manager on a separate server (or container) but I can't find any information about running or buying the Endpoint Manager outside of FreePBX.
Phonism advertises a "Cloud based IP phone provisioning and management system. Their service looks promising, but the number of supported phones is lower and I'm not completely sold on requiring the internet connection to configure the phone extensions in an office.
All the other solutions I found are tied to their complete proprietary VoIP solution (3CX, Kerio, etc.) or to a particular VoIP phone vendor.
Is anything else available? Or do people usually use a single VoIP phone vendor and use their own specific configuration method?
Since I can't find any phone provisioning solution which fits my needs, I'm questioning my understanding of Asterisk deployment best practices. Is using a plain Asterisk deployment a good idea or is it too bare in terms of related tooling?
You are thinking about this in a way that is too abstract and generic.
A voip equipment vendor will provide documentation which describes what provisioning protocols are used and how to use them. Then you can find a tool to use which meets that requirement and also suits your environment and skills.
Vendors usually provide proprietary tools to generate provisioning files too.
That said you should be advised that TFTP (trivial file transfer protocol) is a common provisioning method.
If you are using a bare bones asterisk install on linux then setting up your own TFTP server on linux is, well, trivial in comparison.
Running a provisioning server and asterisk server on different boxes is of course possible but you'll need to find or build some integration tools to keep provisioning config and asterisk config in sync (if that's important to you). I can't think of a reason why using two boxes makes this work significantly more difficult though.

SQL Server license - Winforms or Web Application?

We are currently using SQL Server 2008 Express Edition, but would like to upgrade to Standard Edition. Does it mean that we need a license with 20 seats, if we have 20 Active Directory users that are using the DB from a C# application?
If yes, does it make sense to switch from Windows Forms to Web Applications in order to decrease the amount of licenses needed?
Switching to a web app won't change the licensing needs of your application. If you have 20 users connecting to your SQL Server then you need 20 CALs for Standard Edition as whilst you may have a single "user" connecting to the DB you're still servicing 20 users. The MS license docs cover this in some detail.
The alternative approach for to go with per processor licenses. You obviously need to do the maths to work out which option is more cost effective for your user growth estimates.
Given that you're starting at 20 users the per user (CAL) route will probably be the cheapest option.
You have two types of licenses available to you, each with their own set of rules and scenarios where they make sense.
Per Processor License. Here you license each physical (or virtual if you are using virtualization and depending on the Sql Server Edition) processors.
Server/CAL license. Here you would buy a license for each server running Sql Server and Client Access Licenses (CAL) for each user or device. Note that a CAL would allow that user or device to connect to any number of SQL Servers without the need to buy additional CALs if you add additional servers. Also, any type of software or hardware that reduces the number of devices or users that directly access SQL Server (an example would be the use of a web application to reduce the number of users that connect to the database directly through connection pooling) would NOT reduce the number of CALs you get. You will still need to get them for each user using the web application.
The following microsoft link provides pricing points for Sql Server 2008 and also includes a Sql Server 2008 R2 Quick Reference, which includes all the information that you might need. We can see that based on the above link:
Per Processor would cost you $7,171.00
Server/CAL would end up being $4,178.00 based on the bellow calculations
Server $898.00
CAL $164.00 x 20 = $3,280
Total $898.00 + $3,280 = $4,178.00
Of course this is an estimate that doesn't include tax, discounts, or software assurance.
If you want more information I would recommend asking on serverfault

Resources