Latest Killexams.com Questions of HP0-922 | braindumps | ROMULUS

Best Prep material of HP0-922 by Killexams.com - ensure your success with our PDF + Exam Simulator preparation pack - braindumps - ROMULUS

Pass4sure HP0-922 dumps | Killexams.com HP0-922 existent questions | http://tractaricurteadearges.ro/

HP0-922 Implementing and Supporting HP Storage Essentials v5.1

Study sheperd Prepared by Killexams.com HP Dumps Experts


Killexams.com HP0-922 Dumps and existent Questions

100% existent Questions - Exam Pass Guarantee with towering Marks - Just Memorize the Answers



HP0-922 exam Dumps Source : Implementing and Supporting HP Storage Essentials v5.1

Test Code : HP0-922
Test title : Implementing and Supporting HP Storage Essentials v5.1
Vendor title : HP
: 130 existent Questions

these HP0-922 actual seize a leer at questions works in the existent seize a leer at.
You may constantly be on top efficiently with the assist of killexams.com due to the fact those products are designed for the assist of complete students. I had offered HP0-922 exam sheperd as it changed into essential for me. It made me to understand complete vital standards of this certification. It own become perquisite choice therefore i am emotion delight in this desire. Finally, I had scored ninety percentage because my helper was HP0-922 exam engine. I am existent because those products helped me inside the training of certification. Thanks to the exquisite team of killexams.com for my help!


Where can I find HP0-922 exam study help?
I passed. Genuine, the exam was hard, so I just got past it on account of killexams.com and Exam Simulator. I am upbeat to report that I passed the HP0-922 exam and own as of late acquired my declaration. The framework questions were the Part I was most stressed over, so I invested hours honing on the killexams.com exam simulator. It beyond any doubt helped, as consolidated with different segments.


Killing the examination grow to be too smooth! I dont assume so.
I wanted to own certification in Test HP0-922 and i win it with killexams. flawless pattern of latest modules facilitate me to attempt complete the 38 questions within the given timeframe. I score more than 87. I must allege that I could never ever own done it on my own what I was able to achieve with killexams.com . killexams.com provide the latest module of questions and cover the related topics. Thanks to killexams.com .


HP0-922 certification examination is quite traumatic without this solemnize guide.
One day, on the dinner desk, my father asked me immediately if I changed into going to fail my upcoming HP0-922 check and I responded with a totally company No manner. He changed into inspired with my self-possession but I changed into so fearful of disappointing him. Thank God for this killexams.com because it helped me in preserving my word and clearing my HP0-922 test with top class results. I am thankful.


strive out these actual HP0-922 brand newmodern dumps.
The extremely satisfactory constituent about your question bank is the reasons provided with the answers. It allows to understand the difficulty conceptually. I had subscribed for the HP0-922 query financial organization and had lengthy long past through it three-four instances. Inside the exam, I attempted complete the questions beneath 40 minutes and scored 90 marks. Thanks for making it light for us. Hearty manner to killexams.com team, with the benefit of your version questions.


Passing the HP0-922 exam with enough expertise.
Hurrah! I own passed my HP0-922 this week. And I got flying color and for complete this I am so thankful to killexams. They own near up with so fabulous and well-engineered program. Their simulations are very much enjoy the ones in existent exams. Simulations are the main aspect of HP0-922 exam and worth more weight age then other questions. After preparing from their program it was very light for me to solve complete those simulations. I used them for complete HP0-922 exam and organize them trustful every time.


need actual examination questions latest HP0-922 exam? down load here.
You the killexams.com are rock. these days I passed HP0-922 paper with your questions solutions with one hundredpercentage score. Your supplied questions and exam simulator is a ways extra than remarkable! distinctly encouragedyour product. i can virtually used your product for my next exam.


am i able to find state-of-the-art dumps Q & A brand unique HP0-922 exam?
Subsequently, at the dinner table, my father requested me without leisurely if i was going to fail my upcoming HP0-922 check and that i responded with a very enterprise No way. He modified into impressed with my self assurance however i wasso shrinking of disappointing him. Thank God for this killexams.com because it helped me in maintaining my phrase and clearing my HP0-922 test with top class consequences. I am thankful.


it's miles fanciful to own HP0-922 present day dumps.
I was trapped in the complicated subjects only 12 prior days the exam HP0-922. Whats more it was extremely useful, as the short answers could be effortlessly remembered inside 10 days. I scored 91%, endeavoring complete questions in due time. To rescue my planning, I was energetically hunting down some speedy reference. It aided me a grand deal. Never thought it could be so compelling! At that point, by one means or another I came to believe about killexams.com Dumps.


HP0-922 bank is needed to transparent the examination at the start attempt.
The killexams.com dumps offer the study material with the perquisite features. Their Dumps are making learning light and quick to prepare. The provided material is highly customized without becoming overwhelming or burdensome. The ILT book is used along with their material and organize its effectiveness. I recommend this to my peers at the office and to anyone searching for the best solution for the HP0-922 exam. Thank you.


HP Implementing and Supporting HP

HP's ink DRM instructs your printer to ignore the ink in your cartridge in case you cancel your subscription | killexams.com existent Questions and Pass4sure dumps

Inkjet printer producers proceed to pioneer imaginative the route to create true-world, computer dystopias that beget Black mirror seem to be optimistic by route of comparison: one such nightmare is HP's "subscription" printers where a minuscule amount of cash buys you ink cartridges that consistently talk with HP's servers to validate that you simply're nevertheless deciding to buy your subscription, and if you cancel, the ink stops working.

HP's controversy is that it's subsidizing the ink and you're agreeing to this treatment within the bargain, however of direction, HP is rarely "subsidizing" the ink, it's merely charging a pair hundred p.c markup, as opposed to its typical apply of charging a couple of million % markups (and the usage of deceptive and unlawful strategies to oblige you to purchase ink from them, and never from their competitors).

HP has been working the service when you account that as a minimum 2016; you opt for a method that puts a cap on the number of pages that you may print in a month. You pay for that many pages no matter how many you print -- and if you Run out of accessible pages, your printer refuses to print anymore, however you own a entire lot of ink to print with.

HP additionally requires subscribers to near back their vacant cartridges (they summon it "recycling" however the incontrovertible fact that this continues vacant carts out of the palms of refillers is surely no accident).

it be simply yet another means that printer corporations are main the pervade to erode property rights for people by means of expanding property rights for enterprises.

right here’s the kicker: in case you cancel, your ink stops working. You study that right; as quickly as your billing cycle ends the printer will not settle for the ink anymore, and you’re required to ship it back to HP. at least they deliver the postage and packaging for that intention.

HP doesn’t spell out any penalties in their terms of service for failure to ship the ink back, so they checked with a aid agent. They helpfully explained that nothing occurs in case you fail to ship them again, but the cartridges would cease working. You’ll own to buy extra ink to your personal if you are looking to maintain printing. HP ships mainly marked ink as a Part of this process, and your printer acknowledges that it is meant for fleet Ink subscribers only. It’s practically DRM, but instead of locking down a digital movie or publication, this locks down a physical product: the ink for your printer.

instant Ink requires a web connection for your printer. HP explains that they computer screen your ink levels, so they be sensible of when to ship you extra, but as described of their terms of provider the other understanding for here is to remotely disable your ink cartridges in case you cancel, or if there are any concerns together with your price.

HP’s Ink Subscription Has DRM That Disables Your Printer Cartridges [Josh Hendrickson/Howtogeek]

every year or two, I embark on a circular of crazy book-tour commute the dwelling I exchange cities day by day for weeks on conclusion (35 cities in forty five days on two continents in 2017!), and that i'm on a perennial quest for a bit of luggage this is fuss-free: I need to stumble exhausted into my room, […]

study THE leisure

Sukhe's method for an "adminbook" is an audacious, well-developed method for a desktop tailor-made to the needs of community directors: small, intended for exhaust in darkish, cramped places, convertible into an external drive or parade for headless techniques or those desiring their ROMs flashed, multilingual, with many alternate options for I/O and vigour.

read THE rest

Logitech stuff is sharply marked down at Amazon today, so I’m going to provide you with my strategies and a few nopes too. The hyperlinks listed below are complete affiliate ones, so I’ll win a reduce. 1. The G-collection mice are tremendous. I own the fundamental model, the G603, and it makes me mad I ever […]

study THE rest

because the know-how that drives them evolves, the tasks that you may accomplish with Microsoft’s suite of workplace tools is growing every year. That’s incredible word for the corporations who already depend on that application, however its particular person users own that much more to learn. The most fulfilling technique to stand up to pace? eLearnOffice Microsoft office […]

study THE relaxation

Cryptocurrency: reputedly overnight, it’s long past from a inquisitive sidebar on the planet of economics to the driving oblige in the back of the fortunes of entrepreneurs internationally. What’s much more miraculous is how few people remember the blockchain expertise that allows for cryptocurrencies enjoy Bitcoin, even nowadays. but that paradigm is altering quick, and the quickest method […]

study THE rest

Spend any time at throughout creative-minded techies, and you’ll possible hear about Arduino. whether you’re making an light movement sensor or a completely information superhighway-managed robot, Arduino is the platform of alternative. in case you’re simply diving in, they can’t believe of a stronger entry point than the Arduino Uno most efficient Starter package & route Bundle. […]

read THE rest

HP Doubles Down on companion Profitability with unique shows and add-ons Accelerator | killexams.com existent Questions and Pass4sure dumps

PALO ALTO, Calif., Jan 31, 2019 (GLOBE NEWSWIRE via COMTEX) -- word Highlights:

  • Doubles advantages and incentives on distinctive commercial displays and add-ons (D&A)
  • instant enhancement provides additional charge and earnings for qualified partners
  • New software enhances existing personal techniques ally compensation model
  • PALO ALTO, Calif., Jan. 31, 2019 (GLOBE NEWSWIRE) -- tomorrow, HP Inc. will launch its first divulge and add-ons (D&A) Accelerator in the U.S. as an extension of its current HP associate First application, designed to arm HP's channel companions with the gear and options obligatory to fill particular person industry company wants whereas allowing exploration for brand unique avenues of future increase.

    "HP is always conserving an in depth eye on trends and opportunities so that it will drive ecocnomic augment for their channel partners,"observed Gary Simms, Head of AMS Channel programs and Enablement, HP Inc."We're excited to present this unique accelerator as they double down on shows & accessories within the U.S. whereas partners seize capabilities of dazzling alternatives fueled through current market situations."

    Recognizing the impulsively becoming D&A landscape, in addition to HP's valued partners within the space, the accelerator will double advantages and incentives for U.S.-based mostly Platinum and Gold notebook companions on multiple industrial displays and add-ons SKUs together with:

  • industrial computer accessories
  • industrial shows
  • business computer accessories
  • removable add-ons
  • computing device accessories
  • pc shows
  • The enhancement comes as HP continues to extend what is already some of the industry's broadest portfolios of non-public systems and Print choices and now palms HP's Gold and Platinum computing device channel partners with the items, capabilities and benefit imperative to tackle customer needs.

    As a channel enterprise first and premier, these forms of enhancements fortify HP's dedication to companions while furthering their dedication to precipitate up channel growth with relentless execution and innovation.

    About HP associate FirstHP associate First is an unique channel ally program that provides merits for HP's grand companion community neighborhood, including valued-delivered resellers (VARs), systems integrators (SIs), provider suppliers, hosting suppliers, impartial utility companies (ISVs), distributors, and other agencies that collaborate with HP Inc. The companion First software membership constitution contains Platinum, Gold, Silver and industry companions, which each comprehend varied rewards and merits.

    About HPHP Inc. creates technology that makes being better for each person, complete over the place. through their portfolio of printers, PCs, cellular gadgets, options, and services, they engineer experiences that amaze. greater information about HP Inc. is purchasable at http://www.hp.com.

    Maha Neouchy, HP Inc.Maha.Neouchy@hp.com

    www.hp.com/go/newsroom

    (C) Copyright 2019 GlobeNewswire, Inc. complete rights reserved.


    HP Omen Obelisk assessment | killexams.com existent Questions and Pass4sure dumps

    Prebuilt PCs were as soon as the belt of taunt among enthusiast gamers. HP hopes to exchange accepted belief and the dialog in gaming circles with its most up-to-date Omen Obelisk.

    This gaming workstation ambitions greater ascetic gamers with facets enjoy Intel’s Core i7 or AMD Ryzen processors, quickly HyperX RAM, optional Intel Optane reminiscence, and Nvidia’s newest GeForce RTX 2080 pix. And the best Part is that this compact gaming computing device tower nonetheless comes with enough inner house to benefit future improvements.

    The Omen Obelisk has a modest sub-$900 starting rate, but you gained’t be impressed with these specs. Their upgraded $1,999 evaluate unit comes is the one you crave with its slick case,  significant tempered glass window, and high-end accessories. You may be surprised how a lot gaming goodness HP managed to pack into this kit.

    Understated enchantment

    notwithstanding it seemingly gained’t attraction to gamers in search of a flashier gadget, the Obelisk’s more demure aesthetics beget it vigorous extra with ease into a house workplace setup. With its all-black metallic development, swish tempered glass aspect window, and refined LED lighting fixtures, HP is obviously focused on domestic users who may need this laptop to serve twin applications for drudgery and play.

    HP Omen Obelisk Chuong Nguyen/Digital tendencies

    except you’re in a position to spot the glowing LED-lit Omen emblem on the exact of the pyramidal-fashioned Obelisk in the entrance or word the glowing backlight in the course of the glass panel, the Omen Obelisk can conveniently flow as a yardstick client computing device. HP doesn’t downplay the Obelisk’s Omen gaming legacy although. It’s simply a stylish tower that foregoes the garish prospers that are historically linked to gaming PCs.

    With a title enjoy Obelisk, you’d are expecting HP’s computing device to tower in your desk. fortunately, that’s no longer the case, because the Omen Obelisk is a compact computer in spite of the fact that it is available in a well-known tower shape factor. Their review unit helps a microATX Edoras motherboard and entire-dimension graphics card, helping to sustain the universal footprint to a minimal on your desk. You nonetheless own access to an array of ports and numerous space inside the case for future improvements.

    regardless of a showy, un-tinted tempered glass window, there isn’t a lot visual hobby inner.

    The Obelisk’s 6.5 x 14.1 x 17-inch (width x size x height) dimensions is comparable in dimension to the Asus ROG Strix GL12CX gaming desktop, making each towers fairly compact for the RTX pictures energy that’s internal. The ROG advantages, besides the fact that children, from a larger ATX-sized motherboard and a more recent processor however comes with a tremendously more towering priced $3,200 expense tag.

    but when measurement is a concern, boutique gaming firm starting dwelling computing device’s lately refreshed custom-built Neuron ships with a microATX motherboard with a 9th-Gen Intel Core i9 and beefier RTX 2080 Ti pix. The Lenovo Legion C730 is smaller still, but that cooler-impressed computing device comes underpowered with remaining era’s GTX pictures.

    beneath the searching glass

    despite its un-tinted see-via side tempered glass window, there truly isn’t a satisfactory deal visual activity internal. enjoy competing gaming methods, there’s configurable RGB lighting fixtures, and the convenient cable management system continues things geared up and tidy. however you received’t find a complicated RTX graphics playing cards with glowing logo or a complicated radiator.

    where the glass panel design in fact comes into play is on the upgraded Omen Obelisk configuration that became introduced at CES 2019. This more recent mannequin tops out with a more recent Intel Core i9 processor and extra effectual RTX 2080 Ti images. The captivating aspects from this model comprehend the radiator and pipes from the liquid cooling device, which may soundless assist provide extra visual interest if you chance to’re looking through the glass.

    HP is evidently targeting americans who may need this computer to serve twin purposes for drudgery and play.

    For DIYers who want extra ply of their computers, the EMI-coated glass panel will too be accessed with out tools. HP claims that the transparent EMI coating helps to avoid any radio or magnetic interference. by using pulling a latch on the rear of the tower, the side panel can too be perquisite now removed, giving entry to the entire inside add-ons. inner, you’ll locate entry to two RAM sockets, two M.2 sockets, full-height photos card, fan, complicated pressure, and a 500-watt vigour deliver unit (PSU). notwithstanding the low watt score on the PSU may additionally seem underwhelming given the RTX photographs card, they encountered zero issues with this configuration.

    however their build doesn’t near with a entire lot when it comes to energetic cooling, the Obelisk did be capable to preserve temperatures in check with strategically placed vents along the rear, facets, and true. The bottom-hooked up PSU additionally helps with heat dissipation, and two non-LED-lit lovers assist with air circulation. In use, the enthusiasts sounded a miniature louder than some competing top rate gaming PCs that we’ve validated in the past. There’s additionally a dust filter, which is useful to hold things looking cleanly when you own a mammoth see-through glass panel.

    The tower supports a variety of leeway for growth, should you need to swap in a beefier PSU or near to a determination to ameliorate to a GeForce RTX 2080 Ti card in the future. RAM and storage are both quick upgrades. The Omen Obelisk too ships with HP’s USB keyboard and mouse, however ascetic game enthusiasts will both carry their personal peripherals or upgrade the inventory accessories.

    Reachable ports

    The Omen Obelisk includes two arrays of ports to benefit you join your video display, keyboard, mouse, and different peripherals. Mainstays, just enjoy the vitality cable, parade output, and speaker connection, will too be plugged into the rear. five USB three.1 ports, a solitary USB-C port, HDMI, and three DisplayPort connections, Ethernet jack, and audio ports line the back of the unit.

    HP Omen Obelisk Chuong Nguyen/Digital tendencies

    On this generation of the Omen Obelisk, HP redesigned the top ports with a front-facing design for less demanding entry. On the prior era, the Obelisk changed into designed with rear-facing ports, making for a sleeker and cleaner design at the fee of port accessibility. Up excellent, you’ll locate two USB 3.1 ports, headphone jack, microphone jack, and the energy button.

    Priced to perform

    In a flow to sustain costs down, and likely in a rush to free up the Obelisk sooner to gamers, HP opted no longer to leer ahead to Intel’s newer 9th-technology processors. consequently, the Omen Obelisk gadgets that shipped in late-2018 got here with 8th-era Intel processors. Their evaluation gadget came configured with an Intel espresso Lake Core i7-8700 CPU with six cores and 12 threads.

    The slower efficiency of Intel’s outdated technology processor is apparent, however, when working processor benchmarks. The Omen Obelisk posted reduce single- and multi-core ratings than competing methods that exhaust ninth-era Intel Core i9-9900K processors, just enjoy the beginning Chronos, Digital Storm Aventum X, and Asus ROG Strix GL12CX. in comparison to the Alienware area-51 R5’s Intel Core i9-7980XE processor, the Obelisk posted mixed outcomes, scoring seven-hundred facets higher on the only-core examine and more than 3,000 features diminish on the multi-core test. after they used Handbrake to encode a pattern 4K movie, the check carried out 38 percent faster on the ROG than the Omen Obelisk.

    And even if their unit comes with a 512GB M.2-structure solid-state drive made by SK Hynix, the drive became on the slower aspect, with 664 Mb/s read and 448 Mb/s write speeds. These speeds are slower than competing Samsung, Toshiba, and Western Digital Drives on different units we’ve reviewed, just enjoy the Aventum X, Microsoft surface Studio 2, and Huawei MateBook 13. It’s even slower than the Lenovo Legion C730, which comes with a smaller 256GB SK Hynix SSD.

    There’s too a 1TB tough power on this device, and clients who need more storage aptitude can add a third power. each complicated drives are effortlessly attainable within the challenging drive bays, and swapping out the M.2 SSD is an light assignment, only requiring unscrewing a solitary Phillips-head screw.

    Ray tracing capable gaming

    fortunately, despite a miniature bit slower processing speeds relative to modern rivals, the Obelisk continues to be aggressive within the snap shots branch, thanks to its Nvidia GeForce RTX 2080 pics. nonetheless, despite sharing an identical pictures card because the Asus ROG Strix GL12CX, the Omen Obelisk carried out just a miniature worse across 3DMark Time clandestine agent, Sky Diver, and fire Strike assessments. each devices’ ratings own been in a similar fashion lessen than the beginning Chronos, which is to be expected due to the fact the Chronos ships with an RTX 2080 Ti card. With 3DMark’s unique Port Royale benchmark, which measures ray tracing, the Obelisk scored 5,598 aspects with a yardstick of 25.ninety two FPS (frames per 2d).

    In their gaming tests, the Omen Obelisk again delivered similar efficiency levels as other techniques with Nvidia’s RTX 2080 graphics. In widespread, marks throughout the board in titles enjoy Civilization VI, Deus Ex: Mankind Divided, Battlefield I, and Rocket League had been just a miniature reduce on the Obelisk than the foundation Chronos.

    In Battlefield I, Civilization VI, and Deus Ex: Mankind Divided, the Obelisk delivered smartly over 60 FPS throughout complete online game settings, even in 4K decision. In Deus Ex: Mankind Divided at 4K in ultra mode, there turned into a noticeable dip in performance, but the Obelisk performed 10 FPS improved than the Asus ROG Strix GL12CX’s 39 FPS ticket regardless of each programs sharing identical graphics cards. This indicates that even with an growing ancient eighth-gen Intel processor, the Obelisk changed into nevertheless capable of sustain with rivals operating more recent ninth-gen silicon.

    Given the continually fanciful efficiency of the Obelisk, game enthusiasts may no longer be sensible a lot of a efficiency hole, even with an older processor. In conventional, they organize that the RTX collection pix delivered extra constant outcomes across 1080, 1440p, and 4K resolutions than the older GTX collection, which showed a slowdown in framerates at larger resolutions.

    With the true-time ray-tracing enabled on Battlefield V, they observed that the game appeared greater simple, and they preferred the added degree of particulars. The characteristic, youngsters, does tax the system at larger resolutions, and there’s a noticeable dip in performance when ray-tracing is cranked to “extremely” in 4K resolution. With ray-tracing off and HDR enabled, the video game played on commonplace between 56 to 59 FPS in 1080p, 1440p, and 4K resolutions at approximately 60Hz. When ray-tracing is enabled, framerates remained constant at lessen 1080p and 2K resolutions, but in 4K, performance within the “Nordlys” mission dropped to just 32 FPS.

    warranty

    HP presents a common one-yr off-web page warranty masking constituents, labor, and shipping expenses to ship the unit to a restore core. game enthusiasts who want longer peace of intelligence can pick an upgraded two-12 months assurance for $239 or a two-yr method with incidental damage coverage for $279. The latter covers unexpected events, enjoy water spills or even drops, that could near in useful in case you find yourself often toting the Obelisk to LAN events.

    HP’s ground one-year guarantee falls based on what mainstream manufacturers, enjoy Dell’s Alienware and Lenovo’s Legion offers, however these rivals offer longer top rate programs that can lengthen the protection of your device for up to five years. greater expensive construct-to-order techniques from boutique manufacturers enjoy beginning computer and Digital Storm near with a ground three-yr restrained warranty.

    Our Take

    HP made some sacrifices to rush the Omen Obelisk out at the conclusion of 2018, and this means that the unit doesn’t top out with the premiere CPU or GPU on the top of the line configuration. nonetheless, at a sub-$2,000 fee aspect, the Obelisk’s eighth-Gen Intel – instead of the newer 9th-Gen silicon – processor and RTX 2080 pics does a commendable job at coping with framerates in online game play.

    In their benchmarks, they discovered that HP’s determination to depart together with Intel’s final technology processor didn’t own an terrible lot of an impress on gaming efficiency. And until you’re pushing the gaming envelope with ray-tracing titles on the optimum video game settings at 4K resolutions, going with the Obelisk’s RTX 2080 photographs, as an alternative of the flagship RTX 2080 Ti will doubtless rescue you a bit of of cash, as efficiency with ray-tracing enabled frequently simplest dropped at resolutions more suitable than 1440p.

    Is there a better choice?

    in case you’re k with Intel’s remaining era processors, HP’s Omen Obelisk is very cost-effective for its requisites. Asus’ competing ROG Strix, as an example, charges about $1,200 more than the Obelisk at $three,299. At that rate, you’re getting a newer ninth-generation Intel Core i7-9700 processor. Dell’s Alienware enviornment-fifty one desktop expenses the identical cost as the ROG Strix, however you’re getting an eight-core Intel Core i7-7820X processor, 16GB RAM, and 128GB M.2 solid-state pressure coupled with a 1TB complicated pressure.

    Boutique computer company foundation workstation’s Chronos laptop additionally comes in a in a similar fashion compact kit. When configured with an Intel Core i7-9700K processor and an RTX 2080 pics card, the root starts at $2,432, which is a $400 top rate over the Obelisk. root offers route more customization alternatives in case you want to trick out your rig, but the Chronos doesn’t comprehend HP’s single-pane window design.

    in case you’re a more sober gamer, you’ll want to leer forward to the 2019 edition of the Omen Obelisk that HP introduced at CES. The 2019 Obelisk continues the identical aesthetics and design as their evaluation unit, however the better configuration maxes out with newer Intel Core i9 processor, improved RTX 2080 Ti portraits, and a radiator for liquid cooling. This up-to-date model is anticipated to bring more energy for computational projects and more suitable gaming performance. It’s slated to arrive in March beginning at $2,249, so pricing on the 8th-gen Intel configuration may drop at that time.

    HP Omen Obelisk compared to

    How long will it last?

    inspite of which configuration you choose, the HP Omen Obelisk will fill your gaming needs for years to return. complete of the internal components are upgradeable, and if you pick on an RTX train pics card, you’re purchasing a future-proof computer. The challenge for most gamers who buy this and different RTX-equipped gadget is looking ahead to builders to add assist for ray tracing into their titles, and that procedure can seize ages.

    if you purchase it?

    yes. in case you don’t own the persistence to source your personal materials to build your own laptop, HP’s Omen Obelisk is a grand pre-built option that’s competitively priced and well equipped to deliver the efficiency most game enthusiasts need. though it’s a gaming tower that’s centered at mainstream gamers, it’s obtained ample facets – ease of improve, RTX vigour, and a simultaneous design – that makes this laptop attractive to the enthusiast.


    Whilst it is very difficult assignment to pick answerable exam questions / answers resources regarding review, reputation and validity because people win ripoff due to choosing incorrect service. Killexams. com beget it inescapable to provide its clients far better to their resources with respect to exam dumps update and validity. Most of other peoples ripoff report complaint clients near to us for the brain dumps and pass their exams enjoyably and easily. They never compromise on their review, reputation and attribute because killexams review, killexams reputation and killexams client self self-possession is significant to complete of us. Specially they manage killexams.com review, killexams.com reputation, killexams.com ripoff report complaint, killexams.com trust, killexams.com validity, killexams.com report and killexams.com scam. If perhaps you discern any bogus report posted by their competitor with the title killexams ripoff report complaint internet, killexams.com ripoff report, killexams.com scam, killexams.com complaint or something enjoy this, just sustain in intelligence that there are always foul people damaging reputation of satisfactory services due to their benefits. There are a great number of satisfied customers that pass their exams using killexams.com brain dumps, killexams PDF questions, killexams exercise questions, killexams exam simulator. Visit Killexams.com, their test questions and sample brain dumps, their exam simulator and you will definitely know that killexams.com is the best brain dumps site.

    Back to Braindumps Menu


    COG-135 questions answers | 000-529 bootcamp | HP2-B148 free pdf | 650-368 sample test | MA0-100 cram | 000-797 free pdf | S90-03A test prep | A2010-503 braindumps | 000-005 exercise questions | A2010-579 questions and answers | HP0-S34 exercise questions | P2040-052 pdf download | 3306 VCE | 650-987 exercise exam | TB0-123 cheat sheets | 1K0-002 exam prep | 642-415 test prep | HP0-M54 mock exam | HP0-781 questions and answers | HP0-J43 exercise test |


    HP0-922 exam questions | HP0-922 free pdf | HP0-922 pdf download | HP0-922 test questions | HP0-922 real questions | HP0-922 practice questions

    killexams.com HP0-922 existent question bank
    If are you burdened how to pass your HP HP0-922 Exam? With the benefit of the confirmed killexams.com HP HP0-922 Testing Engine you will learn how to boom your abilties. The majority of the scholars start identifying when they learn that they own to seem in IT certification. Their brain dumps are complete and to the point. The HP HP0-922 PDF documents beget your imaginative and prescient great and assist you lots in instruction of the certification exam.

    At killexams.com, they provide thoroughly reviewed HP HP0-922 exactly identical Questions and Answers that are just required for Passing HP0-922 test, and to win certified by HP. They really benefit people ameliorate their lore to memorize the and certify. It is a best choice to accelerate your career as a professional in the Industry. Click http://killexams.com/pass4sure/exam-detail/HP0-922 killexams.com haughty of their reputation of helping people pass the HP0-922 test in their very first attempts. Their success rates in the past two years own been absolutely impressive, thanks to their ecstatic customers who are now able to boost their career in the fleet lane. killexams.com is the number one choice among IT professionals, especially the ones who are looking to climb up the hierarchy levels faster in their respective organizations. killexams.com Huge Discount Coupons and Promo Codes are as under;
    WC2017 : 60% Discount Coupon for complete exams on website
    PROF17 : 10% Discount Coupon for Orders greater than $69
    DEAL17 : 15% Discount Coupon for Orders greater than $99
    DECSPECIAL : 10% Special Discount Coupon for complete Orders

    Quality and Value for the HP0-922 Exam: killexams.com exercise Exams for HP HP0-922 are made to the most raised standards of particular accuracy, using simply certified theme experts and dispersed makers for development.

    100% Guarantee to Pass Your HP0-922 Exam: If you don't pass the HP HP0-922 exam using their killexams.com testing programming and PDF, they will give you a plenary REFUND of your purchasing charge.

    Downloadable, Interactive HP0-922 Testing Software: Their HP HP0-922 Preparation Material gives you that you should seize HP HP0-922 exam. Inconspicuous components are investigated and made by HP Certification Experts ceaselessly using industry sustain to convey correct, and authentic.

    - Comprehensive questions and answers about HP0-922 exam - HP0-922 exam questions joined by displays - Verified Answers by Experts and very nearly 100% right - HP0-922 exam questions updated on common premise - HP0-922 exam planning is in various determination questions (MCQs). - Tested by different circumstances previously distributing - Try free HP0-922 exam demo before you pick to win it in killexams.com

    killexams.com Huge Discount Coupons and Promo Codes are as under;
    WC2017: 60% Discount Coupon for complete exams on website
    PROF17: 10% Discount Coupon for Orders greater than $69
    DEAL17: 15% Discount Coupon for Orders greater than $99
    DECSPECIAL: 10% Special Discount Coupon for complete Orders


    HP0-922 Practice Test | HP0-922 examcollection | HP0-922 VCE | HP0-922 study guide | HP0-922 practice exam | HP0-922 cram


    Killexams 000-922 free pdf | Killexams ST0-030 braindumps | Killexams 000-382 exercise exam | Killexams HP0-244 study guide | Killexams ANP-BC brain dumps | Killexams A2180-188 study guide | Killexams HP2-B80 braindumps | Killexams EE0-512 existent questions | Killexams 050-892 cram | Killexams M6040-419 test prep | Killexams P2070-092 questions answers | Killexams HP0-P10 study guide | Killexams 000-007 free pdf download | Killexams 190-982 exercise questions | Killexams HP0-729 exercise Test | Killexams HP0-Y40 questions and answers | Killexams 9A0-314 cheat sheets | Killexams ST0-067 exercise test | Killexams HP0-J25 free pdf | Killexams C90-06A dumps |


    killexams.com huge List of Exam Braindumps

    View Complete list of Killexams.com Brain dumps


    Killexams A00-260 exam questions | Killexams PW0-104 questions and answers | Killexams 920-352 dump | Killexams LX0-104 test prep | Killexams 70-544 pdf download | Killexams 1Z0-042 examcollection | Killexams 000-142 study guide | Killexams IC3-2 exercise test | Killexams 500-701 VCE | Killexams HP2-H25 mock exam | Killexams NS0-310 brain dumps | Killexams TB0-104 questions answers | Killexams HP0-785 braindumps | Killexams VMCE_V8 exercise questions | Killexams 2B0-015 dumps questions | Killexams 190-712 free pdf download | Killexams HP3-C24 existent questions | Killexams ASC-099 exam prep | Killexams A2010-598 study guide | Killexams HP2-K01 free pdf |


    Implementing and Supporting HP Storage Essentials v5.1

    Pass 4 confident HP0-922 dumps | Killexams.com HP0-922 existent questions | http://tractaricurteadearges.ro/

    VMware vSphere 6 release satisfactory word for storage admins | killexams.com existent questions and Pass4sure dumps

    No matter how you leer at it, the vSphere 6 release from VMware was a mammoth deal. It was announced at VMware's ally Exchange in February 2015 and the mammoth word was the introduction of Virtual Volumes, or VVOLs. There were too sober improvements to VSAN, failing tolerance, vMotion, towering availability, scalability, security, data protection, replication and more.

    When viewed holistically, it is transparent that VMware is pushing toward a completely software-defined data headquarters in which complete layers of the infrastructure are virtualized; the virtual machine (VM) is the headquarters of attention; and provisioning, monitoring and management are complete conducted by policy.

    In this model, an application's second dictates the level of resources it gets and how its SLA will be maintained, regardless of hardware or software failures and other calamities. The vSphere 6 release was a major step toward enabling this vision.

    Fault Tolerance enhancements

    Fault Tolerance (FT), which was first introduced with vSphere 4, is a route to sustain an application running with zero downtime and zero data loss in visage of a host failure. Unlike towering Availability (HA), which requires an application to be restarted on another host, after experiencing a failure, FT works on the principle of keeping two hosts working in lockstep, so a failure of one simply becomes a non-event and the application simply keeps on running. No application-specific or OS-specific agents or configurations are needed. FT provided the ultimate in application protection but was always limited to simple applications that used only one vCPU. With vSphere 6, an application with up to 4 vCPUs can be FT-enabled. This brings FT into the world that needs it most: mission-critical applications.

    Until now, FT hosts needed to partake a common data store and a shared VM disk (VMDK). This limitation is now removed and each host can own its own VMDK on different data stores. In vSphere 5.5, one could not seize a snapshot of an FT-enabled VM and, therefore, the only route to back up the VM was to add an agent on it. Now that limitation is removed and vSphere API for Data Protection is supported.

    Previous versions of FT required a very specific type of virtual disk: thick provision interested zeroed. This restriction is now removed and the virtual disk can be interested zeroed, thick or thin provisioned. The host compatibility list, which was extremely restricted before, has now been expanded to be the identical as for vMotion.

    vMotion upgrades

    Historically, vMotion was limited to poignant a VM from one host to another, both supported by one vCenter. This is no longer the case. Now VMs can be moved across different vCenters. VMware too removed the distance restriction that existed in vSphere 5.5. Now, hosts are no longer limited to a metro belt with distances of less than 100 miles, or round-trip times (RTT) of less than 10 ms. The vMotion can seize dwelling across intercontinental distances as long as the RTT is less than 150 ms.

    Now, vMotion can be genuinely used to migrate VMs for temporary or permanent migrations across data centers. Temporary migrations can be particularly useful for load balancing, poignant applications proximate to where people will exhaust them (call centers or international progress groups, for instance) or as a precaution against impending weather events.

    Improvements to HA

    VMware towering Availability (HA) works on the principle of maintaining a heartbeat between the hosts that Run the protected VMs (in the identical cluster). Upon detection of a hardware or OS failure, the application is failed over and restarted on the working host. While there is a short epoch of "application downtime," there is no data loss and, in most cases, it is imperceptible to the user.

    Typically, storage issues own been the most difficult to deal with, in context of HA. With the vSphere 6 release, VMware has added advocate for Virtual Machine Component Protection, which provides enhanced protection from complete Paths Down (APD) and Permanent Device Loss (PDL) in obscure (FC, iSCSI, FCoE) or file (NFS) storage.

    Previously, vSphere had limited aptitude to detect PDL situations and no aptitude to deal with APD in the past. Now these conditions are detected, vCenter is informed, and automatic failover is triggered, requiring no administrator involvement.

    Now, vSphere HA supports VVOLs, vSphere Network I/O Control, IPv6, NSX and vMotion across vCenter Servers. One can too configure up to 4,000 virtual machines on up to 32 hosts in HA configurations (which is the equivalent of a plenary 64 host/8,000 VM maximum cluster size).

    Microsoft WSFC integration

    In the past, if you wanted to exhaust Windows Server Failover Clustering (WSFC) for applications with vSphere, the advocate for applications was pretty limited. With vSphere 6, advocate has been added for Windows Server 2012 R2 and SQL Server 2012, two key applications that were missing before. AlwaysOn Availability Groups are too now supported. Paravirtual SCSI adapter advocate brings much better performance to the clustered environment compared to the exhaust of yardstick SCSI adapters. Now, vMotion and Distributed Resources Scheduler (DRS) are fully supported with WSFC.

    Data protection improvements

    VMware made major enhancements to data protection products in late 2013, with the advent of VMware Data Protection Advanced (VDP-A) in vSphere 5.5. The unique release, VDP 6.0, merges the functionality of VDP and VDP-A and is the only release available under vSphere 6 (it is free to complete customers of Essentials Plus Kit 6.0, vSphere with Operations Management 6.0 editions, and complete vCloud Suite 6.0 editions).

    Before the vSphere 6 release, poignant a replica of a VM on the remote site using Storage vMotion required a plenary synchronization before the VM could be moved.

    VDP 6.0 is based on EMC Avamar and uses variable-length data deduplication technology to fulfill disk-based backups for minuscule to medium-sized businesses. It is integrated with vSphere and ESXi and is managed entirely by the VM administrator, using vCenter and VMware Web Client. It is designed to protect up to 800 VMs (using up to 10 VDP appliances, each of which can advocate up to 200 VMs and 8 TB of deduplicated data), even though realistically it works best for about 100 to 250 VMs. For larger configurations, a customer can integrate with Data Domain appliances. VDP 6.0 has built-in functionality for replication for backups, either to other VDP 6.0 appliances or to EMC Avamar appliances that may already be present in some larger accounts.

    External proxies are now supported. These can be deployed in other vSphere clusters in the local site, or in remote sites for increased efficiency in network bandwidth utilization. Up to 24 concurrent streams of backup are feasible with external proxies. Red Hat Enterprise Linux rational Volume Manager and Ext4 file system are supported.

    But, VDP 6.0 has limitations. It is designed for customers that find an RPO of 24 hours to be acceptable. VMs can be recovered within a achieve of five minutes to a few hours, according to VMware. SRM is not supported. If better RPOs and RTOs are required, VMware recommends using third-party backup products and vSphere Replication for VM replication (vs. backup replication, as in the case of VDP 6.0).

    vSphere Replication updates

    Full synchronizations are now more efficient for specific storage arrays, because vSphere Replication can interact with vSphere and win storage allocation information to reduce network traffic. Before the vSphere 6 release, poignant a replica of a VM on the remote site using Storage vMotion required a plenary synchronization before the VM could be moved. This is no longer the case. The End result is it is much easier to equilibrium resources using Storage vMotion and DRS, without violating RPOs for VM recovery.

    Up to 24 recovery points can be chosen per VM. RPOs as fine as 15 minutes may be set on a per-VM basis. The vSphere Replication already used CBT to minimize network traffic but now the admin may pick compression as an option, for even more network bandwidth efficiency.

    It is significant to understand that vSphere Replication is not associated with VDP 6.0, which has its own replication engine. Also, vSphere Replication is designed to replicate VMs whereas the replication engine built into VDP is designed to replicate backup objects that contain VMs. No data deduplication technology is built into vSphere Replication. Unlike VDP 6.0 this product is designed to be used with third-party tools, not just VMware's own tools.

    VSAN introduces all-flash configuration

    The introduction of Virtual Volumes (VVOLs) and improvements to Virtual SAN (VSAN) are the most significant aspects of the vSphere 6 release. Both of these products are designed to abstract and pool storage and storage services to allow provisioning, monitoring and management of storage on a policy basis, at a VM level of granularity.

    The introduction of Virtual Volumes (VVOLs) and enhancements to Virtual SAN (VSAN) are the most significant aspects of the vSphere 6 release.

    The previous version of VSAN only supported a hybrid configuration in which glance was used exclusively as read cache and difficult disk drives (HDDs) as persistent capacity tier. VSAN 6.0 introduces an all-flash configuration where a portion of the glance capacity (solid-state drive- or PCIe-based) is used exclusively as write cache and the remaining capacity is used as a persistent tier. Scaling can be achieved across both performance and capacity by adding fully configured nodes (hybrid or all-flash), or independently by adding additional glance for performance or additional HDDs for capacity. In an all-flash configuration, additional capacity can be added with PCIe glance or solid-state drives by marking them for capacity, rather than caching. VMware too increased the maximum capacity of a virtual disk to 62 TB.

    The performance of both the hybrid and all-flash models was enhanced with a unique disk format. In enjoy configurations and workloads, the hybrid configuration performance increased by a factor of 2x over VSAN 5.5, according to VMware. The all-flash version delivers a 4x performance multiple over a similarly configured VSAN 5.5 (i.e., 2x the performance of a hybrid).

    The maximum cluster size was increased from 32 to 64 nodes. Both hybrid and all-flash models can advocate up to 200 VMs per node, for a maximum of 6,400 VMs per cluster. The unique models allow VSAN-based configurations to advocate workloads exemplified by tier 1 mission-critical applications.

    In a 32-node cluster, VMware measured in excess of 4M IOPS for 100% reads and greater than 1.2M IOPS for mixed workloads of 70% reads and 30% writes, yielding 40K IOPS per host. In an all-flash version, the IOPS jump to 7M for read-only workloads, for an average of 90K IOPS per host. The 64-node clusters are expected to capitulate linear increases in performance.

    Snapshot and clone functionality was improved as well. The system allows the creation of up to 32 snapshots/clones per VM, or 16K snapshots/clones per cluster.

    Additional improvements relating to power failures or rack failures were added and blade infrastructures are now supported.

    Vendors vouch for VVOLs

    What VSAN does for direct attached storage, VVOLs achieve for external storage. I covered VVOLs extensively in an April 2015 article for Storage magazine. Since then, they own erudite more about the wide variety of implementations from various vendors.

    On the surface, most, if not all, storage vendors own pledged advocate for VVOLs. But under the covers, the differences in implementations are astounding. In a survey of 11 vendors (Dell, EMC, HDS, HP, IBM, Kaminario, NetApp, Nexenta, NexGen, simple Storage and SolidFire) conducted in March 2015, Taneja Group asked 32 questions to understand these differences. They categorized the vendors into one of three types:

  • Type 1 products deliver the most rudimentary advocate of VVOLs in which the user can carve out a number of static storage containers, each with a unique set of qualities (class of service). These could comprehend the type of storage and the variety of storage services available (snapshots, compression and so on).
  • Type 2 products are exemplified by the creation of a solitary storage container with a wide variety of storage types and services, any of which may be selected (or not) to bear a unique set of capabilities that can then be applied to a given VM. attribute of service (QoS) is too a hallmark of type 2 products. That means minimum or maximum resources (capacity, IOPS, latency, throughput) can be assigned to a given VM and the SPBM policy engine would deference these.
  • Type 3 extends type 2 with the aptitude to deal with resource contention. In other words, not only does it offer QoS functionality but it too knows how to deal with multiple VMs vying for resources when the array functionality is maxed out.
  • Most vendor products fell in the type 1 and type 2 categories, with only NexGen showing up in the type 3 category.

    Beyond the type of implementation, they discovered vast differences in scalability of products. For instance, the number of Protocol Endpoints (PEs) per Storage Container (SC), SCs per array, VVOLs-based VMs per array, VVOLs per array, VVOL-snapshots per array, clones per VM and clones per array varied widely across vendor products and sometimes even between different products from the identical vendor. For example, the total number of VVOLs per HDS arrays was listed as 400,000 (file) or 64,000 (block) plus 1 million snapshots (for either file or obscure products). This contrasted with only 1,024 supported VVOLs per array for Dell's EqualLogic product.

    The number and type of data services that can be surfaced via VASA 2.0 to Storage Policy-Based Management too varied across the board. These differences point out several facts. First, implementing VVOLs advocate in existing arrays is nontrivial and the architecture plays a significant role in how fully VVOLs can be supported. Second, the specs will impose how far one can scale a product. The number of VMs an array can advocate is directly related to the number of VVOLs it can support, given each VM uses up a minimum of three VVOLs and each snapshot costs one VVOL. These are not necessarily an indication of weakness, as many other factors impose which array is perquisite for a given job, but it does betoken how far the array can depart in the dimension of VVOL support. The plenary list of questions they asked in the survey is available by sending us an email.

    Make no mistake: vSphere 6 is a major release from VMware by any standard. It is loaded with storage functionality from top to bottom, with significant increases in configuration maximums and major enhancements in VSAN, HA, FT, WSFC, data protection, replication and vMotion. And of course, the introduction of VVOLs puts VM-centricity in the forefront and brings external storage within VMware's software-defined vision.


    Secure Technology Integration Group, Ltd. (STIGroup, Ltd.) Joins Pano Logic Reseller Network | killexams.com existent questions and Pass4sure dumps

    SOURCE: Pano Logic

    Pano Logic

    March 17, 2011 08:00 ET

    REDWOOD CITY, CA--(Marketwire - March 17, 2011) - Pano Logic, the leader in zero client desktop virtualization (VDI), today announced Secure Technology Integration Group, Ltd. has joined its network of resellers that assist organizations with centralizing their desktop computing infrastructures using Pano Logic's innovative hardware and software solution. As a channel partner, STIGroup, will bring the Pano Logic solution to organizations in Information Technology throughout unique York City and its tri-state region as well as locations throughout the U.S. and abroad. Pano Logic utilizes a network of more than 250 partners worldwide to deliver its solutions to End users and assist in deployment and support.

    "Today's unique market conditions are forcing businesses to modernize and scale technology implementations without the benefit of a corresponding augment in IT staffing. Desktop virtualization technologies that offer cost and operational efficiencies are compelling in this context, but many don't demonstrate a transparent upgrade path for existing implementations with a predictable ROI," said Richard Shinnick, President of STIGroup. "Our clients leer to us for a VDI solution that allows their IT organization to be an enabler for their corporate vision in spite of the challenging market conditions. Pano Logic enables STIGroup to deliver on this challenge."

    Pano Logic's purpose-built solution for desktop virtualization is sold through strategic channel resellers, who own core expertise and own invested in Pano Logic certification. Pano Logic offers the only zero client certification program to train resellers on assessing, deploying and optimizing Pano Logic across a achieve of network infrastructures. Partners ensure that Pano Logic pilot programs are deployed successfully and provide the guidance needed to compute total cost of ownership to achieve buy-in within the organization.

    In addition, Pano certified partners may offer the QuickStart Service, a one-day program that pairs unique customers with a certified ally for assessment, planning, building and managing unique rollouts. The QuickStart service too sets up End users with post-implementation ROI models and TCO savings reports for evaluation and reporting purposes.

    "We are aggressively investing in and expanding their channel worldwide to meet the rising require for their VDI solution and they welcome the arrival of STIGroup in their network," said David Butler, Vice President of Sales, Pano Logic. "We're seeking to provide customers with the best sustain possible and resellers such as STIGroup play a meaningful role in their success."

    The Pano System is a complete end-to End virtual desktop solution that includes the Pano Manager, a virtual machine manager and connection broker, the unique Pano Device zero client, and Pano Direct, providing the connection to completely centralized virtual desktops. Pano Logic is the only zero client system that independently interoperates with complete three leading hypervisors and their management systems. The Pano System starts at $389 per seat, which includes one year of advocate and maintenance, and is too available in a pre-configured, pre-loaded all-in 50-user suite, Pano Express, combining VMware vSphere™ Essentials, Microsoft Windows 7/XP licenses, and HP server and storage hardware with Pano Logic's award-winning zero client platform.

    About Pano Logic Pano Logic is the leader in Zero Client Desktop Computing. Pano Logic's innovative hardware and software solution -- Pano System -- redefines the delivery and management of End user computing by radically centralizing desktop management. The Pano Logic zero client platform is a complete end-to-end solution purpose-built for desktop virtualization, simplifying the complexity and management of virtual desktops and slashing TCO by as much as 80 percent. The patent-pending Pano Direct technology eliminates the need for costly processing power at the endpoint, making it possible to own an endpoint device that contains NO processor, NO operating system, NO memory, NO drivers, NO firmware, NO software, NOR any poignant parts, completely eliminating endpoint management and security breaches, while slashing energy consumption by 95 percent as compared to a PC. The Pano generation of computing, built for virtualization, can plug and play into 99 percent of complete hypervisor infrastructures, including VMware, Microsoft HyperV and Citrix XenDesktop and interoperate with their management systems. To learn more, visit http://www.panologic.com


    GSSAPI Authentication and Kerberos v5 | killexams.com existent questions and Pass4sure dumps

    This chapter is from the book 

    This section discusses the GSSAPI mechanism, in particular, Kerberos v5 and how this works in conjunction with the Sun ONE Directory Server 5.2 software and what is involved in implementing such a solution. please be sensible that this is not a picayune task.

    It’s worth taking a brief leer at the relationship between the Generic Security Services Application Program Interface (GSSAPI) and Kerberos v5.

    The GSSAPI does not actually provide security services itself. Rather, it is a framework that provides security services to callers in a generic fashion, with a achieve of underlying mechanisms and technologies such as Kerberos v5. The current implementation of the GSSAPI only works with the Kerberos v5 security mechanism. The best route to believe about the relationship between GSSAPI and Kerberos is in the following manner: GSSAPI is a network authentication protocol abstraction that allows Kerberos credentials to be used in an authentication exchange. Kerberos v5 must be installed and running on any system on which GSSAPI-aware programs are running.

    The advocate for the GSSAPI is made possible in the directory server through the introduction of a unique SASL library, which is based on the Cyrus CMU implementation. Through this SASL framework, DIGEST-MD5 is supported as explained previously, and GSSAPI which implements Kerberos v5. Additional GSSAPI mechanisms Do exist. For example, GSSAPI with SPNEGO advocate would be GSS-SPNEGO. Other GSS mechanism names are based on the GSS mechanisms OID.

    The Sun ONE Directory Server 5.2 software only supports the exhaust of GSSAPI on Solaris OE. There are implementations of GSSAPI for other operating systems (for example, Linux), but the Sun ONE Directory Server 5.2 software does not exhaust them on platforms other than the Solaris OE.

    Understanding GSSAPI

    The Generic Security Services Application Program Interface (GSSAPI) is a yardstick interface, defined by RFC 2743, that provides a generic authentication and secure messaging interface, whereby these security mechanisms can be plugged in. The most commonly referred to GSSAPI mechanism is the Kerberos mechanism that is based on clandestine key cryptography.

    One of the main aspects of GSSAPI is that it allows developers to add secure authentication and privacy (encryption and or integrity checking) protection to data being passed over the wire by writing to a solitary programming interface. This is shown in device 3-2.

    03fig02.gifFigure 3-2. GSSAPI Layers

    The underlying security mechanisms are loaded at the time the programs are executed, as opposed to when they are compiled and built. In practice, the most commonly used GSSAPI mechanism is Kerberos v5. The Solaris OE provides a few different flavors of Diffie-Hellman GSSAPI mechanisms, which are only useful to NIS+ applications.

    What can be confusing is that developers might write applications that write directly to the Kerberos API, or they might write GSSAPI applications that request the Kerberos mechanism. There is a mammoth difference, and applications that talk Kerberos directly cannot communicate with those that talk GSSAPI. The wire protocols are not compatible, even though the underlying Kerberos protocol is in use. An case is telnet with Kerberos is a secure telnet program that authenticates a telnet user and encrypts data, including passwords exchanged over the network during the telnet session. The authentication and message protection features are provided using Kerberos. The telnet application with Kerberos only uses Kerberos, which is based on secret-key technology. However, a telnet program written to the GSSAPI interface can exhaust Kerberos as well as other security mechanisms supported by GSSAPI.

    The Solaris OE does not deliver any libraries that provide advocate for third-party companies to program directly to the Kerberos API. The goal is to hearten developers to exhaust the GSSAPI. Many open-source Kerberos implementations (MIT, Heimdal) allow users to write Kerberos applications directly.

    On the wire, the GSSAPI is compatible with Microsoft’s SSPI and thus GSSAPI applications can communicate with Microsoft applications that exhaust SSPI and Kerberos.

    The GSSAPI is preferred because it is a standardized API, whereas Kerberos is not. This means that the MIT Kerberos progress team might change the programming interface anytime, and any applications that exist today might not drudgery in the future without some code modifications. Using GSSAPI avoids this problem.

    Another benefit of GSSAPI is its pluggable feature, which is a mammoth benefit, especially if a developer later decides that there is a better authentication method than Kerberos, because it can easily be plugged into the system and the existing GSSAPI applications should be able to exhaust it without being recompiled or patched in any way.

    Understanding Kerberos v5

    Kerberos is a network authentication protocol designed to provide sturdy authentication for client/server applications by using secret-key cryptography. Originally developed at the Massachusetts Institute of Technology, it is included in the Solaris OE to provide sturdy authentication for Solaris OE network applications.

    In addition to providing a secure authentication protocol, Kerberos too offers the aptitude to add privacy advocate (encrypted data streams) for remote applications such as telnet, ftp, rsh, rlogin, and other common UNIX network applications. In the Solaris OE, Kerberos can too be used to provide sturdy authentication and privacy advocate for Network File Systems (NFS), allowing secure and private file sharing across the network.

    Because of its widespread acceptance and implementation in other operating systems, including Windows 2000, HP-UX, and Linux, the Kerberos authentication protocol can interoperate in a heterogeneous environment, allowing users on machines running one OS to securely authenticate themselves on hosts of a different OS.

    The Kerberos software is available for Solaris OE versions 2.6, 7, 8, and 9 in a part package called the Sun Enterprise Authentication Mechanism (SEAM) software. For Solaris 2.6 and Solaris 7 OE, Sun Enterprise Authentication Mechanism software is included as Part of the Solaris light Access Server 3.0 (Solaris SEAS) package. For Solaris 8 OE, the Sun Enterprise Authentication Mechanism software package is available with the Solaris 8 OE Admin Pack.

    For Solaris 2.6 and Solaris 7 OE, the Sun Enterprise Authentication Mechanism software is freely available as Part of the Solaris light Access Server 3.0 package available for download from:

    http://www.sun.com/software/solaris/7/ds/ds-seas.

    For Solaris 8 OE systems, Sun Enterprise Authentication Mechanism software is available in the Solaris 8 OE Admin Pack, available for download from:

    http://www.sun.com/bigadmin/content/adminPack/index.html.

    For Solaris 9 OE systems, Sun Enterprise Authentication Mechanism software is already installed by default and contains the following packages listed in TABLE 3-1.

    Table 3-1. Solaris 9 OE Kerberos v5 Packages

    Package Name

    Description

    SUNWkdcr

    Kerberos v5 KDC (root)

    SUNWkdcu

    Kerberos v5 Master KDC (user)

    SUNWkrbr

    Kerberos version 5 advocate (Root)

    SUNWkrbu

    Kerberos version 5 advocate (Usr)

    SUNWkrbux

    Kerberos version 5 advocate (Usr) (64-bit)

    All of these Sun Enterprise Authentication Mechanism software distributions are based on the MIT KRB5 Release version 1.0. The client programs in these distributions are compatible with later MIT releases (1.1, 1.2) and with other implementations that are compliant with the standard.

    How Kerberos Works

    The following is an overview of the Kerberos v5 authentication system. From the user’s standpoint, Kerberos v5 is mostly invisible after the Kerberos session has been started. Initializing a Kerberos session often involves no more than logging in and providing a Kerberos password.

    The Kerberos system revolves around the concept of a ticket. A ticket is a set of electronic information that serves as identification for a user or a service such as the NFS service. Just as your driver’s license identifies you and indicates what driving permissions you have, so a ticket identifies you and your network access privileges. When you fulfill a Kerberos-based transaction (for example, if you exhaust rlogin to log in to another machine), your system transparently sends a request for a ticket to a Key Distribution Center, or KDC. The KDC accesses a database to authenticate your identity and returns a ticket that grants you leave to access the other machine. Transparently means that you Do not need to explicitly request a ticket.

    Tickets own inescapable attributes associated with them. For example, a ticket can be forwardable (which means that it can be used on another machine without a unique authentication process), or postdated (not cogent until a specified time). How tickets are used (for example, which users are allowed to obtain which types of tickets) is set by policies that are determined when Kerberos is installed or administered.

    You will frequently discern the terms credential and ticket. In the Kerberos world, they are often used interchangeably. Technically, however, a credential is a ticket plus the session key for that session.

    Initial Authentication

    Kerberos authentication has two phases, an initial authentication that allows for complete subsequent authentications, and the subsequent authentications themselves.

    A client (a user, or a service such as NFS) begins a Kerberos session by requesting a ticket-granting ticket (TGT) from the Key Distribution headquarters (KDC). This request is often done automatically at login.

    A ticket-granting ticket is needed to obtain other tickets for specific services. believe of the ticket-granting ticket as something similar to a passport. enjoy a passport, the ticket-granting ticket identifies you and allows you to obtain numerous “visas,” where the “visas” (tickets) are not for eccentric countries, but for remote machines or network services. enjoy passports and visas, the ticket-granting ticket and the other various tickets own limited lifetimes. The disagreement is that Kerberized commands notice that you own a passport and obtain the visas for you. You don’t own to fulfill the transactions yourself.

    The KDC creates a ticket-granting ticket and sends it back, in encrypted form, to the client. The client decrypts the ticket-granting ticket using the client’s password.

    Now in possession of a cogent ticket-granting ticket, the client can request tickets for complete sorts of network operations for as long as the ticket-granting ticket lasts. This ticket usually lasts for a few hours. Each time the client performs a unique network operation, it requests a ticket for that operation from the KDC.

    Subsequent Authentications

    The client requests a ticket for a particular service from the KDC by sending the KDC its ticket-granting ticket as proof of identity.

  • The KDC sends the ticket for the specific service to the client.

    For example, suppose user lucy wants to access an NFS file system that has been shared with krb5 authentication required. Since she is already authenticated (that is, she already has a ticket-granting ticket), as she attempts to access the files, the NFS client system automatically and transparently obtains a ticket from the KDC for the NFS service.

  • The client sends the ticket to the server.

    When using the NFS service, the NFS client automatically and transparently sends the ticket for the NFS service to the NFS server.

  • The server allows the client access.

    These steps beget it emerge that the server doesn’t ever communicate with the KDC. The server does, though, as it registers itself with the KDC, just as the first client does.

  • Principals

    A client is identified by its principal. A principal is a unique identity to which the KDC can assign tickets. A principal can be a user, such as joe, or a service, such as NFS.

    By convention, a principal title is divided into three parts: the primary, the instance, and the realm. A typical principal could be, for example, lucy/admin@EXAMPLE.COM, where:

    lucy is the primary. The primary can be a user name, as shown here, or a service, such as NFS. The primary can too be the word host, which signifies that this principal is a service principal that is set up to provide various network services.

    admin is the instance. An instance is optional in the case of user principals, but it is required for service principals. For example, if the user lucy sometimes acts as a system administrator, she can exhaust lucy/admin to distinguish herself from her accustomed user identity. Likewise, if Lucy has accounts on two different hosts, she can exhaust two principal names with different instances (for example, lucy/california.example.com and lucy/boston.example.com).

    Realms

    A realm is a rational network, similar to a domain, which defines a group of systems under the identical master KDC. Some realms are hierarchical (one realm being a superset of the other realm). Otherwise, the realms are non-hierarchical (or direct) and the mapping between the two realms must be defined.

    Realms and KDC Servers

    Each realm must comprehend a server that maintains the master copy of the principal database. This server is called the master KDC server. Additionally, each realm should contain at least one slave KDC server, which contains duplicate copies of the principal database. Both the master KDC server and the slave KDC server create tickets that are used to establish authentication.

    Understanding the Kerberos KDC

    The Kerberos Key Distribution headquarters (KDC) is a trusted server that issues Kerberos tickets to clients and servers to communicate securely. A Kerberos ticket is a obscure of data that is presented as the user’s credentials when attempting to access a Kerberized service. A ticket contains information about the user’s identity and a temporary encryption key, complete encrypted in the server’s private key. In the Kerberos environment, any entity that is defined to own a Kerberos identity is referred to as a principal.

    A principal may be an entry for a particular user, host, or service (such as NFS or FTP) that is to interact with the KDC. Most commonly, the KDC server system too runs the Kerberos Administration Daemon, which handles administrative commands such as adding, deleting, and modifying principals in the Kerberos database. Typically, the KDC, the admin server, and the database are complete on the identical machine, but they can be separated if necessary. Some environments may require that multiple realms be configured with master KDCs and slave KDCs for each realm. The principals applied for securing each realm and KDC should be applied to complete realms and KDCs in the network to ensure that there isn’t a solitary feeble link in the chain.

    One of the first steps to seize when initializing your Kerberos database is to create it using the kdb5_util command, which is located in /usr/sbin. When running this command, the user has the choice of whether to create a stash file or not. The stash file is a local copy of the master key that resides on the KDC’s local disk. The master key contained in the stash file is generated from the master password that the user enters when first creating the KDC database. The stash file is used to authenticate the KDC to itself automatically before starting the kadmind and krb5kdc daemons (for example, as Part of the machine’s boot sequence).

    If a stash file is not used when the database is created, the administrator who starts up the krb5kdc process will own to manually enter the master key (password) every time they start the process. This may seem enjoy a typical trade off between convenience and security, but if the repose of the system is sufficiently hardened and protected, very miniature security is lost by having the master key stored in the protected stash file. It is recommended that at least one slave KDC server be installed for each realm to ensure that a backup is available in the event that the master server becomes unavailable, and that slave KDC be configured with the identical level of security as the master.

    Currently, the Sun Kerberos v5 Mechanism utility, kdb5_util, can create three types of keys, DES-CBC-CRC, DES-CBC-MD5, and DES-CBC-RAW. DES-CBC stands for DES encryption with Cipher obscure Chaining and the CRC, MD5, and RAW designators mention to the checksum algorithm that is used. By default, the key created will be DES-CBC-CRC, which is the default encryption type for the KDC. The type of key created is specified on the command line with the -k option (see the kdb5_util (1M) man page). pick the password for your stash file very carefully, because this password can be used in the future to decrypt the master key and modify the database. The password may be up to 1024 characters long and can comprehend any combination of letters, numbers, punctuation, and spaces.

    The following is an case of creating a stash file:

    kdc1 #/usr/sbin/kdb5_util create -r EXAMPLE.COM -s Initializing database '/var/krb5/principal' for realm 'EXAMPLE.COM' master key title 'K/M@EXAMPLE.COM' You will be prompted for the database Master Password. It is significant that you NOT FORGET this password. Enter KDC database master key: master_key Re-enter KDC database master key to verify: master_key

    Notice the exhaust of the -s controversy to create the stash file. The location of the stash file is in the /var/krb5. The stash file appears with the following mode and ownership settings:

    kdc1 # cd /var/krb5 kdc1 # ls -l -rw------- 1 root other 14 Apr 10 14:28 .k5.EXAMPLE.COM

    The directory used to store the stash file and the database should not be shared or exported.

    Secure Settings in the KDC Configuration File

    The KDC and Administration daemons both read configuration information from /etc/krb5/kdc.conf. This file contains KDC-specific parameters that govern overall conduct for the KDC and for specific realms. The parameters in the kdc.conf file are explained in detail in the kdc.conf(4) man page.

    The kdc.conf parameters record locations of various files and ports to exhaust for accessing the KDC and the administration daemon. These parameters generally Do not need to be changed, and doing so does not result in any added security. However, there are some parameters that may be adjusted to enhance the overall security of the KDC. The following are some examples of adjustable parameters that enhance security.

  • kdc_ports – Defines the ports that the KDC will listen on to receive requests. The yardstick port for Kerberos v5 is 88. 750 is included and commonly used to advocate older clients that soundless exhaust the default port designated for Kerberos v4. Solaris OE soundless listens on port 750 for backwards compatibility. This is not considered a security risk.

  • max_life – Defines the maximum lifetime of a ticket, and defaults to eight hours. In environments where it is desirable to own users re-authenticate frequently and to reduce the chance of having a principal’s credentials stolen, this value should be lowered. The recommended value is eight hours.

  • max_renewable_life – Defines the epoch of time from when a ticket is issued that it may be renewed (using kinit -R). The yardstick value here is 7 days. To disable renewable tickets, this value may be set to 0 days, 0 hrs, 0 min. The recommended value is 7d 0h 0m 0s.

  • default_principal_expiration – A Kerberos principal is any unique identity to which Kerberos can assign a ticket. In the case of users, it is the identical as the UNIX system user name. The default lifetime of any principal in the realm may be defined in the kdc.conf file with this option. This should be used only if the realm will contain temporary principals, otherwise the administrator will own to constantly be renewing principals. Usually, this setting is left undefined and principals Do not expire. This is not insecure as long as the administrator is vigilant about removing principals for users that no longer need access to the systems.

  • supported_enctypes – The encryption types supported by the KDC may be defined with this option. At this time, Sun Enterprise Authentication Mechanism software only supports des-cbc-crc:normal encryption type, but in the future this may be used to ensure that only sturdy cryptographic ciphers are used.

  • dict_file – The location of a dictionary file containing strings that are not allowed as passwords. A principal with any password policy (see below) will not be able to exhaust words organize in this dictionary file. This is not defined by default. Using a dictionary file is a satisfactory route to avert users from creating picayune passwords to protect their accounts, and thus helps avoid one of the most common weaknesses in a computer network-guessable passwords. The KDC will only check passwords against the dictionary for principals which own a password policy association, so it is satisfactory exercise to own at least one simple policy associated with complete principals in the realm.

  • The Solaris OE has a default system dictionary that is used by the spell program that may too be used by the KDC as a dictionary of common passwords. The location of this file is: /usr/share/lib/dict/words. Other dictionaries may be substituted. The format is one word or phrase per line.

    The following is a Kerberos v5 /etc/krb5/kdc.conf case with suggested settings:

    # Copyright 1998-2002 Sun Microsystems, Inc. complete rights reserved. # exhaust is topic to license terms. # #ident "@(#)kdc.conf 1.2 02/02/14 SMI" [kdcdefaults] kdc_ports = 88,750 [realms] ___default_realm___ = { profile = /etc/krb5/krb5.conf database_name = /var/krb5/principal admin_keytab = /etc/krb5/kadm5.keytab acl_file = /etc/krb5/kadm5.acl kadmind_port = 749 max_life = 8h 0m 0s max_renewable_life = 7d 0h 0m 0s default_principal_flags = +preauth Needs poignant -- dict_file = /usr/share/lib/dict/words } Access Control

    The Kerberos administration server allows for granular control of the administrative commands by exhaust of an access control list (ACL) file (/etc/krb5/kadm5.acl). The syntax for the ACL file allows for wildcarding of principal names so it is not necessary to list every solitary administrator in the ACL file. This feature should be used with grand care. The ACLs used by Kerberos allow privileges to be broken down into very precise functions that each administrator can perform. If a inescapable administrator only needs to be allowed to own read-access to the database then that person should not be granted plenary admin privileges. Below is a list of the privileges allowed:

  • a – Allows the addition of principals or policies in the database.

  • A – Prohibits the addition of principals or policies in the database.

  • d – Allows the deletion of principals or policies in the database.

  • D – Prohibits the deletion of principals or policies in the database.

  • m – Allows the modification of principals or policies in the database.

  • M – Prohibits the modification of principals or policies in the database.

  • c – Allows the changing of passwords for principals in the database.

  • C – Prohibits the changing of passwords for principals in the database.

  • i – Allows inquiries to the database.

  • I – Prohibits inquiries to the database.

  • l – Allows the listing of principals or policies in the database.

  • L – Prohibits the listing of principals or policies in the database.

  • * – Short for complete privileges (admcil).

  • x – Short for complete privileges (admcil). Identical to *.

  • Adding Administrators

    After the ACLs are set up, actual administrator principals should be added to the system. It is strongly recommended that administrative users own part /admin principals to exhaust only when administering the system. For example, user Lucy would own two principals in the database - lucy@REALM and lucy/admin@REALM. The /admin principal would only be used when administering the system, not for getting ticket-granting-tickets (TGTs) to access remote services. Using the /admin principal only for administrative purposes minimizes the chance of someone walking up to Joe’s unattended terminal and performing unauthorized administrative commands on the KDC.

    Kerberos principals may be differentiated by the instance Part of their principal name. In the case of user principals, the most common instance identifier is /admin. It is yardstick exercise in Kerberos to differentiate user principals by defining some to be /admin instances and others to own no specific instance identifier (for example, lucy/admin@REALM versus lucy@REALM). Principals with the /admin instance identifier are assumed to own administrative privileges defined in the ACL file and should only be used for administrative purposes. A principal with an /admin identifier which does not match up with any entries in the ACL file will not be granted any administrative privileges, it will be treated as a non-privileged user principal. Also, user principals with the /admin identifier are given part passwords and part permissions from the non-admin principal for the identical user.

    The following is a sample /etc/krb5/kadm5.acl file:

    # Copyright (c) 1998-2000 by Sun Microsystems, Inc. # complete rights reserved. # #pragma ident "@(#)kadm5.acl 1.1 01/03/19 SMI" # lucy/admin is given plenary administrative privilege lucy/admin@EXAMPLE.COM * # # tom/admin user is allowed to query the database (d), listing principals # (l), and changing user passwords (c) # tom/admin@EXAMPLE.COM dlc

    It is highly recommended that the kadm5.acl file be tightly controlled and that users be granted only the privileges they need to fulfill their assigned tasks.

    Creating Host Keys

    Creating host keys for systems in the realm such as slave KDCs is performed the identical route that creating user principals is performed. However, the -randkey option should always be used, so no one ever knows the actual key for the hosts. Host principals are almost always stored in the keytab file, to be used by root-owned processes that wish to act as Kerberos services for the local host. It is rarely necessary for anyone to actually know the password for a host principal because the key is stored safely in the keytab and is only accessible by root-owned processes, never by actual users.

    When creating keytab files, the keys should always be extracted from the KDC on the identical machine where the keytab is to reside using the ktadd command from a kadmin session. If this is not feasible, seize grand confidence in transferring the keytab file from one machine to the next. A malicious attacker who possesses the contents of the keytab file could exhaust these keys from the file in order to gain access to another user or services credentials. Having the keys would then allow the attacker to impersonate whatever principal that the key represented and further compromise the security of that Kerberos realm. Some suggestions for transferring the keytab are to exhaust Kerberized, encrypted ftp transfers, or to exhaust the secure file transfer programs scp or sftp offered with the SSH package (http://www.openssh.org). Another safe method is to dwelling the keytab on a removable disk, and hand-deliver it to the destination.

    Hand delivery does not scale well for great installations, so using the Kerberized ftp daemon is perhaps the most convenient and secure method available.

    Using NTP to Synchronize Clocks

    All servers participating in the Kerberos realm need to own their system clocks synchronized to within a configurable time limit (default 300 seconds). The safest, most secure route to systematically synchronize the clocks on a network of Kerberos servers is by using the Network Time Protocol (NTP) service. The Solaris OE comes with an NTP client and NTP server software (SUNWntpu package). discern the ntpdate(1M) and xntpd(1M) man pages for more information on the individual commands. For more information on configuring NTP, mention to the following Sun BluePrints OnLine NTP articles:

    It is faultfinding that the time be synchronized in a secure manner. A simple denial of service bombard on either a client or a server would involve just skewing the time on that system to be outside of the configured clock skew value, which would then avert anyone from acquiring TGTs from that system or accessing Kerberized services on that system. The default clock-skew value of five minutes is the maximum recommended value.

    The NTP infrastructure must too be secured, including the exhaust of server hardening for the NTP server and application of NTP security features. Using the Solaris Security Toolkit software (formerly known as JASS) with the secure.driver script to create a minimal system and then installing just the necessary NTP software is one such method. The Solaris Security Toolkit software is available at:

    http://www.sun.com/security/jass/

    Documentation on the Solaris Security Toolkit software is available at:

    http://www.sun.com/security/blueprints

    Establishing Password Policies

    Kerberos allows the administrator to define password policies that can be applied to some or complete of the user principals in the realm. A password policy contains definitions for the following parameters:

  • Minimum Password Length – The number of characters in the password, for which the recommended value is 8.

  • Maximum Password Classes – The number of different character classes that must be used to beget up the password. Letters, numbers, and punctuation are the three classes and cogent values are 1, 2, and 3. The recommended value is 2.

  • Saved Password History – The number of previous passwords that own been used by the principal that cannot be reused. The recommended value is 3.

  • Minimum Password Lifetime (seconds) – The minimum time that the password must be used before it can be changed. The recommended value is 3600 (1 hour).

  • Maximum Password Lifetime (seconds) – The maximum time that the password can be used before it must be changed. The recommended value is 7776000 (90 days).

  • These values can be set as a group and stored as a solitary policy. Different policies can be defined for different principals. It is recommended that the minimum password length be set to at least 8 and that at least 2 classes be required. Most people attend to pick easy-to-remember and easy-to-type passwords, so it is a satisfactory notion to at least set up policies to hearten slightly more difficult-to-guess passwords through the exhaust of these parameters. Setting the Maximum Password Lifetime value may be helpful in some environments, to oblige people to change their passwords periodically. The epoch is up to the local administrator according to the overriding corporate security policy used at that particular site. Setting the Saved Password History value combined with the Minimum Password Lifetime value prevents people from simply switching their password several times until they win back to their original or favorite password.

    The maximum password length supported is 255 characters, unlike the UNIX password database which only supports up to 8 characters. Passwords are stored in the KDC encrypted database using the KDC default encryption method, DES-CBC-CRC. In order to avert password guessing attacks, it is recommended that users pick long passwords or pass phrases. The 255 character limit allows one to pick a minuscule sentence or light to remember phrase instead of a simple one-word password.

    It is possible to exhaust a dictionary file that can be used to avert users from choosing common, easy-to-guess words (see “Secure Settings in the KDC Configuration File” on page 70). The dictionary file is only used when a principal has a policy association, so it is highly recommended that at least one policy be in sequel for complete principals in the realm.

    The following is an case password policy creation:

    If you specify a kadmin command without specifying any options, kadmin displays the syntax (usage information) for that command. The following code box shows this, followed by an actual add_policy command with options.

    kadmin: add_policy usage: add_policy [options] policy options are: [-maxlife time] [-minlife time] [-minlength length] [-minclasses number] [-history number] kadmin: add_policy -minlife "1 hour" -maxlife "90 days" -minlength 8 -minclasses 2 -history 3 passpolicy kadmin: get_policy passpolicy Policy: passpolicy Maximum password life: 7776000 Minimum password life: 3600 Minimum password length: 8 Minimum number of password character classes: 2 Number of ancient keys kept: 3 Reference count: 0

    This case creates a password policy called passpolicy which enforces a maximum password lifetime of 90 days, minimum length of 8 characters, a minimum of 2 different character classes (letters, numbers, punctuation), and a password history of 3.

    To apply this policy to an existing user, modify the following:

    kadmin: modprinc -policy passpolicy lucyPrincipal "lucy@EXAMPLE.COM" modified.

    To modify the default policy that is applied to complete user principals in a realm, change the following:

    kadmin: modify_policy -maxlife "90 days" -minlife "1 hour" -minlength 8 -minclasses 2 -history 3 default kadmin: get_policy default Policy: default Maximum password life: 7776000 Minimum password life: 3600 Minimum password length: 8 Minimum number of password character classes: 2 Number of ancient keys kept: 3 Reference count: 1

    The Reference signify value indicates how many principals are configured to exhaust the policy.

    The default policy is automatically applied to complete unique principals that are not given the identical password as the principal title when they are created. Any account with a policy assigned to it is uses the dictionary (defined in the dict_file parameter in /etc/krb5/kdc.conf) to check for common passwords.

    Backing Up a KDC

    Backups of a KDC system should be made regularly or according to local policy. However, backups should exclude the /etc/krb5/krb5.keytab file. If the local policy requires that backups be done over a network, then these backups should be secured either through the exhaust of encryption or possibly by using a part network interface that is only used for backup purposes and is not exposed to the identical traffic as the non-backup network traffic. Backup storage media should always be kept in a secure, fireproof location.

    Monitoring the KDC

    Once the KDC is configured and running, it should be continually and vigilantly monitored. The Sun Kerberos v5 software KDC logs information into the /var/krb5/kdc.log file, but this location can be modified in the /etc/krb5/krb5.conf file, in the logging section.

    [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log

    The KDC log file should own read and write permissions for the root user only, as follows:

    -rw------ 1 root other 750 25 May 10 17:55 /var/krb5/kdc.log Kerberos Options

    The /etc/krb5/krb5.conf file contains information that complete Kerberos applications exhaust to determine what server to talk to and what realm they are participating in. Configuring the krb5.conf file is covered in the Sun Enterprise Authentication Mechanism Software Installation Guide. too mention to the krb5.conf(4) man page for a plenary description of this file.

    The appdefaults section in the krb5.conf file contains parameters that control the conduct of many Kerberos client tools. Each implement may own its own section in the appdefaults section of the krb5.conf file.

    Many of the applications that exhaust the appdefaults section, exhaust the identical options; however, they might be set in different ways for each client application.

    Kerberos Client Applications

    The following Kerberos applications can own their conduct modified through the user of options set in the appdefaults section of the /etc/krb5/krb5.conf file or by using various command-line arguments. These clients and their configuration settings are described below.

    kinit

    The kinit client is used by people who want to obtain a TGT from the KDC. The /etc/krb5/krb5.conf file supports the following kinit options: renewable, forwardable, no_addresses, max_life, max_renewable_life and proxiable.

    telnet

    The Kerberos telnet client has many command-line arguments that control its behavior. mention to the man page for complete information. However, there are several arresting security issues involving the Kerberized telnet client.

    The telnet client uses a session key even after the service ticket which it was derived from has expired. This means that the telnet session remains vigorous even after the ticket originally used to gain access, is no longer valid. This is insecure in a strict environment, however, the trade off between ease of exhaust and strict security tends to rawboned in favor of ease-of-use in this situation. It is recommended that the telnet connection be re-initialized periodically by disconnecting and reconnecting with a unique ticket. The overall lifetime of a ticket is defined by the KDC (/etc/krb5/kdc.conf), normally defined as eight hours.

    The telnet client allows the user to forward a copy of the credentials (TGT) used to authenticate to the remote system using the -f and -F command-line options. The -f option sends a non-forwardable copy of the local TGT to the remote system so that the user can access Kerberized NFS mounts or other local Kerberized services on that system only. The -F option sends a forwardable TGT to the remote system so that the TGT can be used from the remote system to gain further access to other remote Kerberos services beyond that point. The -F option is a superset of -f. If the Forwardable and or forward options are set to deceptive in the krb5.conf file, these command-line arguments can be used to override those settings, thus giving individuals the control over whether and how their credentials are forwarded.

    The -x option should be used to whirl on encryption for the data stream. This further protects the session from eavesdroppers. If the telnet server does not advocate encryption, the session is closed. The /etc/krb5/krb5.conf file supports the following telnet options: forward, forwardable, encrypt, and autologin. The autologin [true/false] parameter tells the client to try and attempt to log in without prompting the user for a user name. The local user title is passed on to the remote system in the telnet negotiations.

    rlogin and rsh

    The Kerberos rlogin and rsh clients behave much the identical as their non-Kerberized equivalents. Because of this, it is recommended that if they are required to be included in the network files such as /etc/hosts.equiv and .rhosts that the root users directory be removed. The Kerberized versions own the added benefit of using Kerberos protocol for authentication and can too exhaust Kerberos to protect the privacy of the session using encryption.

    Similar to telnet described previously, the rlogin and rsh clients exhaust a session key after the service ticket which it was derived from has expired. Thus, for maximum security, rlogin and rsh sessions should be re-initialized periodically. rlogin uses the -f, -F, and -x options in the identical fashion as the telnet client. The /etc/krb5/krb5.conf file supports the following rlogin options: forward, forwardable, and encrypt.

    Command-line options override configuration file settings. For example, if the rsh section in the krb5.conf file indicates encrypt false, but the -x option is used on the command line, an encrypted session is used.

    rcp

    Kerberized rcp can be used to transfer files securely between systems using Kerberos authentication and encryption (with the -x command-line option). It does not prompt for passwords, the user must already own a cogent TGT before using rcp if they wish to exhaust the encryption feature. However, beware if the -x option is not used and no local credentials are available, the rcp session will revert to the standard, non-Kerberized (and insecure) rcp behavior. It is highly recommended that users always exhaust the -x option when using the Kerberized rcp client.The /etc/krb5/krb5.conf file supports the encrypt [true/false] option.

    login

    The Kerberos login program (login.krb5) is forked from a successful authentication by the Kerberized telnet daemon or the Kerberized rlogin daemon. This Kerberos login daemon is part from the yardstick Solaris OE login daemon and thus, the yardstick Solaris OE features such as BSM auditing are not yet supported when using this daemon. The /etc/krb5/krb5.conf file supports the krb5_get_tickets [true/false] option. If this option is set to true, then the login program will generate a unique Kerberos ticket (TGT) for the user upon proper authentication.

    ftp

    The Sun Enterprise Authentication Mechanism (SEAM) version of the ftp client uses the GSSAPI (RFC 2743) with Kerberos v5 as the default mechanism. This means that it uses Kerberos authentication and (optionally) encryption through the Kerberos v5 GSS mechanism. The only Kerberos-related command-line options are -f and -m. The -f option is the identical as described above for telnet (there is no need for a -F option). -m allows the user to specify an alternative GSS mechanism if so desired, the default is to exhaust the kerberos_v5 mechanism.

    The protection level used for the data transfer can be set using the protect command at the ftp prompt. Sun Enterprise Authentication Mechanism software ftp supports the following protection levels:

  • Clear unprotected, unencrypted transmission

  • Safe data is integrity protected using cryptographic checksums

  • Private data is transmitted with confidentiality and integrity using encryption

  • It is recommended that users set the protection level to private for complete data transfers. The ftp client program does not advocate or reference the krb5.conf file to find any optional parameters. complete ftp client options are passed on the command line. discern the man page for the Kerberized ftp client, ftp(1).

    In summary, adding Kerberos to a network can augment the overall security available to the users and administrators of that network. Remote sessions can be securely authenticated and encrypted, and shared disks can be secured and encrypted across the network. In addition, Kerberos allows the database of user and service principals to be managed securely from any machine which supports the SEAM software Kerberos protocol. SEAM is interoperable with other RFC 1510 compliant Kerberos implementations such as MIT Krb5 and some MS Windows 2000 vigorous Directory services. Adopting the practices recommended in this section further secure the SEAM software infrastructure to benefit ensure a safer network environment.

    Implementing the Sun ONE Directory Server 5.2 Software and the GSSAPI Mechanism

    This section provides a high-level overview, followed by the in-depth procedures that record the setup necessary to implement the GSSAPI mechanism and the Sun ONE Directory Server 5.2 software. This implementation assumes a realm of EXAMPLE.COM for this purpose. The following list gives an initial high-level overview of the steps required, with the next section providing the circumstantial information.

  • Setup DNS on the client machine. This is an significant step because Kerberos requires DNS.

  • Install and configure the Sun ONE Directory Server version 5.2 software.

  • Check that the directory server and client both own the SASL plug-ins installed.

  • Install and configure Kerberos v5.

  • Edit the /etc/krb5/krb5.conf file.

  • Edit the /etc/krb5/kdc.conf file.

  • Edit the /etc/krb5/kadm5.acl file.

  • Move the kerberos_v5 line so it is the first line in the /etc/gss/mech file.

  • Create unique principals using kadmin.local, which is an interactive commandline interface to the Kerberos v5 administration system.

  • Modify the rights for /etc/krb5/krb5.keytab. This access is necessary for the Sun ONE Directory Server 5.2 software.

  • Run /usr/sbin/kinit.

  • Check that you own a ticket with /usr/bin/klist.

  • Perform an ldapsearch, using the ldapsearch command-line implement from the Sun ONE Directory Server 5.2 software to test and verify.

  • The sections that ensue fill in the details.

    Configuring a DNS Client

    To be a DNS client, a machine must Run the resolver. The resolver is neither a daemon nor a solitary program. It is a set of dynamic library routines used by applications that need to know machine names. The resolver’s role is to resolve users’ queries. To Do that, it queries a title server, which then returns either the requested information or a referral to another server. Once the resolver is configured, a machine can request DNS service from a title server.

    The following case shows you how to configure the resolv.conf(4) file in the server kdc1 in the example.com domain.

    ; ; /etc/resolv.conf file for dnsmaster ; domain example.com nameserver 192.168.0.0 nameserver 192.168.0.1

    The first line of the /etc/resolv.conf file lists the domain title in the form:

    domain domainname

    No spaces or tabs are permitted at the End of the domain name. beget confident that you press recur immediately after the last character of the domain name.

    The second line identifies the server itself in the form:

    nameserver IP_address

    Succeeding lines list the IP addresses of one or two slave or cache-only title servers that the resolver should consult to resolve queries. title server entries own the form:

    nameserver IP_address

    IP_address is the IP address of a slave or cache-only DNS title server. The resolver queries these title servers in the order they are listed until it obtains the information it needs.

    For more circumstantial information of what the resolv.conf file does, mention to the resolv.conf(4) man page.

    To Configure Kerberos v5 (Master KDC)

    In the this procedure, the following configuration parameters are used:

  • Realm title = EXAMPLE.COM

  • DNS domain title = example.com

  • Master KDC = kdc1.example.com

  • admin principal = lucy/admin

  • Online benefit URL = http://example:8888/ab2/coll.384.1/SEAM/@AB2PageView/6956

  • This procedure requires that DNS is running.

    Before you open this configuration process, beget a backup of the /etc/krb5 files.

  • Become superuser on the master KDC. (kdc1, in this example)

  • Edit the Kerberos configuration file (krb5.conf).

    You need to change the realm names and the names of the servers. discern the krb5.conf(4) man page for a plenary description of this file.

    kdc1 # more /etc/krb5/krb5.conf [libdefaults] default_realm = EXAMPLE.COM [realms] EXAMPLE.COM = { kdc = kdc1.example.com admin server = kdc1.example.com } [domain_realm] .example.com = EXAMPLE.COM [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log [appdefaults] gkadmin = { help_url = http://example:8888/ab2/coll.384.1/SEAM/@AB2PageView/6956 }

    In this example, the lines for domain_realm, kdc, admin_server, and complete domain_realm entries were changed. In addition, the line with ___slave_kdcs___ in the [realms] section was deleted and the line that defines the help_url was edited.

  • Edit the KDC configuration file (kdc.conf).

    You must change the realm name. discern the kdc.conf( 4) man page for a plenary description of this file.

    kdc1 # more /etc/krb5/kdc.conf [kdcdefaults] kdc_ports = 88,750 [realms] EXAMPLE.COM= { profile = /etc/krb5/krb5.conf database_name = /var/krb5/principal admin_keytab = /etc/krb5/kadm5.keytab acl_file = /etc/krb5/kadm5.acl kadmind_port = 749 max_life = 8h 0m 0s max_renewable_life = 7d 0h 0m 0s need poignant ---------> default_principal_flags = +preauth }

    In this example, only the realm title definition in the [realms] section is changed.

  • Create the KDC database by using the kdb5_util command.

    The kdb5_util command, which is located in /usr/sbin, creates the KDC database. When used with the -s option, this command creates a stash file that is used to authenticate the KDC to itself before the kadmind and krb5kdc daemons are started.

    kdc1 # /usr/sbin/kdb5_util create -r EXAMPLE.COM -s Initializing database '/var/krb5/principal' for realm 'EXAMPLE.COM' master key title 'K/M@EXAMPLE.COM' You will be prompted for the database Master Password. It is significant that you NOT FORGET this password. Enter KDC database master key: key Re-enter KDC database master key to verify: key

    The -r option followed by the realm title is not required if the realm title is equivalent to the domain title in the server’s title space.

  • Edit the Kerberos access control list file (kadm5.acl).

    Once populated, the /etc/krb5/kadm5.acl file contains complete principal names that are allowed to administer the KDC. The first entry that is added might leer similar to the following:

    lucy/admin@EXAMPLE.COM *

    This entry gives the lucy/admin principal in the EXAMPLE.COM realm the aptitude to modify principals or policies in the KDC. The default installation includes an asterisk (*) to match complete admin principals. This default could be a security risk, so it is more secure to comprehend a list of complete of the admin principals. discern the kadm5.acl(4) man page for more information.

  • Edit the /etc/gss/mech file.

    The /etc/gss/mech file contains the GSSAPI based security mechanism names, its object identifier (OID), and a shared library that implements the services for that mechanism under the GSSAPI. Change the following from:

    # Mechanism title object Identifier Shared Library Kernel Module # diffie_hellman_640_0 1.3.6.4.1.42.2.26.2.4 dh640-0.so.1 diffie_hellman_1024_0 1.3.6.4.1.42.2.26.2.5 dh1024-0.so.1 kerberos_v5 1.2.840.113554.1.2.2 gl/mech_krb5.so gl_kmech_krb5

    To the following:

    # Mechanism title object Identifier Shared Library Kernel Module # kerberos_v5 1.2.840.113554.1.2.2 gl/mech_krb5.so gl_kmech_krb5 diffie_hellman_640_0 1.3.6.4.1.42.2.26.2.4 dh640-0.so.1 diffie_hellman_1024_0 1.3.6.4.1.42.2.26.2.5 dh1024-0.so.1
  • Run the kadmin.local command to create principals.

    You can add as many admin principals as you need. But you must add at least one admin principal to complete the KDC configuration process. In the following example, lucy/admin is added as the principal.

    kdc1 # /usr/sbin/kadmin.local kadmin.local: addprinc lucy/admin Enter password for principal "lucy/admin@EXAMPLE.COM": Re-enter password for principal "lucy/admin@EXAMPLE.COM": Principal "lucy/admin@EXAMPLE.COM" created. kadmin.local:
  • Create a keytab file for the kadmind service.

    The following command sequence creates a special keytab file with principal entries for lucy and tom. These principals are needed for the kadmind service. In addition, you can optionally add NFS service principals, host principals, LDAP principals, and so on.

    When the principal instance is a host name, the fully qualified domain title (FQDN) must be entered in lowercase letters, regardless of the case of the domain title in the /etc/resolv.conf file.

    kadmin.local: ktadd -k /etc/krb5/kadm5.keytab kadmin/kdc1.example.com Entry for principal kadmin/kdc1.example.com with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/kadm5.keytab. kadmin.local: ktadd -k /etc/krb5/kadm5.keytab changepw/kdc1.example.com Entry for principal changepw/kdc1.example.com with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/kadm5.keytab. kadmin.local:

    Once you own added complete of the required principals, you can exit from kadmin.local as follows:

    kadmin.local: quit
  • Start the Kerberos daemons as shown:

    kdc1 # /etc/init.d/kdc start kdc1 # /etc/init.d/kdc.master start

    Note

    You quit the Kerberos daemons by running the following commands:

    kdc1 # /etc/init.d/kdc stop kdc1 # /etc/init.d/kdc.master stop
  • Add principals by using the SEAM Administration Tool.

    To Do this, you must log on with one of the admin principal names that you created earlier in this procedure. However, the following command-line case is shown for simplicity.

    kdc1 # /usr/sbin/kadmin -p lucy/admin Enter password: kws_admin_password kadmin:
  • Create the master KDC host principal which is used by Kerberized applications such as klist and kprop.

    kadmin: addprinc -randkey host/kdc1.example.com Principal "host/kdc1.example.com@EXAMPLE.COM" created. kadmin:
  • (Optional) Create the master KDC root principal which is used for authenticated NFS mounting.

    kadmin: addprinc root/kdc1.example.com Enter password for principal root/kdc1.example.com@EXAMPLE.COM: password Re-enter password for principal root/kdc1.example.com@EXAMPLE.COM: password Principal "root/kdc1.example.com@EXAMPLE.COM" created. kadmin:
  • Add the master KDC’s host principal to the master KDC’s keytab file which allows this principal to be used automatically.

    kadmin: ktadd host/kdc1.example.com kadmin: Entry for principal host/kdc1.example.com with ->kvno 3, encryption type DES-CBC-CRC added to keytab ->WRFILE:/etc/krb5/krb5.keytab kadmin:

    Once you own added complete of the required principals, you can exit from kadmin as follows:

    kadmin: quit
  • Run the kinit command to obtain and cache an initial ticket-granting ticket (credential) for the principal.

    This ticket is used for authentication by the Kerberos v5 system. kinit only needs to be Run by the client at this time. If the Sun ONE directory server were a Kerberos client also, this step would need to be done for the server. However, you may want to exhaust this to verify that Kerberos is up and running.

    kdclient # /usr/bin/kinit root/kdclient.example.com Password for root/kdclient.example.com@EXAMPLE.COM: passwd
  • Check and verify that you own a ticket with the klist command.

    The klist command reports if there is a keytab file and displays the principals. If the results parade that there is no keytab file or that there is no NFS service principal, you need to verify the completion of complete of the previous steps.

    # klist -k Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal ---- ------------------------------------------------------------------ 3 nfs/host.example.com@EXAMPLE.COM

    The case given here assumes a solitary domain. The KDC may reside on the identical machine as the Sun ONE directory server for testing purposes, but there are security considerations to seize into account on where the KDCs reside.

  • With regards to the configuration of Kerberos v5 in conjunction with the Sun ONE Directory Server 5.2 software, you are finished with the Kerberos v5 part. It’s now time to leer at what is required to be configured on the Sun ONE directory server side.

    Sun ONE Directory Server 5.2 GSSAPI Configuration

    As previously discussed, the Generic Security Services Application Program Interface (GSSAPI), is yardstick interface that enables you to exhaust a security mechanism such as Kerberos v5 to authenticate clients. The server uses the GSSAPI to actually validate the identity of a particular user. Once this user is validated, it’s up to the SASL mechanism to apply the GSSAPI mapping rules to obtain a DN that is the bind DN for complete operations during the connection.

    The first particular discussed is the unique identity mapping functionality.

    The identity mapping service is required to map the credentials of another protocol, such as SASL DIGEST-MD5 and GSSAPI to a DN in the directory server. As you will discern in the following example, the identity mapping feature uses the entries in the cn=identity mapping, cn=config configuration branch, whereby each protocol is defined and whereby each protocol must fulfill the identity mapping. For more information on the identity mapping feature, mention to the Sun ONE Directory Server 5.2 Documents.

    To fulfill the GSSAPI Configuration for the Sun ONE Directory Server Software
  • Check and verify, by retrieving the rootDSE entry, that the GSSAPI is returned as one of the supported SASL Mechanisms.

    Example of using ldapsearch to retrieve the rootDSE and win the supported SASL mechanisms:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -b "" -s ground "(objectclass=*)" supportedSASLMechanisms supportedSASLMechanisms=EXTERNAL supportedSASLMechanisms=GSSAPI supportedSASLMechanisms=DIGEST-MD5
  • Verify that the GSSAPI mechanism is enabled.

    By default, the GSSAPI mechanism is enabled.

    Example of using ldapsearch to verify that the GSSAPI SASL mechanism is enabled:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -D"cn=Directory Manager" -w password -b "cn=SASL, cn=security,cn= config" "(objectclass=*)" # # Should return # cn=SASL, cn=security, cn=config objectClass=top objectClass=nsContainer objectClass=dsSaslConfig cn=SASL dsSaslPluginsPath=/var/Sun/mps/lib/sasl dsSaslPluginsEnable=DIGEST-MD5 dsSaslPluginsEnable=GSSAPI
  • Create and add the GSSAPI identity-mapping.ldif.

    Add the LDIF shown below to the Sun ONE Directory Server so that it contains the redress suffix for your directory server.

    You need to Do this because by default, no GSSAPI mappings are defined in the Sun ONE Directory Server 5.2 software.

    Example of a GSSAPI identity mapping LDIF file:

    # dn: cn=GSSAPI,cn=identity mapping,cn=config objectclass: nsContainer objectclass: top cn: GSSAPI dn: cn=default,cn=GSSAPI,cn=identity mapping,cn=config objectclass: dsIdentityMapping objectclass: nsContainer objectclass: top cn: default dsMappedDN: uid=${Principal},ou=people,dc=example,dc=com dn: cn=same_realm,cn=GSSAPI,cn=identity mapping,cn=config objectclass: dsIdentityMapping objectclass: dsPatternMatching objectclass: nsContainer objectclass: top cn: same_realm dsMatching-pattern: ${Principal} dsMatching-regexp: (.*)@example.com dsMappedDN: uid=$1,ou=people,dc=example,dc=com

    It is significant to beget exhaust of the ${Principal} variable, because it is the only input you own from SASL in the case of GSSAPI. Either you need to build a dn using the ${Principal} variable or you need to fulfill pattern matching to discern if you can apply a particular mapping. A principal corresponds to the identity of a user in Kerberos.

    You can find an case GSSAPI LDIF mappings files in ServerRoot/slapdserver/ldif/identityMapping_Examples.ldif.

    The following is an case using ldapmodify to Do this:

    $./ldapmodify -a -c -h directoryserver_hostname -p ldap_port -D "cn=Directory Manager" -w password -f identity-mapping.ldif -e /var/tmp/ldif.rejects 2> /var/tmp/ldapmodify.log
  • Perform a test using ldapsearch.

    To fulfill this test, type the following ldapsearch command as shown below, and reply the prompt with the kinit value you previously defined.

    Example of using ldapsearch to test the GSSAPI mechanism:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -o mech=GSSAPI -o authzid="root/hostname.domainname@EXAMPLE.COM" -b "" -s ground "(objectclass=*)"

    The output that is returned should be the identical as without the -o option.

    If you Do not exhaust the -h hostname option, the GSS code ends up looking for a localhost.domainname Kerberos ticket, and an mistake occurs.



  • Direct Download of over 5500 Certification Exams

    3COM [8 Certification Exam(s) ]
    AccessData [1 Certification Exam(s) ]
    ACFE [1 Certification Exam(s) ]
    ACI [3 Certification Exam(s) ]
    Acme-Packet [1 Certification Exam(s) ]
    ACSM [4 Certification Exam(s) ]
    ACT [1 Certification Exam(s) ]
    Admission-Tests [13 Certification Exam(s) ]
    ADOBE [93 Certification Exam(s) ]
    AFP [1 Certification Exam(s) ]
    AICPA [2 Certification Exam(s) ]
    AIIM [1 Certification Exam(s) ]
    Alcatel-Lucent [13 Certification Exam(s) ]
    Alfresco [1 Certification Exam(s) ]
    Altiris [3 Certification Exam(s) ]
    Amazon [2 Certification Exam(s) ]
    American-College [2 Certification Exam(s) ]
    Android [4 Certification Exam(s) ]
    APA [1 Certification Exam(s) ]
    APC [2 Certification Exam(s) ]
    APICS [2 Certification Exam(s) ]
    Apple [69 Certification Exam(s) ]
    AppSense [1 Certification Exam(s) ]
    APTUSC [1 Certification Exam(s) ]
    Arizona-Education [1 Certification Exam(s) ]
    ARM [1 Certification Exam(s) ]
    Aruba [6 Certification Exam(s) ]
    ASIS [2 Certification Exam(s) ]
    ASQ [3 Certification Exam(s) ]
    ASTQB [8 Certification Exam(s) ]
    Autodesk [2 Certification Exam(s) ]
    Avaya [96 Certification Exam(s) ]
    AXELOS [1 Certification Exam(s) ]
    Axis [1 Certification Exam(s) ]
    Banking [1 Certification Exam(s) ]
    BEA [5 Certification Exam(s) ]
    BICSI [2 Certification Exam(s) ]
    BlackBerry [17 Certification Exam(s) ]
    BlueCoat [2 Certification Exam(s) ]
    Brocade [4 Certification Exam(s) ]
    Business-Objects [11 Certification Exam(s) ]
    Business-Tests [4 Certification Exam(s) ]
    CA-Technologies [21 Certification Exam(s) ]
    Certification-Board [10 Certification Exam(s) ]
    Certiport [3 Certification Exam(s) ]
    CheckPoint [41 Certification Exam(s) ]
    CIDQ [1 Certification Exam(s) ]
    CIPS [4 Certification Exam(s) ]
    Cisco [318 Certification Exam(s) ]
    Citrix [48 Certification Exam(s) ]
    CIW [18 Certification Exam(s) ]
    Cloudera [10 Certification Exam(s) ]
    Cognos [19 Certification Exam(s) ]
    College-Board [2 Certification Exam(s) ]
    CompTIA [76 Certification Exam(s) ]
    ComputerAssociates [6 Certification Exam(s) ]
    Consultant [2 Certification Exam(s) ]
    Counselor [4 Certification Exam(s) ]
    CPP-Institue [2 Certification Exam(s) ]
    CPP-Institute [1 Certification Exam(s) ]
    CSP [1 Certification Exam(s) ]
    CWNA [1 Certification Exam(s) ]
    CWNP [13 Certification Exam(s) ]
    Dassault [2 Certification Exam(s) ]
    DELL [9 Certification Exam(s) ]
    DMI [1 Certification Exam(s) ]
    DRI [1 Certification Exam(s) ]
    ECCouncil [21 Certification Exam(s) ]
    ECDL [1 Certification Exam(s) ]
    EMC [129 Certification Exam(s) ]
    Enterasys [13 Certification Exam(s) ]
    Ericsson [5 Certification Exam(s) ]
    ESPA [1 Certification Exam(s) ]
    Esri [2 Certification Exam(s) ]
    ExamExpress [15 Certification Exam(s) ]
    Exin [40 Certification Exam(s) ]
    ExtremeNetworks [3 Certification Exam(s) ]
    F5-Networks [20 Certification Exam(s) ]
    FCTC [2 Certification Exam(s) ]
    Filemaker [9 Certification Exam(s) ]
    Financial [36 Certification Exam(s) ]
    Food [4 Certification Exam(s) ]
    Fortinet [13 Certification Exam(s) ]
    Foundry [6 Certification Exam(s) ]
    FSMTB [1 Certification Exam(s) ]
    Fujitsu [2 Certification Exam(s) ]
    GAQM [9 Certification Exam(s) ]
    Genesys [4 Certification Exam(s) ]
    GIAC [15 Certification Exam(s) ]
    Google [4 Certification Exam(s) ]
    GuidanceSoftware [2 Certification Exam(s) ]
    H3C [1 Certification Exam(s) ]
    HDI [9 Certification Exam(s) ]
    Healthcare [3 Certification Exam(s) ]
    HIPAA [2 Certification Exam(s) ]
    Hitachi [30 Certification Exam(s) ]
    Hortonworks [4 Certification Exam(s) ]
    Hospitality [2 Certification Exam(s) ]
    HP [750 Certification Exam(s) ]
    HR [4 Certification Exam(s) ]
    HRCI [1 Certification Exam(s) ]
    Huawei [21 Certification Exam(s) ]
    Hyperion [10 Certification Exam(s) ]
    IAAP [1 Certification Exam(s) ]
    IAHCSMM [1 Certification Exam(s) ]
    IBM [1532 Certification Exam(s) ]
    IBQH [1 Certification Exam(s) ]
    ICAI [1 Certification Exam(s) ]
    ICDL [6 Certification Exam(s) ]
    IEEE [1 Certification Exam(s) ]
    IELTS [1 Certification Exam(s) ]
    IFPUG [1 Certification Exam(s) ]
    IIA [3 Certification Exam(s) ]
    IIBA [2 Certification Exam(s) ]
    IISFA [1 Certification Exam(s) ]
    Intel [2 Certification Exam(s) ]
    IQN [1 Certification Exam(s) ]
    IRS [1 Certification Exam(s) ]
    ISA [1 Certification Exam(s) ]
    ISACA [4 Certification Exam(s) ]
    ISC2 [6 Certification Exam(s) ]
    ISEB [24 Certification Exam(s) ]
    Isilon [4 Certification Exam(s) ]
    ISM [6 Certification Exam(s) ]
    iSQI [7 Certification Exam(s) ]
    ITEC [1 Certification Exam(s) ]
    Juniper [64 Certification Exam(s) ]
    LEED [1 Certification Exam(s) ]
    Legato [5 Certification Exam(s) ]
    Liferay [1 Certification Exam(s) ]
    Logical-Operations [1 Certification Exam(s) ]
    Lotus [66 Certification Exam(s) ]
    LPI [24 Certification Exam(s) ]
    LSI [3 Certification Exam(s) ]
    Magento [3 Certification Exam(s) ]
    Maintenance [2 Certification Exam(s) ]
    McAfee [8 Certification Exam(s) ]
    McData [3 Certification Exam(s) ]
    Medical [69 Certification Exam(s) ]
    Microsoft [374 Certification Exam(s) ]
    Mile2 [3 Certification Exam(s) ]
    Military [1 Certification Exam(s) ]
    Misc [1 Certification Exam(s) ]
    Motorola [7 Certification Exam(s) ]
    mySQL [4 Certification Exam(s) ]
    NBSTSA [1 Certification Exam(s) ]
    NCEES [2 Certification Exam(s) ]
    NCIDQ [1 Certification Exam(s) ]
    NCLEX [2 Certification Exam(s) ]
    Network-General [12 Certification Exam(s) ]
    NetworkAppliance [39 Certification Exam(s) ]
    NI [1 Certification Exam(s) ]
    NIELIT [1 Certification Exam(s) ]
    Nokia [6 Certification Exam(s) ]
    Nortel [130 Certification Exam(s) ]
    Novell [37 Certification Exam(s) ]
    OMG [10 Certification Exam(s) ]
    Oracle [279 Certification Exam(s) ]
    P&C [2 Certification Exam(s) ]
    Palo-Alto [4 Certification Exam(s) ]
    PARCC [1 Certification Exam(s) ]
    PayPal [1 Certification Exam(s) ]
    Pegasystems [12 Certification Exam(s) ]
    PEOPLECERT [4 Certification Exam(s) ]
    PMI [15 Certification Exam(s) ]
    Polycom [2 Certification Exam(s) ]
    PostgreSQL-CE [1 Certification Exam(s) ]
    Prince2 [6 Certification Exam(s) ]
    PRMIA [1 Certification Exam(s) ]
    PsychCorp [1 Certification Exam(s) ]
    PTCB [2 Certification Exam(s) ]
    QAI [1 Certification Exam(s) ]
    QlikView [1 Certification Exam(s) ]
    Quality-Assurance [7 Certification Exam(s) ]
    RACC [1 Certification Exam(s) ]
    Real-Estate [1 Certification Exam(s) ]
    RedHat [8 Certification Exam(s) ]
    RES [5 Certification Exam(s) ]
    Riverbed [8 Certification Exam(s) ]
    RSA [15 Certification Exam(s) ]
    Sair [8 Certification Exam(s) ]
    Salesforce [5 Certification Exam(s) ]
    SANS [1 Certification Exam(s) ]
    SAP [98 Certification Exam(s) ]
    SASInstitute [15 Certification Exam(s) ]
    SAT [1 Certification Exam(s) ]
    SCO [10 Certification Exam(s) ]
    SCP [6 Certification Exam(s) ]
    SDI [3 Certification Exam(s) ]
    See-Beyond [1 Certification Exam(s) ]
    Siemens [1 Certification Exam(s) ]
    Snia [7 Certification Exam(s) ]
    SOA [15 Certification Exam(s) ]
    Social-Work-Board [4 Certification Exam(s) ]
    SpringSource [1 Certification Exam(s) ]
    SUN [63 Certification Exam(s) ]
    SUSE [1 Certification Exam(s) ]
    Sybase [17 Certification Exam(s) ]
    Symantec [134 Certification Exam(s) ]
    Teacher-Certification [4 Certification Exam(s) ]
    The-Open-Group [8 Certification Exam(s) ]
    TIA [3 Certification Exam(s) ]
    Tibco [18 Certification Exam(s) ]
    Trainers [3 Certification Exam(s) ]
    Trend [1 Certification Exam(s) ]
    TruSecure [1 Certification Exam(s) ]
    USMLE [1 Certification Exam(s) ]
    VCE [6 Certification Exam(s) ]
    Veeam [2 Certification Exam(s) ]
    Veritas [33 Certification Exam(s) ]
    Vmware [58 Certification Exam(s) ]
    Wonderlic [2 Certification Exam(s) ]
    Worldatwork [2 Certification Exam(s) ]
    XML-Master [3 Certification Exam(s) ]
    Zend [6 Certification Exam(s) ]





    References :


    Dropmark : http://killexams.dropmark.com/367904/12832342
    Dropmark-Text : http://killexams.dropmark.com/367904/12936692
    Blogspot : http://killexamsbraindump.blogspot.com/2018/01/just-study-these-hp-hp0-922-questions.html
    Wordpress : https://wp.me/p7SJ6L-2GF
    Box.net : https://app.box.com/s/whbs0m4dhqx3pl5q7y7ttokde4lev0x5






    Back to Main Page





    Killexams HP0-922 exams | Killexams HP0-922 cert | Pass4Sure HP0-922 questions | Pass4sure HP0-922 | pass-guaratee HP0-922 | best HP0-922 test preparation | best HP0-922 training guides | HP0-922 examcollection | killexams | killexams HP0-922 review | killexams HP0-922 legit | kill HP0-922 example | kill HP0-922 example journalism | kill exams HP0-922 reviews | kill exam ripoff report | review HP0-922 | review HP0-922 quizlet | review HP0-922 login | review HP0-922 archives | review HP0-922 sheet | legitimate HP0-922 | legit HP0-922 | legitimacy HP0-922 | legitimation HP0-922 | legit HP0-922 check | legitimate HP0-922 program | legitimize HP0-922 | legitimate HP0-922 business | legitimate HP0-922 definition | legit HP0-922 site | legit online banking | legit HP0-922 website | legitimacy HP0-922 definition | >pass 4 sure | pass for sure | p4s | pass4sure certification | pass4sure exam | IT certification | IT Exam | HP0-922 material provider | pass4sure login | pass4sure HP0-922 exams | pass4sure HP0-922 reviews | pass4sure aws | pass4sure HP0-922 security | pass4sure coupon | pass4sure HP0-922 dumps | pass4sure cissp | pass4sure HP0-922 braindumps | pass4sure HP0-922 test | pass4sure HP0-922 torrent | pass4sure HP0-922 download | pass4surekey | pass4sure cap | pass4sure free | examsoft | examsoft login | exams | exams free | examsolutions | exams4pilots | examsoft download | exams questions | examslocal | exams practice |

    www.pass4surez.com | www.killcerts.com | www.search4exams.com | http://tractaricurteadearges.ro/