General Understanding of Docker & Kubernetes

 General Understanding of Docker and Kubernetes 


Q. What is Docker? 

A. Docker is a containerization platform that packages the application and all its dependencies together in the form of a docker container to ensure that the application works seamlessly in any environment.

Configure Local Firewall on SLES for NAM

Configuring SuSEfirewall2 on SLES 12 for Access Manager


First, create a Firewall Service file that contains the necessary ports to open (the example below assumes the Administration Console and Identity Server run on the same machine - refer to the documentation to adjust as necessary)

> vi /etc/sysconfig/SuSEfirewall2.d/services/netiq-access-manager

ASW2020, ASM & AS1M Dividend 1997 - 2020

Amanah Saham Wawasan 2020, Amanah Saham Malaysia and Amanah Saham 1Malaysia Dividend Rate


Amanah Saham Malaysia (ASM) fund was launched on the 20th of April 2000. ASM is an equity income fund with fixed-price at RM1.00 per unit. The fund is open to all Malaysian including Bumi and non-Bumi. The fund objective is to provide unitholders with a long-term investment opportunity that generates regular and competitive returns through a diversified portfolio of investments


The table below is the historical Amanah Saham Wawasan 2020 (ASW2020), Amanah Saham Malaysia (ASM) and Amanah Saham 1Malaysia (AS1M) Dividend Rate from 1996 to 2020.


Access Manager and Google Chrome v80

Configuring Support for Access Manager on Google Chrome Browser


Google Chrome version 80 onwards introduces a change of how cookies are handled in web browser with the enforcement of SameSite and Secure Cookie configuration. To support this Chrome version with Access Manager, you will need to configure the following options.

Removing Jump Break in Blogger

 How to remove Jump Break in Blogger


After clicking “Read more >>” in a Blogger post, the page reloads and jumps to the line after the jump break. If you want to remove this so that it loads the post normally like before.


Adding Jump Break in Blogger

How to Add Jump Break in Blogger

Jump Break is the out of box feature provided by Blogger to implement the "Read more" links on the blog's index page. Bloggers have been implementing "Read more" link(jump break) manually by editing their HTML which is complicated and error prone process.


With Jump Breaks, we could show just a snippet of our post on our blog's index page(home page) rather than showing the whole post content. Now a days, this is becoming a latest trend.


Why one should use Jump Breaks?


  • Speed up our page load time
  • Visitors see a selection of our posts without the need to scroll
  • Helps us to reduce the bounce rate of our blog - Visitors now have to click on the read more link to view the whole content.
  • Increase our page views

Google Android 11 Go Edition is Available

Android 11 - Launch Apps 20 Percent Faster






Android 11 just launched this week for Pixel devices and phones from OnePlus, Xiaomi, Oppo, and Realme, and now Google has detailed its counterpart designed for low-powered devices: Android 11 (Go edition).

One of the biggest new features is that Android 11 (Go edition) is supposed to work on devices with 2GB of RAM or less — a bump up from Android 10 (Go edition), which was made for devices with less than 1.5GB of RAM. But don’t necessarily expect to upgrade your existing 2GB phone: Android 11 Go is only going to come out with new phones with that much memory, not earlier ones, Google tells The Verge.

Also, Google says it’s up to OEMs whether they want to put Android 11 Go on a device instead of Android 10 Go, contradicting what was suggested in a document obtained by XDA Developers back in July. Google wouldn’t provide any examples of devices that can get the update.

Malaysia Fixed Deposit (FD) Rates – SEP 2020

Fixed Deposit (FD) Rates as of September 2020


 
Bank Effective Rate (% p.a.) Minimum Deposit Maximum Deposit Tenure Promotion Period
Affin Bank 
(eFD Online Promotion)
2.40 (3 months)

2.50 (5 months)

2.48 (6 months)

RM10,000 RM200,000 3 months

5 months

6 months

28 Aug to 10 Sept 2020
Hong Leong Bank
(eFixed Deposit /  Deposit-i
2.30 RM5,000 RM2 million 3 months 1 Sept to 31 Oct 2020
OCBC Bank
(Premier Deal)
2.90 RM10,000 RM3 million 3 months 1 Apr to 31 Dec 2020
Public Bank
(Fixed Deposit / Term Deposit-i)
2.08 (3 months)

2.28 (8 months)

RM10,000 RM10 million 3 months

8 months

12 Aug to 31 Oct 2020
Public Bank
(eFD via FPX Campaign)
2.00 (1 month)

2.10 (2 months)

2.20 (3 months)

RM5,000 RM2 million 1 month

2 months

3 months

20 July to 30 Sept 2020
RHB Bank
(Term Deposit - Counter /
eTerm Deposit via FPX)
2.45 RM10,000 Maximum FPX Transfers

6 months 5 Aug to 30 Sept 2020

Caught Exception at Azure AD Driver Initialization

Identity Manager Azure Active Directory Driver - Caught Exception during Initialization


Situation


The following error is received when attempting to start the Azure AD driver.

DirXML: [11/30/18 11:46:33.46]: TRACE:  Azure AD_Azure: RESTSubscriptionShim.init()
DirXML: [11/30/18 11:46:33.46]: TRACE:  Azure AD: Caught exception during REST Channels initialization.
DirXML: [11/30/18 11:46:33.46]: TRACE:  Remote Loader: PublicationShim.init() returned:
DirXML: [11/30/18 11:46:33.46]: TRACE:  <nds dtdversion="4.x" ndsversion="8.x">
    <source>
        <product build="20171120_1044" instance="Azure AD" version="5.0.1.2">Identity Manager Driver for Azure AD and Office 365</product>
        <contact>NetIQ Corporation</contact>
    </source>
    <output>
        <status level="fatal" type="com.novell.nds.dirxml.driver.azure.StatusException"/>
    </output>
</nds>
DirXML: [11/30/18 11:46:33.46]: 
DirXML Log Event -------------------
    Driver  = \VAULT\novell\services\DriverSet\Azure AD
    Thread  = Publisher
    Level   = fatal
DirXML: [11/30/18 11:46:33.46]: 
DirXML Log Event -------------------
    Driver  = \VAULT\novell\services\DriverSet\Azure AD
    Thread  = Subscriber
    Level   = error
    Message = Fatal error returned from shim

Environment


  • Identity Manager Driver - Azure Active Directory version 5.0.1.2
  • Identity Manager 4.8.0


Resolution


The Application User password being used by the Identity Manager Azure Active Directory driver to authenticate into Azure Active Directory contained a special character in the password.   In this case a < character.


After removing the special character from the password, and saving the new application password for the application user on the driver properties, the driver was able to start successfully.

Active Directory to Identity Vault Group Synchronization is Limited to 5000 Members

Situation

Active Directory Groups that contain more than 5000 members cannot be published / synchronized to Identity Vault via Identity Manager's Active Directory Driver. They are truncated to 5000 members during the Publisher Channel polling cycle.

However, migrating the Group into the Identity Vault will temporarily sync up the member lists but any subsequent modification of the group in Active Directory will cause the group to again be truncated to 5000 members in the Identity Vault.

Search:  Users members being lost from large groups 


Environment

  • Novell Identity Manager 4.8
  • Novell Identity Manager Driver- Active Directory Driver


Resolution

Under the Driver Parameters > Advanced Options, set Enable DirSync Incremental Values to Yes.   This allows the driver to query and synchronize only modified users in the group (users being added or removed from the group) instead of the whole group. 


Additional Information

This issue occurs due to a limitation in Microsoft's DirSync API. Microsoft Active Directory limits the number of values returned in response to DirSync LDAP queries to 5000 values. This is an Active Directory hard limit and is not dependent on the MaxValRange parameter of the Domain Controller's LDAP Policy (see ntdsutil.exe)


For Active Directory whose Forest and domain are operating at or after "Windows Server 2003" domain functional levels, implementation of the DIRSYNC_LDAP_INCREMENTAL_VALUES control resolves this issue. This control was implemented since Identity Manager 3.5 Active Directory Driver Patch 1 - 20070601, now replaced by the Identity Manager 3.5.1 or later downloads.


The Incremental Values server control allows the Active Directory driver to ask for (and receive) only changed values of an attribute such as the member attribute on a group object preventing the need to continually sync the entire member list and hit the 5000 value DirSync limitation.


This parameter is already included in current versions of the Active Directory driver configuration (3.6 and higher)


<definition display-name="Enable DirSync Incremental Values" hide="false" id="115" name="enable-incremental-values" type="enum">

<description>Ordinarily the publisher will receive all member values of a group when one or more has changed. This option reports only the added or deleted member values during the poll interval. Requires 2003 Forest functional mode.</description>

<enum-choice display-name="Yes">yes</enum-choice>

<enum-choice display-name="No">no</enum-choice>

<value>yes</value>

</definition>

Authentication Denied due to Low Memory

New Authentications Denied due to Low System Memory


Situation


Periodically, new connections to Identity Server or Access Gateway (proxy) services were failing with the error.

New authentications are being denied due to low system memory. Threshold 10 Current: 6.109713

Restarting the Identity Server or Access Gateway would temporarily resolve the problem

The Access Manager 4.4.4 Appliance each had 8 GB of memory. As the error was regarding authentications rather than proxy connections, it was suspected that this was java memory issue used by the embedded service provider.

Default Java memory is 1GB and had already been increased to 2 GB but the problem persisted.

 

Environment


  • Micro Focus Access Manager 4.4.4 Appliance(s)


Resolution


Enabling Statistics Logging on the IDP Cluster will also enable statistics in the catalina log for the ESP on the Access Gateway. A recommended logging interval value for a production system would be 600 (seconds).

These statistics are then printed to the log every ten minutes and looks like

NIDPMonitor: Tick: 598

                          System Status

                          Initialization State: Started

                          Total Sessions: 26497

                          Total Subjects: 1766

                          Total Principals: 3532

                          System Memory

                          Free Memory: 3.2926752E8 

                          Total Memory: 2.11759923E9 

                          Percent Free: 15.549095

We can see that this is a busy Access Manager system.

Total memory is 2.11 exp 9 which equates to the -Xmx2048m  (max Heap Memory) value configured in server.xml.

In the above statistic we only have 15% of memory available.


The error mentioned above states "Threshold 10 Current: 6.109713"

The Threshold of 10 is defined in server.xml

JAVA_OPTS="${JAVA_OPTS} -Dnids.freemem.threshold=10" 

and the ESP will limit further authentication when free memory goes below 10 % and throttling will begin as we see in this example.

   Free Memory: 1.36996032E8 

   Total Memory: 2.11759923E9

   Percent Free: 6.4694033

   System Throttle:

   Due to Low Memory: (Request Blocked)

The solution here is to allocate more than 2 GB memory to the java heap. As the server has 8 GB RAM and is a dedicated Access Manager Appliance, 4 GB is sufficient for the operating system and we can allocate 4 GB to the java heap for the Identity Server.

As we know from our baseline that we will use at least 2 GB for java, we should allocate at least this value at startup (-Xms) to improve performance.


The following line was added to /opt/novell/nam/idp/conf/tomcat.conf to resolve the problem.

JAVA_OPTS="-server -Xmx4096m -Xms2048m -Xss128k"

Micro Focus GroupWise Web 18.2 - Part 2

Getting Started with GroupWise Web


  • Prerequisites
  • Installing Docker on SLES
  • Downloading and running the webacc-ng-config utility
  • Downloading and running the image
  • Updating the image
  • Updating the GroupWise Post Office Agent


Prerequisites


  • GroupWise 18.2 or later.
  • GroupWise POA with SOAP enabled. SOAP must have SSL enabled.
  • (Optional) TLS certificates for GroupWise Web.
  • Fill out the GroupWise Web Worksheet with the information for your GroupWise system.
  • Docker 17.0.9 or higher

Micro Focus GroupWise Web 18.2 - Part 1

What is GroupWise Web


In GroupWise 18.2, Micro Focus is pleased to introduce GroupWise Web. GroupWise Web has an updated UI to access your GroupWise mailbox on mobile devices, tablets, and desktops through your web browser.

While the feature sets are not identical, in the next release of GroupWise, GroupWise Web will replace GroupWise WebAccess. In GroupWise 18.2, you can continue to use WebAccess and introduce GroupWise Web dependent on your organization’s needs. We highly encourage you to transition your users from WebAccess to GroupWise Web.

As GroupWise Web will be replacing WebAccess, all new features and enhancements will only be added to GroupWise Web and not WebAccess. WebAccess will continue to be supported until the next release of GroupWise.


Available Features


As this is a tech preview, all features are not currently available in the software.



Preview Customized NAM Error Messages

Access Manager : Preview Customized Error Messages

You can do the following to preview the customized error messages located here: 

/opt/novell/apache2/share/apache2/error


How to customize Access Manager Error Messages

Early Access of NAM Analytics Dashboard v5.0

Early Access of Access Manager Analytics Dashboard v5.0


Micro Focus is happy to announce the early access release of the re-architected and cloud-ready Access Manager Analytics Dashboard. Analytics Dashboard offers deeper visualization of your Access Manager environment, system statistics, access pattern, and more. Analytics Dashboard will replace the current Access Manager Analytics Dashboard in v5.0.

Analytics Server is built as a cloud-native application and it will support diverse deployment options including containers, cloud (in FCS), and of course virtual servers. Analytics Dashboard is built on top of the latest ELK stack and offers significant improvements over the incumbent Analytics Server.

The following are some of the noteworthy updates:
  • Significantly reduced hardware requirements:

For the demonstration purpose For a production environment
CPU: 2 Cores
Memory: 4 GB
Hard disk: 50 GB

CPU: 4 Cores
Memory: 16 GB

 


G-Suite IDM Driver v4.2 - Google API Quotas

 Google API Quotas


With the transition from the old Provisioning API to the Directory API via the Admin SDK, Google has introduced and exposed quotas on the various interfaces used by the G-Suite IDM Driver. Some people are seeing quota issues with their driver. This document details how to view your quotas, current usage levels, and how to request more quota from Google, should you need it.

Should you exceed your quota, your G-Suite driver will report this case to the trace log file and shutdown.


Managing Quotas


Your API quotas and current usage can be viewed at any time from your developer’s console: https://console.developers.google.com

Please note that Google can and does change their policies and web interfaces at any time without warning. The information provided here may no longer be correct or current, though we will attempt to keep it up to date.

TIP: Log in with the account used to create the project in the first place.

Select the project which created the credential used by the Google Driver. The overview will give you a snapshot of your usage overall.



From the APIs & Auth section, select APIs, then select Enabled APIs.


Select the Admin SDK. This API provides all services for the driver with the exception of Group Settings and Domain Shared Contacts. Selecting Usage will allow you to see a usage summary over time.


Select "Quotas" to see your current quotas and current remaining quota.




If you have exceeded your quota for requests per day, click the highlighted link to create a request to Google for more daily quota.

You can also go to this URL to directly access the Quota request form for the Admin SDK: https://support.google.com/code/contact/admin_sdk_quota

Clicking the "Change" button allows you to change your per-user limit of 15 requests per user per second, though it is unlikely that the driver will ever exceed this threshold.

For more information on the Admin SDK and quota limits, please see this Google documentation: https://developers.google.com/admin-sdk/directory/v1/limits

G-Suite IDM Driver v4.2 - Common Driver issues

 Common G-Suite Driver Issues



Issue Example and Notes
User Placement. Do not use a leading "\" to place users or Organization Units.

To place a user in the root container, the dest-dn should only contain the Username. If you are placing a user in the G-Suite Sales\Marketing container your dest-dn should look like:


<add class-name="User" dest-dn="Sales\Marketing\ ddare"/>

Organization Units use the same format for dest-dn.


Group Placement: Do not use a placement rule on groups as Google does not support placing groups in organizations.

Groups are not kept in a hierarchical structure. Placement is not relevant to group objects.

Unique naming: It is important that Nicknames, Group names and usernames be unique in the G Suite domain.


When developing a matching rule be sure to check for nicknames and usernames to ensure proper matching. 
Further, naming must be unique across all Google Organization units. 
It is not legal to have Sales\Marketing\myname and Engineering\myname since myname needs to be unique across the domain.


Driver Unable to Start

  1. Are the driver jar files installed and eDirectory restarted?
  1. Have you created the admin account in Google and logged into the web interface at least once?
  1. Examine a level 3 or higher trace log of the driver start up for errors.

Driver Exceeds Quota on requests to specific services.

Google has specific default quotas defined for the various services the driver uses. The quotas limit the total number of requests allowed in a given 24 hour period. 


Once these quotas are exceeded the driver will receive an HTTP 403: Forbidden error. 
Token Response Exception when using Gmail Settings Attributes


The trace will show something like this: 


DirXML Log Event -------------------
Driver: \GLOBAL-DOMINATION\system\driverset1\Google Apps
Status: Fatal
Message: <description>com.google.api.client.auth.oauth2.TokenResponseException: 401 Unauthorized</description>
<exception class-name="com.google.api.client.auth.oauth2.TokenResponseException">
<message>401 Unauthorized</message>
</exception>


This error is due to not authorizing the new Gmail scopes within the Security section of your G Suite domain. Please refer to the following guide to reset the authorized scopes for the service account.
Micro Focus Identity Manager Driver 4.8 : G-Suite Driver v4.2 - OAuth Update


GoogleJsonResponseException error 403 forbidden when accessing Gmail Settings attributes

The trace will show something like this: 


<status level="retry" type="app-connection">
<description>IOException: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
"code" : 403,
"errors" : [ {
"domain" : "usageLimits",
"message" : "Access Not Configured. Gmail API has not been used in project 1233 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/gmail.googleapis.com/overview?project=1233 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.", 

"reason" : "accessNotConfigured".

The Gmail API has not been enabled for your G Suite domain. Enable it in your service account's developers console project. 


G-Suite IDM Driver v4.2 - OAuth Update

Updating OAuth Authorizations for the 4.1.3.x release and later


The G Suite IDM connector (Google Driver) release version 4.2 requires updates to the authorized OAuth Scopes and enabled APIs for your service account to work properly.

Authorized Scope List


This is the complete authorized scope list as of this release:-


https://www.googleapis.com/auth/admin.directory.group
https://www.googleapis.com/auth/admin.directory.group.member
https://www.googleapis.com/auth/admin.directory.orgunit
https://www.googleapis.com/auth/admin.directory.user
https://www.googleapis.com/auth/admin.directory.user.alias
https://www.googleapis.com/auth/admin.directory.user.security
https://www.googleapis.com/auth/admin.directory.userschema
https://www.googleapis.com/auth/userinfo.profile
https://www.googleapis.com/auth/userinfo.email
http://www.google.com/m8/feeds
https://www.googleapis.com/auth/contacts.readonly
https://www.googleapis.com/auth/apps.groups.settings
https://www.googleapis.com/auth/admin.directory.rolemanagement
https://www.googleapis.com/auth/gmail.settings.basic
https://www.googleapis.com/auth/gmail.settings.sharing
https://www.googleapis.com/auth/gmail.labels