I have a question regarding implementation in secured environment:
I have NAC and Nexus+repo in same environment and NES and agents in secured environment (over FW). NAC is connected one way to NES as stated in documentation
Is there an need to Open a connection between the NES and the NEXUS repo ?
or not ? I did not find any documentation on that ...
What are the best practices to deploy to agents over FW ?
Thanks.
You can find the list of ports for communication between NAC, NES and other tools for Nolio environment. Those ports should be open for communication, by adding an exception in your firewall rules.
The NES doesn't need to communicate with the nexus repository (Its main job is to serve as a proxy between the NAC and the agents)
Note:
The NAC connects to the repository to sync its action packs and store manifests
Agents that serve as artifact retrieval agents for artifacts that are set to be stored in the internal repository, need to be able to connect to the repository
I'm not sure what is FW
In our project we create a artifact type under artifact management and define it as zip/tar. Now if you can access the artifact over HTTP, that can be provided as the artifact definition. There is also an option to download the artifact and save in Nolio if you check the check box.
Related
According to Artifactory documentation,
For best security, when using Artifactory behind a reverse proxy, it must be co-located on the same machine as the web server, and Artifactory should be explicitly and exclusively bound to localhost.
How can I configure Artifactory so that it is bound to localhost only?
As of Artifactory version 7.12.x, there are two endpoints exposed for accessing the application:
Port 8082 - all the Artifactory services (UI + API) via the JFrog router
Port 8081 - direct to the Artifactory service API running on Tomcat (for better performance)
The JFrog Router does not support specific binding configuration today.
Tomcat can controlled with setting a custom address="127.0.0.1" on the relevant connector.
Your best bet would be to simply close all ports on the server running your Artifactory and allow only entry to the web server's port. This is best practice anyway for security aware systems.
IMPORTANT:
If using other JFrog products like JFrog Xray or JFrog Pipelines, they rely on direct access to the Artifactory router, so your security rules should take that into consideration.
You can find a map of all JFrog platform ports on the official Wiki page.
I want to know is it possible to access my client Active Directory from my cloud application which is developed in C#. If yes then please provide the solution
Assuming required network connectivity is available, yes. What "required network connectivity" entails depends on the actual access mechanism being used. As an example, accessing Active Directory via secure LDAP requires TCP port 636 be open from the source to the domain controller.
Since it's not always feasible/practical/"a good idea" to open ports between cloud hosting sources and Active Directory domain controllers, you can look into ADFS (Active Directory Federation Services) which is a federated identify framework you can expose to the Internet and then use from within client applications (and we've got a good number of third party vendors that support authentication and directory data retrieval through ADFS as well).
As to the solution -- there are examples all over the Internet. Search here, search Github, search the Internet in general.
I am inheriting a project which I am migrating from 2006 to 2010.
From what I understand, when I deploy a BizTalk solution from Visual Studio, the required ports should have stubs created automatically in the application.
Currently no ports are being created when I deploy. Is there a configuration option I'm missing for this, or am I incorrect in my understanding and have to send up all the ports manually?
Send/Receive Ports will only be created automagically if you have an Orchestration/s that has a Send or Receive Port configured with its Binding as 'Specify Now' - this approach bakes the port configuration into the Orchestration and is then created when you deploy:
You will also see really funky Receive Port names following the deployment:
and Receive Location names:
This is the wrong approach IMHO - Send and Receive Ports should be created, configured and bound manually via the BizTalk Administration Console once you have deployed your solution. This way, you separate your service (orchestrations etc.) from your configuration bindings, which may change with each environment. Furthermore, you don't have funky port names in production that will need to be deleted :-)
I would recommend scripting the deployment once you have sufficient knowledge of BizTalk - this will also include importing configuration bindings once you have deployed your BizTalk assemblies (Orchestrations, Schemas, Pipelines etc.)
How can we configure OpenStack to use and dynamically update remote Bind DNS Server.
This is not currently supported. There is a DNS driver layer, but the only driver at the moment is for LDAP backed PowerDNS. I have code for dynamic DNS updates (https://review.openstack.org/#/c/25194/), but have had trouble getting it landed because we need to fix eventlet monkey patching first.
So, its in progress, but you probably wont see it until Havana is released.
OpenStack relies on dnsmasq internally.
I am not aware of any way integrate an external bind server. Or plans to do that. Or even a reason to do that.
Check out Designate (https://docs.openstack.org/developer/designate/)
This could be what you are looking for:
Designate provides DNSaaS services for OpenStack:
- REST API for domain & record management
- Multi-tenant support
- Integrated with Keystone for authentication
- Framework in place to integrate with Nova and Neutron notifications (for auto-generated records)
- Support for PowerDNS and Bind9 out of the box
I am currently playing with OpenStack Swift, my expectation is to deploy a multi region cluster. For example one node of the swift cluster will be deployed in the US and one in EU.
Is there a module or an option in swift-proxy to redirect client by region location?
If it is not possible, what other solutions do you suggest? Should I develop my own proxy server that redirects client to the nearest node (with geoloc/maxmind etc.)?
Resources:
Configuring a multi-region cluster
Proxy server configuration
EDIT: One of the contributor to Openstack answered me the code for geographically-distributed Swift clusters does not yet exist in the Git repository. The link I have posted in the resources is a bunch of proposed changes. There is no code in Swift to do
that sort of redirection. I will need to write a piece of WSGI
middleware and stick it in the proxy server's middleware pipeline.
Not exactly an answer to your needs, but as you know openstack has a side project keystone, in which endpoints are stored with Region information. If you want to write your own implementation that can be a starting point. Also since their a cdn tag in your quest there is a project named sos, making openstack swift work as a cdn server. Hope these can help you on your implementation.