Logo
Alpher Online
 Current page : Home

301 Moved Permanently

Moved Permanently

The document has moved here.


Apache Server at killexams.com Port 80
Pass4sure HP0-M50 Practice Test | Check these Pass4sure HP HP0-M50 real Questions - alphernet.com.au

HP0-M50 | HP BSM Operations Manager i. 9.x(R) Software

Updated HP0-M50 Practice Test @ Killexams

Complete Practice Exam is provided Here   |   View Blog Article Home

HP0-M50 - HP BSM Operations Manager i. 9.x(R) Software - braindump

Vendor HP
Exam Number HP0-M50
Exam Name HP BSM Operations Manager i. 9.x(R) Software
Questions 64 Q & A
Recent Update February 12, 2019
Free PDF Download HP0-M50 Brain Dump
Download Complete PDF Killexams HP0-M50 Complete Document


Just study these HP0-M50 Questions and study guide


killexams.com allows millions of candidates pass the tests and get their certifications. We have thousands of a hit opinions. Our dumps are reliable, less expensive, up to date and of really best first-class to triumph over the problems of any IT certifications. killexams.com exam dumps are modern day up to date in particularly outclass manner on normal basis and material is released periodically. Latest killexams.com dumps are available in testing centers with whom we are retaining our dating to get ultra-modern cloth.

killexams.com HP Certification observe courses are setup by way of IT experts. Lots of college students were complaining that there are too many questions in such a lot of practice tests and look at courses, and they're simply worn-out to have enough money any extra. Seeing killexams.com specialists training session this complete version even as nevertheless guarantee that all the knowledge is blanketed after deep research and evaluation. Everything is to make convenience for candidates on their street to certification.

We have Tested and Approved HP0-M50 Exams. killexams.com affords the most correct and brand new IT exam materials which almost comprise all expertise points. With the useful resource of our HP0-M50 exam materials, you dont want to waste it slow on analyzing bulk of reference books and simply want to spend 10-20 hours to grasp our HP0-M50 real questions and answers. And we offer you with PDF Version & Software Version exam questions and answers. For Software Version materials, Its supplied to provide the applicants simulate the HP HP0-M50 exam in a real surroundings.

We offer free replace. Within validity period, if HP0-M50 exam materials which you have bought updated, we will inform you by email to download recent version of Q&A. If you dont pass your HP HP BSM Operations Manager i. 9.x(R) Software exam, We will provide you with complete refund. You need to ship the scanned reproduction of your HP0-M50 exam file card to us. After confirming, we will quickly come up with FULL REFUND.

killexams.com Huge Discount Coupons and Promo Codes are as beneath;
WC2017 : 60% Discount Coupon for all assessments on website
PROF17 : 10% Discount Coupon for Orders greater than $69
DEAL17 : 15% Discount Coupon for Orders extra than $99
DECSPECIAL : 10% Special Discount Coupon for All Orders


If you put together for the HP HP0-M50 exam the usage of our testing engine. It is easy to succeed for all certifications inside the first strive. You dont must cope with all dumps or any free torrent / rapidshare all stuff. We provide loose demo of each IT Certification Dumps. You can test out the interface, question quality and value of our practice assessments earlier than you decide to shop for.


HP0-M50 dumps, HP0-M50 Discount Coupon, HP0-M50 Promo Code, HP0-M50 vce, Free HP0-M50 vce, Download Free HP0-M50 dumps, Free HP0-M50 brain dumps, pass4sure HP0-M50, HP0-M50 practice test, HP0-M50 practice exam, killexams.com HP0-M50, HP0-M50 real questions, HP0-M50 actual test, HP0-M50 PDF download, Pass4sure HP0-M50 Download, HP0-M50 help, HP0-M50 examcollection, Passleader HP0-M50, exam-labs HP0-M50, Justcertify HP0-M50, certqueen HP0-M50, HP0-M50 testking


View Full Exam »

Customer Reviews about HP0-M50

Testimonials Here   |   View Vendors, Tracks Home

HP0-M50 - HP BSM Operations Manager i. 9.x(R) Software - Reviews

Our customers are always happy to give their reviews about the exams. Most of them are our permanent users. They do not rely on others except our team and they get exam confidence by using our questions and answers and exam simulator.

HP0-M50 exam is not any more hard with those QAs.

i am now not partial to on-line braindumps, because theyre regularly posted by means of irresponsible folks thatmisinform you into getting to know belongings you dont need and lacking matters which you actually need to understand. not Killexams. This enterprise provides virtually legitimate questions answers that help you get via your exam training. that is how I passed HP0-M50 exam. First time, First I trusted unfastened on-line stuff and that i failed. I were given Killexams HP0-M50 exam simulator - and i passed. that is the simplest proof I want. thank youKillexams.

Do you need Latest dumps of HP0-M50 exam, It is right place?

I even have searched perfect material for this particular subject matter over on line. But I could not discover an appropriate one which flawlessly explains only the wished and essential matters. When I observed Killexams brain dump material I changed into virtually surprised. It just covered the important matters and nothing beaten within the dumps. I am so excited to discover it and used it for my guidance.

No source is more authentic than this HP0-M50 source.

Well I used to spent maximum of my time surfing the net however it changed into not all in useless because it was my browsing that delivered me to this Killexams right earlier than my HP0-M50 exam. Coming here became the satisfactory component that happened to me because it got me examine rightly and therefore put up an amazing overall performance in my test.

Nice to hear that dumps of HP0-M50 exam are available.

this is the top class test-prep on the market! I just took and passed my HP0-M50. most effective one question become unseen in the exam. The records that comes with the QA make this product some distance greater than a brain-dump, for coupled with traditional research; online exam simulator is an extremely valuable device in advancing ones profession.

That was first-rate! I got modern day dumps of HP0-M50 exam.

im satisfied to tell that i have successfully passed the HP0-M50 exam. In this context I ought to admit that your query financial team did help (if not completely) to tied over the exam because the questions requested within the exam have been not completely blanketed with the useful resource of your questions and answers. But I should congratulate your effort to make us technically sound together with your Q&As. Way to Killexams for clearing my HP0-M50 exam in first class.

It is great to have HP0-M50 real test questions.

I was in a rush to skip the HP0-M50 exam due to the fact I needed to put up my HP0-M50 certificate. I should try to search for some on-line assist concerning my HP0-M50 check so I began looking. I discovered this Killexams and end up so hooked that I forgot what i was doing. Ultimately it became no longer in useless thinking about the reality that this Killexams got me to skip my test.

It is great ideal to prepare HP0-M50 exam with dumps.

i have visible numerous matters publicized adage utilize this and marks the excellent but your items have beencompletely exquisite as contrasted with others. I am able to go back soon to purchase extra test aids. I without a doubt wanted to mention a debt of gratitude is in order concerning your exceptional HP0-M50 test manual. I took the exam this week and finished soundly. not anything had taught me the thoughts the manner Killexams Questions & answers did. I solved ninety five% questions.

It was first experience but Great Experience!

Killexams tackled all my troubles. Thinking about lengthy question and answers have become a test. Anyways with concise, my making plans for HP0-M50 exam changed into truely an agreeable revel in. I correctly passed this exam with 79% marks. It helped me dont forget with out lifting a finger and solace. The Questions & solutions in Killexams are becoming for get prepared for this exam. Lots obliged Killexams on your backing. I should think about for lengthy simply whilst I used Killexams. Motivation and excellent Reinforcement of novices is one subject matter which i discovered hard however their assist make it so smooth.

Feel confident by preparing HP0-M50 dumps.

I asked my brother to present me some advice regarding my HP0-M50 test and he informed me to buckle up in view that i was in for a splendid journey. He gave me this Killexamss address and advised me that changed into all I wanted as a way to ensure that I clean my HP0-M50 test and that too with right marks. I took his recommendation and signed up and Im so satisfied that I did it considering the fact that my HP0-M50 test went top notch and that i passed with right score. It become like a dream come real so thank you.

wherein can i discover HP0-M50 real examination questions?

Overall impression was very good but i failed in one assignment but succeeded in HP0-M50 second assignment with Killexams team very fast. exam simulator is good.

Review Complete Testimonials »

See more HP exam dumps

Direct Downloads Here   |   View Vendors, Latest Home

Real Exam Questions and Answers of exams

We offer a huge collection of HP exam questions and answers, study guides, practice exams, Exam Simulator.

HP2-B112 | HP5-B04D | HP0-626 | HP0-621 | HP0-096 | HP0-620 | HP0-M48 | HP0-628 | HP2-B121 | HP2-B95 | HP0-505 | HP2-027 | HP2-T18 | HP0-S31 | HP0-381 | HP2-E34 | HP0-Y46 | HP0-648 | HP0-J27 | HP2-B68 | HP0-632 | HP2-B104 | HP0-234 | HP0-Y44 | HP2-T29 | HP0-D01 | HP0-095 | HP0-D02 | HP2-B84 | HP2-Z04 | HP0-J36 | HP0-517 | HP0-757 | HP2-E41 | HP0-M21 | HP0-D30 | HP0-920 | HP2-H35 | HP0-380 | HP0-E01 | HP0-703 | HP2-B11 | HP0-Y18 | HP0-M17 | HP2-E57 | HP0-490 | HP2-K19 | HP0-M50 | HP0-094 | HP2-B102 |

View Complete HP Collection »

Latest Exams added

Recently Updated Here   |   View Vendors, Latest Home

Latest Practice Exam Questions and Answers Added to Killexams.com

We keep our visitors and customers updated regarding the latest technology certifications by providing reliable and authentic exam preparation material. Our team remain busy in updating HP0-M50 exam training material as well as reviewing the real exam changes. They try best to provide each and every relevant information about the test for the candidate to get good marks and come out of test center happily.

1Y0-340 | 1Z0-324 | 1Z0-344 | 1Z0-346 | 1Z0-813 | 1Z0-900 | 1Z0-935 | 1Z0-950 | 1Z0-967 | 1Z0-973 | 1Z0-987 | A2040-404 | A2040-918 | AZ-101 | AZ-102 | AZ-200 | AZ-300 | AZ-301 | FortiSandbox | HP2-H65 | HP2-H67 | HPE0-J57 | HPE6-A47 | JN0-662 | MB6-898 | ML0-320 | NS0-159 | NS0-181 | NS0-513 | PEGACPBA73V1 | 1Z0-628 | 1Z0-934 | 1Z0-974 | 1Z0-986 | 202-450 | 500-325 | 70-537 | 70-703 | 98-383 | 9A0-411 | AZ-100 | C2010-530 | C2210-422 | C5050-380 | C9550-413 | C9560-517 | CV0-002 | DES-1721 | MB2-719 | PT0-001 | CPA-REG | CPA-AUD | AACN-CMC | AAMA-CMA | ABEM-EMC | ACF-CCP | ACNP | ACSM-GEI | AEMT | AHIMA-CCS | ANCC-CVNC | ANCC-MSN | ANP-BC | APMLE | AXELOS-MSP | BCNS-CNS | BMAT | CCI | CCN | CCP | CDCA-ADEX | CDM | CFSW | CGRN | CNSC | COMLEX-USA | CPCE | CPM | CRNE | CVPM | DAT | DHORT | CBCP | DSST-HRM | DTR | ESPA-EST | FNS | FSMC | GPTS | IBCLC | IFSEA-CFM | LCAC | LCDC | MHAP | MSNCB | NAPLEX | NBCC-NCC | NBDE-I | NBDE-II | NCCT-ICS | NCCT-TSC | NCEES-FE | NCEES-PE | NCIDQ-CID | NCMA-CMA | NCPT | NE-BC | NNAAP-NA | NRA-FPM | NREMT-NRP | NREMT-PTE | NSCA-CPT | OCS | PACE | PANRE | PCCE | PCCN | PET | RDN | TEAS-N | VACC | WHNP | WPT-R | 156-215-80 | 1D0-621 | 1Y0-402 | 1Z0-545 | 1Z0-581 | 1Z0-853 | 250-430 | 2V0-761 | 700-551 | 700-901 | 7765X | A2040-910 | A2040-921 | C2010-825 | C2070-582 | C5050-384 | CDCS-001 | CFR-210 | NBSTSA-CST | E20-575 | HCE-5420 | HP2-H62 | HPE6-A42 | HQT-4210 | IAHCSMM-CRCST | LEED-GA | MB2-877 | MBLEX | NCIDQ | VCS-316 | 156-915-80 | 1Z0-414 | 1Z0-439 | 1Z0-447 | 1Z0-968 | 300-100 | 3V0-624 | 500-301 | 500-551 | 70-745 | 70-779 | 700-020 | 700-265 | 810-440 | 98-381 | 98-382 | 9A0-410 | CAS-003 | E20-585 | HCE-5710 | HPE2-K42 | HPE2-K43 | HPE2-K44 | HPE2-T34 | MB6-896 | VCS-256 | 1V0-701 | 1Z0-932 | 201-450 | 2VB-602 | 500-651 | 500-701 | 70-705 | 7391X | 7491X | BCB-Analyst | C2090-320 | C2150-609 | IIAP-CAP | CAT-340 | CCC | CPAT | CPFA | APA-CPP | CPT | CSWIP | Firefighter | FTCE | HPE0-J78 | HPE0-S52 | HPE2-E55 | HPE2-E69 | ITEC-Massage | JN0-210 | MB6-897 | N10-007 | PCNSE | VCS-274 | VCS-275 | VCS-413 |

View Complete List »

See more braindumps

Direct Downloads Here   |   View Vendors, Latest Home

Actual Test Questions and Answers of exams

Here are some exams that you can explore by clicking the link below. There are thousands of exams that we provide to our candidates covering almost all the areas of certifications. Prepare our Questions and Answers and you will Pass4sure.

1Z0-874 | LOT-986 | CSQE | FCNSA | C2150-200 | PTCB | ST0-155 | 1Z0-968 | 050-664 | 9L0-010 | CAS-003 | 1Y0-731 | 00M-646 | PHR | 1Z0-897 | HP2-H28 | HP2-K36 | C2150-400 | 156-915-71 | 650-148 | 9A0-381 | 1Z0-495 | 650-752 | HPE0-J80 | P2050-007 | 000-656 | HP0-782 | C9520-911 | E20-060 | 000-784 | 1Z0-140 | HP0-A23 | 646-590 | 3107 | HP0-W03 | C2020-180 | 9L0-521 | HP3-C11 | 920-464 | 650-042 | BCP-240 | 1Z0-567 | 000-215 | 000-315 | BCCPP | 156-215-75 | 1Z0-932 | C8010-726 | 9A0-313 | 000-M601 |

Read more Details »

Top of the list Vendors

Certification Vendors Here   |   View Exams, Latest Home

Industry Leading Vendors

Top notch vendors that dominate the entire world market by their technology and experties. We try to cover almost all the technology vendors and their certification areas so that our customers and visitors obtain all the information about test at one place.

USMLE | Counselor | Prince2 | Zend | Real-Estate | Foundry | Legato | mySQL | Tibco | NVIDIA | GuidanceSoftware | Sybase | SAP | Fujitsu | AFP | RES | Riverbed | TruSecure | Fortinet | Network-General | Genesys | ISA | ISM | Admission-Tests | PARCC | Misc | Cloudera | Altiris | 3COM | LEED | Food | Cognos | BlueCoat | DMI | ARM | AccessData | Hitachi | IAAP | GRE | McData | NetworkAppliance | RSA | AIIM | CSP | APA | Financial | APTUSC | ITEC | ISEB | CPP-Institute |

View Complete List »

HP0-M50 Sample Questions

Certification Vendors Here   |   View Exams, Latest Home

HP0-M50 Demo and Sample

Note: Answers are below each question.
Samples are taken from full version.

Pass4sure HP0-M50 dumps | Killexams.com HP0-M50 real questions | [HOSTED-SITE]



Killexams.com HP0-M50 Dumps and Real Questions

100% Real Questions - Exam Pass Guarantee with High Marks - Just Memorize the Answers



HP0-M50 exam Dumps Source : HP BSM Operations Manager i. 9.x(R) Software

Test Code : HP0-M50
Test Name : HP BSM Operations Manager i. 9.x(R) Software
Vendor Name : HP
Q&A : 64 Real Questions

I need real exam questions of HP0-M50 exam.
I notably advocate this package deal to all people making plans to get HP0-M50 q and a. test for this certification are tough, and it takes a lot of work to skip them. killexams.com does most of it for you. HP0-M50 exam I got from this website had maximum of the questions provided at some point of the exam. with out these dumps, I suppose i would fail, and that is why such a lot of people dont pass HP0-M50 exam from the primary attempt.


in which can i discover HP0-M50 exam look at assist on internet?
I just bought this HP0-M50 braindump, as soon as I heard that killexams.com has the updates. Its real, they have got protected all new areas, and the exam seems very sparkling. Given the present day replace, their flip round time and help is brilliant.


wherein can i discover HP0-M50 real examination questions?
Hearty thanks to killexams.com team for the questions & answers of HP0-M50 exam. It provided excellent solution to my questions on HP0-M50 I felt confident to face the test. Found many questions in the exam paper similar to the guide. I strongly feel that the guide is still valid. Appreciate the effort by your team members, killexams.com. The process of dealing subjects in a unique and unusual way is superb. Hope you people create more such study guides in near future for our convenience.


I need real test questions of HP0-M50 exam.
I take the advantage of the Dumps provided by the killexams.com and the content rich with information and offers the effective things, which I searched exactly for my preparation. It boosted my spirit and provides needed confidence to take my HP0-M50 exam. The material you provided is so close to the real exam questions. As a non native English speaker I got 120 minutes to finish the exam, but I just took 95 minutes. Great material. Thank you.


Take gain, Use Questions/solutions to make sure your fulfillment.
Many thank you to your HP0-M50 dumps. I identified maximum of the questions and also you had all the simulations that i wasrequested. I have been given ninety seven percent score. After attempting numerous books, i was pretty upset now not getting the right material. I was looking for a guiding precept for exam HP0-M50 with easy and nicely-preparedcontent. killexams.com Q&A fulfilled my want, as it defined the complicated topics within the best way. Within the real exam I were given 90 seven%, which was past my expectation. Thanks killexams.com, in your great guide-line!


Take advantage contemporary HP0-M50 exam Q&A and get certified.
some suitable guys cant carry an alteration to the worlds way but they can best tell you whether or not you have been the handiest man who knew a way to do that and that i need to be regarded in this global and make my very own mark and i have been so lame my whole way but I recognise now that I wanted to get a pass in my HP0-M50 and this can make me famous maybe and sure im brief of glory but passing my A+ exams with killexams.com became my morning and night time glory.


Its appropriate to study books for HP0-M50 exam, however make certain your achievement with those Q&A.
I passed HP0-M50 paper inside weeks,thanks in your exquisite QA have a examine materials.Score ninety six percent. I am very assured now that i can do higher in my last three test and absolutely use your exercise material and suggest it to my friends. Thank you very a good deal to your outstanding exam simulator product.


amazed to look HP0-M50 contemporary questions in little rate.
killexams.com questions and solutions helped me to understand what exactly is predicted inside the exam HP0-M50. I organized rightly interior 10 days of training and completed all of the questions of exam in 80 minutes. It contain the topics similar to exam factor of view and makes you memorize all of the topics without difficulty and successfully. It additionally helped me to realise the way to control the time to finish the exam earlier than time. Its far tremendous technique.


Shortest question are included in HP0-M50 question bank.
The killexams.com Questions & solutions made me efficient enough to split this exam. I endeavored ninety/95 questions in due time and passed correctly. I by no means taken into consideration passing. a great deal obliged killexams.com for help me in passing the HP0-M50. With a complete time work and an reliable diploma preparation facet with the aid ofside made me substantially occupied to equip myself for the HP0-M50 exam. by means of one way or another I got here to consider killexams.


Where can I download HP0-M50 latest dumps?
Your questions exactly similar to actual one. Passed the HP0-M50 test the other day. i would have no longer completed it at the same time as no longer your check homework materials. Various months agene I fizzling that test the important time I took it. killexams.com Q&A and Exam Simulator are a first rate thing for me. I completed the test frightfully simply this point.


HP HP BSM Operations Manager

HP Unleashes the vigor of Operational Analytics to Optimize performance for Hybrid Environments | killexams.com Real Questions and Pass4sure dumps

PALO ALTO, CA--(Marketwire - Nov 27, 2012) - HP ( NYSE : HPQ ) today introduced a new version of HP enterprise carrier management (BSM) utility, the first answer of its form to make use of big facts analytics to improve the efficiency and availability of company utility throughout cell and hybrid IT environments.

With the increasing use of virtualization and cloud applied sciences, IT companies now not recognize or manage the entire technologies in their atmosphere, making it complicated for functions and operations teams to foresee potential concerns. IT wants a brand new answer that both predicts the prevalence of well-known complications and identifies up to now unknown issues earlier than they occur.

HP BSM provides conclusion-to-end visibility into IT applications and services. With powerful precise-time and ancient analytics to video display the health of the whole IT stack, from company features and functions to the infrastructure and networks, purchasers can anticipate actual IT issues before they occur.

"In state-of-the-art complicated hybrid environments, where enterprise carrier availability and performance at once correlate to company success, IT businesses are looking for new the right way to convey predictable carrier tiers," referred to Ajei Gopal, senior vice chairman and regular supervisor, Hybrid and Cloud business Unit, software, HP. "the brand new HP company provider management answer supplies conclusion-to-end operational intelligence to support IT make enhanced selections and enhance carrier tiers in complex, dynamic IT environments."

"It was complex for our operations team to see the severity or identify the foundation cause of a selected provider problem with historic monitoring tools," observed Leiv-Erik Verspoor, senior platform consultant at Sykehuspartner, the largest IT provider provider for hospitals in northern Europe. "HP BSM automatically notifies our IT crew of advantage concerns with our infrastructure and capabilities in order to instantly get to the bottom of the issue to cut back downtime and subsequently lower fees for our customers."

HP Operational Analytics powers IT intelligence New to HP BSM is HP Operational Analytics (OpsAnalytics), a capacity that gives you actionable intelligence about the health of IT functions through automating the correlation and analysis of consolidated facts, together with computing device statistics, logs, pursuits, topology and efficiency tips.

HP OpsAnalytics is the seamless integration of HP ArcSight Logger -- a regularly occurring log management answer -- with the unique correlation capabilities of HP Operations supervisor i (OMi) and the predictive analytics of HP service fitness Analyzer (SHA).

This combination supplies deep visibility and insight into any efficiency or availability subject, so consumers can:

  • Remediate established issues before they occur with predictive analytics that forecast problems and prioritize concerns in keeping with enterprise influence;
  • Proactively solve unanticipated concerns by collecting, storing and examining IT operational statistics to immediately correlate service abnormalities with the problem source; and
  • unravel incidents sooner with advantage in keeping with old analysis of prior similar hobbies through search capabilities throughout logs and routine.
  • HP BSM helps consumers maximize IT investments with end-to-end visibility across heterogeneous environments by means of:

  • guaranteeing provider availability with a 360-diploma view of IT performance, by aggregating information from disparate sources right into a single dashboard using out-of-the-box connectors to quite a number administration frameworks, including IBM Tivoli business Console, IBM Tivoli Monitoring and Microsoft® equipment core;
  • Resolving and enhancing performance of applications operating in OpenStack and Python cloud environments with diagnostics that pinpoint efficiency bottlenecks; and
  • enhancing availability of net and cellular purposes through enhanced perception into customer-aspect efficiency concerns.
  • HP additionally lets virtualization directors and virtualization subject rely experts (vSME) diagnose and troubleshoot performance bottlenecks in virtualized environments with HP Virtualization performance Viewer (vPV). The free edition is attainable to download today.

    Kuveyt Turk Participation bank boosts enterprise efficiencies  Kuveyt Turk Participation financial institution, a leading interest-free financial capabilities provider in Turkey, more advantageous IT carrier effectivity with HP BSM utility. With places in six international locations and more than 220 in-nation branches, the Kuveyt Turk IT operations crew spends plenty of its time conducting reactive application monitoring, with an ordinary carrier name lasting 30 minutes. 

    After reviewing assorted options, Kuveyt Turk chose HP BSM to monitor efficiency of company features throughout its eBanking, factor-of-carrier, ATM, credit card functions and speak to core environments. due to this fact, the enterprise has decreased the variety of calls to its service desk by way of 30 p.c and decreased incident decision time through 50 %.(1)

    "missing computerized conclusion-to-conclusion monitoring of company features caused provider outages, costing us approximately $400,000 yearly," noted Aslan Demir, chief tips officer, Kuveyt Turk Participation bank. "We determined to put in force HP BSM utility and now computer screen business features as a whole, resolving many complications with out ever causing downtime."

    available as a hybrid deployment HP enterprise provider management can be deployed in a hybrid model where HP application efficiency administration on HP software as a service is integrated with on-premises add-ons of HP BSM. This deployment model allows customers to obtain a sooner course to value and cut back cost via minimizing quintessential upfront investments in deploying the HP BSM answer.

    Story continues

    HP features help consumers plan, install, assist HP application skilled services presents HP BSM improve services -- a suite of functions designed to present consumer option and self belief. The options range from a hard and fast price, far flung engagement tailor-made for more convenient and smaller scale deployments, all the technique to on-site, custom commercial enterprise improvements appropriate for gigantic and complex installations.

    additional information in regards to the new edition of HP BSM might be accessible by means of a webinar collection beginning on Jan. 8, 2013. additional information about HP BSM, including white papers, facts sheets and solution briefs, is attainable at www.hp.com/go/bsm.

    Pricing and availability The new edition of HP company service administration can be purchasable international without delay from HP or through its ecosystem of worldwide channel companions. Pricing is according to a licensing mannequin.

    The free versions of HP Virtualization efficiency Viewer (vPV) and HP ArcSight Logger are available to download from www.hp.com/go/vpv and www.hp.com/go/opsanalytics, respectively.

    About HP HP creates new percentages for technology to have a significant have an impact on on americans, companies, governments and society. the area's biggest technology business, HP brings collectively a portfolio that spans printing, personal computing, application, capabilities and IT infrastructure to resolve client complications. extra assistance about HP is available at http://www.hp.com.

    (1) outcomes as pronounced with the aid of HP customer.

    Microsoft is a U.S. registered trademark of Microsoft corporation.

    This news release carries ahead-searching statements that contain dangers, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove flawed, the results of HP and its consolidated subsidiaries might range materially from those expressed or implied by using such forward-looking statements and assumptions. All statements other than statements of old reality are statements that may well be deemed ahead-searching statements, together with but now not limited to statements of the plans, thoughts and targets of management for future operations; any statements concerning expected development, efficiency, market share or competitive efficiency relating to items and capabilities; any statements regarding expected operational and financial effects; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. dangers, uncertainties and assumptions include macroeconomic and geopolitical trends and routine; the competitive pressures faced by means of HP's organizations; the construction and transition of new items and services (and the enhancement of current items and capabilities) to meet client wants and respond to rising technological trends; the execution and performance of contracts by means of HP and its valued clientele, suppliers and companions; the insurance plan of HP's intellectual property assets, together with highbrow property licensed from third parties; integration and different hazards linked to enterprise combination and investment transactions; the hiring and retention of key personnel; assumptions regarding pension and other post-retirement prices and retirement classes; the execution, timing and effects of restructuring plans, together with estimates and assumptions related to the cost and the predicted merits of imposing these plans; expectations and assumptions relating to the execution and timing of charge discount programs and restructuring and integration plans; the resolution of pending investigations, claims and disputes; and different hazards that are described in HP's Quarterly file on form 10-Q for the fiscal quarter ended July 31, 2012 and HP's other filings with the Securities and trade fee, together with HP's Annual file on form 10-ok for the fiscal year ended October 31, 2011. HP assumes no obligation and does not intend to replace these forward-looking statements.

    © 2012 Hewlett-Packard development enterprise, L.P. The information contained herein is discipline to trade devoid of word. The simplest warranties for HP items and services are set forth within the categorical warranty statements accompanying such items and services. Nothing herein may still be construed as constituting an further guarantee. HP shall no longer be accountable for technical or editorial blunders or omissions contained herein.


    HP quickens customer Adoption of Hybrid birth models to enhance application outcomes | killexams.com Real Questions and Pass4sure dumps

    WASHINGTON--(enterprise WIRE)--HP (NYSE:HPQ) nowadays announced new management options to help clients include hybrid birth models, spanning on-premise, off-premise, actual and digital environments, enabling quicker time to market and improved agility from software investments.

    Hybrid delivery fashions that are incorrectly managed can boost complexity, chance and costs, which may immediately reverse any good points for agencies looking for to undertake them.

    New HP solutions permit IT groups to without difficulty manage the efficiency and availability of all applications within the same means, no matter the place they are working. The offerings encompass advances within the business’s industry-main automation and management platforms, verify statistics administration and application functions.

    HP company provider management 9.0

    HP business service management (BSM) 9.0 improves IT operations by way of enabling workforce to comfortably manipulate software performance and availability to satisfy carrier-stage agreements. HP BSM 9.0 provides:

  • The trade’s first run-time carrier model, which updates the complete run-time ambiance of the utility service, even if the application is operating in an on-premise, off-premise, actual or virtual environment. This ensures operations staff can understand the most accurate view of their IT services, which dramatically reduces consumer have an effect on and time to troubleshoot.
  • New collaboration capabilities applying web 2.0 mash-u.s.to deliver actionable information to the correct group with the right context across a lot of interfaces, together with cell devices. This permits faster decision making and issue decision.
  • Automation of the entire experience resolution technique to dramatically reduce troubleshooting prices, lower imply time to fix and force productiveness gains. HP BSM eliminates redundant routine and automates the procedure of decision the use of industry-leading run-e-book automation equipment.
  • The HP BSM 9.0 portfolio comprises HP enterprise Availability core 9.0 (BAC), HP Operations supervisor i 9.0 (OMi) and HP network administration middle (NMC) 9.0.

    HP test records administration

    HP examine information administration (TDM) automates the manner of acquiring examine records from are living purposes. This automation more advantageous displays construction environments and reduces the risks associated with the eventual deployment of functions. HP TDM additionally lowers costs linked to software trying out, reduces project delays and ensures delicate records does not violate compliance regulations.

    New HP application services

    HP additionally introduced three new provider offerings designed to support shoppers power the maximum price from their utility investments.

    HP answer administration functions (SMS) is a converged portfolio of software assist and consulting capabilities that helps consumers simplify their environments and maximize adoption of their business know-how Optimization (BTO) and guidance management (IM) utility investments. New offerings encompass multiplied support for customized and third-party integrations and proactive features reminiscent of patch administration and unlock upgrade planning for each HP and third-celebration utility.

  • HP BAC any place has been extended to guide on-premise environments apart from HP utility as a carrier (SaaS) models. companies can computer screen their external web applications at any time, from anyplace in the world – even outdoor the firewall – from one built-in console.
  • HP BSM 9.0 services – together with an HP BSM Discovery Workshop and HP Consulting capabilities – support shoppers design and installation their HP BSM answer to lower risk of software downtime and boost carrier best.
  • “businesses are evaluating cloud and virtualization as the right way to decrease prices and boost agility,” mentioned invoice Veghte, executive vice chairman, application and solutions, HP. “With HP, valued clientele have access to market main administration equipment that allow them to reap the merits of these new fashions, whereas carrying on with to video display and manipulate their applications with no trouble.”

    extra assistance about HP’s new offerings is accessible in a web press equipment at www.hp.com/go/HPSoftwareUniverseDC2010.

    About HP

    HP creates new chances for technology to have a meaningful have an effect on on people, agencies, governments and society. the world’s largest technology business, HP brings collectively a portfolio that spans printing, own computing, utility, capabilities and IT infrastructure to clear up consumer complications. more advice about HP is purchasable at http://www.hp.com.

    This information unencumber contains ahead-searching statements that involve dangers, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions show flawed, the outcomes of HP and its consolidated subsidiaries may differ materially from these expressed or implied by such forward-searching statements and assumptions. All statements other than statements of ancient reality are statements that could be deemed ahead-looking statements, including but not restrained to statements of the plans, options and ambitions of management for future operations; any statements concerning expected construction, performance or market share relating to products and functions; any statements related to anticipated operational and fiscal consequences; any statements of expectation or perception; and any statements of assumptions underlying any of the foregoing. risks, uncertainties and assumptions include macroeconomic and geopolitical developments and events; the execution and performance of contracts with the aid of HP and its valued clientele, suppliers and companions; the success of expected operational and fiscal results; and other risks that are described in HP’s Quarterly record on form 10-Q for the fiscal quarter ended April 30, 2010 and HP’s different filings with the Securities and change fee, together with however now not restrained to HP’s Annual report on kind 10-okay for the fiscal 12 months ended October 31, 2009. HP assumes no obligation and does not intend to update these forward-searching statements.

    © 2010 Hewlett-Packard development business, L.P. The suggestions contained herein is area to change without word.

    The only warranties for HP products and functions are set forth in the categorical warranty statements accompanying such items and services. Nothing herein may still be construed as constituting an further warranty. HP shall not be accountable for technical or editorial error or omissions contained herein.


    HP updates UCMDB for tighter integration | killexams.com Real Questions and Pass4sure dumps

    At HP utility Universe 2008 in Vienna, Austria, closing week, HP introduced feature updates to the HP commonplace Configuration management Database (UCMDB) eight.0, together with greater huge integration with different HP's enterprise technology Optimization products.

    HP's UCMDB got here to HP by the use of its 2006 acquisition of Mercury Interactive Corp. is built-in with HP's enterprise service administration (BSM) suite of products and, like several real configuration administration database (CMDB), offers federation, offers users a view of infrastructure and application relationships through discovery and dependency mapping, and also tracks change background, ostensibly providing statistics middle managers and admintrators a 360-diploma view of IT operations.

    Bringing order to chaosWith the update, UCMDB has built-in with more than 17 products in HP's enterprise technology Optimization software portfolio, including new integrations with HP enterprise Availability center eight.0, HP Operations manager i-collection, HP community Node supervisor i-series superior, and HP service supervisor 7.1.

    other new points include here:

  • New Modeling Studio that makes it less demanding to map functions;
  • Multi-statistics source federation and attribute-level federation; and
  • simpler export of records in tables and the ability to e mail studies.
  • UCMDB pricing begins at U.S.$60, 000.

    users commonly look to HP's UCMDB for visibility into all their techniques. "[HP's Universal CMDB] gives administrators a unified 360-diploma view of IT operations and enterprise services, with a view to access facts middle assistance they want. It removes the entire silos," talked about Ramin Sayar, the senior director of HP's business provider administration, utility and expertise options group.

    Tulio Quinones, an business programs administration unit supervisor for an organization that offers IT consolidation consulting services, makes use of HP's UCMDB to manage customer records at 1,one hundred global locations.

    prior to setting up a CMDB, the enterprise kept client facts in a considerable number of management equipment and used homegrown equipment to drag data as needed. "We have been successful with monitoring equipment and managing them for the corporations we managed, but after we were asked to mix a number of businesses onto a single gadget, things acquired very messy," Quinones noted. "We could not preserve track of the dependencies and who owned what … and we wanted to keep all this suggestions centrally as an alternative of using many separate monitoring tools."

    to boot, importing the records into numerous separate tools turned into a plodding, time-drinking procedure. "It changed into an incredible amount of work just to load statistics into the system. And by the time it became loaded, it was already stale," Quinones said.

    Being a legacy HP shop, Quinones regarded to HP's UCMDB as a way to consolidate their techniques management tools and organize client data. One primary advantage of HP's UCMDB is that users can combine it with existing tools, he noted. "It wasn't a rip and change. We aligned tools and integrations with it, in its place of starting over. another advisable feature, he talked about, is UCMDB's relationship mapping capabilities, he talked about. "The UCMDB allows us to see the relationship between the host and the community and the network and the application."

    ahead of implementing UCMDB, the business struggled just to preserve batches of statistics, however the utility has enabled it to enrich techniques as opposed to with no trouble spend all its time holding them. "it is quickly becoming a core of our integration approach," Quinones stated.

    Quinones at present uses UCMDB edition 7.5 and plans to upgrade to the new edition of HP UCMDB (eight.0) soon. He anticipates several points within the new version, akin to exchange monitoring and verification (planned and unplanned). "currently, we leave it up to the engineer to verify the exchange with inconsistent consequences. Untracked changes have always been a challenge for us," Quinones observed. "With eight.0, we should be able to compare managed/authorised state [HP Service Manager 7.1] with exact state [UCMDB 8.0].

    Open supervisor i (Omi) integration is a different large plus, he stated. "We do lots of human correlation throughout the domains we control. With OMi and UCMDB eight.0, we may be capable of correlate events across domains and check the actual-time fitness of interweaved and dependant functions," Quinones noted. "presently, we be aware of when we've a disk difficulty or a network bottleneck, however, we're introduced with a challenge when choosing the influence of this experience. With OMI and UCMDB, we might be capable of know the impact instantly." Declining economy ushers in dealsSince a declining U.S. financial system has made it complicated for agencies to justify IT spending, HP has begun to offer 0% financing for agencies in nations the place HP has a huge presence and the financial system has caused funds issues, Sayar pointed out.

    HP is providing a 0% financing merchandising via July 31, 2009, for licensing prices on HP BTO and IM application for qualifying deals over $100,000. The promoting is purchasable in Austria, Belgium, Canada, Denmark, Finland, France, Germany, ireland, Italy, Luxembourg, the Netherlands, Norway Portugal, Spain, Sweden, the U.ok. and the U.S.

    "We do not desire consumers to worry abut having to finance functions from us. And for customers who wish to put money into us, we desire it to be a no-brainer," Sayar spoke of.

    let us know what you feel concerning the story; email Bridget Botelho, news author.and check out our statistics core blogs: Server Farming, Mainframe Propellerhead, and facts core amenities professional.


    While it is very hard task to choose reliable certification questions / answers resources with respect to review, reputation and validity because people get ripoff due to choosing wrong service. Killexams.com make it sure to serve its clients best to its resources with respect to exam dumps update and validity. Most of other's ripoff report complaint clients come to us for the brain dumps and pass their exams happily and easily. We never compromise on our review, reputation and quality because killexams review, killexams reputation and killexams client confidence is important to us. Specially we take care of killexams.com review, killexams.com reputation, killexams.com ripoff report complaint, killexams.com trust, killexams.com validity, killexams.com report and killexams.com scam. If you see any false report posted by our competitors with the name killexams ripoff report complaint internet, killexams.com ripoff report, killexams.com scam, killexams.com complaint or something like this, just keep in mind that there are always bad people damaging reputation of good services due to their benefits. There are thousands of satisfied customers that pass their exams using killexams.com brain dumps, killexams PDF questions, killexams practice questions, killexams exam simulator. Visit Killexams.com, our sample questions and sample brain dumps, our exam simulator and you will definitely know that killexams.com is the best brain dumps site.

    [OPTIONAL-CONTENTS-2]


    1Z0-216 practice test | 000-M87 examcollection | 050-710 Practice test | 000-115 dump | RHIA cheat sheets | 310-220 test questions | C2090-424 real questions | 000-M198 dumps | BH0-001 practice questions | HP2-Q03 questions answers | NS0-505 pdf download | 000-430 bootcamp | 920-234 Practice Test | 000-781 practice exam | 9A0-063 VCE | A2090-545 test prep | HP2-W103 dumps questions | 000-R06 practice questions | HP0-648 exam questions | HP0-D15 braindumps |


    Here is the bests place to get help pass HP0-M50 exam?
    killexams.com give most recent and updated Pass4sure Practice Test with Actual Exam Questions and Answers for new syllabus of HP HP0-M50 Exam. Practice our Real Questions and Answers to Improve your knowledge and pass your exam with High Marks. We guarantee your achievement in the Test Center, covering every one of the subjects of exam and improve your Knowledge of the HP0-M50 exam. Pass without any doubt with our exact questions.

    If you are interested in properly Passing the HP HP0-M50 exam to start incomes? killexams.com has leading aspect evolved HP BSM Operations Manager i. 9.x(R) Software test questions with the intention to make sure you pass this HP0-M50 exam! killexams.com will offer you the foremost correct, up to date and progressive updated HP0-M50 exam questions and out there with a 100 percent refund guarantee. There are several companies that offer HP0-M50 brain dumps but those are not correct and recent ones. Preparation with killexams.com HP0-M50 new questions will be a nice manner to pass this certification test in swish manner. We are all properly aware that a main trouble within the IT business is there will be an absence of superior braindumps. Our test practice dumps provides you the whole thing you will need to require a certification test. Our HP HP0-M50 exam offers you with test questions with confirmed solutions that replicate the important test. These Questions and Answers provide you with the enjoy of taking the particular exam. High-quality and low price for the HP0-M50 exam. 100% guarantee to pass your HP HP0-M50 exam and acquire your HP certification. we have a tendency at killexams.com are committed to assist you pass your HP0-M50 exam with high scores. the probabilities of you failing your HP0-M50 exam, once memorizing our complete test dumps are little. HP HP0-M50 is rare all over within the globe, and also the business and programming arrangements gave via them are being grasped by means of each one amongst the businesses. they need helped in employing a giant style of firms on the far side any doubt shot means of accomplishment. so much attaining progressing to understand of HP certifications are needed to certify as an important practicality, and also the specialists showed through them are hugely prestigious altogether associations.

    If you are searching for HP0-M50 Practice Test containing Real Test Questions, you are at correct place. killexams.com have aggregated database of questions from Actual Exams keeping in mind the end goal to enable you to plan and pass your exam on the main attempt. All preparation materials on the site are Up To Date and checked by our specialists.

    killexams.com give most recent and updated Pass4sure Practice Test with Actual Exam Questions and Answers for new syllabus of HP HP0-M50 Exam. Practice our Real Questions and Answers to Improve your knowledge and pass your exam with High Marks. We guarantee your achievement in the Test Center, covering every one of the subjects of exam and improve your Knowledge of the HP0-M50 exam. Pass without any doubt with our exact questions.

    Our HP0-M50 Exam PDF contains Complete Pool of Questions and Answers and Dumps checked and confirmed including references and explanations (where material). Our objective to collect the Questions and Answers isnt just to pass the exam at first attempt however Really Improve Your Knowledge about the HP0-M50 exam points.

    HP0-M50 exam Questions and Answers are Printable in High Quality Study Guide that you can download in your Computer or some other gadget and begin setting up your HP0-M50 exam. Print Complete HP0-M50 Study Guide, convey with you when you are at Vacations or Traveling and Enjoy your Exam Prep. You can get to updated HP0-M50 Exam Q&A from your online record whenever.

    killexams.com Huge Discount Coupons and Promo Codes are as under;
    WC2017 : 60% Discount Coupon for all exams on website
    PROF17 : 10% Discount Coupon for Orders greater than $69
    DEAL17 : 15% Discount Coupon for Orders greater than $99
    DECSPECIAL : 10% Special Discount Coupon for All Orders


    Download your HP BSM Operations Manager i. 9.x(R) Software Study Guide promptly in the wake of purchasing and Start Preparing Your Exam Prep Right Now!

    [OPTIONAL-CONTENTS-4]


    Killexams HP5-K02D braindumps | Killexams 3C00120A dumps | Killexams 1Z0-054 real questions | Killexams HP0-Y18 bootcamp | Killexams M9560-727 test prep | Killexams 70-569-CSharp braindumps | Killexams Maya12-A questions answers | Killexams HP2-E13 brain dumps | Killexams 00M-608 free pdf download | Killexams 000-N07 examcollection | Killexams 310-052 brain dumps | Killexams PMI-100 practice test | Killexams 000-586 free pdf | Killexams 250-430 dump | Killexams HP2-H28 exam questions | Killexams ST0-47X free pdf | Killexams 156-915-1 free pdf | Killexams HP0-729 dumps questions | Killexams 1Z0-324 exam prep | Killexams A2040-911 practice test |


    [OPTIONAL-CONTENTS-5]

    View Complete list of Killexams.com Brain dumps


    Killexams 250-406 exam prep | Killexams 1Y0-A11 study guide | Killexams 000-209 free pdf | Killexams AACN-CMC test questions | Killexams 000-201 practice exam | Killexams HP0-S18 real questions | Killexams 1D0-441 free pdf download | Killexams MOS-E2K real questions | Killexams A2090-730 cram | Killexams 6203-1 test prep | Killexams C4070-603 dump | Killexams HP2-B103 sample test | Killexams HPE2-T22 free pdf | Killexams JN0-634 Practice test | Killexams HP0-M31 practice test | Killexams 3X0-102 brain dumps | Killexams 1Z0-453 VCE | Killexams CAT-040 practice questions | Killexams A2090-610 test prep | Killexams CCD-470 questions answers |


    HP BSM Operations Manager i. 9.x(R) Software

    Pass 4 sure HP0-M50 dumps | Killexams.com HP0-M50 real questions | [HOSTED-SITE]

    Automation's the Name of the Game | killexams.com real questions and Pass4sure dumps

    Automation's the Name of the Game

    Automation makes all the difference in a data center, which is why BMC, CA, HP, and IBM are spending heavily to get in on the action.

  • By Stephen Swoyer
  • 04/22/2008
  • Strange things are happening in the field of data center automation, where Big Enterprise stalwarts BMC Software Corp. and CA Inc. recently made strategic moves: BMC with last month's acquisition of data center automation specialist BladeLogic (valued at an eyebrow-raising $800 million) and CA, just last week, by a deal with IT process automation specialist Opalis Software Inc. to shore up its own data center automation stack.

    Why the focus on data center automation (DCA)? Why are management powerhouses such as BMC and CA -- not to mention Hewlett-Packard Co. (HP) and IBM Corp. -- making such efforts to flesh out their data center automation stacks?

    Industry watchers say it's all part of an overall move toward automation at all levels. "The key trend in IT management software spending will be the widespread adoption of IT process automation technologies across the whole IT management software spectrum," write Jean-Pierre Garbani and Thomas Mendel of Forrester Research.

    There's a financial incentive, too. "Organizations around the world will spend more than $140 billion dollars this year running data centers," said BMC president and chief executive officer Bob Beauchamp, in a statement that coincided with BMC's acquisition of BladeLogic. In Beauchamp's account, automation is what separates data center winners from losers.

    "Automation is the only way IT can bring this spending under control and still meet the reliability and time-to-market requirements of their businesses," he argued. "BMC's acquisition of BladeLogic will create the new IT Service Automation leader, unique in its ability to provide these critical capabilities. It is a natural and very significant next step in our vision of Business Service Management."

    Actually, BladeLogic is BMC's second big DCA-related purchase. Last July it purchased RealOps, a best-of-breed automation specialist. What's more, BMC last October picked up a tangential player: compliance and governance specialist Emprisa Networks.

    CA's move, on the other hand, comes after months of speculation about when -- not if -- it would take the data-center-automation plunge. There were rumbles last month, for example, after BMC ponied up $800 million for BladeLogic: sources indicated that CA -- which had maintained a mostly measured mien in an otherwise convulsive data center automation space -- might get a lot more voluble in the coming months.

    Last week's deal with Opalis is one example. CA also touted a recent Forrester Wave market survey which lists it as a "Leader" in the DCA segment. The Forrester report isn't all roses for CA. Lead analyst Evelyn Hubbert ranked Hewlett-Packard Co. (which catapulted into automation superstardom with its acquisition last summer of DCA powerhouse Opsware) as the overall market leader -- followed closely by BladeLogic and BMC, which (as of last month) are now one company.

    For the record, CA trails IBM -- and clocks in ahead of competitors Novell Inc. and mValent Inc. -- in the overall data-center-automation segment, according to Hubbert and Forrester. It does, however, place among the DCA top five, and last week's deal with Opalis could help it improve its showing.

    Why Opalis? CA officials stress there are already multiple integration points between that company's IT process automation technology and CA's own data center (or workload) automation solutions. That should make it easier for CA to incorporate Opalis' technology into its nascent DCA product line. The Opalis technology uses a so-called "enterprise services" architecture to automate processes and workflows. That makes it very partner-friendly, according to officials from both companies.

    Collectively, the Opalis software addresses most of the major management issues, including virtualization, provisioning, ITIL, disaster recovery (DR), consolidation, and -- of course -- security.


    HP Unleashes the Power of Operational Analytics to Optimize Performance for Hybrid Environments | killexams.com real questions and Pass4sure dumps

    PALO ALTO, CA -- (Marketwire) -- 11/27/12 -- HP (NYSE: HPQ) today announced a new version of HP Business Service Management (BSM) software, the first solution of its kind to use big data analytics to improve the performance and availability of business software across mobile and hybrid IT environments.

    With the increasing use of virtualization and cloud technologies, IT organizations no longer know or control all the technologies in their environment, making it difficult for applications and operations teams to foresee potential issues. IT needs a new solution that both predicts the occurrence of known problems and identifies previously unknown issues before they occur.

    HP BSM delivers end-to-end visibility into IT applications and services. With powerful real-time and historical analytics to monitor the health of the entire IT stack, from business services and applications to the infrastructure and networks, clients can anticipate real IT issues before they happen.

    "In today's complex hybrid environments, where business service availability and performance directly correlate to business success, IT organizations are looking for new ways to deliver predictable service levels," said Ajei Gopal, senior vice president and general manager, Hybrid and Cloud Business Unit, Software, HP. "The new HP Business Service Management solution delivers end-to-end operational intelligence to help IT make better decisions and improve service levels in complex, dynamic IT environments."

    "It was difficult for our operations team to see the severity or identify the root cause of a particular service issue with old monitoring tools," said Leiv-Erik Verspoor, senior platform consultant at Sykehuspartner, the largest IT service provider for hospitals in northern Europe. "HP BSM automatically notifies our IT team of potential issues with our infrastructure and services so we can quickly resolve the problem to reduce downtime and ultimately lower costs for our customers."

    HP Operational Analytics powers IT intelligence New to HP BSM is HP Operational Analytics (OpsAnalytics), a capability that delivers actionable intelligence about the health of IT services by automating the correlation and analysis of consolidated data, including machine data, logs, events, topology and performance information.

    HP OpsAnalytics is the seamless integration of HP ArcSight Logger -- a universal log management solution -- with the unique correlation capabilities of HP Operations Manager i (OMi) and the predictive analytics of HP Service Health Analyzer (SHA).

    This combination delivers deep visibility and insight into any performance or availability issue, so clients can:

  • Remediate known problems before they occur with predictive analytics that forecast problems and prioritize issues based on business impact;
  • Proactively solve unanticipated issues by collecting, storing and analyzing IT operational data to automatically correlate service abnormalities with the problem source; and
  • Resolve incidents faster with knowledge based on historical analysis of prior similar events through search capabilities across logs and events.
  • HP BSM helps clients maximize IT investments with end-to-end visibility across heterogeneous environments by:

  • Ensuring service availability with a 360-degree view of IT performance, by aggregating data from disparate sources into a single dashboard using out-of-the-box connectors to a range of management frameworks, including IBM Tivoli Enterprise Console, IBM Tivoli Monitoring and Microsoft® System Center;
  • Resolving and improving performance of applications running in OpenStack and Python cloud environments with diagnostics that pinpoint performance bottlenecks; and
  • Improving availability of web and mobile applications through greater insight into client-side performance issues.
  • HP also lets virtualization administrators and virtualization subject matter experts (vSME) diagnose and troubleshoot performance bottlenecks in virtualized environments with HP Virtualization Performance Viewer (vPV). The free version is available to download today.

    Kuveyt Turk Participation Bank boosts business efficiencies Kuveyt Turk Participation Bank, a leading interest-free financial services provider in Turkey, improved IT service efficiency with HP BSM software. With locations in six countries and more than 220 in-country branches, the Kuveyt Turk IT operations team spends much of its time conducting reactive application monitoring, with an average service call lasting 30 minutes.

    After reviewing multiple solutions, Kuveyt Turk chose HP BSM to monitor performance of business services across its eBanking, point-of-service, ATM, credit card services and call center environments. As a result, the company has reduced the number of calls to its service desk by 30 percent and reduced incident resolution time by 50 percent.(1)

    "Lacking automated end-to-end monitoring of business services caused service outages, costing us approximately $400,000 annually," said Aslan Demir, chief information officer, Kuveyt Turk Participation Bank. "We decided to implement HP BSM software and now monitor business services as a whole, resolving many problems without ever causing downtime."

    Available as a hybrid deploymentHP Business Service Management can be deployed in a hybrid model where HP Application Performance Management on HP Software as a Service is integrated with on-premises components of HP BSM. This deployment model allows customers to achieve a faster path to value and reduce cost by minimizing necessary upfront investments in deploying the HP BSM solution.

    HP services help clients plan, deploy, supportHP Software Professional Services offers HP BSM Upgrade Services -- a suite of services designed to offer customer choice and confidence. The options range from a fixed price, remote engagement tailored for simpler and smaller scale deployments, all the way to on-site, custom enterprise upgrades suitable for large and complex installations.

    Additional information about the new version of HP BSM will be available via a webinar series beginning on Jan. 8, 2013. Additional information about HP BSM, including white papers, data sheets and solution briefs, is available at www.hp.com/go/bsm.

    Pricing and availabilityThe new version of HP Business Service Management will be available worldwide directly from HP or through its ecosystem of worldwide channel partners. Pricing is based on a licensing model.

    The free versions of HP Virtualization Performance Viewer (vPV) and HP ArcSight Logger are available to download from www.hp.com/go/vpv and www.hp.com/go/opsanalytics, respectively.

    About HPHP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. The world's largest technology company, HP brings together a portfolio that spans printing, personal computing, software, services and IT infrastructure to solve customer problems. More information about HP is available at http://www.hp.com.

    (1) Results as reported by HP customer.

    Microsoft is a U.S. registered trademark of Microsoft Corporation.

    This news release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans, strategies and objectives of management for future operations; any statements concerning expected development, performance, market share or competitive performance relating to products and services; any statements regarding anticipated operational and financial results; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include macroeconomic and geopolitical trends and events; the competitive pressures faced by HP's businesses; the development and transition of new products and services (and the enhancement of existing products and services) to meet customer needs and respond to emerging technological trends; the execution and performance of contracts by HP and its customers, suppliers and partners; the protection of HP's intellectual property assets, including intellectual property licensed from third parties; integration and other risks associated with business combination and investment transactions; the hiring and retention of key employees; assumptions related to pension and other post-retirement costs and retirement programs; the execution, timing and results of restructuring plans, including estimates and assumptions related to the cost and the anticipated benefits of implementing those plans; expectations and assumptions relating to the execution and timing of cost reduction programs and restructuring and integration plans; the resolution of pending investigations, claims and disputes; and other risks that are described in HP's Quarterly Report on Form 10-Q for the fiscal quarter ended July 31, 2012 and HP's other filings with the Securities and Exchange Commission, including HP's Annual Report on Form 10-K for the fiscal year ended October 31, 2011. HP assumes no obligation and does not intend to update these forward-looking statements.

    © 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

    Add to Digg Bookmark with del.icio.us Add to Newsvine


    GSSAPI Authentication and Kerberos v5 | killexams.com real questions and Pass4sure dumps

    This chapter is from the book 

    This section discusses the GSSAPI mechanism, in particular, Kerberos v5 and how this works in conjunction with the Sun ONE Directory Server 5.2 software and what is involved in implementing such a solution. Please be aware that this is not a trivial task.

    It’s worth taking a brief look at the relationship between the Generic Security Services Application Program Interface (GSSAPI) and Kerberos v5.

    The GSSAPI does not actually provide security services itself. Rather, it is a framework that provides security services to callers in a generic fashion, with a range of underlying mechanisms and technologies such as Kerberos v5. The current implementation of the GSSAPI only works with the Kerberos v5 security mechanism. The best way to think about the relationship between GSSAPI and Kerberos is in the following manner: GSSAPI is a network authentication protocol abstraction that allows Kerberos credentials to be used in an authentication exchange. Kerberos v5 must be installed and running on any system on which GSSAPI-aware programs are running.

    The support for the GSSAPI is made possible in the directory server through the introduction of a new SASL library, which is based on the Cyrus CMU implementation. Through this SASL framework, DIGEST-MD5 is supported as explained previously, and GSSAPI which implements Kerberos v5. Additional GSSAPI mechanisms do exist. For example, GSSAPI with SPNEGO support would be GSS-SPNEGO. Other GSS mechanism names are based on the GSS mechanisms OID.

    The Sun ONE Directory Server 5.2 software only supports the use of GSSAPI on Solaris OE. There are implementations of GSSAPI for other operating systems (for example, Linux), but the Sun ONE Directory Server 5.2 software does not use them on platforms other than the Solaris OE.

    Understanding GSSAPI

    The Generic Security Services Application Program Interface (GSSAPI) is a standard interface, defined by RFC 2743, that provides a generic authentication and secure messaging interface, whereby these security mechanisms can be plugged in. The most commonly referred to GSSAPI mechanism is the Kerberos mechanism that is based on secret key cryptography.

    One of the main aspects of GSSAPI is that it allows developers to add secure authentication and privacy (encryption and or integrity checking) protection to data being passed over the wire by writing to a single programming interface. This is shown in FIGURE 3-2.

    03fig02.gifFigure 3-2. GSSAPI Layers

    The underlying security mechanisms are loaded at the time the programs are executed, as opposed to when they are compiled and built. In practice, the most commonly used GSSAPI mechanism is Kerberos v5. The Solaris OE provides a few different flavors of Diffie-Hellman GSSAPI mechanisms, which are only useful to NIS+ applications.

    What can be confusing is that developers might write applications that write directly to the Kerberos API, or they might write GSSAPI applications that request the Kerberos mechanism. There is a big difference, and applications that talk Kerberos directly cannot communicate with those that talk GSSAPI. The wire protocols are not compatible, even though the underlying Kerberos protocol is in use. An example is telnet with Kerberos is a secure telnet program that authenticates a telnet user and encrypts data, including passwords exchanged over the network during the telnet session. The authentication and message protection features are provided using Kerberos. The telnet application with Kerberos only uses Kerberos, which is based on secret-key technology. However, a telnet program written to the GSSAPI interface can use Kerberos as well as other security mechanisms supported by GSSAPI.

    The Solaris OE does not deliver any libraries that provide support for third-party companies to program directly to the Kerberos API. The goal is to encourage developers to use the GSSAPI. Many open-source Kerberos implementations (MIT, Heimdal) allow users to write Kerberos applications directly.

    On the wire, the GSSAPI is compatible with Microsoft’s SSPI and thus GSSAPI applications can communicate with Microsoft applications that use SSPI and Kerberos.

    The GSSAPI is preferred because it is a standardized API, whereas Kerberos is not. This means that the MIT Kerberos development team might change the programming interface anytime, and any applications that exist today might not work in the future without some code modifications. Using GSSAPI avoids this problem.

    Another benefit of GSSAPI is its pluggable feature, which is a big benefit, especially if a developer later decides that there is a better authentication method than Kerberos, because it can easily be plugged into the system and the existing GSSAPI applications should be able to use it without being recompiled or patched in any way.

    Understanding Kerberos v5

    Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. Originally developed at the Massachusetts Institute of Technology, it is included in the Solaris OE to provide strong authentication for Solaris OE network applications.

    In addition to providing a secure authentication protocol, Kerberos also offers the ability to add privacy support (encrypted data streams) for remote applications such as telnet, ftp, rsh, rlogin, and other common UNIX network applications. In the Solaris OE, Kerberos can also be used to provide strong authentication and privacy support for Network File Systems (NFS), allowing secure and private file sharing across the network.

    Because of its widespread acceptance and implementation in other operating systems, including Windows 2000, HP-UX, and Linux, the Kerberos authentication protocol can interoperate in a heterogeneous environment, allowing users on machines running one OS to securely authenticate themselves on hosts of a different OS.

    The Kerberos software is available for Solaris OE versions 2.6, 7, 8, and 9 in a separate package called the Sun Enterprise Authentication Mechanism (SEAM) software. For Solaris 2.6 and Solaris 7 OE, Sun Enterprise Authentication Mechanism software is included as part of the Solaris Easy Access Server 3.0 (Solaris SEAS) package. For Solaris 8 OE, the Sun Enterprise Authentication Mechanism software package is available with the Solaris 8 OE Admin Pack.

    For Solaris 2.6 and Solaris 7 OE, the Sun Enterprise Authentication Mechanism software is freely available as part of the Solaris Easy Access Server 3.0 package available for download from:

    http://www.sun.com/software/solaris/7/ds/ds-seas.

    For Solaris 8 OE systems, Sun Enterprise Authentication Mechanism software is available in the Solaris 8 OE Admin Pack, available for download from:

    http://www.sun.com/bigadmin/content/adminPack/index.html.

    For Solaris 9 OE systems, Sun Enterprise Authentication Mechanism software is already installed by default and contains the following packages listed in TABLE 3-1.

    Table 3-1. Solaris 9 OE Kerberos v5 Packages

    Package Name

    Description

    SUNWkdcr

    Kerberos v5 KDC (root)

    SUNWkdcu

    Kerberos v5 Master KDC (user)

    SUNWkrbr

    Kerberos version 5 support (Root)

    SUNWkrbu

    Kerberos version 5 support (Usr)

    SUNWkrbux

    Kerberos version 5 support (Usr) (64-bit)

    All of these Sun Enterprise Authentication Mechanism software distributions are based on the MIT KRB5 Release version 1.0. The client programs in these distributions are compatible with later MIT releases (1.1, 1.2) and with other implementations that are compliant with the standard.

    How Kerberos Works

    The following is an overview of the Kerberos v5 authentication system. From the user’s standpoint, Kerberos v5 is mostly invisible after the Kerberos session has been started. Initializing a Kerberos session often involves no more than logging in and providing a Kerberos password.

    The Kerberos system revolves around the concept of a ticket. A ticket is a set of electronic information that serves as identification for a user or a service such as the NFS service. Just as your driver’s license identifies you and indicates what driving permissions you have, so a ticket identifies you and your network access privileges. When you perform a Kerberos-based transaction (for example, if you use rlogin to log in to another machine), your system transparently sends a request for a ticket to a Key Distribution Center, or KDC. The KDC accesses a database to authenticate your identity and returns a ticket that grants you permission to access the other machine. Transparently means that you do not need to explicitly request a ticket.

    Tickets have certain attributes associated with them. For example, a ticket can be forwardable (which means that it can be used on another machine without a new authentication process), or postdated (not valid until a specified time). How tickets are used (for example, which users are allowed to obtain which types of tickets) is set by policies that are determined when Kerberos is installed or administered.

    You will frequently see the terms credential and ticket. In the Kerberos world, they are often used interchangeably. Technically, however, a credential is a ticket plus the session key for that session.

    Initial Authentication

    Kerberos authentication has two phases, an initial authentication that allows for all subsequent authentications, and the subsequent authentications themselves.

    A client (a user, or a service such as NFS) begins a Kerberos session by requesting a ticket-granting ticket (TGT) from the Key Distribution Center (KDC). This request is often done automatically at login.

    A ticket-granting ticket is needed to obtain other tickets for specific services. Think of the ticket-granting ticket as something similar to a passport. Like a passport, the ticket-granting ticket identifies you and allows you to obtain numerous “visas,” where the “visas” (tickets) are not for foreign countries, but for remote machines or network services. Like passports and visas, the ticket-granting ticket and the other various tickets have limited lifetimes. The difference is that Kerberized commands notice that you have a passport and obtain the visas for you. You don’t have to perform the transactions yourself.

    The KDC creates a ticket-granting ticket and sends it back, in encrypted form, to the client. The client decrypts the ticket-granting ticket using the client’s password.

    Now in possession of a valid ticket-granting ticket, the client can request tickets for all sorts of network operations for as long as the ticket-granting ticket lasts. This ticket usually lasts for a few hours. Each time the client performs a unique network operation, it requests a ticket for that operation from the KDC.

    Subsequent Authentications

    The client requests a ticket for a particular service from the KDC by sending the KDC its ticket-granting ticket as proof of identity.

  • The KDC sends the ticket for the specific service to the client.

    For example, suppose user lucy wants to access an NFS file system that has been shared with krb5 authentication required. Since she is already authenticated (that is, she already has a ticket-granting ticket), as she attempts to access the files, the NFS client system automatically and transparently obtains a ticket from the KDC for the NFS service.

  • The client sends the ticket to the server.

    When using the NFS service, the NFS client automatically and transparently sends the ticket for the NFS service to the NFS server.

  • The server allows the client access.

    These steps make it appear that the server doesn’t ever communicate with the KDC. The server does, though, as it registers itself with the KDC, just as the first client does.

  • Principals

    A client is identified by its principal. A principal is a unique identity to which the KDC can assign tickets. A principal can be a user, such as joe, or a service, such as NFS.

    By convention, a principal name is divided into three parts: the primary, the instance, and the realm. A typical principal could be, for example, lucy/admin@EXAMPLE.COM, where:

    lucy is the primary. The primary can be a user name, as shown here, or a service, such as NFS. The primary can also be the word host, which signifies that this principal is a service principal that is set up to provide various network services.

    admin is the instance. An instance is optional in the case of user principals, but it is required for service principals. For example, if the user lucy sometimes acts as a system administrator, she can use lucy/admin to distinguish herself from her usual user identity. Likewise, if Lucy has accounts on two different hosts, she can use two principal names with different instances (for example, lucy/california.example.com and lucy/boston.example.com).

    Realms

    A realm is a logical network, similar to a domain, which defines a group of systems under the same master KDC. Some realms are hierarchical (one realm being a superset of the other realm). Otherwise, the realms are non-hierarchical (or direct) and the mapping between the two realms must be defined.

    Realms and KDC Servers

    Each realm must include a server that maintains the master copy of the principal database. This server is called the master KDC server. Additionally, each realm should contain at least one slave KDC server, which contains duplicate copies of the principal database. Both the master KDC server and the slave KDC server create tickets that are used to establish authentication.

    Understanding the Kerberos KDC

    The Kerberos Key Distribution Center (KDC) is a trusted server that issues Kerberos tickets to clients and servers to communicate securely. A Kerberos ticket is a block of data that is presented as the user’s credentials when attempting to access a Kerberized service. A ticket contains information about the user’s identity and a temporary encryption key, all encrypted in the server’s private key. In the Kerberos environment, any entity that is defined to have a Kerberos identity is referred to as a principal.

    A principal may be an entry for a particular user, host, or service (such as NFS or FTP) that is to interact with the KDC. Most commonly, the KDC server system also runs the Kerberos Administration Daemon, which handles administrative commands such as adding, deleting, and modifying principals in the Kerberos database. Typically, the KDC, the admin server, and the database are all on the same machine, but they can be separated if necessary. Some environments may require that multiple realms be configured with master KDCs and slave KDCs for each realm. The principals applied for securing each realm and KDC should be applied to all realms and KDCs in the network to ensure that there isn’t a single weak link in the chain.

    One of the first steps to take when initializing your Kerberos database is to create it using the kdb5_util command, which is located in /usr/sbin. When running this command, the user has the choice of whether to create a stash file or not. The stash file is a local copy of the master key that resides on the KDC’s local disk. The master key contained in the stash file is generated from the master password that the user enters when first creating the KDC database. The stash file is used to authenticate the KDC to itself automatically before starting the kadmind and krb5kdc daemons (for example, as part of the machine’s boot sequence).

    If a stash file is not used when the database is created, the administrator who starts up the krb5kdc process will have to manually enter the master key (password) every time they start the process. This may seem like a typical trade off between convenience and security, but if the rest of the system is sufficiently hardened and protected, very little security is lost by having the master key stored in the protected stash file. It is recommended that at least one slave KDC server be installed for each realm to ensure that a backup is available in the event that the master server becomes unavailable, and that slave KDC be configured with the same level of security as the master.

    Currently, the Sun Kerberos v5 Mechanism utility, kdb5_util, can create three types of keys, DES-CBC-CRC, DES-CBC-MD5, and DES-CBC-RAW. DES-CBC stands for DES encryption with Cipher Block Chaining and the CRC, MD5, and RAW designators refer to the checksum algorithm that is used. By default, the key created will be DES-CBC-CRC, which is the default encryption type for the KDC. The type of key created is specified on the command line with the -k option (see the kdb5_util (1M) man page). Choose the password for your stash file very carefully, because this password can be used in the future to decrypt the master key and modify the database. The password may be up to 1024 characters long and can include any combination of letters, numbers, punctuation, and spaces.

    The following is an example of creating a stash file:

    kdc1 #/usr/sbin/kdb5_util create -r EXAMPLE.COM -s Initializing database '/var/krb5/principal' for realm 'EXAMPLE.COM' master key name 'K/M@EXAMPLE.COM' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: master_key Re-enter KDC database master key to verify: master_key

    Notice the use of the -s argument to create the stash file. The location of the stash file is in the /var/krb5. The stash file appears with the following mode and ownership settings:

    kdc1 # cd /var/krb5 kdc1 # ls -l -rw------- 1 root other 14 Apr 10 14:28 .k5.EXAMPLE.COM

    The directory used to store the stash file and the database should not be shared or exported.

    Secure Settings in the KDC Configuration File

    The KDC and Administration daemons both read configuration information from /etc/krb5/kdc.conf. This file contains KDC-specific parameters that govern overall behavior for the KDC and for specific realms. The parameters in the kdc.conf file are explained in detail in the kdc.conf(4) man page.

    The kdc.conf parameters describe locations of various files and ports to use for accessing the KDC and the administration daemon. These parameters generally do not need to be changed, and doing so does not result in any added security. However, there are some parameters that may be adjusted to enhance the overall security of the KDC. The following are some examples of adjustable parameters that enhance security.

  • kdc_ports – Defines the ports that the KDC will listen on to receive requests. The standard port for Kerberos v5 is 88. 750 is included and commonly used to support older clients that still use the default port designated for Kerberos v4. Solaris OE still listens on port 750 for backwards compatibility. This is not considered a security risk.

  • max_life – Defines the maximum lifetime of a ticket, and defaults to eight hours. In environments where it is desirable to have users re-authenticate frequently and to reduce the chance of having a principal’s credentials stolen, this value should be lowered. The recommended value is eight hours.

  • max_renewable_life – Defines the period of time from when a ticket is issued that it may be renewed (using kinit -R). The standard value here is 7 days. To disable renewable tickets, this value may be set to 0 days, 0 hrs, 0 min. The recommended value is 7d 0h 0m 0s.

  • default_principal_expiration – A Kerberos principal is any unique identity to which Kerberos can assign a ticket. In the case of users, it is the same as the UNIX system user name. The default lifetime of any principal in the realm may be defined in the kdc.conf file with this option. This should be used only if the realm will contain temporary principals, otherwise the administrator will have to constantly be renewing principals. Usually, this setting is left undefined and principals do not expire. This is not insecure as long as the administrator is vigilant about removing principals for users that no longer need access to the systems.

  • supported_enctypes – The encryption types supported by the KDC may be defined with this option. At this time, Sun Enterprise Authentication Mechanism software only supports des-cbc-crc:normal encryption type, but in the future this may be used to ensure that only strong cryptographic ciphers are used.

  • dict_file – The location of a dictionary file containing strings that are not allowed as passwords. A principal with any password policy (see below) will not be able to use words found in this dictionary file. This is not defined by default. Using a dictionary file is a good way to prevent users from creating trivial passwords to protect their accounts, and thus helps avoid one of the most common weaknesses in a computer network-guessable passwords. The KDC will only check passwords against the dictionary for principals which have a password policy association, so it is good practice to have at least one simple policy associated with all principals in the realm.

  • The Solaris OE has a default system dictionary that is used by the spell program that may also be used by the KDC as a dictionary of common passwords. The location of this file is: /usr/share/lib/dict/words. Other dictionaries may be substituted. The format is one word or phrase per line.

    The following is a Kerberos v5 /etc/krb5/kdc.conf example with suggested settings:

    # Copyright 1998-2002 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "@(#)kdc.conf 1.2 02/02/14 SMI" [kdcdefaults] kdc_ports = 88,750 [realms] ___default_realm___ = { profile = /etc/krb5/krb5.conf database_name = /var/krb5/principal admin_keytab = /etc/krb5/kadm5.keytab acl_file = /etc/krb5/kadm5.acl kadmind_port = 749 max_life = 8h 0m 0s max_renewable_life = 7d 0h 0m 0s default_principal_flags = +preauth Needs moving -- dict_file = /usr/share/lib/dict/words } Access Control

    The Kerberos administration server allows for granular control of the administrative commands by use of an access control list (ACL) file (/etc/krb5/kadm5.acl). The syntax for the ACL file allows for wildcarding of principal names so it is not necessary to list every single administrator in the ACL file. This feature should be used with great care. The ACLs used by Kerberos allow privileges to be broken down into very precise functions that each administrator can perform. If a certain administrator only needs to be allowed to have read-access to the database then that person should not be granted full admin privileges. Below is a list of the privileges allowed:

  • a – Allows the addition of principals or policies in the database.

  • A – Prohibits the addition of principals or policies in the database.

  • d – Allows the deletion of principals or policies in the database.

  • D – Prohibits the deletion of principals or policies in the database.

  • m – Allows the modification of principals or policies in the database.

  • M – Prohibits the modification of principals or policies in the database.

  • c – Allows the changing of passwords for principals in the database.

  • C – Prohibits the changing of passwords for principals in the database.

  • i – Allows inquiries to the database.

  • I – Prohibits inquiries to the database.

  • l – Allows the listing of principals or policies in the database.

  • L – Prohibits the listing of principals or policies in the database.

  • * – Short for all privileges (admcil).

  • x – Short for all privileges (admcil). Identical to *.

  • Adding Administrators

    After the ACLs are set up, actual administrator principals should be added to the system. It is strongly recommended that administrative users have separate /admin principals to use only when administering the system. For example, user Lucy would have two principals in the database - lucy@REALM and lucy/admin@REALM. The /admin principal would only be used when administering the system, not for getting ticket-granting-tickets (TGTs) to access remote services. Using the /admin principal only for administrative purposes minimizes the chance of someone walking up to Joe’s unattended terminal and performing unauthorized administrative commands on the KDC.

    Kerberos principals may be differentiated by the instance part of their principal name. In the case of user principals, the most common instance identifier is /admin. It is standard practice in Kerberos to differentiate user principals by defining some to be /admin instances and others to have no specific instance identifier (for example, lucy/admin@REALM versus lucy@REALM). Principals with the /admin instance identifier are assumed to have administrative privileges defined in the ACL file and should only be used for administrative purposes. A principal with an /admin identifier which does not match up with any entries in the ACL file will not be granted any administrative privileges, it will be treated as a non-privileged user principal. Also, user principals with the /admin identifier are given separate passwords and separate permissions from the non-admin principal for the same user.

    The following is a sample /etc/krb5/kadm5.acl file:

    # Copyright (c) 1998-2000 by Sun Microsystems, Inc. # All rights reserved. # #pragma ident "@(#)kadm5.acl 1.1 01/03/19 SMI" # lucy/admin is given full administrative privilege lucy/admin@EXAMPLE.COM * # # tom/admin user is allowed to query the database (d), listing principals # (l), and changing user passwords (c) # tom/admin@EXAMPLE.COM dlc

    It is highly recommended that the kadm5.acl file be tightly controlled and that users be granted only the privileges they need to perform their assigned tasks.

    Creating Host Keys

    Creating host keys for systems in the realm such as slave KDCs is performed the same way that creating user principals is performed. However, the -randkey option should always be used, so no one ever knows the actual key for the hosts. Host principals are almost always stored in the keytab file, to be used by root-owned processes that wish to act as Kerberos services for the local host. It is rarely necessary for anyone to actually know the password for a host principal because the key is stored safely in the keytab and is only accessible by root-owned processes, never by actual users.

    When creating keytab files, the keys should always be extracted from the KDC on the same machine where the keytab is to reside using the ktadd command from a kadmin session. If this is not feasible, take great care in transferring the keytab file from one machine to the next. A malicious attacker who possesses the contents of the keytab file could use these keys from the file in order to gain access to another user or services credentials. Having the keys would then allow the attacker to impersonate whatever principal that the key represented and further compromise the security of that Kerberos realm. Some suggestions for transferring the keytab are to use Kerberized, encrypted ftp transfers, or to use the secure file transfer programs scp or sftp offered with the SSH package (http://www.openssh.org). Another safe method is to place the keytab on a removable disk, and hand-deliver it to the destination.

    Hand delivery does not scale well for large installations, so using the Kerberized ftp daemon is perhaps the most convenient and secure method available.

    Using NTP to Synchronize Clocks

    All servers participating in the Kerberos realm need to have their system clocks synchronized to within a configurable time limit (default 300 seconds). The safest, most secure way to systematically synchronize the clocks on a network of Kerberos servers is by using the Network Time Protocol (NTP) service. The Solaris OE comes with an NTP client and NTP server software (SUNWntpu package). See the ntpdate(1M) and xntpd(1M) man pages for more information on the individual commands. For more information on configuring NTP, refer to the following Sun BluePrints OnLine NTP articles:

    It is critical that the time be synchronized in a secure manner. A simple denial of service attack on either a client or a server would involve just skewing the time on that system to be outside of the configured clock skew value, which would then prevent anyone from acquiring TGTs from that system or accessing Kerberized services on that system. The default clock-skew value of five minutes is the maximum recommended value.

    The NTP infrastructure must also be secured, including the use of server hardening for the NTP server and application of NTP security features. Using the Solaris Security Toolkit software (formerly known as JASS) with the secure.driver script to create a minimal system and then installing just the necessary NTP software is one such method. The Solaris Security Toolkit software is available at:

    http://www.sun.com/security/jass/

    Documentation on the Solaris Security Toolkit software is available at:

    http://www.sun.com/security/blueprints

    Establishing Password Policies

    Kerberos allows the administrator to define password policies that can be applied to some or all of the user principals in the realm. A password policy contains definitions for the following parameters:

  • Minimum Password Length – The number of characters in the password, for which the recommended value is 8.

  • Maximum Password Classes – The number of different character classes that must be used to make up the password. Letters, numbers, and punctuation are the three classes and valid values are 1, 2, and 3. The recommended value is 2.

  • Saved Password History – The number of previous passwords that have been used by the principal that cannot be reused. The recommended value is 3.

  • Minimum Password Lifetime (seconds) – The minimum time that the password must be used before it can be changed. The recommended value is 3600 (1 hour).

  • Maximum Password Lifetime (seconds) – The maximum time that the password can be used before it must be changed. The recommended value is 7776000 (90 days).

  • These values can be set as a group and stored as a single policy. Different policies can be defined for different principals. It is recommended that the minimum password length be set to at least 8 and that at least 2 classes be required. Most people tend to choose easy-to-remember and easy-to-type passwords, so it is a good idea to at least set up policies to encourage slightly more difficult-to-guess passwords through the use of these parameters. Setting the Maximum Password Lifetime value may be helpful in some environments, to force people to change their passwords periodically. The period is up to the local administrator according to the overriding corporate security policy used at that particular site. Setting the Saved Password History value combined with the Minimum Password Lifetime value prevents people from simply switching their password several times until they get back to their original or favorite password.

    The maximum password length supported is 255 characters, unlike the UNIX password database which only supports up to 8 characters. Passwords are stored in the KDC encrypted database using the KDC default encryption method, DES-CBC-CRC. In order to prevent password guessing attacks, it is recommended that users choose long passwords or pass phrases. The 255 character limit allows one to choose a small sentence or easy to remember phrase instead of a simple one-word password.

    It is possible to use a dictionary file that can be used to prevent users from choosing common, easy-to-guess words (see “Secure Settings in the KDC Configuration File” on page 70). The dictionary file is only used when a principal has a policy association, so it is highly recommended that at least one policy be in effect for all principals in the realm.

    The following is an example password policy creation:

    If you specify a kadmin command without specifying any options, kadmin displays the syntax (usage information) for that command. The following code box shows this, followed by an actual add_policy command with options.

    kadmin: add_policy usage: add_policy [options] policy options are: [-maxlife time] [-minlife time] [-minlength length] [-minclasses number] [-history number] kadmin: add_policy -minlife "1 hour" -maxlife "90 days" -minlength 8 -minclasses 2 -history 3 passpolicy kadmin: get_policy passpolicy Policy: passpolicy Maximum password life: 7776000 Minimum password life: 3600 Minimum password length: 8 Minimum number of password character classes: 2 Number of old keys kept: 3 Reference count: 0

    This example creates a password policy called passpolicy which enforces a maximum password lifetime of 90 days, minimum length of 8 characters, a minimum of 2 different character classes (letters, numbers, punctuation), and a password history of 3.

    To apply this policy to an existing user, modify the following:

    kadmin: modprinc -policy passpolicy lucyPrincipal "lucy@EXAMPLE.COM" modified.

    To modify the default policy that is applied to all user principals in a realm, change the following:

    kadmin: modify_policy -maxlife "90 days" -minlife "1 hour" -minlength 8 -minclasses 2 -history 3 default kadmin: get_policy default Policy: default Maximum password life: 7776000 Minimum password life: 3600 Minimum password length: 8 Minimum number of password character classes: 2 Number of old keys kept: 3 Reference count: 1

    The Reference count value indicates how many principals are configured to use the policy.

    The default policy is automatically applied to all new principals that are not given the same password as the principal name when they are created. Any account with a policy assigned to it is uses the dictionary (defined in the dict_file parameter in /etc/krb5/kdc.conf) to check for common passwords.

    Backing Up a KDC

    Backups of a KDC system should be made regularly or according to local policy. However, backups should exclude the /etc/krb5/krb5.keytab file. If the local policy requires that backups be done over a network, then these backups should be secured either through the use of encryption or possibly by using a separate network interface that is only used for backup purposes and is not exposed to the same traffic as the non-backup network traffic. Backup storage media should always be kept in a secure, fireproof location.

    Monitoring the KDC

    Once the KDC is configured and running, it should be continually and vigilantly monitored. The Sun Kerberos v5 software KDC logs information into the /var/krb5/kdc.log file, but this location can be modified in the /etc/krb5/krb5.conf file, in the logging section.

    [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log

    The KDC log file should have read and write permissions for the root user only, as follows:

    -rw------ 1 root other 750 25 May 10 17:55 /var/krb5/kdc.log Kerberos Options

    The /etc/krb5/krb5.conf file contains information that all Kerberos applications use to determine what server to talk to and what realm they are participating in. Configuring the krb5.conf file is covered in the Sun Enterprise Authentication Mechanism Software Installation Guide. Also refer to the krb5.conf(4) man page for a full description of this file.

    The appdefaults section in the krb5.conf file contains parameters that control the behavior of many Kerberos client tools. Each tool may have its own section in the appdefaults section of the krb5.conf file.

    Many of the applications that use the appdefaults section, use the same options; however, they might be set in different ways for each client application.

    Kerberos Client Applications

    The following Kerberos applications can have their behavior modified through the user of options set in the appdefaults section of the /etc/krb5/krb5.conf file or by using various command-line arguments. These clients and their configuration settings are described below.

    kinit

    The kinit client is used by people who want to obtain a TGT from the KDC. The /etc/krb5/krb5.conf file supports the following kinit options: renewable, forwardable, no_addresses, max_life, max_renewable_life and proxiable.

    telnet

    The Kerberos telnet client has many command-line arguments that control its behavior. Refer to the man page for complete information. However, there are several interesting security issues involving the Kerberized telnet client.

    The telnet client uses a session key even after the service ticket which it was derived from has expired. This means that the telnet session remains active even after the ticket originally used to gain access, is no longer valid. This is insecure in a strict environment, however, the trade off between ease of use and strict security tends to lean in favor of ease-of-use in this situation. It is recommended that the telnet connection be re-initialized periodically by disconnecting and reconnecting with a new ticket. The overall lifetime of a ticket is defined by the KDC (/etc/krb5/kdc.conf), normally defined as eight hours.

    The telnet client allows the user to forward a copy of the credentials (TGT) used to authenticate to the remote system using the -f and -F command-line options. The -f option sends a non-forwardable copy of the local TGT to the remote system so that the user can access Kerberized NFS mounts or other local Kerberized services on that system only. The -F option sends a forwardable TGT to the remote system so that the TGT can be used from the remote system to gain further access to other remote Kerberos services beyond that point. The -F option is a superset of -f. If the Forwardable and or forward options are set to false in the krb5.conf file, these command-line arguments can be used to override those settings, thus giving individuals the control over whether and how their credentials are forwarded.

    The -x option should be used to turn on encryption for the data stream. This further protects the session from eavesdroppers. If the telnet server does not support encryption, the session is closed. The /etc/krb5/krb5.conf file supports the following telnet options: forward, forwardable, encrypt, and autologin. The autologin [true/false] parameter tells the client to try and attempt to log in without prompting the user for a user name. The local user name is passed on to the remote system in the telnet negotiations.

    rlogin and rsh

    The Kerberos rlogin and rsh clients behave much the same as their non-Kerberized equivalents. Because of this, it is recommended that if they are required to be included in the network files such as /etc/hosts.equiv and .rhosts that the root users directory be removed. The Kerberized versions have the added benefit of using Kerberos protocol for authentication and can also use Kerberos to protect the privacy of the session using encryption.

    Similar to telnet described previously, the rlogin and rsh clients use a session key after the service ticket which it was derived from has expired. Thus, for maximum security, rlogin and rsh sessions should be re-initialized periodically. rlogin uses the -f, -F, and -x options in the same fashion as the telnet client. The /etc/krb5/krb5.conf file supports the following rlogin options: forward, forwardable, and encrypt.

    Command-line options override configuration file settings. For example, if the rsh section in the krb5.conf file indicates encrypt false, but the -x option is used on the command line, an encrypted session is used.

    rcp

    Kerberized rcp can be used to transfer files securely between systems using Kerberos authentication and encryption (with the -x command-line option). It does not prompt for passwords, the user must already have a valid TGT before using rcp if they wish to use the encryption feature. However, beware if the -x option is not used and no local credentials are available, the rcp session will revert to the standard, non-Kerberized (and insecure) rcp behavior. It is highly recommended that users always use the -x option when using the Kerberized rcp client.The /etc/krb5/krb5.conf file supports the encrypt [true/false] option.

    login

    The Kerberos login program (login.krb5) is forked from a successful authentication by the Kerberized telnet daemon or the Kerberized rlogin daemon. This Kerberos login daemon is separate from the standard Solaris OE login daemon and thus, the standard Solaris OE features such as BSM auditing are not yet supported when using this daemon. The /etc/krb5/krb5.conf file supports the krb5_get_tickets [true/false] option. If this option is set to true, then the login program will generate a new Kerberos ticket (TGT) for the user upon proper authentication.

    ftp

    The Sun Enterprise Authentication Mechanism (SEAM) version of the ftp client uses the GSSAPI (RFC 2743) with Kerberos v5 as the default mechanism. This means that it uses Kerberos authentication and (optionally) encryption through the Kerberos v5 GSS mechanism. The only Kerberos-related command-line options are -f and -m. The -f option is the same as described above for telnet (there is no need for a -F option). -m allows the user to specify an alternative GSS mechanism if so desired, the default is to use the kerberos_v5 mechanism.

    The protection level used for the data transfer can be set using the protect command at the ftp prompt. Sun Enterprise Authentication Mechanism software ftp supports the following protection levels:

  • Clear unprotected, unencrypted transmission

  • Safe data is integrity protected using cryptographic checksums

  • Private data is transmitted with confidentiality and integrity using encryption

  • It is recommended that users set the protection level to private for all data transfers. The ftp client program does not support or reference the krb5.conf file to find any optional parameters. All ftp client options are passed on the command line. See the man page for the Kerberized ftp client, ftp(1).

    In summary, adding Kerberos to a network can increase the overall security available to the users and administrators of that network. Remote sessions can be securely authenticated and encrypted, and shared disks can be secured and encrypted across the network. In addition, Kerberos allows the database of user and service principals to be managed securely from any machine which supports the SEAM software Kerberos protocol. SEAM is interoperable with other RFC 1510 compliant Kerberos implementations such as MIT Krb5 and some MS Windows 2000 Active Directory services. Adopting the practices recommended in this section further secure the SEAM software infrastructure to help ensure a safer network environment.

    Implementing the Sun ONE Directory Server 5.2 Software and the GSSAPI Mechanism

    This section provides a high-level overview, followed by the in-depth procedures that describe the setup necessary to implement the GSSAPI mechanism and the Sun ONE Directory Server 5.2 software. This implementation assumes a realm of EXAMPLE.COM for this purpose. The following list gives an initial high-level overview of the steps required, with the next section providing the detailed information.

  • Setup DNS on the client machine. This is an important step because Kerberos requires DNS.

  • Install and configure the Sun ONE Directory Server version 5.2 software.

  • Check that the directory server and client both have the SASL plug-ins installed.

  • Install and configure Kerberos v5.

  • Edit the /etc/krb5/krb5.conf file.

  • Edit the /etc/krb5/kdc.conf file.

  • Edit the /etc/krb5/kadm5.acl file.

  • Move the kerberos_v5 line so it is the first line in the /etc/gss/mech file.

  • Create new principals using kadmin.local, which is an interactive commandline interface to the Kerberos v5 administration system.

  • Modify the rights for /etc/krb5/krb5.keytab. This access is necessary for the Sun ONE Directory Server 5.2 software.

  • Run /usr/sbin/kinit.

  • Check that you have a ticket with /usr/bin/klist.

  • Perform an ldapsearch, using the ldapsearch command-line tool from the Sun ONE Directory Server 5.2 software to test and verify.

  • The sections that follow fill in the details.

    Configuring a DNS Client

    To be a DNS client, a machine must run the resolver. The resolver is neither a daemon nor a single program. It is a set of dynamic library routines used by applications that need to know machine names. The resolver’s function is to resolve users’ queries. To do that, it queries a name server, which then returns either the requested information or a referral to another server. Once the resolver is configured, a machine can request DNS service from a name server.

    The following example shows you how to configure the resolv.conf(4) file in the server kdc1 in the example.com domain.

    ; ; /etc/resolv.conf file for dnsmaster ; domain example.com nameserver 192.168.0.0 nameserver 192.168.0.1

    The first line of the /etc/resolv.conf file lists the domain name in the form:

    domain domainname

    No spaces or tabs are permitted at the end of the domain name. Make sure that you press return immediately after the last character of the domain name.

    The second line identifies the server itself in the form:

    nameserver IP_address

    Succeeding lines list the IP addresses of one or two slave or cache-only name servers that the resolver should consult to resolve queries. Name server entries have the form:

    nameserver IP_address

    IP_address is the IP address of a slave or cache-only DNS name server. The resolver queries these name servers in the order they are listed until it obtains the information it needs.

    For more detailed information of what the resolv.conf file does, refer to the resolv.conf(4) man page.

    To Configure Kerberos v5 (Master KDC)

    In the this procedure, the following configuration parameters are used:

  • Realm name = EXAMPLE.COM

  • DNS domain name = example.com

  • Master KDC = kdc1.example.com

  • admin principal = lucy/admin

  • Online help URL = http://example:8888/ab2/coll.384.1/SEAM/@AB2PageView/6956

  • This procedure requires that DNS is running.

    Before you begin this configuration process, make a backup of the /etc/krb5 files.

  • Become superuser on the master KDC. (kdc1, in this example)

  • Edit the Kerberos configuration file (krb5.conf).

    You need to change the realm names and the names of the servers. See the krb5.conf(4) man page for a full description of this file.

    kdc1 # more /etc/krb5/krb5.conf [libdefaults] default_realm = EXAMPLE.COM [realms] EXAMPLE.COM = { kdc = kdc1.example.com admin server = kdc1.example.com } [domain_realm] .example.com = EXAMPLE.COM [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log [appdefaults] gkadmin = { help_url = http://example:8888/ab2/coll.384.1/SEAM/@AB2PageView/6956 }

    In this example, the lines for domain_realm, kdc, admin_server, and all domain_realm entries were changed. In addition, the line with ___slave_kdcs___ in the [realms] section was deleted and the line that defines the help_url was edited.

  • Edit the KDC configuration file (kdc.conf).

    You must change the realm name. See the kdc.conf( 4) man page for a full description of this file.

    kdc1 # more /etc/krb5/kdc.conf [kdcdefaults] kdc_ports = 88,750 [realms] EXAMPLE.COM= { profile = /etc/krb5/krb5.conf database_name = /var/krb5/principal admin_keytab = /etc/krb5/kadm5.keytab acl_file = /etc/krb5/kadm5.acl kadmind_port = 749 max_life = 8h 0m 0s max_renewable_life = 7d 0h 0m 0s Need moving ---------> default_principal_flags = +preauth }

    In this example, only the realm name definition in the [realms] section is changed.

  • Create the KDC database by using the kdb5_util command.

    The kdb5_util command, which is located in /usr/sbin, creates the KDC database. When used with the -s option, this command creates a stash file that is used to authenticate the KDC to itself before the kadmind and krb5kdc daemons are started.

    kdc1 # /usr/sbin/kdb5_util create -r EXAMPLE.COM -s Initializing database '/var/krb5/principal' for realm 'EXAMPLE.COM' master key name 'K/M@EXAMPLE.COM' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: key Re-enter KDC database master key to verify: key

    The -r option followed by the realm name is not required if the realm name is equivalent to the domain name in the server’s name space.

  • Edit the Kerberos access control list file (kadm5.acl).

    Once populated, the /etc/krb5/kadm5.acl file contains all principal names that are allowed to administer the KDC. The first entry that is added might look similar to the following:

    lucy/admin@EXAMPLE.COM *

    This entry gives the lucy/admin principal in the EXAMPLE.COM realm the ability to modify principals or policies in the KDC. The default installation includes an asterisk (*) to match all admin principals. This default could be a security risk, so it is more secure to include a list of all of the admin principals. See the kadm5.acl(4) man page for more information.

  • Edit the /etc/gss/mech file.

    The /etc/gss/mech file contains the GSSAPI based security mechanism names, its object identifier (OID), and a shared library that implements the services for that mechanism under the GSSAPI. Change the following from:

    # Mechanism Name Object Identifier Shared Library Kernel Module # diffie_hellman_640_0 1.3.6.4.1.42.2.26.2.4 dh640-0.so.1 diffie_hellman_1024_0 1.3.6.4.1.42.2.26.2.5 dh1024-0.so.1 kerberos_v5 1.2.840.113554.1.2.2 gl/mech_krb5.so gl_kmech_krb5

    To the following:

    # Mechanism Name Object Identifier Shared Library Kernel Module # kerberos_v5 1.2.840.113554.1.2.2 gl/mech_krb5.so gl_kmech_krb5 diffie_hellman_640_0 1.3.6.4.1.42.2.26.2.4 dh640-0.so.1 diffie_hellman_1024_0 1.3.6.4.1.42.2.26.2.5 dh1024-0.so.1
  • Run the kadmin.local command to create principals.

    You can add as many admin principals as you need. But you must add at least one admin principal to complete the KDC configuration process. In the following example, lucy/admin is added as the principal.

    kdc1 # /usr/sbin/kadmin.local kadmin.local: addprinc lucy/admin Enter password for principal "lucy/admin@EXAMPLE.COM": Re-enter password for principal "lucy/admin@EXAMPLE.COM": Principal "lucy/admin@EXAMPLE.COM" created. kadmin.local:
  • Create a keytab file for the kadmind service.

    The following command sequence creates a special keytab file with principal entries for lucy and tom. These principals are needed for the kadmind service. In addition, you can optionally add NFS service principals, host principals, LDAP principals, and so on.

    When the principal instance is a host name, the fully qualified domain name (FQDN) must be entered in lowercase letters, regardless of the case of the domain name in the /etc/resolv.conf file.

    kadmin.local: ktadd -k /etc/krb5/kadm5.keytab kadmin/kdc1.example.com Entry for principal kadmin/kdc1.example.com with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/kadm5.keytab. kadmin.local: ktadd -k /etc/krb5/kadm5.keytab changepw/kdc1.example.com Entry for principal changepw/kdc1.example.com with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/kadm5.keytab. kadmin.local:

    Once you have added all of the required principals, you can exit from kadmin.local as follows:

    kadmin.local: quit
  • Start the Kerberos daemons as shown:

    kdc1 # /etc/init.d/kdc start kdc1 # /etc/init.d/kdc.master start

    Note

    You stop the Kerberos daemons by running the following commands:

    kdc1 # /etc/init.d/kdc stop kdc1 # /etc/init.d/kdc.master stop
  • Add principals by using the SEAM Administration Tool.

    To do this, you must log on with one of the admin principal names that you created earlier in this procedure. However, the following command-line example is shown for simplicity.

    kdc1 # /usr/sbin/kadmin -p lucy/admin Enter password: kws_admin_password kadmin:
  • Create the master KDC host principal which is used by Kerberized applications such as klist and kprop.

    kadmin: addprinc -randkey host/kdc1.example.com Principal "host/kdc1.example.com@EXAMPLE.COM" created. kadmin:
  • (Optional) Create the master KDC root principal which is used for authenticated NFS mounting.

    kadmin: addprinc root/kdc1.example.com Enter password for principal root/kdc1.example.com@EXAMPLE.COM: password Re-enter password for principal root/kdc1.example.com@EXAMPLE.COM: password Principal "root/kdc1.example.com@EXAMPLE.COM" created. kadmin:
  • Add the master KDC’s host principal to the master KDC’s keytab file which allows this principal to be used automatically.

    kadmin: ktadd host/kdc1.example.com kadmin: Entry for principal host/kdc1.example.com with ->kvno 3, encryption type DES-CBC-CRC added to keytab ->WRFILE:/etc/krb5/krb5.keytab kadmin:

    Once you have added all of the required principals, you can exit from kadmin as follows:

    kadmin: quit
  • Run the kinit command to obtain and cache an initial ticket-granting ticket (credential) for the principal.

    This ticket is used for authentication by the Kerberos v5 system. kinit only needs to be run by the client at this time. If the Sun ONE directory server were a Kerberos client also, this step would need to be done for the server. However, you may want to use this to verify that Kerberos is up and running.

    kdclient # /usr/bin/kinit root/kdclient.example.com Password for root/kdclient.example.com@EXAMPLE.COM: passwd
  • Check and verify that you have a ticket with the klist command.

    The klist command reports if there is a keytab file and displays the principals. If the results show that there is no keytab file or that there is no NFS service principal, you need to verify the completion of all of the previous steps.

    # klist -k Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal ---- ------------------------------------------------------------------ 3 nfs/host.example.com@EXAMPLE.COM

    The example given here assumes a single domain. The KDC may reside on the same machine as the Sun ONE directory server for testing purposes, but there are security considerations to take into account on where the KDCs reside.

  • With regards to the configuration of Kerberos v5 in conjunction with the Sun ONE Directory Server 5.2 software, you are finished with the Kerberos v5 part. It’s now time to look at what is required to be configured on the Sun ONE directory server side.

    Sun ONE Directory Server 5.2 GSSAPI Configuration

    As previously discussed, the Generic Security Services Application Program Interface (GSSAPI), is standard interface that enables you to use a security mechanism such as Kerberos v5 to authenticate clients. The server uses the GSSAPI to actually validate the identity of a particular user. Once this user is validated, it’s up to the SASL mechanism to apply the GSSAPI mapping rules to obtain a DN that is the bind DN for all operations during the connection.

    The first item discussed is the new identity mapping functionality.

    The identity mapping service is required to map the credentials of another protocol, such as SASL DIGEST-MD5 and GSSAPI to a DN in the directory server. As you will see in the following example, the identity mapping feature uses the entries in the cn=identity mapping, cn=config configuration branch, whereby each protocol is defined and whereby each protocol must perform the identity mapping. For more information on the identity mapping feature, refer to the Sun ONE Directory Server 5.2 Documents.

    To Perform the GSSAPI Configuration for the Sun ONE Directory Server Software
  • Check and verify, by retrieving the rootDSE entry, that the GSSAPI is returned as one of the supported SASL Mechanisms.

    Example of using ldapsearch to retrieve the rootDSE and get the supported SASL mechanisms:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -b "" -s base "(objectclass=*)" supportedSASLMechanisms supportedSASLMechanisms=EXTERNAL supportedSASLMechanisms=GSSAPI supportedSASLMechanisms=DIGEST-MD5
  • Verify that the GSSAPI mechanism is enabled.

    By default, the GSSAPI mechanism is enabled.

    Example of using ldapsearch to verify that the GSSAPI SASL mechanism is enabled:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -D"cn=Directory Manager" -w password -b "cn=SASL, cn=security,cn= config" "(objectclass=*)" # # Should return # cn=SASL, cn=security, cn=config objectClass=top objectClass=nsContainer objectClass=dsSaslConfig cn=SASL dsSaslPluginsPath=/var/Sun/mps/lib/sasl dsSaslPluginsEnable=DIGEST-MD5 dsSaslPluginsEnable=GSSAPI
  • Create and add the GSSAPI identity-mapping.ldif.

    Add the LDIF shown below to the Sun ONE Directory Server so that it contains the correct suffix for your directory server.

    You need to do this because by default, no GSSAPI mappings are defined in the Sun ONE Directory Server 5.2 software.

    Example of a GSSAPI identity mapping LDIF file:

    # dn: cn=GSSAPI,cn=identity mapping,cn=config objectclass: nsContainer objectclass: top cn: GSSAPI dn: cn=default,cn=GSSAPI,cn=identity mapping,cn=config objectclass: dsIdentityMapping objectclass: nsContainer objectclass: top cn: default dsMappedDN: uid=${Principal},ou=people,dc=example,dc=com dn: cn=same_realm,cn=GSSAPI,cn=identity mapping,cn=config objectclass: dsIdentityMapping objectclass: dsPatternMatching objectclass: nsContainer objectclass: top cn: same_realm dsMatching-pattern: ${Principal} dsMatching-regexp: (.*)@example.com dsMappedDN: uid=$1,ou=people,dc=example,dc=com

    It is important to make use of the ${Principal} variable, because it is the only input you have from SASL in the case of GSSAPI. Either you need to build a dn using the ${Principal} variable or you need to perform pattern matching to see if you can apply a particular mapping. A principal corresponds to the identity of a user in Kerberos.

    You can find an example GSSAPI LDIF mappings files in ServerRoot/slapdserver/ldif/identityMapping_Examples.ldif.

    The following is an example using ldapmodify to do this:

    $./ldapmodify -a -c -h directoryserver_hostname -p ldap_port -D "cn=Directory Manager" -w password -f identity-mapping.ldif -e /var/tmp/ldif.rejects 2> /var/tmp/ldapmodify.log
  • Perform a test using ldapsearch.

    To perform this test, type the following ldapsearch command as shown below, and answer the prompt with the kinit value you previously defined.

    Example of using ldapsearch to test the GSSAPI mechanism:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -o mech=GSSAPI -o authzid="root/hostname.domainname@EXAMPLE.COM" -b "" -s base "(objectclass=*)"

    The output that is returned should be the same as without the -o option.

    If you do not use the -h hostname option, the GSS code ends up looking for a localhost.domainname Kerberos ticket, and an error occurs.



  • Direct Download of over 5500 Certification Exams

    3COM [8 Certification Exam(s) ]
    AccessData [1 Certification Exam(s) ]
    ACFE [1 Certification Exam(s) ]
    ACI [3 Certification Exam(s) ]
    Acme-Packet [1 Certification Exam(s) ]
    ACSM [4 Certification Exam(s) ]
    ACT [1 Certification Exam(s) ]
    Admission-Tests [13 Certification Exam(s) ]
    ADOBE [93 Certification Exam(s) ]
    AFP [1 Certification Exam(s) ]
    AICPA [2 Certification Exam(s) ]
    AIIM [1 Certification Exam(s) ]
    Alcatel-Lucent [13 Certification Exam(s) ]
    Alfresco [1 Certification Exam(s) ]
    Altiris [3 Certification Exam(s) ]
    Amazon [2 Certification Exam(s) ]
    American-College [2 Certification Exam(s) ]
    Android [4 Certification Exam(s) ]
    APA [1 Certification Exam(s) ]
    APC [2 Certification Exam(s) ]
    APICS [2 Certification Exam(s) ]
    Apple [69 Certification Exam(s) ]
    AppSense [1 Certification Exam(s) ]
    APTUSC [1 Certification Exam(s) ]
    Arizona-Education [1 Certification Exam(s) ]
    ARM [1 Certification Exam(s) ]
    Aruba [6 Certification Exam(s) ]
    ASIS [2 Certification Exam(s) ]
    ASQ [3 Certification Exam(s) ]
    ASTQB [8 Certification Exam(s) ]
    Autodesk [2 Certification Exam(s) ]
    Avaya [96 Certification Exam(s) ]
    AXELOS [1 Certification Exam(s) ]
    Axis [1 Certification Exam(s) ]
    Banking [1 Certification Exam(s) ]
    BEA [5 Certification Exam(s) ]
    BICSI [2 Certification Exam(s) ]
    BlackBerry [17 Certification Exam(s) ]
    BlueCoat [2 Certification Exam(s) ]
    Brocade [4 Certification Exam(s) ]
    Business-Objects [11 Certification Exam(s) ]
    Business-Tests [4 Certification Exam(s) ]
    CA-Technologies [21 Certification Exam(s) ]
    Certification-Board [10 Certification Exam(s) ]
    Certiport [3 Certification Exam(s) ]
    CheckPoint [41 Certification Exam(s) ]
    CIDQ [1 Certification Exam(s) ]
    CIPS [4 Certification Exam(s) ]
    Cisco [318 Certification Exam(s) ]
    Citrix [48 Certification Exam(s) ]
    CIW [18 Certification Exam(s) ]
    Cloudera [10 Certification Exam(s) ]
    Cognos [19 Certification Exam(s) ]
    College-Board [2 Certification Exam(s) ]
    CompTIA [76 Certification Exam(s) ]
    ComputerAssociates [6 Certification Exam(s) ]
    Consultant [2 Certification Exam(s) ]
    Counselor [4 Certification Exam(s) ]
    CPP-Institue [2 Certification Exam(s) ]
    CPP-Institute [1 Certification Exam(s) ]
    CSP [1 Certification Exam(s) ]
    CWNA [1 Certification Exam(s) ]
    CWNP [13 Certification Exam(s) ]
    Dassault [2 Certification Exam(s) ]
    DELL [9 Certification Exam(s) ]
    DMI [1 Certification Exam(s) ]
    DRI [1 Certification Exam(s) ]
    ECCouncil [21 Certification Exam(s) ]
    ECDL [1 Certification Exam(s) ]
    EMC [129 Certification Exam(s) ]
    Enterasys [13 Certification Exam(s) ]
    Ericsson [5 Certification Exam(s) ]
    ESPA [1 Certification Exam(s) ]
    Esri [2 Certification Exam(s) ]
    ExamExpress [15 Certification Exam(s) ]
    Exin [40 Certification Exam(s) ]
    ExtremeNetworks [3 Certification Exam(s) ]
    F5-Networks [20 Certification Exam(s) ]
    FCTC [2 Certification Exam(s) ]
    Filemaker [9 Certification Exam(s) ]
    Financial [36 Certification Exam(s) ]
    Food [4 Certification Exam(s) ]
    Fortinet [13 Certification Exam(s) ]
    Foundry [6 Certification Exam(s) ]
    FSMTB [1 Certification Exam(s) ]
    Fujitsu [2 Certification Exam(s) ]
    GAQM [9 Certification Exam(s) ]
    Genesys [4 Certification Exam(s) ]
    GIAC [15 Certification Exam(s) ]
    Google [4 Certification Exam(s) ]
    GuidanceSoftware [2 Certification Exam(s) ]
    H3C [1 Certification Exam(s) ]
    HDI [9 Certification Exam(s) ]
    Healthcare [3 Certification Exam(s) ]
    HIPAA [2 Certification Exam(s) ]
    Hitachi [30 Certification Exam(s) ]
    Hortonworks [4 Certification Exam(s) ]
    Hospitality [2 Certification Exam(s) ]
    HP [750 Certification Exam(s) ]
    HR [4 Certification Exam(s) ]
    HRCI [1 Certification Exam(s) ]
    Huawei [21 Certification Exam(s) ]
    Hyperion [10 Certification Exam(s) ]
    IAAP [1 Certification Exam(s) ]
    IAHCSMM [1 Certification Exam(s) ]
    IBM [1532 Certification Exam(s) ]
    IBQH [1 Certification Exam(s) ]
    ICAI [1 Certification Exam(s) ]
    ICDL [6 Certification Exam(s) ]
    IEEE [1 Certification Exam(s) ]
    IELTS [1 Certification Exam(s) ]
    IFPUG [1 Certification Exam(s) ]
    IIA [3 Certification Exam(s) ]
    IIBA [2 Certification Exam(s) ]
    IISFA [1 Certification Exam(s) ]
    Intel [2 Certification Exam(s) ]
    IQN [1 Certification Exam(s) ]
    IRS [1 Certification Exam(s) ]
    ISA [1 Certification Exam(s) ]
    ISACA [4 Certification Exam(s) ]
    ISC2 [6 Certification Exam(s) ]
    ISEB [24 Certification Exam(s) ]
    Isilon [4 Certification Exam(s) ]
    ISM [6 Certification Exam(s) ]
    iSQI [7 Certification Exam(s) ]
    ITEC [1 Certification Exam(s) ]
    Juniper [64 Certification Exam(s) ]
    LEED [1 Certification Exam(s) ]
    Legato [5 Certification Exam(s) ]
    Liferay [1 Certification Exam(s) ]
    Logical-Operations [1 Certification Exam(s) ]
    Lotus [66 Certification Exam(s) ]
    LPI [24 Certification Exam(s) ]
    LSI [3 Certification Exam(s) ]
    Magento [3 Certification Exam(s) ]
    Maintenance [2 Certification Exam(s) ]
    McAfee [8 Certification Exam(s) ]
    McData [3 Certification Exam(s) ]
    Medical [69 Certification Exam(s) ]
    Microsoft [374 Certification Exam(s) ]
    Mile2 [3 Certification Exam(s) ]
    Military [1 Certification Exam(s) ]
    Misc [1 Certification Exam(s) ]
    Motorola [7 Certification Exam(s) ]
    mySQL [4 Certification Exam(s) ]
    NBSTSA [1 Certification Exam(s) ]
    NCEES [2 Certification Exam(s) ]
    NCIDQ [1 Certification Exam(s) ]
    NCLEX [2 Certification Exam(s) ]
    Network-General [12 Certification Exam(s) ]
    NetworkAppliance [39 Certification Exam(s) ]
    NI [1 Certification Exam(s) ]
    NIELIT [1 Certification Exam(s) ]
    Nokia [6 Certification Exam(s) ]
    Nortel [130 Certification Exam(s) ]
    Novell [37 Certification Exam(s) ]
    OMG [10 Certification Exam(s) ]
    Oracle [279 Certification Exam(s) ]
    P&C [2 Certification Exam(s) ]
    Palo-Alto [4 Certification Exam(s) ]
    PARCC [1 Certification Exam(s) ]
    PayPal [1 Certification Exam(s) ]
    Pegasystems [12 Certification Exam(s) ]
    PEOPLECERT [4 Certification Exam(s) ]
    PMI [15 Certification Exam(s) ]
    Polycom [2 Certification Exam(s) ]
    PostgreSQL-CE [1 Certification Exam(s) ]
    Prince2 [6 Certification Exam(s) ]
    PRMIA [1 Certification Exam(s) ]
    PsychCorp [1 Certification Exam(s) ]
    PTCB [2 Certification Exam(s) ]
    QAI [1 Certification Exam(s) ]
    QlikView [1 Certification Exam(s) ]
    Quality-Assurance [7 Certification Exam(s) ]
    RACC [1 Certification Exam(s) ]
    Real-Estate [1 Certification Exam(s) ]
    RedHat [8 Certification Exam(s) ]
    RES [5 Certification Exam(s) ]
    Riverbed [8 Certification Exam(s) ]
    RSA [15 Certification Exam(s) ]
    Sair [8 Certification Exam(s) ]
    Salesforce [5 Certification Exam(s) ]
    SANS [1 Certification Exam(s) ]
    SAP [98 Certification Exam(s) ]
    SASInstitute [15 Certification Exam(s) ]
    SAT [1 Certification Exam(s) ]
    SCO [10 Certification Exam(s) ]
    SCP [6 Certification Exam(s) ]
    SDI [3 Certification Exam(s) ]
    See-Beyond [1 Certification Exam(s) ]
    Siemens [1 Certification Exam(s) ]
    Snia [7 Certification Exam(s) ]
    SOA [15 Certification Exam(s) ]
    Social-Work-Board [4 Certification Exam(s) ]
    SpringSource [1 Certification Exam(s) ]
    SUN [63 Certification Exam(s) ]
    SUSE [1 Certification Exam(s) ]
    Sybase [17 Certification Exam(s) ]
    Symantec [134 Certification Exam(s) ]
    Teacher-Certification [4 Certification Exam(s) ]
    The-Open-Group [8 Certification Exam(s) ]
    TIA [3 Certification Exam(s) ]
    Tibco [18 Certification Exam(s) ]
    Trainers [3 Certification Exam(s) ]
    Trend [1 Certification Exam(s) ]
    TruSecure [1 Certification Exam(s) ]
    USMLE [1 Certification Exam(s) ]
    VCE [6 Certification Exam(s) ]
    Veeam [2 Certification Exam(s) ]
    Veritas [33 Certification Exam(s) ]
    Vmware [58 Certification Exam(s) ]
    Wonderlic [2 Certification Exam(s) ]
    Worldatwork [2 Certification Exam(s) ]
    XML-Master [3 Certification Exam(s) ]
    Zend [6 Certification Exam(s) ]





    References :


    Dropmark : http://killexams.dropmark.com/367904/11734407
    Wordpress : http://wp.me/p7SJ6L-1kG
    Issu : https://issuu.com/trutrainers/docs/hp0-m50
    Dropmark-Text : http://killexams.dropmark.com/367904/12296110
    Blogspot : http://killexamsbraindump.blogspot.com/2017/11/kill-your-hp0-m50-exam-at-first-attempt.html
    RSS Feed : http://feeds.feedburner.com/Pass4sureHp0-m50RealQuestionBank
    Box.net : https://app.box.com/s/7rafielkzc9itp227ofx0x86t1ve8c1y
    publitas.com : https://view.publitas.com/trutrainers-inc/once-you-memorize-these-hp0-m50-q-a-you-will-get-100-marks
    zoho.com : https://docs.zoho.com/file/60eu6ce309936aa5a4720919b6235262de64c






    View Complete PDF »

    We Make Sure Q&A work for you!

    See Entry Test Preparation   |   Project Management, English Tests Home

    Pass4sure PDFs (Pass4sure Questions and Answers), Viewable at all devices like PC Windows (all versions), Linux (All versions), Mac / iOS (iPhone/iPad and all other devices), Android (All versions). It support High Quality Printable book format. You can print and carry anywhere with you, as you like.

    Testing and Training Engine Software (Pass4sure Exam Simulator) Compatible with All Windows PC (Windows 10/9/8/7/Vista/XP/2000/98 etc). Mac (Through Wine, Virtual Windows PC, Dual boot). It prepares your test for all the topics of exam, gives you exam tips and tricks by asking tricky questions, uses latest practice quiz to train you for the real test taking experience in learning mode as well as real test mode. Provides performance graphs and training history etc.

    View Complete Article »

    More Useful Links about HP0-M50

    Certification Vendors Here   |   View Exams, Latest Home

    Information Links



    References:


    HP0-M50 brain dump | HP0-M50 bootcamp | HP0-M50 real questions | HP0-M50 practical test | HP0-M50 practice questions | HP0-M50 test prep | HP0-M50 study material | HP0-M50 exam prep | HP0-M50 study guide | HP0-M50 online exam | HP0-M50 training material | HP0-M50 mock test | HP0-M50 mock exam | HP0-M50 free practice tests | HP0-M50 free test | HP0-M50 test answers | HP0-M50 online test | HP0-M50 test questions | HP0-M50 exam questions | HP0-M50 exam papers | HP0-M50 assessment test sample | HP0-M50 reading practice test | HP0-M50 practice test | HP0-M50 test questions | HP0-M50 exam prep | HP0-M50 online exam | HP0-M50 free prep | HP0-M50 exam answers | HP0-M50 sample test questions | HP0-M50 test exam | HP0-M50 exam results | HP0-M50 free exam papers | HP0-M50 exam dumps | HP0-M50 past bar exams | HP0-M50 exam preparation | HP0-M50 free online test | HP0-M50 practice exam | HP0-M50 test questions and answers | HP0-M50 exam test | HP0-M50 test sample | HP0-M50 sample test | HP0-M50 test practice | HP0-M50 free test online | HP0-M50 question test | HP0-M50 model question | HP0-M50 exam tips | HP0-M50 certification sample | HP0-M50 pass exam | HP0-M50 prep questions | HP0-M50 entrance exam | HP0-M50 essay questions | HP0-M50 sample questions | HP0-M50 study questions | HP0-M50 mock questions | HP0-M50 test example | HP0-M50 past exams | HP0-M50 quest bars

    Download Free PDF »

    Services Overview

    We provide Pass4sure Questions and Answers and exam simulators for the candidates to prepare their exam and pass at first attempt.

    Contact Us

    As a team are working hard to provide the candidates best study material with proper guideline to face the real exam.

    Address: 15th floor, 7# building 16 Xi Si Huan.
    Telephone: +86 10 88227272
    FAX: +86 10 68179899
    Others: +301 - 0125 - 01258
    E-mail: info@Killexams.com



       

       

     

     



    .
     

      .