Mid-Tier sending cleartext passwords ?

2007-06-04 Thread Christian Rom 
One of our corporate LDAP and security guru's just told me that Remedy 7
mid-tier may be sending passwords in cleartext or at least with a simple
cipher algorithm.
 
Does anyone know if this is correct ?
 
I have the AREALDAP and ARDBC plug-ins configured for SSL, so I would expect
all traffic to be encrypted.
 
Rgds,
 
Christian H. Rom
Schlumberger - Service Desk Engineering
 
 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

ITSM 7.x - Configuring Work Info

2007-05-29 Thread Christian Rom 
Work info is used across all ITSM modules incl. tasking and I found a
half-page description in the ITSM Config Guide (p. 349) on how to configure
it. 
 
When I go to the Application Administration Console -> Customer
Configuration.
>From the Application Settings list, choose Incident Management > Advanced
Options > Work Info Inbound and Outbound Communications, then click Open.
It shows a list of all apps/modules, however, when I select one, like
Problem Management or Known Error I receive the following message:
 
System Message: Incident and Request Management are the only enabled Work
Info Modules.  Please select either Incident or Request Management. (ARWARN
8270110)
 
What does that mean ? The work info tab is available in all apps. Why can't
I configure the work info types and inbound/outbound messages for the other
modules ?
 
How are these configured for the other modules ? Are they just carrierd over
from Incident/Request Mgmt ?
 
There are additional values available for work info in Problem Management
under 'Vendor' and 'Investigation'. How and where are they configured ?
 
It is great that these are data-driven via the Application Administration
Console and I hope I don't have to modify the menus via the Admin tool if I
need additional values for Problem Management.
 
Has anyone run into this ?
 
Rgds,
 
Chris Rom
Schlumberger

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

ITSM 7: Problem Management

2007-05-29 Thread Christian Rom 
Listers,
 
does anyone know what the Support Org and Support Group Name menus are for
on the PM Requester tab ?
 
They are required fields but don't seem to do anything.
 
That also means that you can only have a requester who is also support staff
since your regular customers are not in any support group.
 
BMC has not been able to provide a good explanation and there is nothing in
the user guides.
 
Also, have you noticed that there are two status values that, when selected,
throw up an error 
 
The problem investigation status values Request For Authorization and
Rejected are reserved for future use. Select another status. (ARNOTE
1630100)
 
Why add these values to a release if they are not being used ?
 
Request for Authorization
Rejected
 
 
Rgds,
 
Christian H. Rom
Schlumberger - Service Desk Engineering
 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

ITSM 7.x - moving Support Group from one Support Organization to another

2007-04-26 Thread Christian Rom 
Has anyone found a recommended way to do this ?
 
Do the changes propagate down to existing records ?
 
Ex: You already have dozens or hundreds of support groups in four support
organizations, but now the company does a reorg and there are five support
organizations (four existing plus a new one, to make it easier).
 
What if you wanted to move some of the existing Support Group from one
Support Organization to another ?
 
All the relevant fields in the 'Support Group' form are greyed out and I
cannot change the Support Organization.
 
I figured I could export the groups and import them back in with the new
Support Organization but that will probably not propagate down to the group
members and/or any open tickets.
 
It seems like you can't even create a new Support Organization without
creating at least one support group.
 
Rgds,
 
Christian H. Rom
Schlumberger - Service Desk Engineering
 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: How to know what hostid Remedy will generate if the server has several network cards

2007-04-23 Thread Christian Rom 
I had the exact same issue happen twice. Got my licenses based on host id in
Admin tool, installed a few more products and CMDB with associated reboot
and suddenly the (Win2003) server was using the other host id and my
licenses did not work.
 
See BMC's responses below.
 
I ended up disabling the second NIC since this was just a sandbox but that
may not be an option for a production box.
 
Rgds,
 
Christian H. Rom
Schlumberger - Service Desk Engineering
 
---
 
-Original Message-

From: Remedy Support [ 
mailto:[EMAIL PROTECTED] 

Hello Chris,

I am assisting on this issue and have had this question come up before. I
understand what you're asking.

We know that the AR Server uses the snmp protocl to get the host id. There
is a function call and algorithm as to how it finds the host id of the NIC.
This involves something called the Lana Number of the NIC. Lana is short for
LAN Configuration. The Windows OS assigns a lan number to each network
adaptor on the system and function calls to get a MAC Address utilize this
number. Here is a KB that talks a little about this from Microsoft:

http://support.microsoft.com/kb/118623/en-us

The problem with this KB is that it talks about using the NetBios protocol.
We used to do that a long time ago and were told NetBios is old and not the
best way to do it. We have used snmp to do the same thing since version 5.0.

The actual logic used in contained in the code and we don't have access to
that to tell you "exactly" how the host id is found. We do know though that
we're getting the Lana number 1, which is the first valid NIC on the system.
We make no other effort to detemine if this is correct, or to prompt the
user that this is the NIC we're licensing off of. A common question or issue
that customers ask about is that they have 2 NICs, a primary and a backup.
All network traffic comes through the primary NIC yet AR Server licensing is
bound to the backup NIC, is this okay? We answer yes ...the AR Server does
not care if the NIC is in use or not. I has to be enabled, but thats it. We
can bind off any NIC that is enabled on the server. Here is another case
lets say you select the AR Server license from the Product Feature menu
in the Add/Remove license window. It auto-populates the host id. The
licenses are bound to a different host id on the same server. You can
manually type in the other host id and it will work. Just because the
function call to find and auto-populate the host id was different doesn't
mean you can't license off another valid NIC on the server. The function
call is just grabbing the network adaptor associated with Lana Number 1 on
the OS. When validating the license key against the server, it will cycle
through all valid network adaptors.

Now please correct me if I'm wrong, but it sounds like what you are seeing
is that AR Server and related products all used one method to get the host
id, but when it came to the Incident Management product, suddenly it must
have used a different method because it found a different host id, correct?

It is possible that the there was a change to the server sometime between
the licensing of the AR Server and the Incident Management. We remember from
the old pre-5.0 licensing days that we could NOT license off any valid NIC
on the server. It had to be the Lana Number `1 NIC. We had to use a
Microsoft utility called Lana Config to change the LANA number the OS
associated with the NICs so that the NIC we wanted the licenses bound to was
Lana number 1. This change would not take affect until the server was
rebooted. So its possible that a reboot of the server changed the ordering
of the lana numbers associated with the NICs.

Since this is a separate product I don't want to discount the
possibility that the method for determining the host id with Incident
Management is in fact different than the other AR System products. I will
definitely look into this.

I'll let you digest this information and will be prepared for questions and
clarification that you may have.

Kind Regards,

XXX

-Original Message-

XXX,

I have already resolved the issue by disabling one NIC and using the other.
I am not asking for your help in configuring my server, but for an
explanation on how AR System picks the host ID on systems with two NICs

The question is: why did AR System initially use the MAC address of the
first NIC and let me add all the licenses successfully and install CMDB 2.0
but when I try to install Incident Management it suddenly saw the other NIC
which translates to the host ID.

Rgds,

chris

-Original Message-

From: Remedy Support [ 
mailto:[EMAIL PROTECTED] 

Chris,

Evidently one of the host id's on the NIC card is preempting the other. We
don't actuall work with the NIC card issues in our support center. Please
talk to your internal people regarding the NIC card and

Feedback: BMC Atrium CMDB 2.0: Implementation Best Practices

2007-04-10 Thread Christian Rom 
I would appreciate some feedback from those of you who have recently
attended
 
BMC Atrium CMDB 2.0: Implementation Best Practices
 
Was the class worth it ?
Does it teach enough to configure CMDB 2.0 and to use EIE to get data from
other sources.
Is it more than a high-level overview of the CMDB ?
 
Please contact me offline (off-list).
 
Rgds,
 
Christian H. Rom
Schlumberger - Service Desk Engineering
 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: Incident Management 7.x Tasking system

2007-04-03 Thread Christian Rom 
Everyone,
 
thank you for the replies.
 
I had actually downloaded the add-on recently when I got all the 7.0.2 files
but have not had a chance to install yet since I still need to get my apps
patched.
 
I am also a bit worried now after Christopher's comments about issues
affecting Change Tasking after that add-on is installed.
 
After checking the Install Guide and User Guide I am a bit surprised at the
level of admin activity involved in installing the add-on. It is certainly
not as simple as running setup.exe and requires changes to several forms. I
wonder how this will affect future upgrades.
 
Also, why did they not make it available for Problem Management as well. You
would think it would have been trivial to install to both IM and PM.
 
Why can't all ITSM apps (IM/PM/CM) share the same tasking system ?
 
Based on some of the comments, I am still a bit confused. Does this add-on
now bring the tasking system in IM on par with the one in CM ? Does it have
all the features ?
 
Someone said that you couldn't relate tasks to Incidents but isn't that the
whole point ? The documentation seems to indicate that you can.
 
Rgds,

Christian H. Rom
Schlumberger - Service Desk Engineering
 
 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Re: ITSM 7.x Operational and Product Categories

2007-04-03 Thread Christian Rom 
Roger,
 
thanks for the answer. Would you mind sharing some examples from your setup
(either offline or online) ?
 
Some people I talked to, mentioned that it would be easier to setup
assignment rules if you have Hardware at Tier 1 instead of Tier 2 or 3, at
least in the case where the same groups would take care of any hardware
issues.
 
Also, do you setup hardware in the same way as software, meaning you include
it in the Product Dictionary/DSL ? I am still confused by the two.
 
Wasn't there supposed to be a DHS (Definitive Hardware Store) in an updated
ITSM 7.xx in Q1/Q2 ?
 
Do you specify the coputer models in the Product Categories or rely on the
CI relationships ? If you specify the Product Name and Manufacturer for
hardware, like you do for apps, you must have all three tiers populated,
even, if you just put '- None -'
 
PS; Sorry if you receive this twice but the reply via the web still does not
seem to work, so I am replying via e-mail
 
Rgds,
 
Christian H. Rom
Schlumberger - Service Desk Engineering
 
 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

ITSM 7.x Operational and Product Categories

2007-04-03 Thread Christian Rom 

 
Everyone,
 
it has been a couple months since I have seen anything on this thread and I
was wondering if more people have had a chance to think about it and perhaps
create some sandbox environments or even roll it out to production.
 
BMC's documentation and (meager) sample data are not of much help and I have
not been able to get anything useful or 'Best Practice' from their support
nor professional services.
 
I understand that this is a new product and there is probably not much of a
'best practice' yet since not many companies have rolled this out to
production yet, but you would think that whoever throught of changing the
three-level CTIs to a split Operational and Product Categories would have
thought about this for a long time and in much detail.
 
Here is what the manual states:

Operational categories list all the operational services that a typical help
desk provides, such as add user account, and change server password. It can
also contain items that represent symptoms of incidents or problems, such as
application failure and network failure.
 
Products are typically used to classify a configuration item, an incident, a
problem, or a change request.

 
Product Categories seem to be pretty straight forward, although I am still
in doubt about having services in the Product Categories. When would you log
a ticket against a service instead of the application or hardware it is
running on. I can see where you would log a Problem or Change against a
service but probably not an Incident, unless when a user calls the helpdesk
and reports that 'e-mail is down' the intial categorization would be against
the service and the solution categorization against the application or
hardware, but you would think that initial troubleshooting would let the
helpdesk agent decide whether it was the application, hardware or network.
 
What most people including myself seem to struggle with are the Operational
Categories. Is anyone actually following the BMC example that comes with the
default install ?
 
Add -> User -> Account
Failure -> Application
 
After talking with several people it would seem that this could/should be
turned upside down, especially when considering auto-assignment rules.
 
Hardware -> Computer -> Failure
Software -> Application -> Failure
Software -> Application -> Install/Add
 
Of course in this case, there would be some duplication between the
Operational and Product Categories:
 
OpCat: Hardware -> Computer -> Failure
ProdCat: Hardware -> Laptop -> - None - -> PowerEdge
 
I also don't have much use for three tiers in Product Categories since there
are some limitations imposed by the Product Name and Version fields. When
looking at the Product Dictionary/DSL entries it does not seem to make a lot
of sense to use
 
Software -> Application -> Third Party -> Microsoft Outlook
Hardware -> Personal Computer -> Desktop -. PC1
 
Why use Third Party of Desktop ? Just for having three tiers filled in ?
 
Also, where do you place hardware components ? If you place them under the
Product Categories, they would need to loaded several times over if you are
using Product Name for hardware.
 
Example: Every laptop/desktop/server has a modem, NIC, HD, etc.
If you use Hardware -> Laptop -> Modem -> PowerEdge, you would need to have
a Modem entry/record for every model of PowerEdge (20+) and
laptop/desktop/etc., meaning that you would have to load 60-100 entries just
for modem.
 
The other option would be to include the components/peripherals in the
Operational Categories.
 
OpCat: Component -> Modem -> Failure
   Peripheral -> Keyboard -> Failure
ProdCat: Hardware -> Laptop -> - None - -> PowerEdge
 
I am sure many of you have had countless sleepless nights over this and
would appreciate any feedback. Hopefully, we can create a 'best practice' by
working together on this.
 
Rgds,
 
Christian H. Rom
Schlumberger - Service Desk Engineering
 
 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Incident Management 7.x Tasking system

2007-04-03 Thread Christian Rom 
Has anyone heard any updates on the supposedly coming updated tasking system
for IM/PM ?
 
It is my understanding that it will be more like the tasking in CM with
improved task groups, templates and enforcement of order, etc.
 
Will this be in ITSM/IM 7.1 or one of the 7.0.x releases ?
 
I thought it would be out by the end of Q1/2007.
 
Rgds,
 
Christian H. Rom
Schlumberger - Service Desk Engineering
 

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

test - ignore

2007-04-03 Thread Christian Rom 
test - ignore

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"