Logo
Alpher Online
 Current page : Home

301 Moved Permanently

Moved Permanently

The document has moved here.


Apache Server at killexams.com Port 80
Pass4sure 000-190 Practice Test | Ask Killexams Experts about 000-190 exams. - alphernet.com.au

000-190 | AIX Basic Operations V5

Updated 000-190 Practice Test @ Killexams

Complete Practice Exam is provided Here   |   View Blog Article Home

000-190 - AIX Basic Operations V5 - braindump

Vendor IBM
Exam Number 000-190
Exam Name AIX Basic Operations V5
Questions 134 Q & A
Recent Update February 12, 2019
Free PDF Download 000-190 Brain Dump
Download Complete PDF Killexams 000-190 Complete Document


Free killexams.com 000-190 question bank


killexams.com have our experts Team to guarantee our IBM 000-190 exam questions are dependably the most current. They are at the whole extraordinarily familiar with the exams and testing consciousness.

How killexams.com maintain IBM 000-190 exams updated?: we have our uncommon procedures to realize the maximum recent exams statistics on IBM 000-190. Now after which we touch our accomplices who're especially at ease with the exam simulator recognition or once in a while our customers will email us the latest enter, or we were given the most current update from our dumps carriers. When we discover the IBM 000-190 exams changed then we updates them ASAP.

On the off prep that you honestly come up quick this 000-190 AIX Basic Operations V5 and might choose no longer to sit tight for the updates then we will give you full refund. however, you should send your score answer to us with the goal that we will have a exam. We will give you full refund quick amid our working time when we get the IBM 000-190 score document from you.

IBM 000-190 AIX Basic Operations V5 Product Demo?: we have both PDF model and Testing Software. You can exam our product web page to perceive what it would seem that like.

At the point when will I get my 000-190 cloth once I pay?: Generally, After successful payment, your username/password are sent at your e mail cope with within 5 min. It may also take little longer in case your answers postpone in charge authorization.

killexams.com Huge Discount Coupons and Promo Codes are as underneath;
WC2017 : 60% Discount Coupon for all tests on website
PROF17 : 10% Discount Coupon for Orders extra than $69
DEAL17 : 15% Discount Coupon for Orders extra than $ninety nine
DECSPECIAL : 10% Special Discount Coupon for All Orders



000-190 dumps, 000-190 Discount Coupon, 000-190 Promo Code, 000-190 vce, Free 000-190 vce, Download Free 000-190 dumps, Free 000-190 brain dumps, pass4sure 000-190, 000-190 practice test, 000-190 practice exam, killexams.com 000-190, 000-190 real questions, 000-190 actual test, 000-190 PDF download, Pass4sure 000-190 Download, 000-190 help, 000-190 examcollection, Passleader 000-190, exam-labs 000-190, Justcertify 000-190, certqueen 000-190, 000-190 testking


View Full Exam »

Customer Reviews about 000-190

Testimonials Here   |   View Vendors, Tracks Home

000-190 - AIX Basic Operations V5 - Reviews

Our customers are always happy to give their reviews about the exams. Most of them are our permanent users. They do not rely on others except our team and they get exam confidence by using our questions and answers and exam simulator.

it's miles brilliant perfect to prepare 000-190 exam with actual test questions.

The precise answers were now not hard to recall. My information of emulating the Killexams Q&A turned into genuinely attractive, as I made all right replies within the exam 000-190. A great deal preferred to the Killexams for the help. I advantageously took the exam preparation inner 12 days. The presentation style of this aide emerge as simple without any lengthened solutions or knotty clarifications. A number of the subject which are so tough and hard as well are educate so particularly.

000-190 question bank that works!

The nice guidance i have ever skilled. I took many 000-190 certification tests, but 000-190 became out to be the easiest one thanks to Killexams. i have recently found this internet site and wish I knew approximately it a few years in the past. might have stored me a number of sleepless nights and gray hair! The 000-190 exam isnt an smooth one, specificallyits cutting-edge version. but the 000-190 Q and A includes the trendy questions, daily updates, and those are without a doubtright and legitimate questions. I am satisfied this is authentic motive I got maximum of them all through my exam. I were given an extremely good marks and thank Killexams to making 000-190 exam pressure-loose.

Weekend examine is enough to pass 000-190 examination with Q&A I got.

I am ranked very high among my magnificence pals on the list of terrific students however it simplest came about after I registered on this Killexams for a few exam assist. It become the excessive marks reading application on this Killexams that helped me in becoming a member of the excessive ranks at the side of different great college students of my elegance. The assets in this Killexams are commendable because theyre precise and extremely beneficial for education via 000-190 pdf, 000-190 dumps and 000-190 books. I am happy to jot down these phrases of appreciation due to the fact this Killexams deserves it. Thank you.

Found 000-190 real question Source.

I prepared the 000-190 exam with the assist of Killexams 000-190 check instruction dump. it turned into complicated however typical very useful in passing my 000-190 exam.

Read books for 000-190 knowledge but ensure your success with these Q&A.

I solved all questions in just half time in my 000-190 exam. I will have the capacity to utilize the Killexams study guide reason for distinctive tests as well. Much appreciated Killexams brain dump for the support. I need to tell that together with your phenomenal apply and honing instruments; I passed my 000-190 paper with good marks. This because of the homework cooperates with your application.

those 000-190 dumps works in the actual check.

I wanted to drop you a line to thank you for your study materials. This is the first time I have used your cram. I just took the 000-190 today and passed with an 80 percent score. I have to admit that I was skeptical at first but me passing my certification exam definitely proves it. Thanks a lot! Thomas from Calgary, Canada

Take benefit of 000-190 exam Q&A and get certified.

Plenty obliged to the one and only Killexams. It is the most trustworthy system to pass the exam. i would thank the Killexams Q&A exam result, for my achievement within the 000-190. Exam became most effective three weeks beforehand, once I began out to have a test this aide and it labored for me. I scored 89%, identifying how to finish the exam in due time.

just try these actual test questions and fulfillment is yours.

I am Aggarwal and I work for Smart Corp. I had applied to appear for the 000-190 exam and was very apprehensive about it as it contained difficult case studies etc. I then applied for your question bank. My many doubts got cleared due to the explainations provided for the answers. I also got the case studies in my email which were rightly solved. I appeared for the exam and am happy to say that I got 73.75% and I give you the whole credit. Further I congratulate you and look further to clear more exams with the help of your site.

Little study for 000-190 exam, got great success.

Today I am very happy because I have got a very high score in my 000-190 exam. I couldnt think I would be able to do it but this Killexams made me think otherwise. The online educators are doing their job very well and I salute them for their dedication and devotion.

How an awful lot income for 000-190 certified?

To become a 000-190 certified, i was in push to skip the 000-190 exam. I tried and failed closing 2 tries. Accidently, I had been given the Killexams material through my cousin. I was very inspired with the Q&a material. I secured 89%. I am so happy that I scored above the margin mark with out problem. The material is well formatted as well as enriched with crucial principles. I think it is the extremely good desire for the exam.

Review Complete Testimonials »

See more IBM exam dumps

Direct Downloads Here   |   View Vendors, Latest Home

Real Exam Questions and Answers of exams

We offer a huge collection of IBM exam questions and answers, study guides, practice exams, Exam Simulator.

000-N26 | A2150-006 | C2050-240 | C9560-656 | BAS-010 | 000-M18 | M2070-740 | 000-632 | C2020-645 | 000-456 | P2065-036 | 000-565 | 000-608 | 000-879 | 000-N52 | C2040-928 | 00M-622 | 000-991 | C2030-102 | LOT-980 | P2065-013 | 000-593 | 000-170 | 000-M83 | 000-R17 | A2040-951 | C4040-221 | 00M-638 | C2150-620 | 000-M241 | C4040-109 | 000-287 | C2010-568 | C9550-512 | 000-M49 | 000-224 | 000-546 | P6040-017 | 000-M10 | 000-714 | 000-M221 | C9050-549 | P2080-096 | M2010-701 | 000-G40 | C9010-252 | SPS-202 | 000-649 | 000-M226 | 000-S32 |

View Complete IBM Collection »

Latest Exams added

Recently Updated Here   |   View Vendors, Latest Home

Latest Practice Exam Questions and Answers Added to Killexams.com

We keep our visitors and customers updated regarding the latest technology certifications by providing reliable and authentic exam preparation material. Our team remain busy in updating 000-190 exam training material as well as reviewing the real exam changes. They try best to provide each and every relevant information about the test for the candidate to get good marks and come out of test center happily.

1Y0-340 | 1Z0-324 | 1Z0-344 | 1Z0-346 | 1Z0-813 | 1Z0-900 | 1Z0-935 | 1Z0-950 | 1Z0-967 | 1Z0-973 | 1Z0-987 | A2040-404 | A2040-918 | AZ-101 | AZ-102 | AZ-200 | AZ-300 | AZ-301 | FortiSandbox | HP2-H65 | HP2-H67 | HPE0-J57 | HPE6-A47 | JN0-662 | MB6-898 | ML0-320 | NS0-159 | NS0-181 | NS0-513 | PEGACPBA73V1 | 1Z0-628 | 1Z0-934 | 1Z0-974 | 1Z0-986 | 202-450 | 500-325 | 70-537 | 70-703 | 98-383 | 9A0-411 | AZ-100 | C2010-530 | C2210-422 | C5050-380 | C9550-413 | C9560-517 | CV0-002 | DES-1721 | MB2-719 | PT0-001 | CPA-REG | CPA-AUD | AACN-CMC | AAMA-CMA | ABEM-EMC | ACF-CCP | ACNP | ACSM-GEI | AEMT | AHIMA-CCS | ANCC-CVNC | ANCC-MSN | ANP-BC | APMLE | AXELOS-MSP | BCNS-CNS | BMAT | CCI | CCN | CCP | CDCA-ADEX | CDM | CFSW | CGRN | CNSC | COMLEX-USA | CPCE | CPM | CRNE | CVPM | DAT | DHORT | CBCP | DSST-HRM | DTR | ESPA-EST | FNS | FSMC | GPTS | IBCLC | IFSEA-CFM | LCAC | LCDC | MHAP | MSNCB | NAPLEX | NBCC-NCC | NBDE-I | NBDE-II | NCCT-ICS | NCCT-TSC | NCEES-FE | NCEES-PE | NCIDQ-CID | NCMA-CMA | NCPT | NE-BC | NNAAP-NA | NRA-FPM | NREMT-NRP | NREMT-PTE | NSCA-CPT | OCS | PACE | PANRE | PCCE | PCCN | PET | RDN | TEAS-N | VACC | WHNP | WPT-R | 156-215-80 | 1D0-621 | 1Y0-402 | 1Z0-545 | 1Z0-581 | 1Z0-853 | 250-430 | 2V0-761 | 700-551 | 700-901 | 7765X | A2040-910 | A2040-921 | C2010-825 | C2070-582 | C5050-384 | CDCS-001 | CFR-210 | NBSTSA-CST | E20-575 | HCE-5420 | HP2-H62 | HPE6-A42 | HQT-4210 | IAHCSMM-CRCST | LEED-GA | MB2-877 | MBLEX | NCIDQ | VCS-316 | 156-915-80 | 1Z0-414 | 1Z0-439 | 1Z0-447 | 1Z0-968 | 300-100 | 3V0-624 | 500-301 | 500-551 | 70-745 | 70-779 | 700-020 | 700-265 | 810-440 | 98-381 | 98-382 | 9A0-410 | CAS-003 | E20-585 | HCE-5710 | HPE2-K42 | HPE2-K43 | HPE2-K44 | HPE2-T34 | MB6-896 | VCS-256 | 1V0-701 | 1Z0-932 | 201-450 | 2VB-602 | 500-651 | 500-701 | 70-705 | 7391X | 7491X | BCB-Analyst | C2090-320 | C2150-609 | IIAP-CAP | CAT-340 | CCC | CPAT | CPFA | APA-CPP | CPT | CSWIP | Firefighter | FTCE | HPE0-J78 | HPE0-S52 | HPE2-E55 | HPE2-E69 | ITEC-Massage | JN0-210 | MB6-897 | N10-007 | PCNSE | VCS-274 | VCS-275 | VCS-413 |

View Complete List »

See more braindumps

Direct Downloads Here   |   View Vendors, Latest Home

Actual Test Questions and Answers of exams

Here are some exams that you can explore by clicking the link below. There are thousands of exams that we provide to our candidates covering almost all the areas of certifications. Prepare our Questions and Answers and you will Pass4sure.

MSC-321 | JN0-201 | EX0-113 | 300-100 | HP0-X02 | TT0-101 | 310-202 | S90-01A | 000-124 | 77-882 | 3M0-701 | 1Z0-347 | CAT-240 | 1Z0-105 | 70-561-VB | 000-964 | M2080-713 | 9A0-384 | QQ0-400 | HP0-J49 | 250-422 | HP0-J54 | 000-783 | M2150-756 | HP2-F01 | BCP-410 | HP0-Y37 | OG0-081 | ZF-100-500 | HH0-200 | C4090-958 | EX200 | 7130X | M2090-733 | NREMT-NRP | 70-541-VB | LOT-925 | 400-151 | HP2-T14 | JN0-632 | 4A0-M01 | NSE7 | PCCN | HP0-762 | HDPCD | HP0-M16 | 000-N11 | HH0-220 | 1Z0-132 | P2090-080 |

Read more Details »

Top of the list Vendors

Certification Vendors Here   |   View Exams, Latest Home

Industry Leading Vendors

Top notch vendors that dominate the entire world market by their technology and experties. We try to cover almost all the technology vendors and their certification areas so that our customers and visitors obtain all the information about test at one place.

Cisco | CIDQ | TruSecure | Dassault | SCP | Motorola | IEEE | CIW | American-College | H3C | RES | Magento | Foundry | Esri | Logical-Operations | USMLE | NIELIT | PARCC | APC | Trainers | ISACA | Palo-Alto | ITEC | Real-Estate | Google | ESPA | Siemens | Polycom | PayPal | LEED | QAI | GuidanceSoftware | Brocade | IQN | F5-Networks | BICSI | CA-Technologies | Teacher-Certification | SpringSource | BEA | Zend | Huawei | Lotus | SASInstitute | Sair | GMAT | SAP | CompTIA | BlackBerry | PostgreSQL-CE |

View Complete List »

000-190 Sample Questions

Certification Vendors Here   |   View Exams, Latest Home

000-190 Demo and Sample

Note: Answers are below each question.
Samples are taken from full version.

Pass4sure 000-190 dumps | Killexams.com 000-190 real questions | [HOSTED-SITE]



Killexams.com 000-190 Dumps and Real Questions

100% Real Questions - Exam Pass Guarantee with High Marks - Just Memorize the Answers



000-190 exam Dumps Source : AIX Basic Operations V5

Test Code : 000-190
Test Name : AIX Basic Operations V5
Vendor Name : IBM
Q&A : 134 Real Questions

Is there 000-190 exam new sayllabus?
Within the wake of attempting some aids, I at closing halted at Dumps and it contained precise answers added in a easy manner that was exactly what I required. I used to be struggling with topics, while my exam 000-190 become handiest 10 day away. I used to be scared that i might now not have the capacity to reap passing marks the lowest pass imprints. I at remaining handed with 78% marks without an awful lot inconvenience.


what's easiest way to skip 000-190 exam?
The killexams.com material is straightforward to apprehend and enough to prepare for the 000-190 exam. No one-of-a-kind observe material I used at the side of the Dumps. My heartfelt way to you for developing such an distinctly powerful, easy material for the difficult exam. I in no way notion I might also want to pass this exam without difficulty without any tries. You human beings made it take location. I responded 76 questions maximum successfully in the actual exam. Thank you for supplying me an revolutionary product.


can i discover dumps questions state-of-the-art 000-190 examination?
The association time for 000-190 exam was clearly a pleasant experience for me. Effectively passing, I actually have found out a way to clear all of the in addition degrees. Because of killexams.com Questions & Answers for all the assistance. I had restrained time for preparation but killexams.com brain dumps became out to be a help for me. It had sizable question and answers that made me plan in a brief compass.


Really great experience!
The killexams.com killexams.com are the tremendous product as its miles every smooth to use and smooth to prepare thrutheir amazing Dumps. In lots of methods it inspired me, its miles the device which I used each day for my gaining knowledge of. The manual is suitable for the making ready. It helped me to perform a high-quality marks inside the final 000-190 exam. It gives the understanding to perform higher inside the exam. Thank you very for the extremely good help.


Study experts question bank and dumps to have great success.
I started out clearly thinking about 000-190 exam just after you explored me about it, and now, having chosen it, I feel that i have settled on the right desire. I passed exam with first rate opinions using killexams.com Dumps of 000-190 exam and got 89% marks that is top class for me. Inside the wake of passing 000-190 exam, i have numerousopenings for work now. Plenty preferred killexams.com Dumps for helping me development my vocation. You shaked the beer!


in which can i download 000-190 dumps?
I passed this exam 000-190 today with a 92% score. killexams.com changed into my primary preparation aid, so if you plan to take this exam, you may absolutely assume this 000-190 questions supply. All data is relevant, the 000-190 questions are correct. I am very glad with killexams.com. this is the primary time I used it, but now Im confident ill come back to this website for all my 000-190 certification checks


000-190 exam questions are modified, in that could i locate new examination bank?
Heres yet another vote for killexams.com because the pleasant manner to put together for 000-190 exam. I opted for this kit to prepare for my 000-190 exam. I didnt set my hopes too high and saved an eye fixed on the professional syllabus to ensure I do not pass over any subjects, and it turned out that killexams.com had them all covered. The practise became very strong and i felt confident at the exam day. And what in reality made killexams.com high-quality become the moment when Ifound out their questions were exactly similar to what actual exam had. simply as promised (which I didnt in reality count on to be authentic - you know the way it really works from time to time!). So, that is extraordinary. Dont hesitate, go for it.


wherein will I locate prep cloth for 000-190 examination?
It was very encourging experience with killexams.com team. They told me to try their 000-190 exam questions once and forget failing the 000-190 exam. First I hesitated to use the material because I afraid of failing the 000-190 exam. But when I told by my friends that they used the exam simulator for thier 000-190 certification exam, i bought the preparation pack. It was very cheap. That was the first time that I convinced to use killexams.com preparation material when I got 100% marks in my 000-190 exam. I really appreciate you killexams.com team.


I want actual take a look at questions modern-day 000-190 exam.
I prepared the 000-190 exam with the assist of killexams.com IBM test coaching material. it was complicatedbut normal very helpful in passing my 000-190 exam.


in which could i get 000-190 actual exam questions and answers?
It is excellent! I passed my 000-190 exam yesterday with a nearly perfect score of 98%. Thank you Killexams! The materials in the bundle are authentic and valid - this is what I got on my other exam. I knew answers to most of the questions, and some more questions were very similar and on the subjects fully covered in the study guide, so I was able to answer them by myself. Not only did I get an excellent learning tool which has helped me expand my professional knowledge, but I also received an easy pass to my 000-190 certification.


IBM AIX Basic Operations V5

device center Operations supervisor 2007 R2 non-home windows OS guide | killexams.com Real Questions and Pass4sure dumps

Microsoft has announced recently that it has accomplished the work focused on offering to customers Cooperative Technical help in collaboration with Linux supplier purple Hat. Designed to raise support alternate options for groups running heterogeneous IT environments, the Cooperative Technical guide streamlines the use of home windows Server platforms and pink Hat business Linux with virtualization solutions from both businesses. additionally, Microsoft has also labored to make sure that its IT infrastructure administration products embrace open-source utility, together with Linux and UNIX working methods, above all to aid shoppers with combined source environments.

“Microsoft gives the methods administration tools, by means of device middle suite, to control actual and virtual IT techniques and functions, including non-home windows utility similar to red Hat enterprise Linux. We do an international-category job of managing red Hat business Linux, so valued clientele can use one pane of glass to manage their legacy Unix and Linux environments along side their home windows Server environments,” revealed Mike Neil, everyday manager of home windows Server and Server Virtualization.

Microsoft has tweaked Operations manager 2007 R2 with a view to present aid for monitoring no longer just its personal application, together with windows customer and server structures, but also operating methods from HP, sun, pink Hat, Novell and IBM. furthermore, the enterprise mentioned, administration packs can be found from numerous companions corresponding to Novell, which enable it to lengthen the default monitoring and administration capabilities to include techniques working MySQL, and even Apache HTTP Server.

besides windows environments, “system center Operations manager 2007 R2 helps monitoring of here working techniques: HP-UX 11i v2 and v3 (PA-RISC and IA64); sun Solaris eight and 9 (SPARC) and Solaris 10 (SPARC and x86); red Hat business Linux four (x86/x64) and 5 (x86/x64) Server; Novell SUSE Linux business Server 9 (x86) and 10 SP1 (x86/x64); [and]IBM AIX v5.3 and v6.1 (power),” Neil cited.

Microsoft device middle Operations manager 2007 R2 assessment download is obtainable right here.


What to know about the IBM tips Governance Catalog | killexams.com Real Questions and Pass4sure dumps

The IBM InfoSphere information Governance Catalog records governance tool helps organisations determine, shop and manage IT and company records property which are fundamental for every day operations. It gives a critical area for personnel to look for and access key facts terms and enterprise counsel belongings which are up so far and trustworthy.

The workflow-oriented information governance device gives users a method of creating guidelines to dictate how an enterprise's information should be dealt with across all its channels. The device's focal point is on assisting the business teams that have established average facts necessities and the IT group that as a result manages this statistics.

How does the application guide information governance projects?

on the core of tips Governance Catalog is its records cataloging gadget. This allows organizations to construct their facts word list the use of aspects for establishing residences for governance policies and rules, as well as information categories, labels, terms and associated metadata. It also provides elements for defining the relationships between policies and rules and classes and terms, making the management of old and new information as intuitive as possible.

classes, labels, phrases, and governance guidelines and guidelines, as well because the ordinary statistics hierarchy constitution, may also be created and customised manually from the glossary building characteristic. additionally, the counsel Governance Catalog makes it possible for clients to simply import latest governance policies and guidelines, classes and labels the usage of its import wizard. These gadgets can also be imported in comma-separated values or extensible markup language structure, or pulled from suitable IBM application equivalent to InfoSphere business word list and InfoSphere Metadata Asset manager.

users ought to be assigned a workflow and security role before they're in a position to access the catalog. This roles-based mostly access ensures that most effective applicable personnel can create, access and manipulate facts belongings approved to them. clients may also be assigned each workflow and safety roles. Workflow roles are given to clients who could be setting up -- and later managing -- the numerous classes and terms inside the catalog. There are four workflow roles in the utility: editor, reviewer, approver and publisher. clients with workflow roles are supplied entry to a developmental glossary that permits them to preview and edit belongings earlier than they're published. only clients with specific workflow roles can create, approve, edit, assessment and submit belongings found in the thesaurus.

as soon as the thesaurus is operational, safety roles are given to users who will entry and interact with the records assets inside the catalog. There are seven safety roles in the application, every with its own exciting access and editing expertise: glossary basic person, person, word list writer, glossary administrator, suggestions asset creator, information asset administrator and information asset assigner. moreover, the utility gives a characteristic for assigning records stewards -- individuals or companies -- that can support control statistics belongings as soon as they're published.

clients with protection roles have entry to the catalog via a web browser, which allows them to reach stored statistics from anyplace they have internet access. they could additionally entry lineage reports of statistics that permit them to graphically determine where the facts in the glossary originated, assisting to boost self belief within the accuracy of the information. The newest edition of tips Governance Catalog, eleven.5 RUP1, additionally features services for information classification, which helps clients examine in my opinion identifiable tips or other delicate information throughout dissimilar information sets. The compliance reporting feature lets businesses time table, download, distribute and archive customized lineage experiences in PDF layout.

Who advantages from the use of counsel Governance Catalog?

IBM's information governance application may also be used by means of organizations of all sizes to create a centralized gadget for storing and managing the facts belongings primary to creating their business prosper. successful statistics governance contains attempting to find and gaining access to correct and respectable information, but it surely hinges on the establishment of defined records policies, implementation guidelines and common company vocabulary that make managing the statistics as effortless as possible.

How is the application licensed and priced?

assistance Governance Catalog is purchasable as on-premises software with customer-server architecture. It can be deployed on AIX, Linux and home windows server systems, and clients can entry the application by way of the Microsoft internet Explorer or Mozilla Firefox net browsers. Pricing is in accordance with a server ability-primarily based processor price unit measurement. in consequence, posted pricing is unavailable, and those interested in buying the utility may still contact IBM without delay. There are three editions of the software available:

  • InfoSphere advice Governance Catalog, which is ultimate desirable for medium-size to significant organizations.
  • InfoSphere suggestions Governance Catalog Workgroup, which is proscribed to a maximum of 480 PVUs and five approved clients, making it most useful desirable for smaller companies.
  • InfoSphere suggestions Governance Catalog for information Warehousing, which is priced explicitly for use with familiar facts warehousing systems similar to IBM Netezza, IBM Pure statistics and Teradata.
  • A 12-month help software is included with guidance Governance Catalog. extra support may be bought from IBM. All legitimate guide contracts additionally give entry to accessible utility enhancements throughout the contract period. No trial is accessible, but IBM will give organizations with proof of theory or a product demonstration before buy.


    The finished history of the IBM notebook, part two: The DOS empire strikes | killexams.com Real Questions and Pass4sure dumps

    reader feedback 127 with ninety nine posters participating Share this story
  • Share on facebook
  • Share on Twitter
  • Share on Reddit
  • Nota bene: here is the concluding part of the rather unique historical past of the IBM workstation. you should probably read half one of the story if you have not already.
  • A die shot of the Intel 8086, a extra high priced (however functionally identical) version of the Intel 8088 that could eventually energy the IBM computer.
  • the humble Intel 8088 CPU.
  • An Intel 8086 card produced via Seattle desktop products. S100 computers
  • ... and now with an introduced 8087 coprocessor! S100 computer systems
  • In November 1979, Microsoft's familiar accomplice Seattle desktop products released a standalone Intel 8086 motherboard for hardcore hobbyists and computing device producers trying to test with this new and intensely potent CPU. The 8086 turned into carefully concerning the 8088 that IBM chose for the pc; the latter was a value-decreased edition of the previous, an eight-bit/16-bit hybrid chip in place of a pure 16-bit like the 8086.

    IBM opted for the less potent 8088 partly to manage prices, however also to enable using certain hardware that required the eight-bit exterior data bus discovered on the 8088. however in all probability the greatest consideration stemmed, as occurs so frequently, from the advertising department rather than engineering. The 8086 was such a magnificent chip that an IBM notebook so geared up may convince some customers to opt for it in lieu of IBM's personal larger programs; IBM desired to take company from different notebook producers, not from their own different divisions.

    An Intel 8086 card produced by Seattle Computer Products.

    amplify / An Intel 8086 card produced by means of Seattle desktop items. S100 computer systems The critical thing to bear in mind for our applications, notwithstanding, is that each chips shared the identical guide set, and for that reason could run the same software. each person desired to run CP/M on the SCP boards, but CP/M existed best for the Intel 8080 and Zilog Z80. thus, SCP had the equal issue that Jack Sams and IBM would face months later. Digital analysis time and again promised an 8086/8088 version of CP/M, but failed to convey. So, in April of 1980 Tim Paterson of SCP decided to jot down his personal 8086/8088 working device. He referred to as it QDOS—the "quick and soiled operating gadget."

    The ethicality or lack thereof of what Paterson did has been debated for years. Gary Kildall stridently claimed many times that he ripped off the specific CP/M supply code, but this is a extremely complex fact. There isn't any evidence that he even had entry to the supply, which Digital, like most groups then and now, guarded carefully.

    nonetheless, Paterson freely admits that he pulled out his CP/M reference manual and duplicated each and every of its API calls one at a time. On the other other hand, and whereas it may well not have mirrored a great deal originality or artistic pondering, what he did changed into pretty evidently criminal even through the standards of today. Courts have ruled repeatedly that APIs can not be copyrighted, simplest specific implementations thereof, and that reverse engineering is hence allowed. (well, there is patent law, however it's a swamp we'll reside well far from...)

    food for concept for open supply advocates and Microsoft haters: if QDOS became ethically wrong, then Linux—largely a reimplementation of the Unix necessities—must be equally wrong. Paterson claims that he had a great cause to reproduction CP/M so intently: he desired to make it as easy as viable for programmers to move present CP/M utility over to QDOS. He also claims that below the surface, the place he may get away with it, he greatly superior upon his model, specially in disk- and file-handling.

    extra analyzing The comprehensive history of the IBM laptop, half one: The deal of the century

    in the meantime bill Gates turned into wondering how the hell he become going to come up with an working device for IBM within the time frame they wanted. Then one day Paterson known as Microsoft co-founder Paul Allen to tell him about QDOS, just in case Microsoft was attracted to writing some software for it or the use of it in-house. Gates, just the man to realize an out-of-the-blue saviour when he saw one, called Sams, asking, "Do you need to get [it], or do you need me to?" Sams' answer to that question would cost IBM billions and billions over the a long time to return. "with the aid of all capacity, you get it," he said.

    Recognising that workstation application was far from his realm of talents, Sams had already relatively plenty thrown all of his methods-application issues into Microsoft's lap, and he noticed no motive to exchange path now. "We wanted this to be their difficulty," he later pointed out. Microsoft's "difficulty" would in a number of years turn into a huge, massive difficulty for IBM.

    Let there be gentle! Steve Ballmer and Bill Gates, at the PC Forum in 1986. amplify / Steve Ballmer and bill Gates, at the pc discussion board in 1986. Ann E. Yow-Dyson/Getty images

    On September 30, Gates, Steve Ballmer, and Bob O'Rear—Microsoft’s seventh worker—flew down to Florida to make their ultimate notion to IBM. For Sams, who desired to essentially foist the application difficulty on someone else, their plan sounded most desirable. Microsoft would take accountability for proposing an working device, four programming languages (simple, COBOL, Fortran, Pascal), and more than a few different software to be obtainable at launch (including our historic friend Microsoft event).

    One point Gates carefully stipulated: Microsoft would licence all of this to IBM, not outright sell it to them, and would predict to be paid on a per-copy royalty foundation. IBM, feeling there turned into probability adequate for everyone to do smartly out of this and that it could not damage to have Microsoft's personal destiny tied so intently to that of the IBM workstation, agreed. This huge enterprise, legendarily chance-averse and conservative, elected to vicinity the destiny of 1 of its largest tasks ever in the fingers of a 24-year-old. If Microsoft failed to come through, the IBM notebook itself would be stillborn.

    On November 6, Microsoft and IBM formally signed the contract, which automatically paid Microsoft $700,000 to begin porting all of this disparate utility to the new structure. sarcastically, IBM’s Lowe and Sams, who had played such popular roles in everything that came earlier than, had been transferred to different divisions. project Chess can also were an impartial business Unit, but it undoubtedly wasn't thoroughly proof against the fickle techniques of the IBM paperwork. Don Estridge took over leadership of the task.

    whereas the application deal changed into being finalised, assignment Chess had no longer been idle. That equal November Microsoft got its first two prototype machines. IBM, desperately involved about secrecy, demanded they maintain them in a windowless vault secured with locks they themselves supplied. Microsoft and IBM's task Chess, almost as physically some distance aside as two organizations can also be and nevertheless be within the united states, on the other hand developed a working relationship that looks similar to these of these days, when geography concerns a long way less. They communicated normally through telephone and (particularly) a unique email gadget they installation, shuttled packages back and forth via an overnight carrier, and visited one a further commonly—and often by surprise. (This grew to be a specific problem for Microsoft; IBM had a addiction of dropping in unannounced to see if all of their byzantine security approaches have been being practiced.)

    The IBM team of route had plenty to maintain them busy, but Microsoft had been actually up towards it. thanks to all of the negotiations, they were, according to Gates, already "three months in the back of agenda" the day the contract become finalised. everybody labored months of seven-day weeks. Most failed to even take Christmas off.

    the first purpose needed to be to get the computer operating in its two modes of operation: basic and the disk-based operating equipment. Microsoft could deal with the previous on their personal, but the latter left them based on Seattle desktop products. even as Microsoft had been finalising their take care of IBM and beginning to work, Paterson and SCP had been carrying on with their personal work, refining QDOS from a "short and dirty" hack into an operating device they might sell. along the style they renamed it, for obvious reasons, to 86-DOS. As 1980 drew to a detailed, they eventually had a version they felt changed into proper for the backyard world.

    Bill Gates might not <em>look</em> a coldblooded businessman, but that's exactly what he wants you to think! amplify / invoice Gates could not seem to be a coldblooded businessman, however it really is precisely what he wants you to think! Gijsbert Hanekroot/Redferns invoice Gates turns unhealthy

    except this element, invoice Gates has in reality behaved himself, appearing like a hard-riding but straightforward businessman. Now, youngsters, we birth to look a few of that legendary Gates shiftiness come out. He desired for Microsoft a royalty-primarily based agreement that could allow them to share within the hoped-for success of the IBM computer. however he wasn't able to share those fruits with SCP, who nonetheless had no theory that the IBM task was even happening or that their modest little one-man-authored operating system became key to the plans of 1 of the biggest companies on the earth. Gates desired to retain them at nighttime, however he crucial 86-DOS, like, the previous day. He therefore obligatory to pry 86-DOS out of their fingers with out letting them understand why he desired it.

    Paul Allen and BIll Gates at the 1987 PC Forum, looking a little bit bored.

    enlarge / Paul Allen and invoice Gates at the 1987 laptop forum, looking a little bit bored. Ann E. Yow-Dyson/Getty pictures Paul Allen negotiated an settlement with SCP owner Rod Brock in January, implying that Microsoft had a whole good of valued clientele eager to run 86-DOS. The deal would well-nigh permit Microsoft to behave as middleman—or, if you like, retailer—in these transactions. For every consumer to whom they sold a licence for 86-DOS, they might pay SCP $10,000, or $15,000 if the license additionally blanketed the source code. they'd additionally pay SCP an initial price of $10,000 to start the contract. extra analyzing Is that invoice Gates staring back at you from Outlook 2010? For SCP, a a great deal smaller, hardware-focused enterprise with out the attain or advertising and marketing expertise of Microsoft, the agreement sounded top notch—above all because business lately had no longer been specially decent. Microsoft appeared convinced that they may promote quite a couple of licences, bringing in effortless money for an operating system Paterson had begun basically on a lark.

    One clause buried within the contract might have raised a pink flag: "Nothing in this licensing contract shall require Microsoft to identify its client to Seattle laptop products." Brock later observed, "That seemed abnormal to us, but we agreed to go alongside." truly, of path, Microsoft had no sturdy of eager licensees. that they had only one, the greatest fish of all: IBM. Microsoft bought only one license under the contract, correctly acquiring the IBM computing device’s working device for a grand complete of $25,000.

    First boot

    In February, Bob O'Rear of Microsoft got 86-DOS besides for the first time on one of the prototype machines:

    It became like the middle of the night. It become one of the vital joyous moments of my life, to eventually in spite of everything the instruction and work, and back and forth, to have that working system boot up and tell you that it’s ready to accept a command. That become an exhilarating moment.

    IBM was soon asking for a few alterations to 86-DOS. Microsoft accordingly discovered themselves in the awkward position of having to go returned to Paterson, who of path knew 86-DOS far enhanced than any person else and whom they'd signed to a consulting contract, to request changes without telling him the place the requests had been definitely coming from. within the conclusion they convinced him to leave SCP and are available to work for them full-time. "or not it's IBM!" they advised him as quickly as he labored through the door on his first day as an worker.

    A screenshot of 86-DOS (QDOS) running in an emulator.

    A screenshot of 86-DOS (QDOS) running in an emulator. mockingly for Paterson, who has spent many years fighting critics who claim he ripped off CP/M, lots of the changes IBM requested truly made 86-DOS seem much more like CP/M. for example, the command instant showing the present power—i.e., "A>"—became the outcomes of one of IBM's requests, and a carbon copy of CP/M's. Paterson says it made him "wish to throw up," but of direction on this venture what IBM requested IBM frequently received.

    IBM planned to announce the IBM computer in August of 1981—as per the usual plan, which gave project Chess precisely 12 months to finished its work. They weren't attracted to suspending, so all and sundry in Boca Raton and particularly at Microsoft just worked more durable as smaller cut-off dates were ignored, but the greatest one remained fastened.

    IBM additionally started confidentially drawing near developers of application corresponding to VisiCalc and the notice-processing equipment convenient author, so as to add to Microsoft's lineup of purposes and video games. They even organized to make the USA Pascal P-gadget purchasable for people that wanted to run it in lieu of 86-DOS or the Microsoft simple atmosphere.

    incredibly, given its expanding scope, the venture remained a complete secret for reasonably a long time. however at last in June InfoWorld printed an in depth article that described the entire plan nearly to the final detail, even bringing up that the operating equipment would now not be CP/M however could be "CP/M-like." InfoWorld missed simplest the planned announcement date, saying it will occur in July in preference to August. The Datamaster, the earlier "laptop-like" challenge that had provided expertise and personnel to undertaking Chess, did make its personal belated debut that month. Many assumed that the mission InfoWorld had scooped changed into the Datamaster, and thus that the magazine had gotten all of it incorrect. those more suitable linked, youngsters, knew more suitable via this time.

    I drink your milkshake

    A screenshot of a version of PC-DOS from around 1982.

    magnify / A screenshot of a edition of notebook-DOS from round 1982. Then on July 27, 1981, barely two weeks before the planned announcement, invoice Gates made what has often been called the deal of the century.

    Rod Brock at SCP became a upset man. The legion of 86-DOS licensees he had predicted following the Microsoft deal hadn't materialised, and now he had lost Paterson, the one software man at his hardware-focused enterprise, to Microsoft. It turned into relatively obtrusive with the aid of now who the one 86-DOS sub-licensee should be, but SCP changed into strapped for money and lacked the capacity to aid an operating gadget. He began to shop 86-DOS round just a little, attempting to find a person inclined to take over support in return for an exclusive license to it. Gates pounced immediately, offering SCP a a good deal-necessary $50,000 for the deal—with one critical difference. He stipulated that Microsoft would no longer be buying an exclusive license, however can be purchasing the software itself, outright. they would then furnish the exclusive license to SCP, very nearly turning the deal on its head. Brock became uncertain, but he actually did need the cash, and he did not know what to do with 86-DOS himself anyway…

    He signed the agreement, making Microsoft the sole proprietor of 86-DOS—or, because it became instantly renamed, MS-DOS. it's yet yet another instance of the bad monetary determination-making that became so endemic to the early microcomputer industry, as hackers who knew every thing about bits and bytes but nothing about enterprise all of sudden found themselves working corporations. These were the kinds of errors that Gates reputedly never made, but knew how to exploit and even engender in others. When coping with innocents like Brock, it become as handy as leading the proverbial lambs to slaughter. MS-DOS, purchased for $50,000, become earning Microsoft greater than $200 million per yr by means of 1991. even more importantly, it turned into the key building block in the Microsoft monopoly that would absolutely dominate business computing by way of the mid-1980s, and dominate virtually all computing all through the Nineteen Nineties. This decision, greater than another, is the one that made Microsoft the gigantic it nevertheless is nowadays.

    but Microsoft (and IBM) all at once had one more legal hurdle to clear. by using this time, with the IBM computing device becoming more and more of an open secret within the industry, Gary Kildall had seen a copy of 86-DOS/MS-DOS in action. He changed into satisfied that Paterson had stolen his operating gadget, that he had by hook or by crook gotten a copy of the supply code, made simplest those adjustments essential to get it running on the Intel 8086/8088, filed off the digital serial numbers, and offered it to IBM. Now he all started to threaten prison action, and (in all probability of greater challenge to IBM) to cause an immense stink in the press that could forged a cloud over the upcoming announcement.

    Kildall and Gates met for lunch to try to hash issues out, however to no avail. "It was a kind of meetings where every person turned into best to each and every other, then all and sundry shouted at each other, then everybody become high-quality to each and every other, then each person shouted at each different," recalled John Katsaros, a Digital research colleague who turned into also there. And so IBM stepped in to make a deal. they would also offer CP/M-86, the 8088-suitable edition of the working equipment which Digital had been nonetheless messing about with, on the IBM computer just as soon as Kildall could supply them a achieved edition. Kildall, at least a bit placated, permitted.

    The IBM computing device, which IBM had from the delivery envisioned as a true "the rest desktop," would now don't have any fewer than 4 attainable operating paradigms: the ROM-hosted basic, MS-DOS, CP/M, or u.s.a. Pascal.

  • The common IBM pc 5150, with a printer, added in August 1981. This wasn't really the primary IBM very own computer, although... (examine part some of the story to find out more). SSPL/Getty pictures
  • The customary IBM pc mannequin 5150. Wikipedia
  • An common IBM pc 5150 print advert. adverts were different again then...
  • August 12, 1981

    An original IBM PC 5150 print ad. Ads were different back then...

    amplify / An long-established IBM computer 5150 print ad. ads were different again then... IBM formally announced the IBM workstation on August 12, 1981, at the Waldorf Astoria inn in ny. With 16KB of RAM and a single floppy drive, the desktop had a suggested price of $1,565; loaded, it might reach $6,000. these fees bought you Microsoft fundamental at no cost, hosted in ROM. MS-DOS, sold below IBM's licence as computing device-DOS, would can charge you $forty, while america Pascal would charge you over $500. IBM also introduced that CP/M-86 can be available—at some factor. within the conclusion, it could be over six months earlier than Digital would at last deliver CP/M-86. after they did, IBM dutifully put it of their catalogue, however at a price of some $240.

    Kildall, who remained convinced except his demise that MS-DOS turned into a rip-off of CP/M and every now and then claimed to be able to prove it by the use of this secretly embedded message or that ordinary API attribute, believed that IBM deliberately priced CP/M six instances bigger than MS-DOS with a view to be sure nobody really purchased it, for this reason honoring the letter of their settlement but now not the spirit. IBM, for its half, effortlessly claimed that Digital had demanded such high licensing charges that they had no option. Of the four working paradigms, three of them—CP/M, Microsoft basic, and america Pascal—ended up being used so seldom that few nowadays even bear in mind they have been options within the first location. MS-DOS, of path, went on to conquer the area.

    The hardware, in the meantime, is premiere described as stolid and, smartly, sort of boring. For all of its ordinary (by way of IBM specifications) development procedure, the final product in fact wasn't some distance faraway from what people had come to predict from IBM. There changed into no outstanding artistic flair about its design, however, from its keyboard that clunked satisfyingly every time you pressed a key to its huge, enormous-looking case with lots of metal interior, it looked and operated like a device you might rely on. And that wasn't just a floor impact. whatever else you might say about it, the IBM notebook was built to last. possibly its most neglected innovation is its use of reminiscence with a further parity bit to immediately observe failures. It changed into the first mass-market microcomputer to be so fitted, giving coverage from rare but notoriously difficult to hint reminiscence error that could trigger all sorts of unpredictable behaviour on other early PCs. RAM parity is rarely actually the variety of aspect that inflames the passions of hackers, however for a businessperson trying to find a machine to entrust with her livelihood, or not it's precisely the form of thing that made IBM IBM. They made you feel protected.

    despite the fact that its lack of design creativeness would simply verify hackers' prejudices, for plenty of businesspeople unclear about all these scruffy upstart businesses the IBM pc's arrival legitimised the microcomputer as a significant tool for a serious purpose. center managers rushed to purchase them, as a result of no person ever obtained fired for buying an IBM—despite the fact that no person become ever all that excited about buying one either. IBM offered some 13,500 PCs within the remaining couple of months of 1981 on my own, and the numbers simply soared from there.

    Apple's full-page ad in the <em>WSJ</em>. enlarge / Apple's full-page ad in the WSJ.

    With IBM within the laptop video game ultimately—machines definitely began shipping forward of time table in October—those that had been there all alongside were left to wonder what all of it intended. Radio Shack's John Roach had probably the most unlucky response: "I do not feel it's that giant." one more Radio Shack executive became most effective slightly less dismissive: "There really is a brand new child on the block, but there is nothing that IBM has introduced that could blow the trade away."

    Apple, then as now a whole lot more suitable at this public-relations stuff than essentially anybody else, took a full-web page commercial in the Wall highway Journal saying, "Welcome IBM. significantly." Like so lots Apple advertising, it was a masterful piece of rhetoric, managing to sound gracious whereas on the equal time making it clear that a) IBM is the latecomer and b) Apple intend to treat them as peers, nothing greater.

  • The original IBM laptop 5150 could be so successful that it will go on to spawn numerous variations over the following few years. Mark Madeo/Future Publishing by means of Getty images
  • starting with the IBM laptop XT in 1983, which had a constructed-in tough force. Mark Madeo/Future Publishing by the use of Getty photos
  • Then the IBM computer AT in 1984, which had a newer 80286 CPU. Mark Madeo/Future Publishing by the use of Getty photographs
  • The IBM PCjr, officially the enterprise's first try to destroy into the home computing market, came out in 1984. Mark Madeo/Future Publishing via Getty images
  • Epilogue

    Years later it might be clear that the arrival of the IBM workstation was the third fantastic milestone in computer history, following the first microcomputer kits in 1975 and the Trinity (Apple II, PET, TRS-eighty) of 1977. It also marked the end of the first period of Microsoft's heritage, as a scrappy but revered purveyor of fundamentals, different programming languages, and functions utility (in that order). in the wake of the IBM notebook's launch, Microsoft quite quickly reduce their ties to the older, greater hacker-ish communities through which they had grown up to hitch their wagon firmly to the IBM and MS-DOS business-computing teach. loads of aesthetic, technical, and prison ugliness waited for them down those tracks, but so did a whole bunch and a whole lot of billions of greenbacks.

    The different players during this little heritage had greater combined fates. Seattle computing device items straggled on for a number of more years, however at last went beneath in 1985. Rod Brock did, besides the fact that children, still have one component of monstrous price. you will be aware that Brock bought 86-DOS to Microsoft outright, but had got an exclusive license to it in return. together with his company failing, he determined to money out by selling that license on the open market to the maximum bidder. Microsoft, confronted with seeing a huge seller like Radio Shack, Compaq, or even IBM themselves unexpectedly in a position to sell MS-DOS-fitted machines without paying Microsoft the rest, decided retroactively that the license become nontransferable. The total component devolved into a complicated prison combat, one of the crucial first of many for Microsoft. within the end Brock didn't sell his license, but he did get hold of a settlement cheque for $925,000 to stroll away and leave well ample by myself.

    Of path, the person heritage has immortalised because the definitely huge loser in all here is Gary Kildall. That, youngsters, is awfully a good deal a rely of diploma and interpretation. Digital analysis misplaced its place on the head of enterprise computing, but continued for years as a possible and intermittently profitable seller of application and niche working programs. Kildall also became a family unit name to at least the nerdier conclusion of the television demographic as the gentle-mannered, a bit rumpled co-host of PBS' laptop Chronicles collection. Novell at last purchased Digital in 1991, allowing Kildall to retire a millionaire. For a loser, he did relatively well for himself in the conclusion. Kildall, at all times extra interested in expertise than in company, turned into certainly not cut out to be bill Gates anyway. Gates may additionally have gained, however perhaps Kildall had extra fun.

    The Commodore 64 would prevent the IBM PC from dominating the home computing market... for a little while, at least.

    amplify / The Commodore 64 would stay away from the IBM pc from dominating the home computing market... for a short while, as a minimum. Sascha Steinbach/Getty pictures besides the fact that children the IBM pc marked the conclusion (and starting) of an era, eras are things which are greater obvious in retrospect than within the second. in the instant aftermath of the launch, things did not definitely change all that a great deal for chuffed Apple, Commodore, Atari, and Radio Shack users. IBM all the way through the building method had imagined the IBM computer as a machine adaptable for pretty much any aim, together with going toe to toe with these businesses' offerings—as a consequence the primary in ROM, the cassette choice, and even an insistence that it's going to be possible to hook one as much as a tv. IBM even made a deal to sell it via that bastion of mainstream Americana, Sears. nevertheless, the laptop was fairly expensive in even its most basic configurations, and it lacked the bottom of casual utility (specifically games) and the committed users of those competitors. Nor were its photos and sound capabilities, if most likely fantastic for present in any respect, mainly tempting, particularly when a brand new computer referred to as the Commodore 64 came down the pipe in 1982.

    So, while the enterprise community flocked to the IBM and MS-DOS in remarkably short order, the realm of home, hobbyist, and tutorial computing would stay pretty divorced from that of the IBM computing device for years to return. eventually, of direction, MS-DOS would win out—however that would take greater than a decade as a substitute of mere months, allowing area for some of the most brilliant and fun computing cultures to grow and thrive.

    * * *

    Jimmy Maher is the author of The Digital Antiquarian, an ongoing heritage of interactive entertainment and concerns related in blog form. this article, about the history of the IBM laptop, in the beginning appeared there. in case you enjoyed this text and the numerous others on his own website, you could guide his ongoing work by means of becoming his Patreon customer.


    Whilst it is very hard task to choose reliable exam questions / answers resources regarding review, reputation and validity because people get ripoff due to choosing incorrect service. Killexams. com make it certain to provide its clients far better to their resources with respect to exam dumps update and validity. Most of other peoples ripoff report complaint clients come to us for the brain dumps and pass their exams enjoyably and easily. We never compromise on our review, reputation and quality because killexams review, killexams reputation and killexams client self confidence is important to all of us. Specially we manage killexams.com review, killexams.com reputation, killexams.com ripoff report complaint, killexams.com trust, killexams.com validity, killexams.com report and killexams.com scam. If perhaps you see any bogus report posted by our competitor with the name killexams ripoff report complaint internet, killexams.com ripoff report, killexams.com scam, killexams.com complaint or something like this, just keep in mind that there are always bad people damaging reputation of good services due to their benefits. There are a large number of satisfied customers that pass their exams using killexams.com brain dumps, killexams PDF questions, killexams practice questions, killexams exam simulator. Visit Killexams.com, our test questions and sample brain dumps, our exam simulator and you will definitely know that killexams.com is the best brain dumps site.

    [OPTIONAL-CONTENTS-2]


    C2170-008 bootcamp | COMPASS free pdf | 70-698 cram | HP0-719 questions and answers | 70-341 free pdf | C2010-576 sample test | 000-736 mock exam | HP2-E57 VCE | CCC real questions | 000-M36 study guide | CHHE practice test | 212-77 study guide | 920-164 exam prep | ACMP-6.4 questions answers | HP2-T20 practice test | 820-427 test questions | HP0-Y28 braindumps | LOT-410 test prep | C2030-283 test prep | 700-001 real questions |


    IBM 000-190 Dumps and Practice Tests with Real Question
    We are doing effort to supplying you with actual AIX Basic Operations V5 exam questions and answers, along explanations. Each Q&A on killexams.com has been showed by means of IBM certified experts. They are tremendously qualified and confirmed humans, who have several years of professional experience recognized with the IBM assessments.

    The best way to get success in the IBM 000-190 exam is that you ought to get dependable prep material. We guarantee that killexams.com is the most direct pathway towards IBM AIX Basic Operations V5 exam. You will be triumphant with full surety. You can see free questions at killexams.com before you purchase the 000-190 exam products. Our test questions are the same as actual test questions. The questions and answers collected by the certified professionals. They give you the experience of taking the real test. 100% assurance to pass the 000-190 real test. killexams.com Huge Discount Coupons and Promo Codes are as under;
    WC2017 : 60% Discount Coupon for all exams on website
    PROF17 : 10% Discount Coupon for Orders greater than $69
    DEAL17 : 15% Discount Coupon for Orders greater than $99
    DECSPECIAL : 10% Special Discount Coupon for All Orders
    Click http://killexams.com/pass4sure/exam-detail/000-190

    The best way to get success in the IBM 000-190 exam is that you ought to acquire dependable braindumps. We guarantee that killexams.com is the most direct pathway towards certifying IBM AIX Basic Operations V5 exam. You will be triumphant with full surety. You can see free questions at killexams.com before you purchase the 000-190 exam products. Our mimicked tests are in different decision the same as the real exam design. The questions and answers collected by the certified professionals. They give you the experience of taking the real test. 100% assurance to pass the 000-190 real test.

    killexams.com IBM Certification study guides are setup by IT experts. Bunches of understudies have been whining that there are excessively numerous questions in such huge numbers of training exams and study aides, and they are quite recently tired to manage the cost of any more. Seeing killexams.com specialists work out this extensive form while still certification that all the information is secured after profound research and exam. Everything is to make comfort for competitors on their street to certification.

    We have Tested and Approved 000-190 Exams. killexams.com gives the exact and most recent IT exam materials which practically contain all information focuses. With the guide of our 000-190 exam materials, you dont have to squander your opportunity on perusing reference books and simply need to burn through 10-20 hours to ace our 000-190 real questions and answers. Also, we furnish you with PDF Version and Software Version exam questions and answers. For Software Version materials, Its offered to give the same experience as the IBM 000-190 exam in a real environment.

    We give free updates. Inside legitimacy period, if 000-190 exam materials that you have bought updated, we will intimate you by email to download most recent version of Q&A. In the event that you dont pass your IBM AIX Basic Operations V5 exam, We will give you full refund. You have to send the checked duplicate of your 000-190 exam report card to us. Subsequent to affirming, we will rapidly give you FULL REFUND.

    In the event that you get ready for the IBM 000-190 exam utilizing our testing software. It is anything but difficult to prevail for all confirmations in the main attempt. You dont need to manage all dumps or any free downpour/rapidshare all stuff. We offer free demo of every IT Certification Dumps. You can look at the interface, question quality and convenience of our training exams before you choose to purchase.

    killexams.com Huge Discount Coupons and Promo Codes are as under;
    WC2017 : 60% Discount Coupon for all exams on website
    PROF17 : 10% Discount Coupon for Orders greater than $69
    DEAL17 : 15% Discount Coupon for Orders greater than $99
    DECSPECIAL : 10% Special Discount Coupon for All Orders


    [OPTIONAL-CONTENTS-4]


    Killexams 000-R14 test prep | Killexams 250-924 questions answers | Killexams ES0-003 practice test | Killexams 000-132 VCE | Killexams C2020-615 mock exam | Killexams 640-803 Practice Test | Killexams 000-138 braindumps | Killexams HPE2-E69 exam prep | Killexams 500-210 dumps | Killexams C9560-040 test questions | Killexams HP0-240 Practice test | Killexams M9520-233 practice test | Killexams 920-464 study guide | Killexams GB0-190 practice questions | Killexams SK0-003 practice exam | Killexams S90-02A exam questions | Killexams 00M-656 questions and answers | Killexams 920-806 test prep | Killexams C2140-646 free pdf | Killexams CGAP free pdf |


    [OPTIONAL-CONTENTS-5]

    View Complete list of Killexams.com Brain dumps


    Killexams 77-882 dumps | Killexams HP0-678 brain dumps | Killexams ACE practice questions | Killexams HPE2-E65 cram | Killexams 920-106 free pdf download | Killexams JN0-101 questions answers | Killexams OMG-OCUP-100 free pdf | Killexams HH0-300 braindumps | Killexams 10-184 exam questions | Killexams 000-172 free pdf | Killexams NS0-507 bootcamp | Killexams HP2-H36 questions and answers | Killexams MB2-712 free pdf | Killexams 1Z0-060 test prep | Killexams A2090-735 examcollection | Killexams ST0-155 test prep | Killexams C2010-651 Practice test | Killexams 77-604 practice test | Killexams 000-122 braindumps | Killexams MB2-719 dumps questions |


    AIX Basic Operations V5

    Pass 4 sure 000-190 dumps | Killexams.com 000-190 real questions | [HOSTED-SITE]

    GSSAPI Authentication and Kerberos v5 | killexams.com real questions and Pass4sure dumps

    This chapter is from the book 

    This section discusses the GSSAPI mechanism, in particular, Kerberos v5 and how this works in conjunction with the Sun ONE Directory Server 5.2 software and what is involved in implementing such a solution. Please be aware that this is not a trivial task.

    It’s worth taking a brief look at the relationship between the Generic Security Services Application Program Interface (GSSAPI) and Kerberos v5.

    The GSSAPI does not actually provide security services itself. Rather, it is a framework that provides security services to callers in a generic fashion, with a range of underlying mechanisms and technologies such as Kerberos v5. The current implementation of the GSSAPI only works with the Kerberos v5 security mechanism. The best way to think about the relationship between GSSAPI and Kerberos is in the following manner: GSSAPI is a network authentication protocol abstraction that allows Kerberos credentials to be used in an authentication exchange. Kerberos v5 must be installed and running on any system on which GSSAPI-aware programs are running.

    The support for the GSSAPI is made possible in the directory server through the introduction of a new SASL library, which is based on the Cyrus CMU implementation. Through this SASL framework, DIGEST-MD5 is supported as explained previously, and GSSAPI which implements Kerberos v5. Additional GSSAPI mechanisms do exist. For example, GSSAPI with SPNEGO support would be GSS-SPNEGO. Other GSS mechanism names are based on the GSS mechanisms OID.

    The Sun ONE Directory Server 5.2 software only supports the use of GSSAPI on Solaris OE. There are implementations of GSSAPI for other operating systems (for example, Linux), but the Sun ONE Directory Server 5.2 software does not use them on platforms other than the Solaris OE.

    Understanding GSSAPI

    The Generic Security Services Application Program Interface (GSSAPI) is a standard interface, defined by RFC 2743, that provides a generic authentication and secure messaging interface, whereby these security mechanisms can be plugged in. The most commonly referred to GSSAPI mechanism is the Kerberos mechanism that is based on secret key cryptography.

    One of the main aspects of GSSAPI is that it allows developers to add secure authentication and privacy (encryption and or integrity checking) protection to data being passed over the wire by writing to a single programming interface. This is shown in FIGURE 3-2.

    03fig02.gifFigure 3-2. GSSAPI Layers

    The underlying security mechanisms are loaded at the time the programs are executed, as opposed to when they are compiled and built. In practice, the most commonly used GSSAPI mechanism is Kerberos v5. The Solaris OE provides a few different flavors of Diffie-Hellman GSSAPI mechanisms, which are only useful to NIS+ applications.

    What can be confusing is that developers might write applications that write directly to the Kerberos API, or they might write GSSAPI applications that request the Kerberos mechanism. There is a big difference, and applications that talk Kerberos directly cannot communicate with those that talk GSSAPI. The wire protocols are not compatible, even though the underlying Kerberos protocol is in use. An example is telnet with Kerberos is a secure telnet program that authenticates a telnet user and encrypts data, including passwords exchanged over the network during the telnet session. The authentication and message protection features are provided using Kerberos. The telnet application with Kerberos only uses Kerberos, which is based on secret-key technology. However, a telnet program written to the GSSAPI interface can use Kerberos as well as other security mechanisms supported by GSSAPI.

    The Solaris OE does not deliver any libraries that provide support for third-party companies to program directly to the Kerberos API. The goal is to encourage developers to use the GSSAPI. Many open-source Kerberos implementations (MIT, Heimdal) allow users to write Kerberos applications directly.

    On the wire, the GSSAPI is compatible with Microsoft’s SSPI and thus GSSAPI applications can communicate with Microsoft applications that use SSPI and Kerberos.

    The GSSAPI is preferred because it is a standardized API, whereas Kerberos is not. This means that the MIT Kerberos development team might change the programming interface anytime, and any applications that exist today might not work in the future without some code modifications. Using GSSAPI avoids this problem.

    Another benefit of GSSAPI is its pluggable feature, which is a big benefit, especially if a developer later decides that there is a better authentication method than Kerberos, because it can easily be plugged into the system and the existing GSSAPI applications should be able to use it without being recompiled or patched in any way.

    Understanding Kerberos v5

    Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. Originally developed at the Massachusetts Institute of Technology, it is included in the Solaris OE to provide strong authentication for Solaris OE network applications.

    In addition to providing a secure authentication protocol, Kerberos also offers the ability to add privacy support (encrypted data streams) for remote applications such as telnet, ftp, rsh, rlogin, and other common UNIX network applications. In the Solaris OE, Kerberos can also be used to provide strong authentication and privacy support for Network File Systems (NFS), allowing secure and private file sharing across the network.

    Because of its widespread acceptance and implementation in other operating systems, including Windows 2000, HP-UX, and Linux, the Kerberos authentication protocol can interoperate in a heterogeneous environment, allowing users on machines running one OS to securely authenticate themselves on hosts of a different OS.

    The Kerberos software is available for Solaris OE versions 2.6, 7, 8, and 9 in a separate package called the Sun Enterprise Authentication Mechanism (SEAM) software. For Solaris 2.6 and Solaris 7 OE, Sun Enterprise Authentication Mechanism software is included as part of the Solaris Easy Access Server 3.0 (Solaris SEAS) package. For Solaris 8 OE, the Sun Enterprise Authentication Mechanism software package is available with the Solaris 8 OE Admin Pack.

    For Solaris 2.6 and Solaris 7 OE, the Sun Enterprise Authentication Mechanism software is freely available as part of the Solaris Easy Access Server 3.0 package available for download from:

    http://www.sun.com/software/solaris/7/ds/ds-seas.

    For Solaris 8 OE systems, Sun Enterprise Authentication Mechanism software is available in the Solaris 8 OE Admin Pack, available for download from:

    http://www.sun.com/bigadmin/content/adminPack/index.html.

    For Solaris 9 OE systems, Sun Enterprise Authentication Mechanism software is already installed by default and contains the following packages listed in TABLE 3-1.

    Table 3-1. Solaris 9 OE Kerberos v5 Packages

    Package Name

    Description

    SUNWkdcr

    Kerberos v5 KDC (root)

    SUNWkdcu

    Kerberos v5 Master KDC (user)

    SUNWkrbr

    Kerberos version 5 support (Root)

    SUNWkrbu

    Kerberos version 5 support (Usr)

    SUNWkrbux

    Kerberos version 5 support (Usr) (64-bit)

    All of these Sun Enterprise Authentication Mechanism software distributions are based on the MIT KRB5 Release version 1.0. The client programs in these distributions are compatible with later MIT releases (1.1, 1.2) and with other implementations that are compliant with the standard.

    How Kerberos Works

    The following is an overview of the Kerberos v5 authentication system. From the user’s standpoint, Kerberos v5 is mostly invisible after the Kerberos session has been started. Initializing a Kerberos session often involves no more than logging in and providing a Kerberos password.

    The Kerberos system revolves around the concept of a ticket. A ticket is a set of electronic information that serves as identification for a user or a service such as the NFS service. Just as your driver’s license identifies you and indicates what driving permissions you have, so a ticket identifies you and your network access privileges. When you perform a Kerberos-based transaction (for example, if you use rlogin to log in to another machine), your system transparently sends a request for a ticket to a Key Distribution Center, or KDC. The KDC accesses a database to authenticate your identity and returns a ticket that grants you permission to access the other machine. Transparently means that you do not need to explicitly request a ticket.

    Tickets have certain attributes associated with them. For example, a ticket can be forwardable (which means that it can be used on another machine without a new authentication process), or postdated (not valid until a specified time). How tickets are used (for example, which users are allowed to obtain which types of tickets) is set by policies that are determined when Kerberos is installed or administered.

    You will frequently see the terms credential and ticket. In the Kerberos world, they are often used interchangeably. Technically, however, a credential is a ticket plus the session key for that session.

    Initial Authentication

    Kerberos authentication has two phases, an initial authentication that allows for all subsequent authentications, and the subsequent authentications themselves.

    A client (a user, or a service such as NFS) begins a Kerberos session by requesting a ticket-granting ticket (TGT) from the Key Distribution Center (KDC). This request is often done automatically at login.

    A ticket-granting ticket is needed to obtain other tickets for specific services. Think of the ticket-granting ticket as something similar to a passport. Like a passport, the ticket-granting ticket identifies you and allows you to obtain numerous “visas,” where the “visas” (tickets) are not for foreign countries, but for remote machines or network services. Like passports and visas, the ticket-granting ticket and the other various tickets have limited lifetimes. The difference is that Kerberized commands notice that you have a passport and obtain the visas for you. You don’t have to perform the transactions yourself.

    The KDC creates a ticket-granting ticket and sends it back, in encrypted form, to the client. The client decrypts the ticket-granting ticket using the client’s password.

    Now in possession of a valid ticket-granting ticket, the client can request tickets for all sorts of network operations for as long as the ticket-granting ticket lasts. This ticket usually lasts for a few hours. Each time the client performs a unique network operation, it requests a ticket for that operation from the KDC.

    Subsequent Authentications

    The client requests a ticket for a particular service from the KDC by sending the KDC its ticket-granting ticket as proof of identity.

  • The KDC sends the ticket for the specific service to the client.

    For example, suppose user lucy wants to access an NFS file system that has been shared with krb5 authentication required. Since she is already authenticated (that is, she already has a ticket-granting ticket), as she attempts to access the files, the NFS client system automatically and transparently obtains a ticket from the KDC for the NFS service.

  • The client sends the ticket to the server.

    When using the NFS service, the NFS client automatically and transparently sends the ticket for the NFS service to the NFS server.

  • The server allows the client access.

    These steps make it appear that the server doesn’t ever communicate with the KDC. The server does, though, as it registers itself with the KDC, just as the first client does.

  • Principals

    A client is identified by its principal. A principal is a unique identity to which the KDC can assign tickets. A principal can be a user, such as joe, or a service, such as NFS.

    By convention, a principal name is divided into three parts: the primary, the instance, and the realm. A typical principal could be, for example, lucy/admin@EXAMPLE.COM, where:

    lucy is the primary. The primary can be a user name, as shown here, or a service, such as NFS. The primary can also be the word host, which signifies that this principal is a service principal that is set up to provide various network services.

    admin is the instance. An instance is optional in the case of user principals, but it is required for service principals. For example, if the user lucy sometimes acts as a system administrator, she can use lucy/admin to distinguish herself from her usual user identity. Likewise, if Lucy has accounts on two different hosts, she can use two principal names with different instances (for example, lucy/california.example.com and lucy/boston.example.com).

    Realms

    A realm is a logical network, similar to a domain, which defines a group of systems under the same master KDC. Some realms are hierarchical (one realm being a superset of the other realm). Otherwise, the realms are non-hierarchical (or direct) and the mapping between the two realms must be defined.

    Realms and KDC Servers

    Each realm must include a server that maintains the master copy of the principal database. This server is called the master KDC server. Additionally, each realm should contain at least one slave KDC server, which contains duplicate copies of the principal database. Both the master KDC server and the slave KDC server create tickets that are used to establish authentication.

    Understanding the Kerberos KDC

    The Kerberos Key Distribution Center (KDC) is a trusted server that issues Kerberos tickets to clients and servers to communicate securely. A Kerberos ticket is a block of data that is presented as the user’s credentials when attempting to access a Kerberized service. A ticket contains information about the user’s identity and a temporary encryption key, all encrypted in the server’s private key. In the Kerberos environment, any entity that is defined to have a Kerberos identity is referred to as a principal.

    A principal may be an entry for a particular user, host, or service (such as NFS or FTP) that is to interact with the KDC. Most commonly, the KDC server system also runs the Kerberos Administration Daemon, which handles administrative commands such as adding, deleting, and modifying principals in the Kerberos database. Typically, the KDC, the admin server, and the database are all on the same machine, but they can be separated if necessary. Some environments may require that multiple realms be configured with master KDCs and slave KDCs for each realm. The principals applied for securing each realm and KDC should be applied to all realms and KDCs in the network to ensure that there isn’t a single weak link in the chain.

    One of the first steps to take when initializing your Kerberos database is to create it using the kdb5_util command, which is located in /usr/sbin. When running this command, the user has the choice of whether to create a stash file or not. The stash file is a local copy of the master key that resides on the KDC’s local disk. The master key contained in the stash file is generated from the master password that the user enters when first creating the KDC database. The stash file is used to authenticate the KDC to itself automatically before starting the kadmind and krb5kdc daemons (for example, as part of the machine’s boot sequence).

    If a stash file is not used when the database is created, the administrator who starts up the krb5kdc process will have to manually enter the master key (password) every time they start the process. This may seem like a typical trade off between convenience and security, but if the rest of the system is sufficiently hardened and protected, very little security is lost by having the master key stored in the protected stash file. It is recommended that at least one slave KDC server be installed for each realm to ensure that a backup is available in the event that the master server becomes unavailable, and that slave KDC be configured with the same level of security as the master.

    Currently, the Sun Kerberos v5 Mechanism utility, kdb5_util, can create three types of keys, DES-CBC-CRC, DES-CBC-MD5, and DES-CBC-RAW. DES-CBC stands for DES encryption with Cipher Block Chaining and the CRC, MD5, and RAW designators refer to the checksum algorithm that is used. By default, the key created will be DES-CBC-CRC, which is the default encryption type for the KDC. The type of key created is specified on the command line with the -k option (see the kdb5_util (1M) man page). Choose the password for your stash file very carefully, because this password can be used in the future to decrypt the master key and modify the database. The password may be up to 1024 characters long and can include any combination of letters, numbers, punctuation, and spaces.

    The following is an example of creating a stash file:

    kdc1 #/usr/sbin/kdb5_util create -r EXAMPLE.COM -s Initializing database '/var/krb5/principal' for realm 'EXAMPLE.COM' master key name 'K/M@EXAMPLE.COM' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: master_key Re-enter KDC database master key to verify: master_key

    Notice the use of the -s argument to create the stash file. The location of the stash file is in the /var/krb5. The stash file appears with the following mode and ownership settings:

    kdc1 # cd /var/krb5 kdc1 # ls -l -rw------- 1 root other 14 Apr 10 14:28 .k5.EXAMPLE.COM

    The directory used to store the stash file and the database should not be shared or exported.

    Secure Settings in the KDC Configuration File

    The KDC and Administration daemons both read configuration information from /etc/krb5/kdc.conf. This file contains KDC-specific parameters that govern overall behavior for the KDC and for specific realms. The parameters in the kdc.conf file are explained in detail in the kdc.conf(4) man page.

    The kdc.conf parameters describe locations of various files and ports to use for accessing the KDC and the administration daemon. These parameters generally do not need to be changed, and doing so does not result in any added security. However, there are some parameters that may be adjusted to enhance the overall security of the KDC. The following are some examples of adjustable parameters that enhance security.

  • kdc_ports – Defines the ports that the KDC will listen on to receive requests. The standard port for Kerberos v5 is 88. 750 is included and commonly used to support older clients that still use the default port designated for Kerberos v4. Solaris OE still listens on port 750 for backwards compatibility. This is not considered a security risk.

  • max_life – Defines the maximum lifetime of a ticket, and defaults to eight hours. In environments where it is desirable to have users re-authenticate frequently and to reduce the chance of having a principal’s credentials stolen, this value should be lowered. The recommended value is eight hours.

  • max_renewable_life – Defines the period of time from when a ticket is issued that it may be renewed (using kinit -R). The standard value here is 7 days. To disable renewable tickets, this value may be set to 0 days, 0 hrs, 0 min. The recommended value is 7d 0h 0m 0s.

  • default_principal_expiration – A Kerberos principal is any unique identity to which Kerberos can assign a ticket. In the case of users, it is the same as the UNIX system user name. The default lifetime of any principal in the realm may be defined in the kdc.conf file with this option. This should be used only if the realm will contain temporary principals, otherwise the administrator will have to constantly be renewing principals. Usually, this setting is left undefined and principals do not expire. This is not insecure as long as the administrator is vigilant about removing principals for users that no longer need access to the systems.

  • supported_enctypes – The encryption types supported by the KDC may be defined with this option. At this time, Sun Enterprise Authentication Mechanism software only supports des-cbc-crc:normal encryption type, but in the future this may be used to ensure that only strong cryptographic ciphers are used.

  • dict_file – The location of a dictionary file containing strings that are not allowed as passwords. A principal with any password policy (see below) will not be able to use words found in this dictionary file. This is not defined by default. Using a dictionary file is a good way to prevent users from creating trivial passwords to protect their accounts, and thus helps avoid one of the most common weaknesses in a computer network-guessable passwords. The KDC will only check passwords against the dictionary for principals which have a password policy association, so it is good practice to have at least one simple policy associated with all principals in the realm.

  • The Solaris OE has a default system dictionary that is used by the spell program that may also be used by the KDC as a dictionary of common passwords. The location of this file is: /usr/share/lib/dict/words. Other dictionaries may be substituted. The format is one word or phrase per line.

    The following is a Kerberos v5 /etc/krb5/kdc.conf example with suggested settings:

    # Copyright 1998-2002 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "@(#)kdc.conf 1.2 02/02/14 SMI" [kdcdefaults] kdc_ports = 88,750 [realms] ___default_realm___ = { profile = /etc/krb5/krb5.conf database_name = /var/krb5/principal admin_keytab = /etc/krb5/kadm5.keytab acl_file = /etc/krb5/kadm5.acl kadmind_port = 749 max_life = 8h 0m 0s max_renewable_life = 7d 0h 0m 0s default_principal_flags = +preauth Needs moving -- dict_file = /usr/share/lib/dict/words } Access Control

    The Kerberos administration server allows for granular control of the administrative commands by use of an access control list (ACL) file (/etc/krb5/kadm5.acl). The syntax for the ACL file allows for wildcarding of principal names so it is not necessary to list every single administrator in the ACL file. This feature should be used with great care. The ACLs used by Kerberos allow privileges to be broken down into very precise functions that each administrator can perform. If a certain administrator only needs to be allowed to have read-access to the database then that person should not be granted full admin privileges. Below is a list of the privileges allowed:

  • a – Allows the addition of principals or policies in the database.

  • A – Prohibits the addition of principals or policies in the database.

  • d – Allows the deletion of principals or policies in the database.

  • D – Prohibits the deletion of principals or policies in the database.

  • m – Allows the modification of principals or policies in the database.

  • M – Prohibits the modification of principals or policies in the database.

  • c – Allows the changing of passwords for principals in the database.

  • C – Prohibits the changing of passwords for principals in the database.

  • i – Allows inquiries to the database.

  • I – Prohibits inquiries to the database.

  • l – Allows the listing of principals or policies in the database.

  • L – Prohibits the listing of principals or policies in the database.

  • * – Short for all privileges (admcil).

  • x – Short for all privileges (admcil). Identical to *.

  • Adding Administrators

    After the ACLs are set up, actual administrator principals should be added to the system. It is strongly recommended that administrative users have separate /admin principals to use only when administering the system. For example, user Lucy would have two principals in the database - lucy@REALM and lucy/admin@REALM. The /admin principal would only be used when administering the system, not for getting ticket-granting-tickets (TGTs) to access remote services. Using the /admin principal only for administrative purposes minimizes the chance of someone walking up to Joe’s unattended terminal and performing unauthorized administrative commands on the KDC.

    Kerberos principals may be differentiated by the instance part of their principal name. In the case of user principals, the most common instance identifier is /admin. It is standard practice in Kerberos to differentiate user principals by defining some to be /admin instances and others to have no specific instance identifier (for example, lucy/admin@REALM versus lucy@REALM). Principals with the /admin instance identifier are assumed to have administrative privileges defined in the ACL file and should only be used for administrative purposes. A principal with an /admin identifier which does not match up with any entries in the ACL file will not be granted any administrative privileges, it will be treated as a non-privileged user principal. Also, user principals with the /admin identifier are given separate passwords and separate permissions from the non-admin principal for the same user.

    The following is a sample /etc/krb5/kadm5.acl file:

    # Copyright (c) 1998-2000 by Sun Microsystems, Inc. # All rights reserved. # #pragma ident "@(#)kadm5.acl 1.1 01/03/19 SMI" # lucy/admin is given full administrative privilege lucy/admin@EXAMPLE.COM * # # tom/admin user is allowed to query the database (d), listing principals # (l), and changing user passwords (c) # tom/admin@EXAMPLE.COM dlc

    It is highly recommended that the kadm5.acl file be tightly controlled and that users be granted only the privileges they need to perform their assigned tasks.

    Creating Host Keys

    Creating host keys for systems in the realm such as slave KDCs is performed the same way that creating user principals is performed. However, the -randkey option should always be used, so no one ever knows the actual key for the hosts. Host principals are almost always stored in the keytab file, to be used by root-owned processes that wish to act as Kerberos services for the local host. It is rarely necessary for anyone to actually know the password for a host principal because the key is stored safely in the keytab and is only accessible by root-owned processes, never by actual users.

    When creating keytab files, the keys should always be extracted from the KDC on the same machine where the keytab is to reside using the ktadd command from a kadmin session. If this is not feasible, take great care in transferring the keytab file from one machine to the next. A malicious attacker who possesses the contents of the keytab file could use these keys from the file in order to gain access to another user or services credentials. Having the keys would then allow the attacker to impersonate whatever principal that the key represented and further compromise the security of that Kerberos realm. Some suggestions for transferring the keytab are to use Kerberized, encrypted ftp transfers, or to use the secure file transfer programs scp or sftp offered with the SSH package (http://www.openssh.org). Another safe method is to place the keytab on a removable disk, and hand-deliver it to the destination.

    Hand delivery does not scale well for large installations, so using the Kerberized ftp daemon is perhaps the most convenient and secure method available.

    Using NTP to Synchronize Clocks

    All servers participating in the Kerberos realm need to have their system clocks synchronized to within a configurable time limit (default 300 seconds). The safest, most secure way to systematically synchronize the clocks on a network of Kerberos servers is by using the Network Time Protocol (NTP) service. The Solaris OE comes with an NTP client and NTP server software (SUNWntpu package). See the ntpdate(1M) and xntpd(1M) man pages for more information on the individual commands. For more information on configuring NTP, refer to the following Sun BluePrints OnLine NTP articles:

    It is critical that the time be synchronized in a secure manner. A simple denial of service attack on either a client or a server would involve just skewing the time on that system to be outside of the configured clock skew value, which would then prevent anyone from acquiring TGTs from that system or accessing Kerberized services on that system. The default clock-skew value of five minutes is the maximum recommended value.

    The NTP infrastructure must also be secured, including the use of server hardening for the NTP server and application of NTP security features. Using the Solaris Security Toolkit software (formerly known as JASS) with the secure.driver script to create a minimal system and then installing just the necessary NTP software is one such method. The Solaris Security Toolkit software is available at:

    http://www.sun.com/security/jass/

    Documentation on the Solaris Security Toolkit software is available at:

    http://www.sun.com/security/blueprints

    Establishing Password Policies

    Kerberos allows the administrator to define password policies that can be applied to some or all of the user principals in the realm. A password policy contains definitions for the following parameters:

  • Minimum Password Length – The number of characters in the password, for which the recommended value is 8.

  • Maximum Password Classes – The number of different character classes that must be used to make up the password. Letters, numbers, and punctuation are the three classes and valid values are 1, 2, and 3. The recommended value is 2.

  • Saved Password History – The number of previous passwords that have been used by the principal that cannot be reused. The recommended value is 3.

  • Minimum Password Lifetime (seconds) – The minimum time that the password must be used before it can be changed. The recommended value is 3600 (1 hour).

  • Maximum Password Lifetime (seconds) – The maximum time that the password can be used before it must be changed. The recommended value is 7776000 (90 days).

  • These values can be set as a group and stored as a single policy. Different policies can be defined for different principals. It is recommended that the minimum password length be set to at least 8 and that at least 2 classes be required. Most people tend to choose easy-to-remember and easy-to-type passwords, so it is a good idea to at least set up policies to encourage slightly more difficult-to-guess passwords through the use of these parameters. Setting the Maximum Password Lifetime value may be helpful in some environments, to force people to change their passwords periodically. The period is up to the local administrator according to the overriding corporate security policy used at that particular site. Setting the Saved Password History value combined with the Minimum Password Lifetime value prevents people from simply switching their password several times until they get back to their original or favorite password.

    The maximum password length supported is 255 characters, unlike the UNIX password database which only supports up to 8 characters. Passwords are stored in the KDC encrypted database using the KDC default encryption method, DES-CBC-CRC. In order to prevent password guessing attacks, it is recommended that users choose long passwords or pass phrases. The 255 character limit allows one to choose a small sentence or easy to remember phrase instead of a simple one-word password.

    It is possible to use a dictionary file that can be used to prevent users from choosing common, easy-to-guess words (see “Secure Settings in the KDC Configuration File” on page 70). The dictionary file is only used when a principal has a policy association, so it is highly recommended that at least one policy be in effect for all principals in the realm.

    The following is an example password policy creation:

    If you specify a kadmin command without specifying any options, kadmin displays the syntax (usage information) for that command. The following code box shows this, followed by an actual add_policy command with options.

    kadmin: add_policy usage: add_policy [options] policy options are: [-maxlife time] [-minlife time] [-minlength length] [-minclasses number] [-history number] kadmin: add_policy -minlife "1 hour" -maxlife "90 days" -minlength 8 -minclasses 2 -history 3 passpolicy kadmin: get_policy passpolicy Policy: passpolicy Maximum password life: 7776000 Minimum password life: 3600 Minimum password length: 8 Minimum number of password character classes: 2 Number of old keys kept: 3 Reference count: 0

    This example creates a password policy called passpolicy which enforces a maximum password lifetime of 90 days, minimum length of 8 characters, a minimum of 2 different character classes (letters, numbers, punctuation), and a password history of 3.

    To apply this policy to an existing user, modify the following:

    kadmin: modprinc -policy passpolicy lucyPrincipal "lucy@EXAMPLE.COM" modified.

    To modify the default policy that is applied to all user principals in a realm, change the following:

    kadmin: modify_policy -maxlife "90 days" -minlife "1 hour" -minlength 8 -minclasses 2 -history 3 default kadmin: get_policy default Policy: default Maximum password life: 7776000 Minimum password life: 3600 Minimum password length: 8 Minimum number of password character classes: 2 Number of old keys kept: 3 Reference count: 1

    The Reference count value indicates how many principals are configured to use the policy.

    The default policy is automatically applied to all new principals that are not given the same password as the principal name when they are created. Any account with a policy assigned to it is uses the dictionary (defined in the dict_file parameter in /etc/krb5/kdc.conf) to check for common passwords.

    Backing Up a KDC

    Backups of a KDC system should be made regularly or according to local policy. However, backups should exclude the /etc/krb5/krb5.keytab file. If the local policy requires that backups be done over a network, then these backups should be secured either through the use of encryption or possibly by using a separate network interface that is only used for backup purposes and is not exposed to the same traffic as the non-backup network traffic. Backup storage media should always be kept in a secure, fireproof location.

    Monitoring the KDC

    Once the KDC is configured and running, it should be continually and vigilantly monitored. The Sun Kerberos v5 software KDC logs information into the /var/krb5/kdc.log file, but this location can be modified in the /etc/krb5/krb5.conf file, in the logging section.

    [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log

    The KDC log file should have read and write permissions for the root user only, as follows:

    -rw------ 1 root other 750 25 May 10 17:55 /var/krb5/kdc.log Kerberos Options

    The /etc/krb5/krb5.conf file contains information that all Kerberos applications use to determine what server to talk to and what realm they are participating in. Configuring the krb5.conf file is covered in the Sun Enterprise Authentication Mechanism Software Installation Guide. Also refer to the krb5.conf(4) man page for a full description of this file.

    The appdefaults section in the krb5.conf file contains parameters that control the behavior of many Kerberos client tools. Each tool may have its own section in the appdefaults section of the krb5.conf file.

    Many of the applications that use the appdefaults section, use the same options; however, they might be set in different ways for each client application.

    Kerberos Client Applications

    The following Kerberos applications can have their behavior modified through the user of options set in the appdefaults section of the /etc/krb5/krb5.conf file or by using various command-line arguments. These clients and their configuration settings are described below.

    kinit

    The kinit client is used by people who want to obtain a TGT from the KDC. The /etc/krb5/krb5.conf file supports the following kinit options: renewable, forwardable, no_addresses, max_life, max_renewable_life and proxiable.

    telnet

    The Kerberos telnet client has many command-line arguments that control its behavior. Refer to the man page for complete information. However, there are several interesting security issues involving the Kerberized telnet client.

    The telnet client uses a session key even after the service ticket which it was derived from has expired. This means that the telnet session remains active even after the ticket originally used to gain access, is no longer valid. This is insecure in a strict environment, however, the trade off between ease of use and strict security tends to lean in favor of ease-of-use in this situation. It is recommended that the telnet connection be re-initialized periodically by disconnecting and reconnecting with a new ticket. The overall lifetime of a ticket is defined by the KDC (/etc/krb5/kdc.conf), normally defined as eight hours.

    The telnet client allows the user to forward a copy of the credentials (TGT) used to authenticate to the remote system using the -f and -F command-line options. The -f option sends a non-forwardable copy of the local TGT to the remote system so that the user can access Kerberized NFS mounts or other local Kerberized services on that system only. The -F option sends a forwardable TGT to the remote system so that the TGT can be used from the remote system to gain further access to other remote Kerberos services beyond that point. The -F option is a superset of -f. If the Forwardable and or forward options are set to false in the krb5.conf file, these command-line arguments can be used to override those settings, thus giving individuals the control over whether and how their credentials are forwarded.

    The -x option should be used to turn on encryption for the data stream. This further protects the session from eavesdroppers. If the telnet server does not support encryption, the session is closed. The /etc/krb5/krb5.conf file supports the following telnet options: forward, forwardable, encrypt, and autologin. The autologin [true/false] parameter tells the client to try and attempt to log in without prompting the user for a user name. The local user name is passed on to the remote system in the telnet negotiations.

    rlogin and rsh

    The Kerberos rlogin and rsh clients behave much the same as their non-Kerberized equivalents. Because of this, it is recommended that if they are required to be included in the network files such as /etc/hosts.equiv and .rhosts that the root users directory be removed. The Kerberized versions have the added benefit of using Kerberos protocol for authentication and can also use Kerberos to protect the privacy of the session using encryption.

    Similar to telnet described previously, the rlogin and rsh clients use a session key after the service ticket which it was derived from has expired. Thus, for maximum security, rlogin and rsh sessions should be re-initialized periodically. rlogin uses the -f, -F, and -x options in the same fashion as the telnet client. The /etc/krb5/krb5.conf file supports the following rlogin options: forward, forwardable, and encrypt.

    Command-line options override configuration file settings. For example, if the rsh section in the krb5.conf file indicates encrypt false, but the -x option is used on the command line, an encrypted session is used.

    rcp

    Kerberized rcp can be used to transfer files securely between systems using Kerberos authentication and encryption (with the -x command-line option). It does not prompt for passwords, the user must already have a valid TGT before using rcp if they wish to use the encryption feature. However, beware if the -x option is not used and no local credentials are available, the rcp session will revert to the standard, non-Kerberized (and insecure) rcp behavior. It is highly recommended that users always use the -x option when using the Kerberized rcp client.The /etc/krb5/krb5.conf file supports the encrypt [true/false] option.

    login

    The Kerberos login program (login.krb5) is forked from a successful authentication by the Kerberized telnet daemon or the Kerberized rlogin daemon. This Kerberos login daemon is separate from the standard Solaris OE login daemon and thus, the standard Solaris OE features such as BSM auditing are not yet supported when using this daemon. The /etc/krb5/krb5.conf file supports the krb5_get_tickets [true/false] option. If this option is set to true, then the login program will generate a new Kerberos ticket (TGT) for the user upon proper authentication.

    ftp

    The Sun Enterprise Authentication Mechanism (SEAM) version of the ftp client uses the GSSAPI (RFC 2743) with Kerberos v5 as the default mechanism. This means that it uses Kerberos authentication and (optionally) encryption through the Kerberos v5 GSS mechanism. The only Kerberos-related command-line options are -f and -m. The -f option is the same as described above for telnet (there is no need for a -F option). -m allows the user to specify an alternative GSS mechanism if so desired, the default is to use the kerberos_v5 mechanism.

    The protection level used for the data transfer can be set using the protect command at the ftp prompt. Sun Enterprise Authentication Mechanism software ftp supports the following protection levels:

  • Clear unprotected, unencrypted transmission

  • Safe data is integrity protected using cryptographic checksums

  • Private data is transmitted with confidentiality and integrity using encryption

  • It is recommended that users set the protection level to private for all data transfers. The ftp client program does not support or reference the krb5.conf file to find any optional parameters. All ftp client options are passed on the command line. See the man page for the Kerberized ftp client, ftp(1).

    In summary, adding Kerberos to a network can increase the overall security available to the users and administrators of that network. Remote sessions can be securely authenticated and encrypted, and shared disks can be secured and encrypted across the network. In addition, Kerberos allows the database of user and service principals to be managed securely from any machine which supports the SEAM software Kerberos protocol. SEAM is interoperable with other RFC 1510 compliant Kerberos implementations such as MIT Krb5 and some MS Windows 2000 Active Directory services. Adopting the practices recommended in this section further secure the SEAM software infrastructure to help ensure a safer network environment.

    Implementing the Sun ONE Directory Server 5.2 Software and the GSSAPI Mechanism

    This section provides a high-level overview, followed by the in-depth procedures that describe the setup necessary to implement the GSSAPI mechanism and the Sun ONE Directory Server 5.2 software. This implementation assumes a realm of EXAMPLE.COM for this purpose. The following list gives an initial high-level overview of the steps required, with the next section providing the detailed information.

  • Setup DNS on the client machine. This is an important step because Kerberos requires DNS.

  • Install and configure the Sun ONE Directory Server version 5.2 software.

  • Check that the directory server and client both have the SASL plug-ins installed.

  • Install and configure Kerberos v5.

  • Edit the /etc/krb5/krb5.conf file.

  • Edit the /etc/krb5/kdc.conf file.

  • Edit the /etc/krb5/kadm5.acl file.

  • Move the kerberos_v5 line so it is the first line in the /etc/gss/mech file.

  • Create new principals using kadmin.local, which is an interactive commandline interface to the Kerberos v5 administration system.

  • Modify the rights for /etc/krb5/krb5.keytab. This access is necessary for the Sun ONE Directory Server 5.2 software.

  • Run /usr/sbin/kinit.

  • Check that you have a ticket with /usr/bin/klist.

  • Perform an ldapsearch, using the ldapsearch command-line tool from the Sun ONE Directory Server 5.2 software to test and verify.

  • The sections that follow fill in the details.

    Configuring a DNS Client

    To be a DNS client, a machine must run the resolver. The resolver is neither a daemon nor a single program. It is a set of dynamic library routines used by applications that need to know machine names. The resolver’s function is to resolve users’ queries. To do that, it queries a name server, which then returns either the requested information or a referral to another server. Once the resolver is configured, a machine can request DNS service from a name server.

    The following example shows you how to configure the resolv.conf(4) file in the server kdc1 in the example.com domain.

    ; ; /etc/resolv.conf file for dnsmaster ; domain example.com nameserver 192.168.0.0 nameserver 192.168.0.1

    The first line of the /etc/resolv.conf file lists the domain name in the form:

    domain domainname

    No spaces or tabs are permitted at the end of the domain name. Make sure that you press return immediately after the last character of the domain name.

    The second line identifies the server itself in the form:

    nameserver IP_address

    Succeeding lines list the IP addresses of one or two slave or cache-only name servers that the resolver should consult to resolve queries. Name server entries have the form:

    nameserver IP_address

    IP_address is the IP address of a slave or cache-only DNS name server. The resolver queries these name servers in the order they are listed until it obtains the information it needs.

    For more detailed information of what the resolv.conf file does, refer to the resolv.conf(4) man page.

    To Configure Kerberos v5 (Master KDC)

    In the this procedure, the following configuration parameters are used:

  • Realm name = EXAMPLE.COM

  • DNS domain name = example.com

  • Master KDC = kdc1.example.com

  • admin principal = lucy/admin

  • Online help URL = http://example:8888/ab2/coll.384.1/SEAM/@AB2PageView/6956

  • This procedure requires that DNS is running.

    Before you begin this configuration process, make a backup of the /etc/krb5 files.

  • Become superuser on the master KDC. (kdc1, in this example)

  • Edit the Kerberos configuration file (krb5.conf).

    You need to change the realm names and the names of the servers. See the krb5.conf(4) man page for a full description of this file.

    kdc1 # more /etc/krb5/krb5.conf [libdefaults] default_realm = EXAMPLE.COM [realms] EXAMPLE.COM = { kdc = kdc1.example.com admin server = kdc1.example.com } [domain_realm] .example.com = EXAMPLE.COM [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log [appdefaults] gkadmin = { help_url = http://example:8888/ab2/coll.384.1/SEAM/@AB2PageView/6956 }

    In this example, the lines for domain_realm, kdc, admin_server, and all domain_realm entries were changed. In addition, the line with ___slave_kdcs___ in the [realms] section was deleted and the line that defines the help_url was edited.

  • Edit the KDC configuration file (kdc.conf).

    You must change the realm name. See the kdc.conf( 4) man page for a full description of this file.

    kdc1 # more /etc/krb5/kdc.conf [kdcdefaults] kdc_ports = 88,750 [realms] EXAMPLE.COM= { profile = /etc/krb5/krb5.conf database_name = /var/krb5/principal admin_keytab = /etc/krb5/kadm5.keytab acl_file = /etc/krb5/kadm5.acl kadmind_port = 749 max_life = 8h 0m 0s max_renewable_life = 7d 0h 0m 0s Need moving ---------> default_principal_flags = +preauth }

    In this example, only the realm name definition in the [realms] section is changed.

  • Create the KDC database by using the kdb5_util command.

    The kdb5_util command, which is located in /usr/sbin, creates the KDC database. When used with the -s option, this command creates a stash file that is used to authenticate the KDC to itself before the kadmind and krb5kdc daemons are started.

    kdc1 # /usr/sbin/kdb5_util create -r EXAMPLE.COM -s Initializing database '/var/krb5/principal' for realm 'EXAMPLE.COM' master key name 'K/M@EXAMPLE.COM' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: key Re-enter KDC database master key to verify: key

    The -r option followed by the realm name is not required if the realm name is equivalent to the domain name in the server’s name space.

  • Edit the Kerberos access control list file (kadm5.acl).

    Once populated, the /etc/krb5/kadm5.acl file contains all principal names that are allowed to administer the KDC. The first entry that is added might look similar to the following:

    lucy/admin@EXAMPLE.COM *

    This entry gives the lucy/admin principal in the EXAMPLE.COM realm the ability to modify principals or policies in the KDC. The default installation includes an asterisk (*) to match all admin principals. This default could be a security risk, so it is more secure to include a list of all of the admin principals. See the kadm5.acl(4) man page for more information.

  • Edit the /etc/gss/mech file.

    The /etc/gss/mech file contains the GSSAPI based security mechanism names, its object identifier (OID), and a shared library that implements the services for that mechanism under the GSSAPI. Change the following from:

    # Mechanism Name Object Identifier Shared Library Kernel Module # diffie_hellman_640_0 1.3.6.4.1.42.2.26.2.4 dh640-0.so.1 diffie_hellman_1024_0 1.3.6.4.1.42.2.26.2.5 dh1024-0.so.1 kerberos_v5 1.2.840.113554.1.2.2 gl/mech_krb5.so gl_kmech_krb5

    To the following:

    # Mechanism Name Object Identifier Shared Library Kernel Module # kerberos_v5 1.2.840.113554.1.2.2 gl/mech_krb5.so gl_kmech_krb5 diffie_hellman_640_0 1.3.6.4.1.42.2.26.2.4 dh640-0.so.1 diffie_hellman_1024_0 1.3.6.4.1.42.2.26.2.5 dh1024-0.so.1
  • Run the kadmin.local command to create principals.

    You can add as many admin principals as you need. But you must add at least one admin principal to complete the KDC configuration process. In the following example, lucy/admin is added as the principal.

    kdc1 # /usr/sbin/kadmin.local kadmin.local: addprinc lucy/admin Enter password for principal "lucy/admin@EXAMPLE.COM": Re-enter password for principal "lucy/admin@EXAMPLE.COM": Principal "lucy/admin@EXAMPLE.COM" created. kadmin.local:
  • Create a keytab file for the kadmind service.

    The following command sequence creates a special keytab file with principal entries for lucy and tom. These principals are needed for the kadmind service. In addition, you can optionally add NFS service principals, host principals, LDAP principals, and so on.

    When the principal instance is a host name, the fully qualified domain name (FQDN) must be entered in lowercase letters, regardless of the case of the domain name in the /etc/resolv.conf file.

    kadmin.local: ktadd -k /etc/krb5/kadm5.keytab kadmin/kdc1.example.com Entry for principal kadmin/kdc1.example.com with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/kadm5.keytab. kadmin.local: ktadd -k /etc/krb5/kadm5.keytab changepw/kdc1.example.com Entry for principal changepw/kdc1.example.com with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/kadm5.keytab. kadmin.local:

    Once you have added all of the required principals, you can exit from kadmin.local as follows:

    kadmin.local: quit
  • Start the Kerberos daemons as shown:

    kdc1 # /etc/init.d/kdc start kdc1 # /etc/init.d/kdc.master start

    Note

    You stop the Kerberos daemons by running the following commands:

    kdc1 # /etc/init.d/kdc stop kdc1 # /etc/init.d/kdc.master stop
  • Add principals by using the SEAM Administration Tool.

    To do this, you must log on with one of the admin principal names that you created earlier in this procedure. However, the following command-line example is shown for simplicity.

    kdc1 # /usr/sbin/kadmin -p lucy/admin Enter password: kws_admin_password kadmin:
  • Create the master KDC host principal which is used by Kerberized applications such as klist and kprop.

    kadmin: addprinc -randkey host/kdc1.example.com Principal "host/kdc1.example.com@EXAMPLE.COM" created. kadmin:
  • (Optional) Create the master KDC root principal which is used for authenticated NFS mounting.

    kadmin: addprinc root/kdc1.example.com Enter password for principal root/kdc1.example.com@EXAMPLE.COM: password Re-enter password for principal root/kdc1.example.com@EXAMPLE.COM: password Principal "root/kdc1.example.com@EXAMPLE.COM" created. kadmin:
  • Add the master KDC’s host principal to the master KDC’s keytab file which allows this principal to be used automatically.

    kadmin: ktadd host/kdc1.example.com kadmin: Entry for principal host/kdc1.example.com with ->kvno 3, encryption type DES-CBC-CRC added to keytab ->WRFILE:/etc/krb5/krb5.keytab kadmin:

    Once you have added all of the required principals, you can exit from kadmin as follows:

    kadmin: quit
  • Run the kinit command to obtain and cache an initial ticket-granting ticket (credential) for the principal.

    This ticket is used for authentication by the Kerberos v5 system. kinit only needs to be run by the client at this time. If the Sun ONE directory server were a Kerberos client also, this step would need to be done for the server. However, you may want to use this to verify that Kerberos is up and running.

    kdclient # /usr/bin/kinit root/kdclient.example.com Password for root/kdclient.example.com@EXAMPLE.COM: passwd
  • Check and verify that you have a ticket with the klist command.

    The klist command reports if there is a keytab file and displays the principals. If the results show that there is no keytab file or that there is no NFS service principal, you need to verify the completion of all of the previous steps.

    # klist -k Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal ---- ------------------------------------------------------------------ 3 nfs/host.example.com@EXAMPLE.COM

    The example given here assumes a single domain. The KDC may reside on the same machine as the Sun ONE directory server for testing purposes, but there are security considerations to take into account on where the KDCs reside.

  • With regards to the configuration of Kerberos v5 in conjunction with the Sun ONE Directory Server 5.2 software, you are finished with the Kerberos v5 part. It’s now time to look at what is required to be configured on the Sun ONE directory server side.

    Sun ONE Directory Server 5.2 GSSAPI Configuration

    As previously discussed, the Generic Security Services Application Program Interface (GSSAPI), is standard interface that enables you to use a security mechanism such as Kerberos v5 to authenticate clients. The server uses the GSSAPI to actually validate the identity of a particular user. Once this user is validated, it’s up to the SASL mechanism to apply the GSSAPI mapping rules to obtain a DN that is the bind DN for all operations during the connection.

    The first item discussed is the new identity mapping functionality.

    The identity mapping service is required to map the credentials of another protocol, such as SASL DIGEST-MD5 and GSSAPI to a DN in the directory server. As you will see in the following example, the identity mapping feature uses the entries in the cn=identity mapping, cn=config configuration branch, whereby each protocol is defined and whereby each protocol must perform the identity mapping. For more information on the identity mapping feature, refer to the Sun ONE Directory Server 5.2 Documents.

    To Perform the GSSAPI Configuration for the Sun ONE Directory Server Software
  • Check and verify, by retrieving the rootDSE entry, that the GSSAPI is returned as one of the supported SASL Mechanisms.

    Example of using ldapsearch to retrieve the rootDSE and get the supported SASL mechanisms:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -b "" -s base "(objectclass=*)" supportedSASLMechanisms supportedSASLMechanisms=EXTERNAL supportedSASLMechanisms=GSSAPI supportedSASLMechanisms=DIGEST-MD5
  • Verify that the GSSAPI mechanism is enabled.

    By default, the GSSAPI mechanism is enabled.

    Example of using ldapsearch to verify that the GSSAPI SASL mechanism is enabled:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -D"cn=Directory Manager" -w password -b "cn=SASL, cn=security,cn= config" "(objectclass=*)" # # Should return # cn=SASL, cn=security, cn=config objectClass=top objectClass=nsContainer objectClass=dsSaslConfig cn=SASL dsSaslPluginsPath=/var/Sun/mps/lib/sasl dsSaslPluginsEnable=DIGEST-MD5 dsSaslPluginsEnable=GSSAPI
  • Create and add the GSSAPI identity-mapping.ldif.

    Add the LDIF shown below to the Sun ONE Directory Server so that it contains the correct suffix for your directory server.

    You need to do this because by default, no GSSAPI mappings are defined in the Sun ONE Directory Server 5.2 software.

    Example of a GSSAPI identity mapping LDIF file:

    # dn: cn=GSSAPI,cn=identity mapping,cn=config objectclass: nsContainer objectclass: top cn: GSSAPI dn: cn=default,cn=GSSAPI,cn=identity mapping,cn=config objectclass: dsIdentityMapping objectclass: nsContainer objectclass: top cn: default dsMappedDN: uid=${Principal},ou=people,dc=example,dc=com dn: cn=same_realm,cn=GSSAPI,cn=identity mapping,cn=config objectclass: dsIdentityMapping objectclass: dsPatternMatching objectclass: nsContainer objectclass: top cn: same_realm dsMatching-pattern: ${Principal} dsMatching-regexp: (.*)@example.com dsMappedDN: uid=$1,ou=people,dc=example,dc=com

    It is important to make use of the ${Principal} variable, because it is the only input you have from SASL in the case of GSSAPI. Either you need to build a dn using the ${Principal} variable or you need to perform pattern matching to see if you can apply a particular mapping. A principal corresponds to the identity of a user in Kerberos.

    You can find an example GSSAPI LDIF mappings files in ServerRoot/slapdserver/ldif/identityMapping_Examples.ldif.

    The following is an example using ldapmodify to do this:

    $./ldapmodify -a -c -h directoryserver_hostname -p ldap_port -D "cn=Directory Manager" -w password -f identity-mapping.ldif -e /var/tmp/ldif.rejects 2> /var/tmp/ldapmodify.log
  • Perform a test using ldapsearch.

    To perform this test, type the following ldapsearch command as shown below, and answer the prompt with the kinit value you previously defined.

    Example of using ldapsearch to test the GSSAPI mechanism:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -o mech=GSSAPI -o authzid="root/hostname.domainname@EXAMPLE.COM" -b "" -s base "(objectclass=*)"

    The output that is returned should be the same as without the -o option.

    If you do not use the -h hostname option, the GSS code ends up looking for a localhost.domainname Kerberos ticket, and an error occurs.


  • Guide to vendor-specific IT security certifications | killexams.com real questions and Pass4sure dumps

    Despite the wide selection of vendor-specific information technology security certifications, identifying which...

    ones best suit your educational or career needs is fairly straightforward.

    This guide to vendor-specific IT security certifications includes an alphabetized table of security certification programs from various vendors, a brief description of each certification and advice for further details.

    Introduction: Choosing vendor-specific information technology security certifications

    The process of choosing the right vendor-specific information technology security certifications is much simpler than choosing vendor-neutral ones. In the vendor-neutral landscape, you must evaluate the pros and cons of various programs to select the best option. On the vendor-specific side, it's only necessary to follow these three steps:

  • Inventory your organization's security infrastructure and identify which vendors' products or services are present.
  • Check this guide (or vendor websites, for products not covered here) to determine whether a certification applies to the products or services in your organization.
  • Decide if spending the time and money to obtain such credentials (or to fund them for your employees) is worth the resulting benefits.
  • In an environment where qualified IT security professionals can choose from numerous job openings, the benefits of individual training and certifications can be hard to appraise.

    Many employers pay certification costs to develop and retain their employees, as well as to boost the organization's in-house expertise. Most see this as a win-win for employers and employees alike, though employers often require full or partial reimbursement for the related costs incurred if employees leave their jobs sooner than some specified payback period after certification.

    There have been quite a few changes since the last survey update in 2015. The Basic category saw a substantial jump in the number of available IT security certifications due to the addition of several Brainbench certifications, in addition to the Cisco Certified Network Associate (CCNA) Cyber Ops certification, the Fortinet Network Security Expert Program and new IBM certifications. 

    2017 IT security certification changes

    Certifications from AccessData, Check Point, IBM and Oracle were added to the Intermediate category, increasing the total number of certifications in that category, as well. However, the number of certifications in the Advanced category decreased, due to several IBM certifications being retired. 

    Vendor IT security certifications Basic information technology security certifications 

    Brainbench basic security certificationsBrainbench offers several basic-level information technology security certifications, each requiring the candidate to pass one exam. Brainbench security-related certifications include:

  • Backup Exec 11d (Symantec)
  • Check Point FireWall-1 Administration
  • Check Point Firewall-1 NG Administration
  • Cisco Security
  • Microsoft Security
  • NetBackup 6.5 (Symantec)
  • Source: Brainbench Information Security Administrator certifications

    CCNA Cyber OpsPrerequisites: None required; training is recommended.

    This associate-level certification prepares cybersecurity professionals for work as cybersecurity analysts responding to security incidents as part of a security operations center team in a large organization.

    The CCNA Cyber Ops certification requires candidates to pass two written exams.

    Source: Cisco Systems CCNA Cyber Ops

    CCNA SecurityPrerequisites: A valid Cisco CCNA Routing and Switching, Cisco Certified Entry Networking Technician or Cisco Certified Internetwork Expert (CCIE) certification.

    This credential validates that associate-level professionals are able to install, troubleshoot and monitor Cisco-routed and switched network devices for the purpose of protecting both the devices and networked data.

    A person with a CCNA Security certification can be expected to understand core security concepts, endpoint security, web and email content security, the management of secure access, and more. He should also be able to demonstrate skills for building a security infrastructure, identifying threats and vulnerabilities to networks, and mitigating security threats. CCNA credential holders also possess the technical skills and expertise necessary to manage protection mechanisms such as firewalls and intrusion prevention systems, network access, endpoint security solutions, and web and email security.

    The successful completion of one exam is required to obtain this credential.

    Source: Cisco Systems CCNA Security

    Check Point Certified Security Administrator (CCSA) R80Prerequisites: Basic knowledge of networking; CCSA training and six months to one year of experience with Check Point products are recommended.

    Check Point's foundation-level credential prepares individuals to install, configure and manage Check Point security system products and technologies, such as security gateways, firewalls and virtual private networks (VPNs). Credential holders also possess the skills necessary to secure network and internet communications, upgrade products, troubleshoot network connections, configure security policies, protect email and message content, defend networks from intrusions and other threats, analyze attacks, manage user access in a corporate LAN environment, and configure tunnels for remote access to corporate resources.

    Candidates must pass a single exam to obtain this credential.

    Source: Check Point CCSA Certification

    IBM Certified Associate -- Endpoint Manager V9.0Prerequisites: IBM suggests that candidates be highly familiar with the IBM Endpoint Manager V9.0 console. They should have experience taking actions; activating analyses; and using Fixlets, tasks and baselines in the environment. They should also understand patching, component services, client log files and troubleshooting within IBM Endpoint Manager.

    This credential recognizes professionals who use IBM Endpoint Manager V9.0 daily. Candidates for this certification should know the key concepts of Endpoint Manager, be able to describe the system's components and be able to use the console to perform routine tasks.

    Successful completion of one exam is required.

    Editor's note: IBM is retiring this certification as of May 31, 2017; there will be a follow-on test available as of April 2017 for IBM BigFix Compliance V9.5 Fundamental Administration, Test C2150-627.

    Source: IBM Certified Associate -- Endpoint Manager V9.0

    IBM Certified Associate -- Security Trusteer Fraud ProtectionPrerequisites: IBM recommends that candidates have experience with network data communications, network security, and the Windows and Mac operating systems.

    This credential pertains mainly to sales engineers who support the Trusteer Fraud product portfolio for web fraud management, and who can implement a Trusteer Fraud solution. Candidates must understand Trusteer product functionality, know how to deploy the product, and be able to troubleshoot the product and analyze the results.

    To obtain this certification, candidates must pass one exam.

    Source: IBM Certified Associate -- Security Trusteer Fraud Protection

    McAfee Product SpecialistPrerequisites: None required; completion of an associated training course is highly recommended.

    McAfee information technology security certification holders possess the knowledge and technical skills necessary to install, configure, manage and troubleshoot specific McAfee products, or, in some cases, a suite of products.

    Candidates should possess one to three years of direct experience with one of the specific product areas.

    The current products targeted by this credential include:

  • McAfee Advanced Threat Defense products
  • McAfee ePolicy Orchestrator and VirusScan products
  • McAfee Network Security Platform
  • McAfee Host Intrusion Prevention
  • McAfee Data Loss Prevention Endpoint products
  • McAfee Security Information and Event Management products
  • All credentials require passing one exam.

    Source: McAfee Certification Program

    Microsoft Technology Associate (MTA)Prerequisites: None; training recommended.

    This credential started as an academic-only credential for students, but Microsoft made it available to the general public in 2012.

    There are 10 different MTA credentials across three tracks (IT Infrastructure with five certs, Database with one and Development with four). The IT Infrastructure track includes a Security Fundamentals credential, and some of the other credentials include security components or topic areas.

    To earn each MTA certification, candidates must pass the corresponding exam. 

    Source: Microsoft MTA Certifications

    Fortinet Network Security Expert (NSE)Prerequisites: Vary by credential.

    The Fortinet NSE program has eight levels, each of which corresponds to a separate network security credential within the program. The credentials are:

  • NSE 1 -- Understand network security concepts.
  • NSE 2 -- Sell Fortinet gateway solutions.
  • NSE 3 (Associate) -- Sell Fortinet advanced security solutions.
  • NSE 4 (Professional) -- Configure and maintain FortiGate Unified Threat Management products.
  • NSE 5 (Analyst) -- Implement network security management and analytics.
  • NSE 6 (Specialist) – Understand advanced security technologies beyond the firewall.
  • NSE 7 (Troubleshooter) -- Troubleshoot internet security issues.
  • NSE 8 (Expert) -- Design, configure, install and troubleshoot a network security solution in a live environment.
  • NSE 1 is open to anyone, but is not required. The NSE 2 and NSE 3 information technology security certifications are available only to Fortinet employees and partners. Candidates for NSE 4 through NSE 8 should take the exams through Pearson VUE.

    Source: Fortinet NSE

    Symantec Certified Specialist (SCS)This security certification program focuses on data protection, high availability and security skills involving Symantec products.

    To become an SCS, candidates must select an area of focus and pass an exam. All the exams cover core elements, such as installation, configuration, product administration, day-to-day operation and troubleshooting for the selected focus area.

    As of this writing, the following exams are available:

  • Exam 250-215: Administration of Symantec Messaging Gateway 10.5
  • Exam 250-410: Administration of Symantec Control Compliance Suite 11.x
  • Exam 250-420: Administration of Symantec VIP
  • Exam 250-423: Administration of Symantec IT Management Suite 8.0
  • Exam 250-424: Administration of Data Loss Prevention 14.5
  • Exam 250-425: Administration of Symantec Cyber Security Services
  • Exam 250-426: Administration of Symantec Data Center Security -- Server Advanced 6.7
  • Exam 250-427: Administration of Symantec Advanced Threat Protection 2.0.2
  • Exam 250-428: Administration of Symantec Endpoint Protection 14
  • Exam 250-513: Administration of Symantec Data Loss Prevention 12
  • Source: Symantec Certification

    Intermediate information technology security certifications 

    AccessData Certified Examiner (ACE)Prerequisites: None required; the AccessData BootCamp and Advanced Forensic Toolkit (FTK) courses are recommended.

    This credential recognizes a professional's proficiency using AccessData's FTK, FTK Imager, Registry Viewer and Password Recovery Toolkit. However, candidates for the certification must also have moderate digital forensic knowledge and be able to interpret results gathered from AccessData tools.

    To obtain this certification, candidates must pass one online exam (which is free). Although a boot camp and advanced courses are available for a fee, AccessData provides a set of free exam preparation videos to help candidates who prefer to self-study.

    The certification is valid for two years, after which credential holders must take the current exam to maintain their certification.

    Source: Syntricate ACE Training

    Cisco Certified Network Professional (CCNP) Security Prerequisites: CCNA Security or any CCIE certification.

    This Cisco credential recognizes professionals who are responsible for router, switch, networking device and appliance security. Candidates must also know how to select, deploy, support and troubleshoot firewalls, VPNs and intrusion detection system/intrusion prevention system products in a networking environment.

    Successful completion of four exams is required.

    Source: Cisco Systems CCNP Security

    Check Point Certified Security Expert (CCSE)Prerequisite: CCSA certification R70 or later.

    This is an intermediate-level credential for security professionals seeking to demonstrate skills at maximizing the performance of security networks.

    A CCSE demonstrates a knowledge of strategies and advanced troubleshooting for Check Point's GAiA operating system, including installing and managing VPN implementations, advanced user management and firewall concepts, policies, and backing up and migrating security gateway and management servers, among other tasks. The CCSE focuses on Check Point's VPN, Security Gateway and Management Server systems.

    To acquire this credential, candidates must pass one exam.

    Source: Check Point CCSE program

    Cisco Cybersecurity SpecialistPrerequisites: None required; CCNA Security certification and an understanding of TCP/IP are strongly recommended.

    This Cisco credential targets IT security professionals who possess in-depth technical skills and knowledge in the field of threat detection and mitigation. The certification focuses on areas such as event monitoring, event analysis (traffic, alarm, security events) and incident response.

    One exam is required.

    Source: Cisco Systems Cybersecurity Specialist

    Certified SonicWall Security Administrator (CSSA)Prerequisites: None required; training is recommended.

    The CSSA exam covers basic administration of SonicWall appliances and the network and system security behind such appliances.

    Classroom training is available, but not required to earn the CSSA. Candidates must pass one exam to become certified.

    Source: SonicWall Certification programs

    EnCase Certified Examiner (EnCE)Prerequisites: Candidates must attend 64 hours of authorized training or have 12 months of computer forensic work experience. Completion of a formal application process is also required.

    Aimed at both private- and public-sector computer forensic specialists, this certification permits individuals to become certified in the use of Guidance Software's EnCase computer forensics tools and software.

    Individuals can gain this certification by passing a two-phase exam: a computer-based component and a practical component.

    Source: Guidance Software EnCE

    EnCase Certified eDiscovery Practitioner (EnCEP)Prerequisites: Candidates must attend one of two authorized training courses and have three months of experience in eDiscovery collection, processing and project management. A formal application process is also required.

    Aimed at both private- and public-sector computer forensic specialists, this certification permits individuals to become certified in the use of Guidance Software's EnCase eDiscovery software, and it recognizes their proficiency in eDiscovery planning, project management and best practices, from legal hold to file creation.

    EnCEP-certified professionals possess the technical skills necessary to manage e-discovery, including the search, collection, preservation and processing of electronically stored information in accordance with the Federal Rules of Civil Procedure.

    Individuals can gain this certification by passing a two-phase exam: a computer-based component and a scenario component.

    Source: Guidance Software EnCEP Certification Program

    IBM Certified Administrator -- Security Guardium V10.0Prerequisites: IBM recommends basic knowledge of operating systems and databases, hardware or virtual machines, networking and protocols, auditing and compliance, and information security guidelines.

    IBM Security Guardium is a suite of protection and monitoring tools designed to protect databases and big data sets. The IBM Certified Administrator -- Security Guardium credential is aimed at administrators who plan, install, configure and manage Guardium implementations. This may include monitoring the environment, including data; defining policy rules; and generating reports.

    Successful completion of one exam is required.

    Source: IBM Security Guardium Certification

    IBM Certified Administrator -- Security QRadar Risk Manager V7.2.6Prerequisites: IBM recommends a working knowledge of IBM Security QRadar SIEM Administration and IBM Security QRadar Risk Manager, as well as general knowledge of networking, risk management, system administration and network topology.

    QRadar Risk Manager automates the risk management process in enterprises by monitoring network device configurations and compliance. The IBM Certified Administrator -- Security QRadar Risk Manager V7.2.6 credential certifies administrators who use QRadar to manage security risks in their organization. Certification candidates must know how to review device configurations, manage devices, monitor policies, schedule tasks and generate reports.

    Successful completion of one exam is required.

    Source: IBM Security QRadar Risk Manager Certification

    IBM Certified Analyst -- Security SiteProtector System V3.1.1Prerequisites: IBM recommends a basic knowledge of the IBM Security Network Intrusion Prevention System (GX) V4.6.2, IBM Security Network Protection (XGS) V5.3.1, Microsoft SQL Server, Windows Server operating system administration and network security.

    The Security SiteProtector System enables organizations to centrally manage their network, server and endpoint security agents and appliances. The IBM Certified Analyst -- Security SiteProtector System V3.1.1 credential is designed to certify security analysts who use the SiteProtector System to monitor and manage events, monitor system health, optimize SiteProtector and generate reports.

    To obtain this certification, candidates must pass one exam.

    Source: IBM Security SiteProtector Certification

    Oracle Certified Expert, Oracle Solaris 10 Certified Security AdministratorPrerequisite: Oracle Certified Professional, Oracle Solaris 10 System Administrator.

    This credential aims to certify experienced Solaris 10 administrators with security interest and experience. It's a midrange credential that focuses on general security principles and features, installing systems securely, application and network security, principle of least privilege, cryptographic features, auditing, and zone security.

    A single exam -- geared toward the Solaris 10 operating system or the OpenSolaris environment -- is required to obtain this credential.

    Source: Oracle Solaris Certification

    Oracle Mobile SecurityPrerequisites: Oracle recommends that candidates understand enterprise mobility, mobile application management and mobile device management; have two years of experience implementing Oracle Access Management Suite Plus 11g; and have experience in at least one other Oracle product family.

    This credential recognizes professionals who create configuration designs and implement the Oracle Mobile Security Suite. Candidates must have a working knowledge of Oracle Mobile Security Suite Access Server, Oracle Mobile Security Suite Administrative Console, Oracle Mobile Security Suite Notification Server, Oracle Mobile Security Suite Containerization and Oracle Mobile Security Suite Provisioning and Policies. They must also know how to deploy the Oracle Mobile Security Suite.

    Although the certification is designed for Oracle PartnerNetwork members, it is available to any candidate. Successful completion of one exam is required.

    Source: Oracle Mobile Security Certification

    RSA Archer Certified Administrator (CA)Prerequisites: None required; Dell EMC highly recommends RSA training and two years of product experience as preparation for the RSA certification exams.

    Dell EMC offers this certification, which is designed for security professionals who manage, administer, maintain and troubleshoot the RSA Archer Governance, Risk and Compliance (GRC) platform.

    Candidates must pass one exam, which focuses on integration and configuration management, security administration, and the data presentation and communication features of the RSA Archer GRC product.

    Source: Dell EMC RSA Archer Certification

    RSA SecurID Certified Administrator (RSA Authentication Manager 8.0)Prerequisites: None required; Dell EMC highly recommends RSA training and two years of product experience as preparation for the RSA certification exams.

    Dell EMC offers this certification, which is designed for security professionals who manage, maintain and administer enterprise security systems based on RSA SecurID system products and RSA Authentication Manager 8.0.

    RSA SecurID CAs can operate and maintain RSA SecurID components within the context of their operational systems and environments; troubleshoot security and implementation problems; and work with updates, patches and fixes. They can also perform administrative functions and populate and manage users, set up and use software authenticators, and understand the configuration required for RSA Authentication Manager 8.0 system operations.

    Source: Dell EMC RSA Authentication Manager Certification

    RSA Security Analytics CAPrerequisites: None required; Dell EMC highly recommends RSA training and two years of product experience as preparation for the RSA certification exams.

    This Dell EMC certification is aimed at security professionals who configure, manage, administer and troubleshoot the RSA Security Analytics product. Knowledge of the product's features, as well the ability to use the product to identify security concerns, are required.

    Candidates must pass one exam, which focuses on RSA Security Analytics functions and capabilities, configuration, management, monitoring and troubleshooting.

    Source: Dell EMC RSA Security Analytics

    Advanced information technology security certifications 

    CCIE SecurityPrerequisites: None required; three to five years of professional working experience recommended.

    Arguably one of the most coveted certifications around, the CCIE is in a league of its own. Having been around since 2002, the CCIE Security track is unrivaled for those interested in dealing with information security topics, tools and technologies in networks built using or around Cisco products and platforms.

    The CCIE certifies that candidates possess expert technical skills and knowledge of security and VPN products; an understanding of Windows, Unix, Linux, network protocols and domain name systems; an understanding of identity management; an in-depth understanding of Layer 2 and 3 network infrastructures; and the ability to configure end-to-end secure networks, as well as to perform troubleshooting and threat mitigation.

    To achieve this certification, candidates must pass both a written and lab exam. The lab exam must be passed within 18 months of the successful completion of the written exam.

    Source: Cisco Systems CCIE Security Certification

    Check Point Certified Managed Security Expert (CCMSE)Prerequisites: CCSE certification R75 or later and 6 months to 1 year of experience with Check Point products.

    This advanced-level credential is aimed at those seeking to learn how to install, configure and troubleshoot Check Point's Multi-Domain Security Management with Virtual System Extension.

    Professionals are expected to know how to migrate physical firewalls to a virtualized environment, install and manage an MDM environment, configure high availability, implement global policies and perform troubleshooting.

    Source: Check Point CCMSE

    Check Point Certified Security Master (CCSM)Prerequisites: CCSE R70 or later and experience with Windows Server, Unix, TCP/IP, and networking and internet technologies.

    The CCSM is the most advanced Check Point certification available. This credential is aimed at security professionals who implement, manage and troubleshoot Check Point security products. Candidates are expected to be experts in perimeter, internal, web and endpoint security systems.

    To acquire this credential, candidates must pass a written exam.

    Source: Check Point CCSM Certification

    Certified SonicWall Security Professional (CCSP)Prerequisites: Attendance at an advanced administration training course.

    Those who achieve this certification have attained a high level of mastery of SonicWall products. In addition, credential holders should be able to deploy, optimize and troubleshoot all the associated product features.

    Earning a CSSP requires taking an advanced administration course that focuses on either network security or secure mobile access, and passing the associated certification exam.

    Source: SonicWall CSSP certification

    IBM Certified Administrator -- Tivoli Monitoring V6.3Prerequisites: Security-related requirements include basic knowledge of SSL, data encryption and system user accounts.

    Those who attain this certification are expected to be capable of planning, installing, configuring, upgrading and customizing workspaces, policies and more. In addition, credential holders should be able to troubleshoot, administer and maintain an IBM Tivoli Monitoring V6.3 environment.

    Candidates must successfully pass one exam.

    Source: IBM Tivoli Certified Administrator

    Master Certified SonicWall Security Administrator (CSSA)The Master CSSA is an intermediate between the base-level CSSA credential (itself an intermediate certification) and the CSSP.

    To qualify for Master CSSA, candidates must pass three (or more) CSSA exams, and then email training@sonicwall.com to request the designation. There are no other charges or requirements involved.

    Source: SonicWall Master CSSA

    Conclusion 

    Remember, when it comes to selecting vendor-specific information technology security certifications, your organization's existing or planned security product purchases should dictate your options. If your security infrastructure includes products from vendors not mentioned here, be sure to check with them to determine if training or certifications on such products are available.

    About the author:Ed Tittel is a 30-plus year IT veteran who's worked as a developer, networking consultant, technical trainer, writer and expert witness. Perhaps best known for creating the Exam Cram series, Ed has contributed to more than 100 books on many computing topics, including titles on information security, Windows OSes and HTML. Ed also blogs regularly for TechTarget (Windows Enterprise Desktop), Tom's IT Pro and GoCertify.


    SQL Server Tips and Techniques for Database Performance Optimization | killexams.com real questions and Pass4sure dumps

    MariaDB TX, proven in production and driven by the community, is a complete database solution for any and every enterprise — a modern database for modern applications.

    SQL servers are very complex to grasp, even for professionals. As far as performance tuning is concerned, a lot of DBAs don't even know where to begin. However, there are a lot of facets of the whole system, which means that a SQL server consultant has to consider a lot of variables while tuning the SQL server to perfection. Although experience is the biggest tool in regards to performance tuning, basic knowledge, and minimal skill, it can also be utilized to achieve marked success. The following tips will help in fine-tuning the SQL server for database optimization and better performance:

    Stop Making the SQL Server Wait Around

    Every time the SQL Server gets held up while functioning, it tracks the incident in the form of wait statistics. This is one of the most crucial areas to master while dealing with SQL Server. Usually, the server is paused as it is looking for specific resources to come up and assist in completing the function. To find which resources are required, one must have knowledge of wait statistics. If the cause of blockage can be conveniently found, solving it will no longer be a problem. A lot of time will be saved while doing this instead of looking at the I/O issues.

    Locate the I/O Bottlenecks

    I/O bottlenecks are one of the top reasons for performance issues in SQL Servers. To find if you have I/O issues, follow the given methods:

  • Check if there is high page_IO_latch or log_write in your wait statistics
  • Use DMF sys.dm_io_virtual_file_stats() to find any possible areas where there are excessive I/O stalls
  • Use PerfMon counters
  • If you locate any physical I/O bottlenecks, find all the queries that are causing the problem. Fine tune them before adding additional hardware. Do not hold up the writing to the log file, as all the DML operations will become impeded. High latency for log writes is also a sign of a problem.

    Find the Problem Queries

    In any SQL server, there are usually 8 to 10 queries or stored procedures that hinder the activity of the system. Locating these queries and fine-tuning them will be beneficial for better performance and consistency without any additional hardware or software. There are a lot of queries that will cater to specific problems. An essential tip is to not give much weight to the elapsed time and let the codes do their work of solving the issue. Statement lengths might be surprising, but they will effectively solve the blocking issues present in the system.

    Strategize to Reuse

    As hardware is getting more powerful and affordable, the transaction rates in the database applications are ever-increasing. This is one of the reasons why programmers pack more stuff in one server and increase the activity in the system. However, compiling the query plans is one of the most crucial operations when it comes to the performance and memory of the SQL server. There are a lot of applications that can increase the speed of the development of a function, but do not reuse the query plan. This can be detrimental over a long period of time as the resources and time will be constantly wasted over a command that has been previously run. It is better to use counts column and order the plans by the text column so similar entries can be classified as a singular unit.

    Look Out for the Index Usage

    One of the most underutilised sources of information is the sys.dm_db_index_operational_stats() DMF. This DMF helps in deciphering all kinds of information for determining the indexes and how they are used. You can get to know it if you are scanning the index or using seeks. Even small data like elapsed time for a particular process can be gained. This DMF is one of the most useful tools for crucial information.

    Separate the Log and Data Files

    This is one of the most basic but disregarded rules for better performance of the system. Separating the log and data files onto other physical drives seems tedious to do, so most people skip this step. This step is quite advantageous as it can help enhance the performance levels of the system, and the user will witness the volumes of the transactions going up.

    MariaDB AX is an open source database for modern analytics: distributed, columnar and easy to use.

    Topics:

    database ,database optimization ,sql server ,sql server performance issues ,database performance



    Direct Download of over 5500 Certification Exams

    3COM [8 Certification Exam(s) ]
    AccessData [1 Certification Exam(s) ]
    ACFE [1 Certification Exam(s) ]
    ACI [3 Certification Exam(s) ]
    Acme-Packet [1 Certification Exam(s) ]
    ACSM [4 Certification Exam(s) ]
    ACT [1 Certification Exam(s) ]
    Admission-Tests [13 Certification Exam(s) ]
    ADOBE [93 Certification Exam(s) ]
    AFP [1 Certification Exam(s) ]
    AICPA [2 Certification Exam(s) ]
    AIIM [1 Certification Exam(s) ]
    Alcatel-Lucent [13 Certification Exam(s) ]
    Alfresco [1 Certification Exam(s) ]
    Altiris [3 Certification Exam(s) ]
    Amazon [2 Certification Exam(s) ]
    American-College [2 Certification Exam(s) ]
    Android [4 Certification Exam(s) ]
    APA [1 Certification Exam(s) ]
    APC [2 Certification Exam(s) ]
    APICS [2 Certification Exam(s) ]
    Apple [69 Certification Exam(s) ]
    AppSense [1 Certification Exam(s) ]
    APTUSC [1 Certification Exam(s) ]
    Arizona-Education [1 Certification Exam(s) ]
    ARM [1 Certification Exam(s) ]
    Aruba [6 Certification Exam(s) ]
    ASIS [2 Certification Exam(s) ]
    ASQ [3 Certification Exam(s) ]
    ASTQB [8 Certification Exam(s) ]
    Autodesk [2 Certification Exam(s) ]
    Avaya [96 Certification Exam(s) ]
    AXELOS [1 Certification Exam(s) ]
    Axis [1 Certification Exam(s) ]
    Banking [1 Certification Exam(s) ]
    BEA [5 Certification Exam(s) ]
    BICSI [2 Certification Exam(s) ]
    BlackBerry [17 Certification Exam(s) ]
    BlueCoat [2 Certification Exam(s) ]
    Brocade [4 Certification Exam(s) ]
    Business-Objects [11 Certification Exam(s) ]
    Business-Tests [4 Certification Exam(s) ]
    CA-Technologies [21 Certification Exam(s) ]
    Certification-Board [10 Certification Exam(s) ]
    Certiport [3 Certification Exam(s) ]
    CheckPoint [41 Certification Exam(s) ]
    CIDQ [1 Certification Exam(s) ]
    CIPS [4 Certification Exam(s) ]
    Cisco [318 Certification Exam(s) ]
    Citrix [48 Certification Exam(s) ]
    CIW [18 Certification Exam(s) ]
    Cloudera [10 Certification Exam(s) ]
    Cognos [19 Certification Exam(s) ]
    College-Board [2 Certification Exam(s) ]
    CompTIA [76 Certification Exam(s) ]
    ComputerAssociates [6 Certification Exam(s) ]
    Consultant [2 Certification Exam(s) ]
    Counselor [4 Certification Exam(s) ]
    CPP-Institue [2 Certification Exam(s) ]
    CPP-Institute [1 Certification Exam(s) ]
    CSP [1 Certification Exam(s) ]
    CWNA [1 Certification Exam(s) ]
    CWNP [13 Certification Exam(s) ]
    Dassault [2 Certification Exam(s) ]
    DELL [9 Certification Exam(s) ]
    DMI [1 Certification Exam(s) ]
    DRI [1 Certification Exam(s) ]
    ECCouncil [21 Certification Exam(s) ]
    ECDL [1 Certification Exam(s) ]
    EMC [129 Certification Exam(s) ]
    Enterasys [13 Certification Exam(s) ]
    Ericsson [5 Certification Exam(s) ]
    ESPA [1 Certification Exam(s) ]
    Esri [2 Certification Exam(s) ]
    ExamExpress [15 Certification Exam(s) ]
    Exin [40 Certification Exam(s) ]
    ExtremeNetworks [3 Certification Exam(s) ]
    F5-Networks [20 Certification Exam(s) ]
    FCTC [2 Certification Exam(s) ]
    Filemaker [9 Certification Exam(s) ]
    Financial [36 Certification Exam(s) ]
    Food [4 Certification Exam(s) ]
    Fortinet [13 Certification Exam(s) ]
    Foundry [6 Certification Exam(s) ]
    FSMTB [1 Certification Exam(s) ]
    Fujitsu [2 Certification Exam(s) ]
    GAQM [9 Certification Exam(s) ]
    Genesys [4 Certification Exam(s) ]
    GIAC [15 Certification Exam(s) ]
    Google [4 Certification Exam(s) ]
    GuidanceSoftware [2 Certification Exam(s) ]
    H3C [1 Certification Exam(s) ]
    HDI [9 Certification Exam(s) ]
    Healthcare [3 Certification Exam(s) ]
    HIPAA [2 Certification Exam(s) ]
    Hitachi [30 Certification Exam(s) ]
    Hortonworks [4 Certification Exam(s) ]
    Hospitality [2 Certification Exam(s) ]
    HP [750 Certification Exam(s) ]
    HR [4 Certification Exam(s) ]
    HRCI [1 Certification Exam(s) ]
    Huawei [21 Certification Exam(s) ]
    Hyperion [10 Certification Exam(s) ]
    IAAP [1 Certification Exam(s) ]
    IAHCSMM [1 Certification Exam(s) ]
    IBM [1532 Certification Exam(s) ]
    IBQH [1 Certification Exam(s) ]
    ICAI [1 Certification Exam(s) ]
    ICDL [6 Certification Exam(s) ]
    IEEE [1 Certification Exam(s) ]
    IELTS [1 Certification Exam(s) ]
    IFPUG [1 Certification Exam(s) ]
    IIA [3 Certification Exam(s) ]
    IIBA [2 Certification Exam(s) ]
    IISFA [1 Certification Exam(s) ]
    Intel [2 Certification Exam(s) ]
    IQN [1 Certification Exam(s) ]
    IRS [1 Certification Exam(s) ]
    ISA [1 Certification Exam(s) ]
    ISACA [4 Certification Exam(s) ]
    ISC2 [6 Certification Exam(s) ]
    ISEB [24 Certification Exam(s) ]
    Isilon [4 Certification Exam(s) ]
    ISM [6 Certification Exam(s) ]
    iSQI [7 Certification Exam(s) ]
    ITEC [1 Certification Exam(s) ]
    Juniper [64 Certification Exam(s) ]
    LEED [1 Certification Exam(s) ]
    Legato [5 Certification Exam(s) ]
    Liferay [1 Certification Exam(s) ]
    Logical-Operations [1 Certification Exam(s) ]
    Lotus [66 Certification Exam(s) ]
    LPI [24 Certification Exam(s) ]
    LSI [3 Certification Exam(s) ]
    Magento [3 Certification Exam(s) ]
    Maintenance [2 Certification Exam(s) ]
    McAfee [8 Certification Exam(s) ]
    McData [3 Certification Exam(s) ]
    Medical [69 Certification Exam(s) ]
    Microsoft [374 Certification Exam(s) ]
    Mile2 [3 Certification Exam(s) ]
    Military [1 Certification Exam(s) ]
    Misc [1 Certification Exam(s) ]
    Motorola [7 Certification Exam(s) ]
    mySQL [4 Certification Exam(s) ]
    NBSTSA [1 Certification Exam(s) ]
    NCEES [2 Certification Exam(s) ]
    NCIDQ [1 Certification Exam(s) ]
    NCLEX [2 Certification Exam(s) ]
    Network-General [12 Certification Exam(s) ]
    NetworkAppliance [39 Certification Exam(s) ]
    NI [1 Certification Exam(s) ]
    NIELIT [1 Certification Exam(s) ]
    Nokia [6 Certification Exam(s) ]
    Nortel [130 Certification Exam(s) ]
    Novell [37 Certification Exam(s) ]
    OMG [10 Certification Exam(s) ]
    Oracle [279 Certification Exam(s) ]
    P&C [2 Certification Exam(s) ]
    Palo-Alto [4 Certification Exam(s) ]
    PARCC [1 Certification Exam(s) ]
    PayPal [1 Certification Exam(s) ]
    Pegasystems [12 Certification Exam(s) ]
    PEOPLECERT [4 Certification Exam(s) ]
    PMI [15 Certification Exam(s) ]
    Polycom [2 Certification Exam(s) ]
    PostgreSQL-CE [1 Certification Exam(s) ]
    Prince2 [6 Certification Exam(s) ]
    PRMIA [1 Certification Exam(s) ]
    PsychCorp [1 Certification Exam(s) ]
    PTCB [2 Certification Exam(s) ]
    QAI [1 Certification Exam(s) ]
    QlikView [1 Certification Exam(s) ]
    Quality-Assurance [7 Certification Exam(s) ]
    RACC [1 Certification Exam(s) ]
    Real-Estate [1 Certification Exam(s) ]
    RedHat [8 Certification Exam(s) ]
    RES [5 Certification Exam(s) ]
    Riverbed [8 Certification Exam(s) ]
    RSA [15 Certification Exam(s) ]
    Sair [8 Certification Exam(s) ]
    Salesforce [5 Certification Exam(s) ]
    SANS [1 Certification Exam(s) ]
    SAP [98 Certification Exam(s) ]
    SASInstitute [15 Certification Exam(s) ]
    SAT [1 Certification Exam(s) ]
    SCO [10 Certification Exam(s) ]
    SCP [6 Certification Exam(s) ]
    SDI [3 Certification Exam(s) ]
    See-Beyond [1 Certification Exam(s) ]
    Siemens [1 Certification Exam(s) ]
    Snia [7 Certification Exam(s) ]
    SOA [15 Certification Exam(s) ]
    Social-Work-Board [4 Certification Exam(s) ]
    SpringSource [1 Certification Exam(s) ]
    SUN [63 Certification Exam(s) ]
    SUSE [1 Certification Exam(s) ]
    Sybase [17 Certification Exam(s) ]
    Symantec [134 Certification Exam(s) ]
    Teacher-Certification [4 Certification Exam(s) ]
    The-Open-Group [8 Certification Exam(s) ]
    TIA [3 Certification Exam(s) ]
    Tibco [18 Certification Exam(s) ]
    Trainers [3 Certification Exam(s) ]
    Trend [1 Certification Exam(s) ]
    TruSecure [1 Certification Exam(s) ]
    USMLE [1 Certification Exam(s) ]
    VCE [6 Certification Exam(s) ]
    Veeam [2 Certification Exam(s) ]
    Veritas [33 Certification Exam(s) ]
    Vmware [58 Certification Exam(s) ]
    Wonderlic [2 Certification Exam(s) ]
    Worldatwork [2 Certification Exam(s) ]
    XML-Master [3 Certification Exam(s) ]
    Zend [6 Certification Exam(s) ]





    References :


    Dropmark : http://killexams.dropmark.com/367904/11695912
    Wordpress : http://wp.me/p7SJ6L-16L
    Issu : https://issuu.com/trutrainers/docs/000-190
    Dropmark-Text : http://killexams.dropmark.com/367904/12155739
    Blogspot : http://killexamsbraindump.blogspot.com/2017/11/never-miss-these-000-190-questions.html
    RSS Feed : http://feeds.feedburner.com/FreePass4sure000-190QuestionBank
    Box.net : https://app.box.com/s/u2v3xm7w6bpn0wwkynuzk0vrnvcjyzku
    publitas.com : https://view.publitas.com/trutrainers-inc/review-000-190-real-question-and-answers-before-you-take-test
    zoho.com : https://docs.zoho.com/file/5s0qsc9ba693c56364fd6be2a0bd6ad2ccbd3
    Calameo : http://en.calameo.com/books/004923526bc8b6c8783a5






    View Complete PDF »

    We Make Sure Q&A work for you!

    See Entry Test Preparation   |   Project Management, English Tests Home

    Pass4sure PDFs (Pass4sure Questions and Answers), Viewable at all devices like PC Windows (all versions), Linux (All versions), Mac / iOS (iPhone/iPad and all other devices), Android (All versions). It support High Quality Printable book format. You can print and carry anywhere with you, as you like.

    Testing and Training Engine Software (Pass4sure Exam Simulator) Compatible with All Windows PC (Windows 10/9/8/7/Vista/XP/2000/98 etc). Mac (Through Wine, Virtual Windows PC, Dual boot). It prepares your test for all the topics of exam, gives you exam tips and tricks by asking tricky questions, uses latest practice quiz to train you for the real test taking experience in learning mode as well as real test mode. Provides performance graphs and training history etc.

    View Complete Article »

    More Useful Links about 000-190

    Certification Vendors Here   |   View Exams, Latest Home

    Information Links



    References:


    000-190 brain dump | 000-190 bootcamp | 000-190 real questions | 000-190 practical test | 000-190 practice questions | 000-190 test prep | 000-190 study material | 000-190 exam prep | 000-190 study guide | 000-190 online exam | 000-190 training material | 000-190 mock test | 000-190 mock exam | 000-190 free practice tests | 000-190 free test | 000-190 test answers | 000-190 online test | 000-190 test questions | 000-190 exam questions | 000-190 exam papers | 000-190 assessment test sample | 000-190 reading practice test | 000-190 practice test | 000-190 test questions | 000-190 exam prep | 000-190 online exam | 000-190 free prep | 000-190 exam answers | 000-190 sample test questions | 000-190 test exam | 000-190 exam results | 000-190 free exam papers | 000-190 exam dumps | 000-190 past bar exams | 000-190 exam preparation | 000-190 free online test | 000-190 practice exam | 000-190 test questions and answers | 000-190 exam test | 000-190 test sample | 000-190 sample test | 000-190 test practice | 000-190 free test online | 000-190 question test | 000-190 model question | 000-190 exam tips | 000-190 certification sample | 000-190 pass exam | 000-190 prep questions | 000-190 entrance exam | 000-190 essay questions | 000-190 sample questions | 000-190 study questions | 000-190 mock questions | 000-190 test example | 000-190 past exams | 000-190 quest bars

    Download Free PDF »

    Services Overview

    We provide Pass4sure Questions and Answers and exam simulators for the candidates to prepare their exam and pass at first attempt.

    Contact Us

    As a team are working hard to provide the candidates best study material with proper guideline to face the real exam.

    Address: 15th floor, 7# building 16 Xi Si Huan.
    Telephone: +86 10 88227272
    FAX: +86 10 68179899
    Others: +301 - 0125 - 01258
    E-mail: info@Killexams.com



       

       

     

     



    .
     

      .