Re: UNIX to Windows Remedy Migration
Hello, With ARS it is not a problem. You will need to install on Windows ARS and all application, and import all workflow. Worst problem is with data. Because it is not easy convert database from ORACLE to MS SQL. I think you can only to copy data through the AR Importer from last ARS to new ARS, but if your database is very big, it can be hard to do. If you will install on Windows ARS on the oracle database, You will need to redo only database from last server. I made in one my client migration from Windows to Solaris, but database on all servers was the same. Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Daniel Condrea Sent: Tuesday, May 04, 2010 8:55 AM To: arslist@ARSLIST.ORG Subject: Re: UNIX to Windows Remedy Migration ** Hello All, In my opinion is much easier to admin a MS SQL than Oracle. You do not need any special skills. I have done it for 6 years. For better integration with other applications developed on Oracle we decided to migrate ARS server to ORCL. My advice is to my a machine with at least 2 separate controllers. Create a data base spread on 2 HDDs. Each HDD has to be on separate controller. On one HDD you must keep all field in a form except: attachments, memo and indexes. This technique applies to any RDBMS, including ORCL MSSQL. It delivers a performance 10 times faster than a normal configuration. For MS SQL you can reserve some memory and processor. As I sayed I am not a database expert. For this reason I have maid mistackes whe ARS was running on MS SQL. After we migrated to ORCL, the Orcl DBA discoverd something running for 2 hours. Usesles to say that on MS SQL with the above configuration there was no penality regardin performange. Daniel _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ex Soundgarden Sent: Tuesday, May 04, 2010 9:37 AM To: arslist@ARSLIST.ORG Subject: UNIX to Windows Remedy Migration ** Hi ARSListers! We're currently planning to migrate existing Remedy environment in Sun Solaris to Windows Server. Below is the current system information: ARS 7.0.1 p10 running on Sun Solaris 10 Oracle 10g running on the same server Mid-tier 7.0.1 patch 6 running on MS Windows Server 2003 Memory size 8GB 4 UltraSPARC-IIIi virtual processors each running on 1.6GHz No ITSM applications installed. AR System is used for in-house developed applications (consisting of 1052 forms). average of 60-70 concurrent users. 600 registered users Initial possible scenario I'm currently looking at 2 options below: 1.Upgrade Remedy Server to latest version, purchase new hardware, and use the same platform (Solaris 10) . OR 2. Full migration to Windows Server 2008, including the database migration to SQL Server 2008. This is to reduce the cost of our support and maintenance for the servers Please give me any advice if what option is the best to implement. I'm really keen on just using the same platform (Solaris) but we currently don't have any Solaris/Oracle support which pretty much led us to looking at the Windows migration. If you can list all the pros and cons on doing any of the options, that will surely help me. In addition to that, may I know if anyone here has any experiences migrating from Unix to Windows environment recently or in the past? If you can let me know your success stories (and migration strategy), it would be greatly appreciated. Any good inputs will be appreciated. Regards... Gabud _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ * This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: UNIX to Windows Remedy Migration
Daniel, This method you can use only if you have small installation of AR System. But if you have for example ITSM installed on your Remedy, It can be very hard to do, because ARImporter work very slow, and you have many forms to copy. But you can migrate only configuration, and requests, CMDB you can migrate through the AIE. Another option is to create some sql script which will copy all data from one database to another, but it can be very complicated. But you must remember that in many forms is stored the arserver name. for example Raport form. Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Daniel Condrea Sent: Tuesday, May 04, 2010 12:32 PM To: arslist@ARSLIST.ORG Subject: Re: UNIX to Windows Remedy Migration ** Sorry Konrad, as long as the migration process uses only the BMC-Remedy user tools there is no problem. Mai steps: - export definitions using Admin tool; DO NOT modify user group form; - export data in ARX format - import ARX data using ARimport For example if the target ARS server is of version 7.5 use 7.5 tools. I have done it for: - ORCL to MS SQL 2000 - MS SQL 2000 to ORCL Be very careful with data in de User Group forms Daniel _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Konrad Banasiak Sent: Tuesday, May 04, 2010 1:21 PM To: arslist@ARSLIST.ORG Subject: Re: UNIX to Windows Remedy Migration ** Hello, With ARS it is not a problem. You will need to install on Windows ARS and all application, and import all workflow. Worst problem is with data. Because it is not easy convert database from ORACLE to MS SQL. I think you can only to copy data through the AR Importer from last ARS to new ARS, but if your database is very big, it can be hard to do. If you will install on Windows ARS on the oracle database, You will need to redo only database from last server. I made in one my client migration from Windows to Solaris, but database on all servers was the same. Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Daniel Condrea Sent: Tuesday, May 04, 2010 8:55 AM To: arslist@ARSLIST.ORG Subject: Re: UNIX to Windows Remedy Migration ** Hello All, In my opinion is much easier to admin a MS SQL than Oracle. You do not need any special skills. I have done it for 6 years. For better integration with other applications developed on Oracle we decided to migrate ARS server to ORCL. My advice is to my a machine with at least 2 separate controllers. Create a data base spread on 2 HDDs. Each HDD has to be on separate controller. On one HDD you must keep all field in a form except: attachments, memo and indexes. This technique applies to any RDBMS, including ORCL MSSQL. It delivers a performance 10 times faster than a normal configuration. For MS SQL you can reserve some memory and processor. As I sayed I am not a database expert. For this reason I have maid mistackes whe ARS was running on MS SQL. After we migrated to ORCL, the Orcl DBA discoverd something running for 2 hours. Usesles to say that on MS SQL with the above configuration there was no penality regardin performange. Daniel _ From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ex Soundgarden Sent: Tuesday, May 04, 2010 9:37 AM To: arslist@ARSLIST.ORG Subject: UNIX to Windows Remedy Migration ** Hi ARSListers! We're currently planning to migrate existing Remedy environment in Sun Solaris to Windows Server. Below is the current system information: ARS 7.0.1 p10 running on Sun Solaris 10 Oracle 10g running on the same server Mid-tier 7.0.1 patch 6 running on MS Windows Server 2003 Memory size 8GB 4 UltraSPARC-IIIi virtual processors each running on 1.6GHz No ITSM applications installed. AR System is used for in-house developed applications (consisting of 1052 forms). average of 60-70 concurrent users. 600 registered users Initial possible scenario I'm currently looking at 2 options below: 1.Upgrade Remedy Server to latest version, purchase new hardware, and use the same platform (Solaris 10) . OR 2. Full migration to Windows Server 2008, including the database migration to SQL Server 2008. This is to reduce the cost of our support and maintenance for the servers Please give me any advice if what option is the best to implement. I'm really keen on just using the same platform (Solaris) but we currently don't have any Solaris/Oracle support which pretty much led us to looking at the Windows migration. If you can list all the pros and cons on doing any of the options, that will surely
ar.cfg decrypt password
Hi, It is possible to decrypt password ar.cfg? I want to create my custom plugin, where parameters will be stored in ar.cfg. Cheers Konrad ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: AREA LDAP Integration - please help me to start it
Hi, You can use ldap browser ( http://www.ldapbrowser.com www.ldapbrowser.com) to navigate on the ldap tree. This tool will help you configure arealdap plugin. Cheers Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing Sent: Wednesday, April 28, 2010 11:00 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** I've never used the LDAP-ARS mapping feature, sorry..I have no experience that can help you there. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 2:12 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Thanks for the reply, In a configuration of LDAP with ARSystem To map LDAP groups to AR System groups - May I know what I have to mention in 'LDAP Group name' and 'ARSystem Group' field under 'EA' tab in Server information form. Thanks Regards, Rambabu Rudra System Administrator From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing Sent: Thursday, April 29, 2010 12:06 AM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** This information is going to need to come from your AD guys. It depends entirely upon your domain structure. Yours might be OU=Users,DC= GSSAMERICA,DC=com But in all honesty I don't know where your domain admins keep their user records..don't know if they store them in the Users, or some other folder..don't know what your structure is.so you will need to check with them From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 12:08 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Thanks and Appreciated the Response, May I know the information about Base DN for Discovery Field from 'ARDBC LDAP Configuration' form. What can I give an input there for my Microsoft AD Server to improve the discovery performance. Thanks Regards, Rambabu Rudra System Administrator From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of LJ LongWing Sent: Wednesday, April 28, 2010 11:14 PM To: arslist@ARSLIST.ORG Subject: Re: AREA LDAP Integration - please help me to start it ** Start by reading the 'Integrating with Plug-ins and Third-Party Products' document starting on 102. Then read the 'Configuring' starting on 172. These are for 7.1 versions of the docs..reading those should give you most if not all the information you need to configure it..if you have any specific questions, please feel free to come back and ask. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Ram Rudra Sent: Wednesday, April 28, 2010 11:04 AM To: arslist@ARSLIST.ORG Subject: AREA LDAP Integration - please help me to start it ** Hi All, We would like to have our AD integration with our remedy tool. How can I start it. Any guidance would be appreciated. Thanks Regards, Ram Rudra _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: C APIs to create Change ticket.
Hi, What is the version of your Change Management Application? Cheers Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Anuj DUA Sent: Friday, April 16, 2010 1:25 PM To: arslist@ARSLIST.ORG Subject: C APIs to create Change ticket. ** Hello List, Thanks to please let me know the source of C APIs and the respective API to create change ticket through C programming. With Regards, Anuj Dua _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Date/Time Fields
Hi, If you want to be sure, create active-link with set-field action, where date will be changed to present time. Cheers Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Coleman, Gavin Sent: Wednesday, April 14, 2010 9:55 AM To: arslist@ARSLIST.ORG Subject: Date/Time Fields ** Hi List - I've got a question that I hope is really simple! We have had several users complaining that when they click on the ellipsis (the three dots) on a Date/Time field, the Date/Time dialog box opens up and the time portion is displayed as 00:00:00. Other people have said that when they open up this dialog the time portion defaults to the present time. I think this is a user tool / mid-tier patch issue or possibly a settings issue. Can anyone confirm where this issue lies. For reference, we are on ARS 6.3 patch 18. I've just tested with my user tool and confirmed that the time portion appears as 00:00:00 (I am on user tool patch 24) It's not a serious issue, but it is taking up valuable developers' time! Thanks for your help. Gavin Coleman Senior Analyst/Programmer Computacenter (UK) Ltd Services Solutions Hatfield Avenue Hatfield, Hertfordshire, AL10 9TW, United Kingdom T: +44 (0) 1707 631662 E: mailto:gavin.cole...@computacenter.com gavin.cole...@computacenter.com W: www.computacenter.com ** COMPUTACENTER PLC is registered in England and Wales with the registered number 03110569. Its registered office is at Hatfield Business Park, Hatfield Avenue, Hatfield, Hertfordshire AL10 9TW COMPUTACENTER (UK) Limited is registered in England and Wales with the registered number 01584718. Its registered office is at Hatfield Business Park, Hatfield Avenue, Hatfield, Hertfordshire AL10 9TW COMPUTACENTER (Mid-Market) Limited is registered in England and Wales with the registered number 3434654. Its registered office is at Hatfield Business Park, Hatfield Avenue, Hatfield, Hertfordshire AL10 9TW COMPUTACENTER (FMS) Limited is registered in England and Wales with the registered number 3798091. Its registered office is at Hatfield Business Park, Hatfield Avenue, Hatfield, Hertfordshire AL10 9TW The contents of this email are intended for the named addressee only. It contains information which may be confidential and which may also be privileged. Unless you are the named addressee (or authorised to receive mail for the addressee) you may not copy or use it, or disclose it to anyone else. If you receive it in error please notify us immediately and then destroy it. Computacenter information is available from: http://www.computacenter.com ** _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: incoming mail not working properly
Hi, Turn on the filter log on the server, and send email again. Cheers Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Nair, Rajesh IN BOM SISL Sent: Tuesday, April 13, 2010 3:04 PM To: arslist@ARSLIST.ORG Subject: incoming mail not working properly ** Dear List I am facing an issue while sending a mail to remedy email engine I am getting an error which i can see in the log .. mentioned in the trail mail I am using the database name within !! quote say !Submitter! : XYZ I have mentioned all the required fields in the mail which i send it to the email engine Can anyone tell me where i have gone wrong or i am missing something I am using MAPI to connect to the emial engine ARSYSTEM6.3 patch 23 ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: How to display DATE field in date format (from DB)
Hi, Please look to the Database reference. Here you have the instruction for all supported database. Cheers Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Kali Obsum Sent: Tuesday, April 06, 2010 3:59 AM To: arslist@ARSLIST.ORG Subject: How to display DATE field in date format (from DB) ** Hi, We have a field of type 'DATE'. It is stored as an integer in DB. Does anyone know how to display this in Date format? (e.g. are there functions that we can use?) Regards, Kali NOTICE The information contained in this email is confidential. If you are not the intended recipient, you must not disclose or use the information in this email in any way. If you received it in error, please tell us immediately by return email and delete the document. We do not guarantee the integrity of any e-mails or attached files and are not responsible for any changes made to them by any other person. _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: How to display DATE field in date format (from DB)
Hi, Please look to the Database reference. Here you have the instruction for all supported database. Cheers Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Kali Obsum Sent: Tuesday, April 06, 2010 3:59 AM To: arslist@ARSLIST.ORG Subject: How to display DATE field in date format (from DB) ** Hi, We have a field of type 'DATE'. It is stored as an integer in DB. Does anyone know how to display this in Date format? (e.g. are there functions that we can use?) Regards, Kali NOTICE The information contained in this email is confidential. If you are not the intended recipient, you must not disclose or use the information in this email in any way. If you received it in error, please tell us immediately by return email and delete the document. We do not guarantee the integrity of any e-mails or attached files and are not responsible for any changes made to them by any other person. _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Top Positions SSO Solution
Sean, You have right. I agree with you. I will try to explain you how Plugin SSO works from TopPositions. If you connect to ARS through the Mid-Tier. Md-Tier is authenticating in the ARS through the special password. Of course the mid-tier-ip is on the whitelist (see the Installation guide page 15, MidTier-IP parameter). But if client connect to ARS through the Windows client you have the followed process: 1. Remedy User authenticate user in the special Authentication Service through the NTLM negotiation(NTLMv2) in the Domain Controler. 2. If user is confirmed the Service return generated token to the Remedy User. (Token is unique for every User) 3. Remedy User passed into the Authentication field in area this token to ARESSO. 4. AREA SSO confirm in the Authentication Service this token, If token is correct user is authenticate, if no user is no authenticate. Of course the Authentication Service confirm client IP address. And the token expired if is not use to long time. Cheers Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Garrison, Sean (Norcross) Sent: Tuesday, March 30, 2010 4:01 PM To: arslist@ARSLIST.ORG Subject: Re: Top Positions SSO Solution Without being too technical I don't really trust an ARS SSO integration that much. In order to build an sso you have to follow a process: 1. Modify the authentication to the mid-tier to check the users credentials. 2. If the user is valid allow them to log into remedy 3. If the user is from mid-tier and they have valid credentials bypass the AREA authentication and let them in. It is at step 3 where I believe the security hole lies in an SSO implementation. Granted there is some security but it is relatively weak. Typically they ask you to enter in a list of ip addresses and a password of some type. This password is usually passed into the Authentication field in area. The IP address is a whitelist to tell area whether or not this is a mid-tier ip. So let's say you added your ip address to the whitelist that you configure for the sso implementation. Using the User tool you enter in the mid-tier password into the authentication field and put in your username leaving the password field blank. My guess is that you would log right into ars with no problems. Go further and you could probably spoof one of the mid-tier ip addresses so that ars thinks your ip address is one of the mid-tiers you could do the same thing with entering in no password just the mid-tier password. I don't know what java system solutions does for this issue nor what the remedy-sso does. But in both flowcharts you see a little arrow going from mid-tier to ARS. Before implementing either SSO I would recommend validating with the vendor how secure that data is that is passed between mid-tier and ars and your comfort level with this type of security. The only reason I know this is because I have tried to build an SSO solution before. Thanks, Sean -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Shellman, David Sent: Tuesday, March 30, 2010 8:25 AM To: arslist@ARSLIST.ORG Subject: Re: Top Positions SSO Solution Top Positions is spamming every email address that they can associate with an Remedy Admin. They hit a new email address of mine that was added to the www.wwrug.com website a couple of weeks ago. Dave - dave.shell...@tycoelectronics.com (Wireless) - Original Message - From: Action Request System discussion list(ARSList) ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Tomcat removal....
Hello, Install again the Mid-Tier. But this time select IIS during the Installation. The setup will install tomcat again, but this time it will install the redirection from IIS to Tomcat. Cheers Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Richard Copits Sent: Tuesday, March 30, 2010 3:08 PM To: arslist@ARSLIST.ORG Subject: Re: Tomcat removal ** Nope.we don't have that on the add/remove list. Didn't find anything even similar.and nothing under the programs tab on the main screen either.. From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Frank Caruso Sent: Tuesday, March 30, 2010 9:04 AM To: arslist@ARSLIST.ORG Subject: Re: Tomcat removal ** I just checked our web servers and there is an uninstall package but it is called Apache Tomcat not Tomcat. Might that be your issue? Frank On Tue, Mar 30, 2010 at 3:57 PM, Richard Copits richard@bwc.state.oh.us wrote: ** We currently use Tomcat as a web server. We want to use IIS instead. It's been suggested that I uninstall Tomcat but there doesn't appear to be any entry in add/remove programs. Any suggestions on how to remove Tomcat safely/correctly? Thanks! Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. _attend WWRUG10 www.wwrug.com http://www.wwrug.com/ ARSlist: Where the Answers Are_ _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ Portions of this message may be confidential under an exemption to Ohio's public records law or under a legal privilege. If you have received this message in error or due to an unauthorized transmission or interception, please delete all copies from your system without disclosing, copying, or transmitting this message. _attend WWRUG10 www.wwrug.com ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are
Re: Top Positions SSO Solution
Sean, Java System's plugin use authentication password saved in the windows register on all workstations to authenticate users through the RUT. All users have the same password. In my opinion it is not very save method. Mid-tier use the ARSAPI to communicate with ARS so communication between mt and ars is crypted. Of course we must believe that crypted method between ars an mt used by BMC is save. In this document you can read about ars security. http://documents.bmc.com/supportu/documents/22/39/92239/92239.pdf Cheers Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Elry Sent: Tuesday, March 30, 2010 4:54 PM To: arslist@ARSLIST.ORG Subject: Re: Top Positions SSO Solution Thanks for all the responses... Konrad - quick question: Seems like you are saying that by signing on through the WUT - there is a secure protocol that is followed when using java system's plugin. Are there any issues when trying to do SSO through the Mid-Tier? Not that I perceive this as an issue for us, since we are primarily focused on the WUT. On Mar 30, 10:35 am, Konrad Banasiak gene...@remedy-sso.com wrote: Sean, You have right. I agree with you. I will try to explain you how Plugin SSO works from TopPositions. If you connect to ARS through the Mid-Tier. Md-Tier is authenticating in the ARS through the special password. Of course the mid-tier-ip is on the whitelist (see the Installation guide page 15, MidTier-IP parameter). But if client connect to ARS through the Windows client you have the followed process: 1. Remedy User authenticate user in the special Authentication Service through the NTLM negotiation(NTLMv2) in the Domain Controler. 2. If user is confirmed the Service return generated token to the Remedy User. (Token is unique for every User) 3. Remedy User passed into the Authentication field in area this token to ARESSO. 4. AREA SSO confirm in the Authentication Service this token, If token is correct user is authenticate, if no user is no authenticate. Of course the Authentication Service confirm client IP address. And the token expired if is not use to long time. Cheers Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Garrison, Sean (Norcross) Sent: Tuesday, March 30, 2010 4:01 PM To: arsl...@arslist.org Subject: Re: Top Positions SSO Solution Without being too technical I don't really trust an ARS SSO integration that much. In order to build an sso you have to follow a process: 1. Modify the authentication to the mid-tier to check the users credentials. 2. If the user is valid allow them to log into remedy 3. If the user is from mid-tier and they have valid credentials bypass the AREA authentication and let them in. It is at step 3 where I believe the security hole lies in an SSO implementation. Granted there is some security but it is relatively weak. Typically they ask you to enter in a list of ip addresses and a password of some type. This password is usually passed into the Authentication field in area. The IP address is a whitelist to tell area whether or not this is a mid-tier ip. So let's say you added your ip address to the whitelist that you configure for the sso implementation. Using the User tool you enter in the mid-tier password into the authentication field and put in your username leaving the password field blank. My guess is that you would log right into ars with no problems. Go further and you could probably spoof one of the mid-tier ip addresses so that ars thinks your ip address is one of the mid-tiers you could do the same thing with entering in no password just the mid-tier password. I don't know what java system solutions does for this issue nor what the remedy-sso does. But in both flowcharts you see a little arrow going from mid-tier to ARS. Before implementing either SSO I would recommend validating with the vendor how secure that data is that is passed between mid-tier and ars and your comfort level with this type of security. The only reason I know this is because I have tried to build an SSO solution before. Thanks, Sean -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Shellman, David Sent: Tuesday, March 30, 2010 8:25 AM To: arsl...@arslist.org Subject: Re: Top Positions SSO Solution Top Positions is spamming every email address that they can associate with an Remedy Admin. They hit a new email address of mine that was added to thewww.wwrug.comwebsite a couple of weeks ago. Dave - dave.shell...@tycoelectronics.com (Wireless) - Original Message - From
Re: Top Positions SSO Solution
Danny, You have right it is Bug in BMC Remedy User tool. But this problem is independent of use SSO or no. You can always use for example http analyzer software to listen tcp port, because the flashboards are provide through the mid-tier. The worst situation is when you use to authenticate user arealdap plugin from BMC, because then you can snaffle the password for domain username. So it is very dangerous situation. It is little better when passwords to remedy you store in user form, because this time when you snaffle the password, you will have only permission to remedy. The best situation is when you use Plugin SSO from Top Positions. In Plugin SSO user to authentication in remedy use special token with is generate for any users and ip address, so if somebody snaffle this token he will login only to the Remedy, of course token has expired. Another worst situation is when all people use the same key, because then if somebody snaffle the password he will affect who wants. So if you want to have very save system, you have two possibilities: 1. Don't use BMC Remedy User tools (Only web) 2. You can configure SSL on Tomcat. (Because flashboards server, srm, crystal reports are provide by the mid-tier). Danny wrote: In version 2.1, for the WUT SSO, we did store a password in the registry encrypted by AES http://en.wikipedia.org/wiki/Advanced_Encryption_Standard This is really a bug I want to show you how you can decrypt this password? So I think you should public information on your site that your plugin is not to much save. Danny wrote This was seen as secure enough for two large American banks and one Polish Bank. Polish Bank don't use SSO for RUT because they know the bug. Cheers Konrad TopPositions Really only one secure Plugin SSO for BM Remedy AR System. Http://www.remedy-sso.com -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Danny Kellett Sent: Tuesday, March 30, 2010 6:12 PM To: arslist@ARSLIST.ORG Subject: Re: Top Positions SSO Solution Konrad, That's incorrect. We do not use the authentication string any more as many of the BMC products have bugs in them which prevent SSO being implemented correctly and safely. I can provide an official list of SW numbers if you wish, where the authentication string is not passed correctly. To name a few, Crystal Reports integration and Flashboards within the Windows User Tool. So good luck when you find your first customer who wants to use reports on the web or flashboards in the WUT. Sean, et al, Java System Solutions has been working with BMC as an SSO solution provider for four years now. We have partners that support and sell our product such as BMC themselves, Materna in Germany and Denmark, at which this month they have published an article about our solution in their magazine (including an embarrassing picture of John Baker and myself, I'm only 34 years old honest!), Comfort in Poland from which Konrad used to work for, SoftwareOne and Zones. So we have customers which are Banks where security has become an priority and we were happy to modify our product as required, in partnership with these customers. So I can confidently let you know, and provide references, from customers and partners who can verify our security. In version 2.1, for the WUT SSO, we did store a password in the registry encrypted by AES http://en.wikipedia.org/wiki/Advanced_Encryption_Standard This was seen as secure enough for two large American banks and one Polish Bank. In version 3.0, due for release in April, we have added another layer of encryption for the WUT where the password uses rotating keys very similar to http://www.freshpatents.com/Rotation-of-keys-during-encryption-decryption-dt 20061214ptan20060280298.php Again, all this is passed in the password field instead of the authentication field, and thus is again encrypted by BMCs own DES encryption over the wire. I believe with all that above, we are confidently happy with our product and so could many BMC representatives and partners alike. Elry, This is turning into a bit of an advert, and for that I apologise Dan/List, but you can find out more information from www.javasystemsolutions.com or send me an email off the list dkell...@javasystemsolutions.com Kind regards Danny -Original Message- From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of Konrad Banasiak Sent: 30 March 2010 16:17 To: arslist@ARSLIST.ORG Subject: Re: Top Positions SSO Solution Sean, Java System's plugin use authentication password saved in the windows register on all workstations to authenticate users through the RUT. All users have the same password. In my opinion it is not very save method. Mid-tier use the ARSAPI to communicate with ARS so communication between mt and ars is crypted. Of course we must believe that crypted method between ars an mt used by BMC is save. In this document you can
Re: Install SRM 2.2
Hi, When you will install SRM 2.2, The requeter console will be not delete, but installer will add active link on action on open with message Requester console is disabled, please use the SRM Console. Cheers Konrad Hellyson pisze: ** Hello all, I would like to install SRM 2.2 in the ITSM 7.1, but i would like to know if I install, what happen with the data of the ITSM Request Console, I have almost 3 thousand data there, because by the Installation manual, i saw that when I install the SRM, replace the forms of the ITSM Resquest Console. If somebody did this, what were the steps? Regards for all Hellyson - Brazil helly...@gmail.com mailto:helly...@gmail.com Quando se sabe ouvir não precisam muitas palavras Edgard Scandurra _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: Where the Answers Are_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: Where the Answers Are
