IBM Security Identity Manager enables organizations to drive effective identity management and governance across the enterprise for improved security and compliance. Now available as a virtual appliance, IBM Security Identity Manager automates the creation, modification, recertification and termination of identities throughout the user lifecycle. It features an intuitive, business-friendly user interface to simplify provisioning requests and help managers make intelligent access decisions for their employees. It also includes enhanced reporting and analytic capabilities to monitor user entitlements and activities.


Benefits of using ISIM Virtual Appliance:

Deployment:
  1. Quick and Easy deployment of ISIM, Faster time to value
  2. Saves on hardware costs and helps reduce the total cost of ownership (TCO)
  3. ISIM Components inside the virtual appliance are pre-tuned for best performance...
  4. Minimal middleware skills required for Virtual Appliance administrator.
  5. Reduces manual intervention during deployment, thus preventing any environment specific issues or user errors.
Clustering:
  1. Setting up a cluster is just as simple as setting up another Virtual Appliance (ISIMVA) by selecting a different option from the startup menu. 
  2. With VA, its now easy to manage a ISIM cluster.
  3. Centralized management and monitoring of Virtual Appliance (ISIMVA)
  4. Whether its a file system change or any configuration change, synchronization of member nodes of a cluster is as easy as just clicking "Synchronize" button from the manage cluster panel.
Serviceability:
  1. Simplified serviceabilty options like log management and one click support package creation for any issue with the ISIM VA.
Maintenance:
  1. Unified approach for user to patch/upgrade all the underlying components via fixpacks.
  2. Create snapshots of the VA using the Snapshots feature, so that you dont miss out on any changes to the system, when your VA is in trouble...
Disaster Recovery:
  1. Easy to setup a backup node, which helps the administrator to recover from any primary node failures/disaster. 
    Lots more with ISIM VA ... Coming soon... December 5th 2014
    Read more: http://www-03.ibm.com/software/products/en/identity-manager

    IBM Security Identity Manager Virtual Appliance ... Coming soon

    Best screen recording tool for Linux ( RHEL / CENTOS )

    How to update/replace the default SSL certificate for WebSphere Application Server. We will have a look at topics like: Location of certificate, Certificate keystores, Programmatically import,replace or delete certificate using the WAS Admin commands.



    Note: Websphere Application Server certificate (personal certificate) is different for different nodes in a WAS cluster. 

    Note: Though the ppt mentions WAS 6.1, it works for WAS 7.x and 8.x too..

    Below are some commands used to manage the SSL certificate for WAS programmatically. In the below commands, in order to import/replace a certificate you need to provide a keystore containing the new/updated certificate.


    Import Certificate:
    AdminTask.importCertificate('[-keyFilePath ' + keyFilePath + ' -keyFilePassword ' + keyFilePassword + ' -keyFileType ' + keyFileType + ' -certificateAliasFromKeyFile \'' + certificateAliasFromKeyFile + '\' -certificateAlias ' + certificateAlias + ' -keyStoreName ' + keyStoreName + ' -keyStoreScope ' + keyStoreScope + ' ]')
    AdminConfig.save()

    Replace Certificate:
    AdminTask.replaceCertificate('[-certificateAlias ' + certificateAlias + ' -replacementCertificateAlias ' + replacementCertificateAlias + ' -deleteOldCert true -deleteOldSigners false -keyStoreName ' + keyStoreName + ' -keyStoreScope ' + keyStoreScope + ' ]')
    AdminConfig.save()

    Delete Certificate:
    AdminTask.deleteCertificate('[-keyStoreName ' + keyStoreName + ' -keyStoreScope ' + keyStoreScope + ' -certificateAlias ' + removeCertAlias + ' ]')
    AdminConfig.save()

    Get Signer Certificate:
    AdminTask.retrieveSignerFromPort('[-keyStoreName ' + keyStoreName + ' -keyStoreScope ' + keyStoreScope + ' -host ' + host + ' -port ' + port + ' -certificateAlias ' + certificateAlias + ' -sslConfigName ' + sslConfigName + ' -sslConfigScopeName ' + sslConfigScopeName + ' ]')
    AdminConfig.save()

    Sync All Nodes:
    AdminNodeManagement.syncActiveNodes()

    All above commands can be executed via the WAS scripting command:
    wsadmin.sh -lang jython -username admin -password admin -f<filecontaining the above commands>

    Link to request a production like SSL certificate for test purpose:
    https://trustcenter.websecurity.symantec.com/process/retail/trial_product_selector

    Update the Default SSL Certificate for IBM WAS

    How to fix the latest Eclipse, RAD, RSA, RTC Crashes

    Dojo 1.6.x unable to detect IE11 browser version details

    The Web is made up of many resources and a resource can be any item of interest, for example, an online book store may define book as a resource and clients may access that resource with this URL : http://www.myEbookStore.com/Books.

    As a result of accessing the above URL is that the representation of the resource is returned (e.g., books.html) which results in a state change of the client. Now the end users browser is displaying more than just the home page of the online book store, a more informative and detailed state than the previous.
    Thus, the client application transfers state with each resource representation. Isn't this same as browsing a website over the INTERNET ???
    WWW is like a REST system and many of such services are being used in our day to day activities like purchasing something from Amazon.com, using Facebook, and even using GMail. So you are using REST, and you didn't even know it.

    REST stands for Representational State Transfer. REST is not a standard but an architecture. However REST does make use of certain standards like http, URL, XML , html etc.

    Consider the case of myEbookStore.com which enables its customers to :
    1. get list of books
    2. get detailed information about a book
    3. purchase books on-line



    Get List of Books :
    -----------------------
    http://www.myEbooksStore.com/books

    Note that "how" the web service generates the books list is completely transparent to the client. All that the client knows is, if he/she submits the above URL then a document containing the list of books is returned which is obviously displayed in the browser. Since the implementation is transparent to clients, myEbooksStore.com owner is free to modify the underlying implementation of this resource without impacting clients.So we can consider REST as a loosely coupled architecture.

    Here's the document that the client receives:

        <?xml version="1.0"?>
        <p:Books xmlns:p="http://www.myEbooksStore.com"
                 xmlns:xlink="http://www.w3.org/1999/xlink">
              <Book id="0120" xlink:href="http://www.myEbooksStore.com/books/0120"/>
              <Book id="0121" xlink:href="http://www.myEbooksStore.com/books/0121"/>
              <Book id="0122" xlink:href="http://www.myEbooksStore.com/books/0122"/>
              <Book id="0123" xlink:href="http://www.myEbooksStore.com/books/0123"/>
        </p:Book>

    Note that the books list has links to get detailed information about each book. This is a key feature of REST. The client transfers from one state to the next by examining and choosing from among the alternative URLs in the response document. This is something like zooming the view on Google Maps. If you want to see the map of a location in Pune, the satellite will first zoom onto India, then Maharashtra and then Pune. At first level we get a list of countries from which we select India , then list of states in India from which Maharashtra is selected and then finally we get a list of districts in Maharashtra from which Pune is selected. We can see how data is refined gradually by taking decisions at each level. Lets get back to our BookStore example.

    Get Detailed Information about a Book
    -----------------------------------------------------
    The web service makes available a URL to each book resource.For example, here's how a client requests book 0122:

    http://www.myEbooksStore.com/books/0122

    Here's the document that the client receives:

        <?xml version="1.0"?>
        <p:Book xmlns:p="http://www.myEbooksStore.com"  
                xmlns:xlink="http://www.w3.org/1999/xlink">
              <Book-ID>0122</Book-ID>
              <Name>JSON explored</Name>
              <Description>This book explains JSON</Description>
              <Versions xlink:href="http://www.myEbooksStore.com/books/0122/versions"/>
              <UnitCost currency="USD">9.20</UnitCost>
              <Quantity>10</Quantity>
        </p:Book>

    Again observe how this data is linked to still more detailed data - the versions for this book may be found by traversing the versions hyperlink. Each response document allows the client to drill down to get more detailed information. Thats the whole idea of REST, Representational State Transfer.

    In-short lets summarize some important points related to REST/Web Services :

    1. Client-Server model, where the client pulls representations.

    2. Stateless, meaning state of the data provider is not important. So each request from client to server should contain all the information necessary to understand the request. For example searching google.com for the word "computer" is sent to google server as http://www.google.com/#hl=en&output=search&q=computer ... so the required information is sent from client to server irrespective of the state of the server... that's true because before searching, we never worry about the state of google's server.

    3. Common interface. For example : All google search queries are accessed with a generic interface (e.g., HTTP GET, POST, PUT, DELETE) and there is no static page for all searches. Imagine having a static page like : http://www.google.com/computer.html for search results of "computer" keyword... a bad idea.

    4. Interconnected representations - the representations of any resource are interconnected using URLs, thereby enabling a client to progress from one state to another.

    5. Cache to improve network efficiency. Hence once a website is loaded all the external javascripts needed by the site will be cached.

    6. Categorizing the resources according to the requirement of a particular resource. Clients can just receive a representation of the resource, or even modify the resource. For the former, make those resources accessible using an HTTP GET. For the later, make those resources accessible using HTTP POST, PUT, and/or DELETE.

    7. Underlying implementation of REST needs to be independent of the URL or type of REST service (GET, PUT, POST, DELETE). This means a website can be built using either JSP or ASP, without impacting the service being provided to the client. Also data can be represented in JSON format or as XML format or any other structured format.

    Note :  APIs built using REST or conforming to REST design/architecture are said to be RESTful.

    Understanding REST in a RESTful way


    Is /etc/resolv.conf useless in Ubuntu 12.04 LTS ? I say so, because when I configured the /etc/resolv.conf file and rebooted the VM, all the settings were overwritten.
    piyush@co109044:~$ cat /etc/resolvconf/resolv.conf.d/tail
    search romelab.it.ibm.com ibm.com
    nameserver 9.168.127.100
    namserver 9.168.96.100

    piyush@co109044:~$ cat /etc/resolv.conf
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    search romelab.it.ibm.com ibm.com
    nameserver 9.168.127.100
    namserver 9.168.96.100

    piyush@co109044:~$ reboot

    Last login: Mon Mar 31 08:48:50 2014 from 9.77.94.202
    piyush@co109044:~$ cat /etc/resolv.conf
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

    After rebooting the VM, all the settings of /etc/resolv.conf were overwritten.
    After reading the release notes of Ubuntu, figured out that "resolvconf is now used to manage /etc/resolv.conf on all Ubuntu systems". What's that ??? I suggest reading the man page for resolvconf. 

    resolvconf is a set of script and hooks managing DNS resolution. The most notable difference for the user is that any change manually done to /etc/resolv.conf will be lost as it gets overwritten next time something triggers resolvconf or the system is rebooted. As a thumb rule, if you are using static IP configuration for your Ubuntu system, add all your network related entries to the file /etc/network/interfaces
    piyush@co109044:~$ man resolvconf
    piyush@co109044:~$ vi /etc/network/interfaces
    piyush@co109044:~$ sudo vi /etc/network/interfaces
    [sudo] password for piyush:

    piyush@co109044:~$ cat /etc/network/interfaces
    auto eth0
    iface eth0 inet static
    address 9.168.109.44
    netmask 255.255.255.0
    gateway 9.168.109.254
    dns-nameservers 9.168.127.100 9.168.96.100
    dns-search romelab.it.ibm.com ibm.com

    auto lo
    iface lo inet loopback

    piyush@co109044:~$ ping google.com
    ping: unknown host google.com

    piyush@co109044:~$ sudo ifdown eth0;sudo ifup eth0
    ssh stop/waiting
    ssh start/running, process 1999

    piyush@co109044:~$ ping google.com
    PING google.com (173.194.41.167) 56(84) bytes of data
    piyush@co109044:~$ cat /etc/resolv.conf
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    nameserver 9.168.127.100
    nameserver 9.168.96.100
    search romelab.it.ibm.com ibm.com
    As you can see the entries from the /etc/network/interfaces were automatically added to the /etc/resov.conf file. Notice that the /etc/resolv.conf is a softlink to /run/resolvconf/resolv.conf
    So if you make, /etc/resolv.conf as a regular file then resolvconf will be disabled (not recommended).

    Resolvconf has a /etc/resolvconf/resolv.conf.d/ directory that can contain "base", "head", "original" and "tail" files. All in resolv.conf format.
    • tail: Any entry in /etc/resolvconf/resolv.conf.d/tail is appended at the end of the resulting resolv.conf. If the tail file is missing then create it.
    • base: Used when no other data can be found.
    • original: Just a backup of your resolv.conf at the time of resolvconf installation

    Configure DNS using resolvconf in Ubuntu 12.04 (Precise Pangolin)


    Read more about POSIX shell on wikipedia. Below are the set of commands to understand some of the expressions for writing portable shell scripts. Empty cells in the "Example" column is for you to practice.

    Exit Status for the "test" command:
    0 - The Expression parameter is true.
    1 - The Expression parameter is false or missing.
    >1 - An error occurred.

    SyntaxDescriptionExample
    -a FileTrue, if the specified file is a symbolic link that points to another file that does exist.# touch file1
    # ln -s file1 linktofile1
    # ls -al linktofile1
    # test -a linktofile1
    # echo $?
    0
    # rm -f file1
    # test -a linktofile1
    # echo $?
    1
    -b FileTrue, if the specified file exists and is a block special file.All files in /dev are special files... they represent devices of the computer. (http://www.lanana.org/docs/device-list/devices-2.6+.txt)
    # test -b /dev/ram0
    # echo $?
    0
    -c FileTrue, if the specified file exists and is a character special file.All files in /dev are special files... they represent devices of the computer. (http://www.lanana.org/docs/device-list/devices-2.6+.txt)
    # test -c /dev/mem0
    # echo $?
    0
    -d FileTrue, if the specified file exists and is a directory.# mkdir abc
    # test -d abc ; echo $?
    -e FileTrue, if the specified file exists.# touch file1 ; test -e file1 ; echo $?
    -f FileTrue, if the specified file exists and is an ordinary file. # touch file1 ; test -e file1 ; echo $?
    -g FileTrue, if the specified file exists and its setgid bit is set.setgid is similar to setuid, with only diff that it will use a 2 instead of 4. (chmod 2XXX file instead of chmod 4XXX file) 
    Read more: setgid and setuid

    Negative test:
    # touch file1 ; chmod 4000 file1 ; test -g file1 ; echo $?
    Positive test:
    # touch file1 ; chmod 2000 file1 ; test -g file1 ; echo $?
    -h FileTrue, if the specified file exists and is a symbolic link.#  test -h linktofile1 ; echo $?
    -k FileTrue, if the specified file exists and its sticky bit is set.# test -k file1 ; echo $?
    1
    # chmod +t file1
    # test -k file1 ; echo $?
    0
    -n StringTrue, if the length of the specified string is nonzero.# str=
    # test -n "$str" ; echo $?
    1
    # str="abc"
    # test -n "$str" ; echo $?
    0
    -o OptionTrue, if the specified option is on.
    -p FileTrue, if the specified file exists and is a FIFO special file or a named pipe. (A named pipe can be used to transfer information from one application to another without the use of an intermediate temporary file. Also two separate processes can access the pipe by name — one process can open it as a reader, and the other as a writer.)# mkfifo pcclm
    # test -p pcclm ; echo $?
    -r FileTrue, if the specified file exists and is readable by the current process.# touch myfile
    # su <anotheruser>
    # test -r /root/myfile
    -s FileTrue, if the specified file exists and has a size greater than 0.# test -s /root/myfile ; echo $?
    1
    # echo "hello" >>/root/myfile
    # test -s /root/myfile ; echo $?
    0
    -t FileDescriptorTrue, if specified file descriptor number is open and associated with a terminal device.
    -u FileTrue, if the specified file exists and its setuid bit is set.
    -w FileTrue, if the specified file exists and the write bit is on. However, the file will not be writable on a read-only file system even if this test indicates true.
    -x FileTrue, if the specified file exists and the execute flag is on. If the specified file exists and is a directory, then the current process has permission to search in the directory.
    -z StringTrue, if length of the specified string is 0. # mystr=""
    # test -z "$mystr"
    -L FileTrue, if the specified file exists and is a symbolic link.
    -O FileTrue, if the specified file exists and is owned by the effective user ID of this process.
    -G FileTrue, if the specified file exists and its group matches the effective group ID of this process.
    -S FileTrue, if the specified file exists and is a socket.
    File1 -nt File2True, if File1 exists and is newer than File2.
    File1 -ot File2True, if File1 exists and is older than File2.
    File1 -ef File2True, if File1 and File2 exist and refer to the same file.
    String1 = String2True, if String1 is equal to String2.# test "a" = "a" ; echo $?
    String1 != String2True, if String1 is not equal to String2. # test "a" != "b" ; echo $?
    String = PatternTrue, if the specified string matches the specified pattern.
    String != PatternTrue, if the specified string does not match the specified pattern.
    String1 < String2True, if String1 comes before String2 based on the ASCII value of their characters.
    String1 > String2True, if String1 comes after String2 based on the ASCII value of their characters.
    Expression1 -eq Expression2True, if Expression1 is equal to Expression2.# test 2 -eq 2 ; echo $?
    Expression1 -ne Expression2True, if Expression1 is not equal to Expression2.
    Expression1 -lt Expression2True, if Expression1 is less than Expression2.
    Expression1 -gt Expression2True, if Expression1 is greater than Expression2.
    Expression1 -le Expression2True, if Expression1 is less than or equal to Expression2.
    Expression1 -ge Expression2True, if Expression1 is greater than or equal to Expression2.

    Understanding some conditional expressions for the Korn shell or POSIX shell

    Typically some hosts from a resource pool can be in maintenance mode. In such situations customers can't wait till these hosts are out from the maintenance mode, neither can they stop new SRs ... However TSAM's bluecloud reservation is not aware that some hosts need to be skipped when trying to fit reservations.

    In such cases, SRs will continue to fail for sitting on those hosts. Inorder to indicate to Bluecloud that a particular host must be skipped, set the "ignored-by-resource-broker" property to "true" for that host. This can be set from Maximo UI. Goto -> Service Automation -> Cloud Server Pool Administration. Select the required pool. From the Resource Pool Configuration tab, Goto the Resource Pool. Here you will be able to see the hosts included in this pool. For ever host to be ignored, check the "Is Failed" flag.

    Why TSAM continues to select host for resource allocation requests even when the host is in maintaince mode ?

    All eyes are on the latest technology from Google ... all new smart contact lens... 
    In a classically Google-clever way: Smart co ntact lenses with tiny glucose-tracking technology will monitor wearers’ glucose levels not by measuring the sugar in their blood, but by tracking it in their tears.

    The contact lenses will monitor glucose with a tiny sensor once per second, and then transmit the data through a wireless transmitter. According to Otis, the sensor is the smallest ever made, and took years of affixing tiny wires to tiny electronics to produce it.
    The electronics in the contacts lie on the periphery, so don’t obstruct the wearer’s vision. To power the lenses, developers designed a method of pulling energy from surrounding radio frequency waves. The company is testing the possibility of adding a tiny LED light to indicate when the wearer’s glucose exceeds a certain level.

    Go Google go.....

    Contact lens to check blood glucose level

    +