| Subcribe via RSS

Developer Tomcat Settings for Sailpoint IIQ Sandboxing

October 10th, 2011 | No Comments | Posted in IAM Development, IAM Engagement

Working on IAM projects and out on client sites for Qubera Solutions, our technical peeps all have developer sandboxes we use for prototyping, setting up read-only connectors to outlying systems (eg. PeopleSoft, AD, LDAP, JDBC connections, etc.), doing RBAC analysis and just about anything GRC related. We sandbox just about everything we can or run pre-configured VMware VMs on laptops outfitted with as much memory as we can. (My Macbook Pro is spiked out at 8gb RAM.)

Generally we use Tomcat for the app server piece but not always. None of this is earth-shattering news. Any developer or integrator of note at Any Company USA and around the world is going to have at least “A” sandbox running if not multiple. Just whether those sandboxes are configured and tweeked properly is going to be the only question, really.

As it relates to Sailpoint IIQ, first of all, me running a Macbook Pro, it’s technically “not supported.” But the IIQ deployment, like Oracle Waveset, is just a WAR. For the middleware piece (the DB layer aside), you essentially deploy a WAR, import your objects from XML, and you are off and running. Nevertheless, the “non-supported” aspect of a MacBook tended to rear its ugly head and I had frequent hangups in Tomcat until I tweeked a few things. It turns out setting my JAVA_OPTS to the following not only helps, but seems to be recommended from a trusted source. (I don’t have permission to credit here, much as I would like, so just take it for what it’s worth.)

I’ll “split this up” in a syntactically correct way so this doesn’t extend the page on the blog entry, but you can put these settings all on one line; hopefully that is obvious:

JAVA_OPTS="-server -Xms3072m -Xmx3072m -XX:NewSize=1024m -XX:MaxNewSize=1024m"
JAVA_OPTS="$JAVA_OPTS -XX:MaxPermSize=1024m -XX:CodeCacheMinimumFreeSpace=2M"
JAVA_OPTS="$JAVA_OPTS -XX:ReservedCodeCacheSize=64M"
JAVA_OPTS="$JAVA_OPTS -Dsun.lang.ClassLoader.allowArraySyntax=true"

More »

Tags: , , , , , , , , , , , , , , , ,

Remote Windows (SMB) Sharing over Secure, Encrypted SSH

October 10th, 2011 | No Comments | Posted in Networking, Security

Here’s a blast from the past. For years I’ve kept an engineering notebook. Simply because after about a decade of playmaking, everything started to blur. Who, what, how and when started to just get hard to track. (And I still haven’t written down everything unfortunately — which really is just a tad irritating when I have to reclimb a mountain once already conquered… :-))

So from time to time, I may reach back and post something of interest, esp. if I’ve had a hard time finding the solution anywhere else. (There’s a million things I’ve done that everyone else has done. You don’t need this blog for that. Click here to find those. :-))

So, once upon a time — I’ll not state the time, place or occasion — I wanted to connect to my Windows shares at home from a remote location inside of a firewall. Now, everyone knows SMB and Windows file sharing in general is notoriously unsecure. How to do this without exposing myself and the network I was on? Enter the old trusty companion, SSH. Here’s how we do it, picking up from a post several years ago:

Original Posting

It’s not too hard to run a remote LAN connection over an SSH tunnel on Windows.  Assuming the SSH tunneling aspect of this is already in place (via Cygwin, PuTTY or something else), here’s what we need to do:
More »

Tags: , , , , , , ,