I have seen that AAD login can be enabled at the time VM creation -- when we do this, I noticed that it adds an extension someething like 'AADLoginForLinux'. But for the VMs for which we don't specify AAD login at the time of creation, how do we enable it? Can we go to the extension blade and just search for 'AADLoginForLinux' extension and install it (if available for the selected OS) ? Will that make AAD login work for the VM?
Of course, it's possible to install VM extension for the existing VM which does not enable the AAD login in the creation time.
For Linux, you can see all the support distributions and regions here currently. Not long below, you also can find the steps that how to install the VM extension for the existing Linux VM.
For Windows, you can find the steps here. But it seems only the Windows Server 2019 Datacenter and the Windows 10 1809 and later are supported currently. See more details here.
Related
Is it possible to develop a basic client/server Forms app (suppose I could develop the server side as a service, but would rather not) that can prove that a user account within a 2012 R2 Active Directory domain can authenticate with an application residing on a server on a trusted 2003 domain, using NTLM? If so, what specifically within my application would I need to do to force such a behaviour?
The detail:
I am responsible for performing an upgrade of Active Directory from 2003 to 2012 R2 (raising of the Forest and Domain Functional Level). There is a legacy application which does not support Kerberos authentication and a lot of doubt that this mission critical application will still work after the domain upgrade. To complicate the matter, the user accounts are in the domain to be upgraded and the application backend is hosted on a trusted domain that will not be upgraded.
I am required to first of all test the process and outcome within a test lab (replica of the live environment). I am unable to replicate the application as it is to big and complicated to do so. One of the tests I need to satisfy is to verify that a user can be authenticated by a trusted domain using NTLM (not Kerberos).
It turns out that you can use the age old DOS "NET USE" command to verify NTLM authentication. "NET" only uses NTLM :)
I have installed IBM Rational Application Developer version 9.1 from the installation media. The media launches and installs the IBM Installation manager and I've selected the RAD 9.1 package for install. Among the options, I've requested that the "WebSphere Application Server v8.5" be installed, as well as the "WebSphere Portal Server v8.5" and all the options underneath.
Once I launch RAD, I go to the server tab (as instructed by the IBM Portal Developer course) and attempt to create a new WebSphere Portal server. The server wizard wants to know where the installation directory of the server runtimes are located for both WAS 8.5 and Portal 8.5.
For WAS this is simple, I point to the profile "AppSrv01" at the following location:
C:\Program Files\IBM\SDP\runtimes\base_v85_stub\profiles\AppSrv01
For the Portal Server, I assume there would be a default profile created, but there is not. There are several directories inside the stub directory, but no profiles. The best I can do is provide the following location:
C:\Program Files\IBM\SDP\runtimes\portal_v85_stub
Seems straightforward right? It complains of the following problem:
The Portal Server installation directory is not correct
Am I missing something here? Are there fix packs I need? Is the portal server runtime included with RAD 9.1 not enough to create and use a local portal server? DO I need to simply create a profile and if so where is the tool needed to do so? (I really really wish someone from IBM would explain this to me and how I am supposed to be indicated to the correct course of action)
IBM is, as usual, being very straightforward and easy to use/understand. Does anyone have any ideas about how I am supposed to proceed? The IBM Developer course that was bought and paid for assumes this step already and before you suggest it, yes I've already sent and am awaiting a response from the organization I am taking the course from.
Not sure I'm getting your description right. From what I can see, you installed RAD using IM from a media. Also, you selected WebSphere Application Server development tools and all underneath it as well as WebSphere Portal development tools.
These development tools options are stubs only, not the actual servers. With this I mean that they're useful for development and compiling purposes only, but not for deployment and testing because they are not the actual servers.
Here is the part that I don't understand. In the media that has IM and RAD, does it also have WebSphere Application Server and Portal Server available for installation? If not, then you need to get them and install them and then your can create the servers pointing to the install location of both servers in RAD. Once you do this, you can use RAD to create the profiles.
Hope this helps.
A few things, Install portal by itself and DO NOT install to a C:\Program Files make it something short like c:\IBM\WebSphere
it sounds like only portal stub got installed, did you have the portal media available as well.
If you install it using the same installation manager, RAD will be able to find it
I am unable to add Websphere Portal 8.5 CF07 installation as a runtime in Rational Application developer 9.1.1 client.
Selecting my 8.5 installation without any fixpacks works as expected.
For 8.5CF07 the runtime dialog gives no errors, but the finish button stays grayed out.
Both installations 8.5 and 8.5CF07 are installed on my local machine on the same drive.
Any idea how to solve or debug this issue? Do I need another server adapter? If so, where can I download newer adapters? I have checked the Eclipse Market place and several IBM Repositories.
I am using Windows 10 as OS.
Did you installed the Portal server adapters when installing RAD? did you installed RAD via Installation Manager? if so, launch IM and modify your installation to include the Portal adapters.
Can you please share the location of your Portal 8.5 CF07 directories (PortalServer and AppServer)?
Typically (you probably already know this) CF is installed on top of an existing Portal installation. Make sure that while defining a new server, you provide the correct path to the PortalServer directory in the WebSphere Portal location field and also the correct path to the underlying WAS server in the WebSphere Application Server location field.
See the image here http://i.stack.imgur.com/hoOHC.png
Also, you can try to restart RAD with a new workspace. RAD should automatically detect the Portal Servers.
Thanks,
Gaurav
A reinstall of the portal server, with the default was profile folder name: "wp_profile", solved the issue. In previous installs we used "WPProfile" as folder name.
I have created an application which is an window service which has to run under context of domain administrator account and take some server settings etc stuff.
Now I need to install it on client machine, obviously I can not do it using normal deployment project MSI because it involved custom dialog and user input while installation.
How can I do this?
Now Is there any 3rd party framework which really allow me to create custom dialog and write code which will execute at runtime?
If I have to do it manually? How I will incorporate my custom installer files and my windows server application files into a single MSI.
This is how I want to have my installation process:
Welcome Screen
System Checks
EULA
Server settings as per product licensing, its a radio selection by user.
Server settings based on last selection.
my window server settings which will make a rest call and update server.
accepting domain user account credentials.
Now installations starts.
Redirection to cloud portal with finish message based on selection.
What you need is supported by MSI installers, but mostly by commercial setup tools. The server communication is usually done through built-in support or through custom actions.
Here is a list of setup tools which can get you started: http://en.wikipedia.org/wiki/List_of_installation_software
For example, Advanced Installer has built-in support for server-side license validation and communication.
Pick a setup tool and try to create your installer. You can then ask more specific questions if you encounter any problems.
We have an application, consisting of an MS Access frontend (2007, mdb format), a few .net libraries and an SQL Server (2008) backend. I am working on an installer, which automatically installs the MS Access Runtime, our application, our libraries, SQL Server Express and configures everything.
Clearly, the MS Access application and the libraries (running in a normal, non-admin user context) need access to the SQL Server database. What is the best way to grant access to the application?
This is what I came up with. Unfortunately, all of these seem to have drawbacks:
SQL Server Compact Edition: Does not support views.
Application Roles: This seems to be best practice. However, it requires executing a stored procedure before accessing the database (I cannot pass the app credentials in the connection string). Thus, I cannot use this to attach the SQL Server tables as a linked tables in the Access MDB, which is a requirement of our Access application.
SQL Server User Instance: To quote from MSDN: "This feature will be removed in a future version of Microsoft SQL Server. Avoid using this feature in new development work..."
SQL Authentication: Microsoft says: "When possible, use Windows Authentication."
Using Windows authentication and granting BUILTIN\USERS full access: This is by far the easiest solution, but somehow it "seems wrong" to do that...
The application is targeted at a non-technical audience, so asking the user to configure permissions is not an option.
EDIT: Some clarification: It's a "local" application, i.e., the SQL Server is located on the same machine as the application; SQL Server access from the network is neither necessary nor desired. The software (a regular business application for managing stocks, invoices, etc.) will be available to download for free, so it should run in a variety of environments (domain/non-domain, different operating systems, etc.), and IT knowledge should not be required to install it -- apart from the usual "click on setup.exe, confirm UAC prompt, acknowledge the installation directory, etc.". I expect the most common scenarios to be "Windows XP, local admin user" and "Windows Vista/7, local admin user with UAC enabled". Since we want to follow good practices, running the application should not require "Run as Administrator" in the latter case.
#Heinzi write:
Using Windows authentication and
granting BUILTIN\USERS full access:
This is by far the easiest solution,
but somehow it "seems wrong" to do
that...
The usual approach here is to add a custom user group (e.g., "db-users") and put the users in that group. That way you can control exactly who is allowed access.
How about:
Use an Access ADP project, pre-configured to connect to the locally installed SQL Server instance.
Connect using BuiltIn\Users group (or SQL authentication) but grant only the bare minimum credentials. Enough to logon and ...
Call sp_setappprole to "elevate" the client connection to your defined application role's identity.
If sound like you have only got the tie of the iceberg. When it comes to selling and deploying access SQL applications.
I have take a different route. I have virtual computers as standalone workstation and domain server and workstation all virtual.
I have write a scripts they are a combination of VBA and VBScript.
Ask
Is the DB and App to run on single computer or different computers.
If different computer what is the name of the computer the DB is located on.
Is the DB and App to in a workgroup, homegroup or domain environment
Is the DB computer already have SQL Express or above
Is the App computer already have Access or Access Runtime installed.
If yes which version.
Will all or only limited users have access.
If limited what is the user group name of user to be have access to the data.
Does this group already exist
If No List the Name of the Users that Should Be Added to the Group
Also questions about the Admin Users and Group
The script start the virtual machines and goes through a series of steps to rep the MDB and SQL DB for deployment. Then creates an MSI for the Server Install with include a custom script that sets up the environment. Finally packages MDB in a nice MSI.
I have since enhanced the process to allow some questions to be answered at the beginning of the server installation. This means the user groups and users can be selected from the lists in the workstation or domain depending on prior questions asked.
If user the app user is a member of the Admin Group of the Workstation or Domain. They get extra menu options. That allow them to add or remove members from the DB user group for the workstation or domain. This I find is helpful.
I am now moving to the next stage and looking at hosting my assess app as an SasS (Software as a Service) (Rental). So the app can be use in any HTML5 Browser, Windows or Mac as Virtual Desktop or Android and Apple device. Having said that Access is a bit ugly on mobile devices.
When I am up and running I will make the platform available to others.