For non-US people: How to Avoid Wikipedia Blackout

For all non-US people, that have no U.S.Congress representative to contact about SOPA and PIPA – here is the simple recipe  to avoid the blackout.

First of all, you need Google Chrome with AdBlock extension. Now, open the AdBlock options, go to the Customize tab, click on ‘Edit’ button and add the following two lines to the filters:*

Don’t forget to click ‘Save’ and enjoy the Wikipedia again!

Deployment of New VM from Template Fails with VMDK Locked Error

Some time ago I managed to isolate an ugly vSphere 5 bug that caused me some unpleasant moments. Today I finally reproduced this behavior in a clean lab environment, so I feel confident enough to describe it in public. Don’t worry, the way to recover is described also!

Take a vSphere 5 environment with a template (say, “MyTemplate”) that you want to deploy a virtual machine from. Step through a regular deployment wizard and select “Edit Virtual Hardware” on the last page. In the VM properties, choose the hard disk and change its size. The new VM (say, “MyVM”) will be created successfully, but the next time you’ll go through the deployment process it will fail with a strange message: “Unable to access file ‘MyTemplate/MyTemplate.vmdk’ since it is locked”…

A quick search in VMware KB (or just in Google) will tell you that the vmdk (the virtual disk of the VM) is usually locked when some other VM uses the same disk. Hey, this is a template! No other VMs are supposed to use the template disk, right? Well, the truth is that this disk is now attached to MyVM – yes, that one with different disk size… But let the lock alone. Your lovely template is now gone, since the disk that belonged to the template is now owned by the running virtual machine – with new name, settings and maybe even software!

Well, how do you recover from this situation? The good news are that the original disk from MyTemplate is not gone. In fact, vSphere really cloned a new vmdk file for MyVM and placed it where it should usually reside – in ‘MyVM/MyVM.vmdk’ – but for some reason set the MyVM to use a template file instead. At this moment you can take a deep breath, shut down MyVM, point it to the right virtual disk and physically swap the files in the datastore… Continue reading “Deployment of New VM from Template Fails with VMDK Locked Error”

IBM Tivoli Access Manager for e-business and WebSEAL Resources

After posting another WebSEAL HOWTO recently, I feel it is the right time to post my collection of WebSEAL-related resources and forget about the WebSEAL for a while.

IBM Tivoli Access Manager (TAM) for e-business is positioned by IBM as an end-to-end security solution for e-business, focused on providing robust, policy-based security to a corporate web environment. The web security components of TAMeb are WebSEAL (reverse proxy web server that performs authentication and authorizations; typically used for DMZ external access to backend content servers) and Plug-in for Web Servers (plug-in that secures web servers; typically used for internal access). Continue reading “IBM Tivoli Access Manager for e-business and WebSEAL Resources”

Gmail App for iOS – Pros and Cons

[ This mini-review was originally written in mid-November 2011, when Gmail App for iOS was back to AppStore, and published on Google+. Today Google released an update for Google Sync (ability to easily delete messages instead of archive them – something I was missing in the native email client), so I recalled this text and reposted it here also. ]

I decided to try the new Gmail App over this weekend. Here is a short summary:

1. The Gmail App has Gmail-style threaded view that I really miss in native iOS client. Also, the UI look and feel is synced with the new style of the browser version of Gmail.
2. The Gmail App allows me to do a clear separation between corporate and private mailboxes – work Exchange goes to native client, Gmail – well, to Gmail. For me, it is very convenient to see if it is personal of work-related email before I run to check it out. Also, with this separation I can disable notification sounds on any specific email account (the work one, i my case).
3. Other reviews report that search here is much better. I had no chance to test this on my own today, but native search was sometimes… say, frustrating.

1. The main concern about Gmail App is that it is not fully integrated in all the applications on iOS like the native client – and there is no hope for such integration. Of course, you can compose emails using native address book or browse for picture attachments, but other apps the utilize sharing via default email client (for example, Genius Scan) obviously are out of scope here.
2. It seems that Gmail App is not so fast in getting emails as Gmail account defined in the native client via Google Sync with Push. I have no reliable idea what is the reason for this behavior…
3. There are no modern-style banner notifications in the Gmail App for some reason. Yet, I hope this is something to be added in the future versions.

As you may see, there are both pros and cons of using new Gmail App instead of the native email client, and I’m still not sure if it will survive on my iPhone. But I will test it for few more days…

Update (January 2012): Still using Gmail App. It is definitely slower that native client, but the threaded view and the ability to easily archive, delete and star messages keeps it alive for me.

Unauthenticated Access to WebSEAL Junctions

[ Update (April 2013): How to perform this task with ‘pdadmin’ utility. ]

By default WebSEAL junctions do not require any specific authentication for external access – they just derive the default ACL definition of the WebSEAL. However, this default ACL does not allow access to unauthenticated users. So, efficiently the users have to pass authentication with any available authentication method to gain access rights for the junction that does not need any specific authentication.

Here I will explain how to define unauthenticated junction – a junction that allows access to any user, including users that did not pass WebSEAL authentication at all. In fact, creating unauthenticated junction in WebSEAL is super-easy and super-simple when you are experienced WebSEAL professional. If you are a newbie or WebSEAL administration is not among your main tasks, the logic of this flow is not so trivial to guess (or even recall).  Continue reading “Unauthenticated Access to WebSEAL Junctions”