|
LordB
|
 |
« on: July 30, 2007, 08:32:47 PM » |
|
Any one have any luck automating backups and making environment changes and moves?
|
|
|
|
|
Logged
|
|
|
|
|
jmarquette
|
|
« Reply #1 on: October 22, 2007, 11:45:27 AM » |
|
No, not yet. We did hear from IBM that some people utilize a build station for migrating from environment to environment. I guess you can crack open the .xml export bundle and then put in your environment specific settings for intended environment.
-JM
|
|
|
|
|
Logged
|
|
|
|
|
|
|
snohai
|
|
« Reply #3 on: November 13, 2007, 06:24:49 PM » |
|
Also IBM made available the ITCAM for SOA - free of charge, comes with it's own instance of DB2 (need the server though). See details: http://www-306.ibm.com/software/integration/datapower/itcamse.htmlDid anybody try it yet? If so, what do you think? ITCAM or XML Management Service? Does anybody have an example of a DP service management request that exports, let's say an XML Firewall or a WS Proxy? And import script? |
|
|
|
|
Logged
|
|
|
|
|
LordB
|
|
« Reply #4 on: November 14, 2007, 12:22:54 AM » |
|
I have used ITCAM for soa... It has a large leaning curve if you have alot of ITCAM knowledge its worth investigation. As far as the xml interface I would recommend only exporting whole domain backups an importing them. The xml i posed above exports the domain I will post more info on how to utilize this export and import it later this week.
LB
|
|
|
|
|
Logged
|
|
|
|
|
anboss
|
|
« Reply #5 on: December 12, 2007, 05:33:28 AM » |
|
what are the conventions to be followed to number the ports for entities. (either XMLFW or WSProxy or MPG) If within a box, if different environments (Development, testing and QA) are present as differnt domains, how are we supposed to assign port numbers.
I understand the port numbers may range between 0000 to 9999 even across the domains. So as we move our objects across environments as the project progresses wont it be a rework to renumber ports once we move objects to different domains (environments).
or Do we need to go for separate boxes for different environments?
|
|
|
|
|
Logged
|
|
|
|
|
LordB
|
|
« Reply #6 on: December 12, 2007, 10:50:07 AM » |
|
I would defiantly recommend having a device for each environment. You actually have from port 1-65536. I recommend assigning a port range to each domain for use in its services. ie domain one will use ports 8100-8199 domain two will use 8200-8299. If getting multiple devices for different environments you can append a zone number in front of the port range to show what zone your in ie 8100 for prod, 18100 for qa, 28100 for test, 38100 for dev. You can change the port numbers by editing the export file if you use xcfg its an xml file if you use a zip you have to find the xml fine in the zip.
|
|
|
|
|
Logged
|
|
|
|
|
mpeter
|
|
« Reply #7 on: December 12, 2007, 08:25:18 PM » |
|
Our policy is to increment the port number by 2000 between environments. For DEV its 9XXX, TEST is 11XXX and PROD is 13XXX.
This makes writing scripts to promote a configuration much easier.
|
|
|
|
|
Logged
|
|
|
|
|
anboss
|
|
« Reply #8 on: December 12, 2007, 11:13:09 PM » |
|
Thanks for that. But how to increment the port numbers? what is the script that you have mentioned and how can this be achieved??
|
|
|
|
« Last Edit: December 12, 2007, 11:20:40 PM by anboss »
|
Logged
|
|
|
|
|
nmcglennon
|
|
« Reply #9 on: December 17, 2007, 11:29:43 AM » |
|
Having a range of ports presents problems for DataPowers in the DMZ because of all the holes it creates in the internal firewall. This decreases the security of the infrastructure, and DP is there to increase security.
One way we got around this is to use SSL between the internal network and the DMZ (port 443) and then allow that traffic through the internal firewall. Now once this traffic hit a VIP for each environment (Dev, QA, UAT, etc), then traffic would be forwarded to a particular DP domain on a box. So, for instance Dev > VIP:443 > DP(DevDomain):443, and QA > VIP:443 > DP(QADomain):444, etc.
Of course this doesn't work for all solutions, but it does work for us, and I thought I'd share. The firewall remains intact, the VIPs only interact with the DP pools. It also presents a nice interface to the DP environments/domains.
|
|
|
|
|
Logged
|
Senior Consultant
Security Practice
Ascendant Technology
|
|
|
|
|
|
sinusekhar
|
|
« Reply #11 on: March 24, 2008, 12:20:01 PM » |
|
The document was really helpful. Thanks.
|
|
|
|
|
Logged
|
|
|
|
|
