VENDORS

Students' Testimonials



Killexams.com HP0-922 Dumps and Real Questions 2019

Latest and 100% real exam Questions - Memorize Questions and Answers - Guaranteed Success in exam



HP0-922 exam Dumps Source : Implementing and Supporting HP Storage Essentials v5.1

Test Code : HP0-922
Test Name : Implementing and Supporting HP Storage Essentials v5.1
Vendor Name : HP
Q&A : 130 Real Questions

these HP0-922 actual take a look at questions works in the real take a look at.
You may constantly be on top efficiently with the assist of killexams.com due to the fact those products are designed for the assist of all students. I had offered HP0-922 exam guide as it changed into essential for me. It made me to apprehend all vital standards of this certification. It have become right choice therefore i am feeling delight in this desire. Finally, I had scored ninety percentage because my helper was HP0-922 exam engine. I am real because those products helped me inside the training of certification. Thanks to the exquisite team of killexams.com for my help!


Where can I find HP0-922 exam study help?
I passed. Genuine, the exam was hard, so I just got past it on account of killexams.com Q&A and Exam Simulator. I am upbeat to report that I passed the HP0-922 exam and have as of late acquired my declaration. The framework questions were the part I was most stressed over, so I invested hours honing on the killexams.com exam simulator. It beyond any doubt helped, as consolidated with different segments.


Killing the examination grow to be too smooth! I dont assume so.
I wanted to have certification in Test HP0-922 and i get it with killexams. Perfect pattern of latest modules facilitate me to attempt all the 38 questions within the given timeframe. I score more than 87. I must say that I could never ever have done it on my own what I was able to achieve with killexams.com Q&A. killexams.com Q&A provide the latest module of questions and cover the related topics. Thanks to killexams.com Q&A.


HP0-922 certification examination is quite traumatic without this observe guide.
One day, on the dinner desk, my father asked me immediately if I changed into going to fail my upcoming HP0-922 check and I responded with a totally company No manner. He changed into inspired with my confidence but I changed into so fearful of disappointing him. Thank God for this killexams.com because it helped me in preserving my word and clearing my HP0-922 test with top class results. I am thankful.


strive out these actual HP0-922 brand newmodern dumps.
The extremely good element about your question bank is the reasons provided with the answers. It allows to apprehend the difficulty conceptually. I had subscribed for the HP0-922 query financial organization and had lengthy long past through it three-four instances. Inside the exam, I attempted all the questions beneath 40 minutes and scored 90 marks. Thanks for making it easy for us. Hearty manner to killexams.com team, with the help of your version questions.


Passing the HP0-922 exam with sufficient expertise.
Hurrah! I have passed my HP0-922 this week. And I got flying color and for all this I am so thankful to killexams. They have come up with so fabulous and well-engineered program. Their simulations are very much like the ones in real exams. Simulations are the main aspect of HP0-922 exam and worth more weight age then other questions. After preparing from their program it was very easy for me to solve all those simulations. I used them for all HP0-922 exam and found them trustful every time.


need actual examination questions latest HP0-922 exam? down load here.
You the killexams.com are rock. these days I passed HP0-922 paper with your questions solutions with one hundredpercentage score. Your supplied questions and exam simulator is a ways extra than remarkable! distinctly encouragedyour product. i can virtually used your product for my next exam.


am i able to find state-of-the-art dumps Q & A brand new HP0-922 exam?
Subsequently, at the dinner table, my father requested me without delay if i was going to fail my upcoming HP0-922 check and that i responded with a very enterprise No way. He modified into impressed with my self assurance however i wasso scared of disappointing him. Thank God for this killexams.com because it helped me in maintaining my phrase and clearing my HP0-922 test with top class consequences. I am thankful.


it's miles amazing to have HP0-922 present day dumps.
I was trapped in the complex subjects only 12 prior days the exam HP0-922. Whats more it was extremely useful, as the short answers could be effortlessly remembered inside 10 days. I scored 91%, endeavoring all questions in due time. To save my planning, I was energetically hunting down some speedy reference. It aided me a great deal. Never thought it could be so compelling! At that point, by one means or another I came to think about killexams.com Dumps.


HP0-922 q&a bank is needed to clear the examination at the start attempt.
The killexams.com dumps offer the study material with the right features. Their Dumps are making learning easy and quick to prepare. The provided material is highly customized without becoming overwhelming or burdensome. The ILT book is used along with their material and found its effectiveness. I recommend this to my peers at the office and to anyone searching for the best solution for the HP0-922 exam. Thank you.


HP Implementing and Supporting HP

HP's ink DRM instructs your printer to ignore the ink in your cartridge in case you cancel your subscription | killexams.com Real Questions and Pass4sure dumps

Inkjet printer producers proceed to pioneer imaginative the way to create true-world, computer dystopias that make Black mirror seem to be optimistic by way of comparison: one such nightmare is HP's "subscription" printers where a small amount of cash buys you ink cartridges that consistently speak with HP's servers to validate that you simply're nevertheless deciding to buy your subscription, and if you cancel, the ink stops working.

HP's argument is that it's subsidizing the ink and you're agreeing to this treatment within the bargain, however of direction, HP is rarely "subsidizing" the ink, it's merely charging a pair hundred p.c markup, as opposed to its typical apply of charging a couple of million % markups (and the usage of misleading and unlawful strategies to force you to purchase ink from them, and never from their competitors).

HP has been working the service when you consider that as a minimum 2016; you opt for a plan that puts a cap on the number of pages that you may print in a month. You pay for that many pages no matter how many you print -- and if you run out of accessible pages, your printer refuses to print anymore, however you have a whole lot of ink to print with.

HP additionally requires subscribers to come back their empty cartridges (they call it "recycling" however the incontrovertible fact that this continues empty carts out of the palms of refillers is surely no accident).

it be simply yet another means that printer corporations are main the charge to erode property rights for people by means of expanding property rights for enterprises.

right here’s the kicker: in case you cancel, your ink stops working. You study that right; as quickly as your billing cycle ends the printer will not settle for the ink anymore, and you’re required to ship it back to HP. at least they deliver the postage and packaging for that intention.

HP doesn’t spell out any penalties in their terms of service for failure to ship the ink back, so we checked with a aid agent. They helpfully explained that nothing occurs in case you fail to ship them again, but the cartridges would cease working. You’ll have to buy extra ink to your personal if you are looking to maintain printing. HP ships mainly marked ink as a part of this process, and your printer acknowledges that it is meant for fast Ink subscribers only. It’s practically DRM, but instead of locking down a digital movie or publication, this locks down a physical product: the ink for your printer.

instant Ink requires a web connection for your printer. HP explains that they computer screen your ink levels, so they be aware of when to ship you extra, but as described of their terms of provider the other reason for here is to remotely disable your ink cartridges in case you cancel, or if there are any concerns together with your price.

HP’s Ink Subscription Has DRM That Disables Your Printer Cartridges [Josh Hendrickson/Howtogeek]

every year or two, I embark on a circular of crazy book-tour commute the place I exchange cities day by day for weeks on conclusion (35 cities in forty five days on two continents in 2017!), and that i'm on a perennial quest for a bit of luggage this is fuss-free: I need to stumble exhausted into my room, […]

study THE leisure

Sukhe's plan for an "adminbook" is an audacious, well-developed plan for a desktop tailor-made to the needs of community directors: small, intended for use in darkish, cramped places, convertible into an external drive or display for headless techniques or those desiring their ROMs flashed, multilingual, with many alternate options for I/O and vigour.

read THE rest

Logitech stuff is sharply marked down at Amazon today, so I’m going to provide you with my strategies and a few nopes too. The hyperlinks listed below are all affiliate ones, so I’ll get a reduce. 1. The G-collection mice are tremendous. I have the fundamental model, the G603, and it makes me mad I ever […]

study THE rest

because the know-how that drives them evolves, the tasks that you may accomplish with Microsoft’s suite of workplace tools is growing every year. That’s incredible news for the corporations who already depend on that application, however its particular person users have that much more to learn. The most fulfilling technique to stand up to pace? eLearnOffice Microsoft office […]

study THE relaxation

Cryptocurrency: reputedly overnight, it’s long past from a curious sidebar on the planet of economics to the driving force in the back of the fortunes of entrepreneurs internationally. What’s much more miraculous is how few people remember the blockchain expertise that allows for cryptocurrencies like Bitcoin, even nowadays. but that paradigm is altering quick, and the quickest method […]

study THE rest

Spend any time at throughout creative-minded techies, and you’ll possible hear about Arduino. whether you’re making an easy movement sensor or a completely information superhighway-managed robot, Arduino is the platform of alternative. in case you’re simply diving in, we can’t think of a stronger entry point than the Arduino Uno most efficient Starter package & route Bundle. […]

read THE rest

HP Doubles Down on companion Profitability with New shows and add-ons Accelerator | killexams.com Real Questions and Pass4sure dumps

PALO ALTO, Calif., Jan 31, 2019 (GLOBE NEWSWIRE via COMTEX) -- news Highlights:

  • Doubles advantages and incentives on distinctive commercial displays and add-ons (D&A)
  • instant enhancement provides additional price and earnings for qualified partners
  • New software enhances existing personal techniques partner compensation model
  • PALO ALTO, Calif., Jan. 31, 2019 (GLOBE NEWSWIRE) -- tomorrow, HP Inc. will launch its first reveal and add-ons (D&A) Accelerator in the U.S. as an extension of its current HP associate First application, designed to arm HP's channel companions with the equipment and options obligatory to satisfy particular person business company wants whereas allowing exploration for brand new avenues of future increase.

    "HP is always conserving an in depth eye on trends and opportunities so that it will drive ecocnomic increase for our channel partners,"observed Gary Simms, Head of AMS Channel programs and Enablement, HP Inc."We're excited to present this new accelerator as we double down on shows & accessories within the U.S. whereas partners take capabilities of dazzling alternatives fueled through current market situations."

    Recognizing the impulsively becoming D&A landscape, in addition to HP's valued partners within the space, the accelerator will double advantages and incentives for U.S.-based mostly Platinum and Gold notebook companions on multiple industrial displays and add-ons SKUs together with:

  • industrial computer accessories
  • industrial shows
  • business computer accessories
  • removable add-ons
  • computing device accessories
  • pc shows
  • The enhancement comes as HP continues to extend what is already some of the industry's broadest portfolios of non-public systems and Print choices and now palms HP's Gold and Platinum computing device channel partners with the items, capabilities and help imperative to tackle customer needs.

    As a channel enterprise first and premier, these forms of enhancements fortify HP's dedication to companions while furthering our dedication to speed up channel growth with relentless execution and innovation.

    About HP associate FirstHP associate First is an unique channel partner program that provides merits for HP's great companion community neighborhood, including valued-delivered resellers (VARs), systems integrators (SIs), provider suppliers, hosting suppliers, impartial utility companies (ISVs), distributors, and other agencies that collaborate with HP Inc. The companion First software membership constitution contains Platinum, Gold, Silver and business companions, which each include varied rewards and merits.

    About HPHP Inc. creates technology that makes existence better for each person, all over the place. through our portfolio of printers, PCs, cellular gadgets, options, and services, we engineer experiences that amaze. greater information about HP Inc. is purchasable at http://www.hp.com.

    Maha Neouchy, HP Inc.Maha.Neouchy@hp.com

    www.hp.com/go/newsroom

    (C) Copyright 2019 GlobeNewswire, Inc. All rights reserved.


    HP Omen Obelisk assessment | killexams.com Real Questions and Pass4sure dumps

    Prebuilt PCs were as soon as the area of ridicule among fanatic gamers. HP hopes to exchange accepted opinion and the dialog in gaming circles with its most up-to-date Omen Obelisk.

    This gaming workstation ambitions greater severe gamers with facets like Intel’s Core i7 or AMD Ryzen processors, quickly HyperX RAM, optional Intel Optane reminiscence, and Nvidia’s newest GeForce RTX 2080 pix. And the best part is that this compact gaming computing device tower nonetheless comes with enough inner house to help future improvements.

    The Omen Obelisk has a modest sub-$900 starting rate, but you gained’t be impressed with these specs. Our upgraded $1,999 evaluate unit comes is the one you desire with its sleek case,  significant tempered glass window, and high-end accessories. You may be surprised how a lot gaming goodness HP managed to pack into this kit.

    Understated enchantment

    notwithstanding it seemingly gained’t attraction to gamers in search of a flashier gadget, the Obelisk’s more demure aesthetics make it healthy extra with ease into a house workplace setup. With its all-black metallic development, swish tempered glass aspect window, and refined LED lighting fixtures, HP is obviously focused on domestic users who may need this laptop to serve twin applications for work and play.

    HP Omen Obelisk Chuong Nguyen/Digital tendencies

    except you’re in a position to spot the glowing LED-lit Omen emblem on the exact of the pyramidal-fashioned Obelisk in the entrance or word the glowing backlight in the course of the glass panel, the Omen Obelisk can conveniently flow as a standard client computing device. HP doesn’t downplay the Obelisk’s Omen gaming heritage although. It’s simply a stylish tower that foregoes the garish prospers that are historically linked to gaming PCs.

    With a name like Obelisk, you’d are expecting HP’s computing device to tower in your desk. fortunately, that’s no longer the case, because the Omen Obelisk is a compact computer in spite of the fact that it is available in a well-known tower form factor. Our review unit helps a microATX Edoras motherboard and entire-dimension graphics card, helping to keep the universal footprint to a minimal on your desk. You nonetheless have access to an array of ports and numerous space inside the case for future improvements.

    regardless of a showy, un-tinted tempered glass window, there isn’t a lot visual hobby inner.

    The Obelisk’s 6.5 x 14.1 x 17-inch (width x size x height) dimensions is comparable in dimension to the Asus ROG Strix GL12CX gaming desktop, making each towers fairly compact for the RTX pictures energy that’s internal. The ROG advantages, besides the fact that children, from a larger ATX-sized motherboard and a more recent processor however comes with a tremendously more high priced $3,200 expense tag.

    but when measurement is a concern, boutique gaming firm starting place computing device’s lately refreshed custom-built Neuron ships with a microATX motherboard with a 9th-Gen Intel Core i9 and beefier RTX 2080 Ti pix. The Lenovo Legion C730 is smaller still, but that cooler-impressed computing device comes underpowered with remaining era’s GTX pictures.

    beneath the searching glass

    despite its un-tinted see-via side tempered glass window, there truly isn’t a good deal visual activity internal. Like competing gaming methods, there’s configurable RGB lighting fixtures, and the convenient cable management system continues things geared up and tidy. however you received’t find a elaborate RTX graphics playing cards with glowing logo or a elaborate radiator.

    where the glass panel design in fact comes into play is on the upgraded Omen Obelisk configuration that became introduced at CES 2019. This more recent mannequin tops out with a more recent Intel Core i9 processor and extra effective RTX 2080 Ti images. The captivating aspects from this model include the radiator and pipes from the liquid cooling device, which may still assist provide extra visual interest if you happen to’re looking through the glass.

    HP is evidently targeting americans who may need this computer to serve twin purposes for work and play.

    For DIYers who want extra handle of their computers, the EMI-coated glass panel will also be accessed with out tools. HP claims that the clear EMI coating helps to avoid any radio or magnetic interference. by using pulling a latch on the rear of the tower, the side panel can also be right now removed, giving entry to the entire inside add-ons. inner, you’ll locate entry to two RAM sockets, two M.2 sockets, full-height photos card, fan, complicated pressure, and a 500-watt vigour deliver unit (PSU). notwithstanding the low watt score on the PSU may additionally seem underwhelming given the RTX photographs card, we encountered zero issues with this configuration.

    however our build doesn’t come with a whole lot when it comes to energetic cooling, the Obelisk did be capable to preserve temperatures in check with strategically placed vents along the rear, facets, and true. The bottom-hooked up PSU additionally helps with heat dissipation, and two non-LED-lit lovers assist with air circulation. In use, the enthusiasts sounded a little louder than some competing top rate gaming PCs that we’ve validated in the past. There’s additionally a dust filter, which is useful to hold things looking clean when you have a big see-through glass panel.

    The tower supports a variety of room for growth, should you need to swap in a beefier PSU or come to a decision to improve to a GeForce RTX 2080 Ti card in the future. RAM and storage are both quick upgrades. The Omen Obelisk also ships with HP’s USB keyboard and mouse, however severe game enthusiasts will both carry their personal peripherals or upgrade the inventory accessories.

    Reachable ports

    The Omen Obelisk includes two arrays of ports to help you join your video display, keyboard, mouse, and different peripherals. Mainstays, just like the vigor cable, display output, and speaker connection, will also be plugged into the rear. five USB three.1 ports, a single USB-C port, HDMI, and three DisplayPort connections, Ethernet jack, and audio ports line the back of the unit.

    HP Omen Obelisk Chuong Nguyen/Digital tendencies

    On this generation of the Omen Obelisk, HP redesigned the top ports with a front-facing design for less demanding entry. On the prior era, the Obelisk changed into designed with rear-facing ports, making for a sleeker and cleaner design at the fee of port accessibility. Up excellent, you’ll locate two USB 3.1 ports, headphone jack, microphone jack, and the energy button.

    Priced to perform

    In a flow to keep costs down, and likely in a rush to free up the Obelisk sooner to gamers, HP opted no longer to look ahead to Intel’s newer 9th-technology processors. consequently, the Omen Obelisk gadgets that shipped in late-2018 got here with 8th-era Intel processors. Our evaluation gadget came configured with an Intel espresso Lake Core i7-8700 CPU with six cores and 12 threads.

    The slower efficiency of Intel’s outdated technology processor is apparent, however, when working processor benchmarks. The Omen Obelisk posted reduce single- and multi-core ratings than competing methods that use ninth-era Intel Core i9-9900K processors, just like the beginning Chronos, Digital Storm Aventum X, and Asus ROG Strix GL12CX. in comparison to the Alienware area-51 R5’s Intel Core i9-7980XE processor, the Obelisk posted mixed outcomes, scoring seven-hundred facets higher on the only-core examine and more than 3,000 features decrease on the multi-core test. after we used Handbrake to encode a pattern 4K movie, the check carried out 38 percent faster on the ROG than the Omen Obelisk.

    And even if our unit comes with a 512GB M.2-structure solid-state drive made by SK Hynix, the drive became on the slower aspect, with 664 Mb/s read and 448 Mb/s write speeds. These speeds are slower than competing Samsung, Toshiba, and Western Digital Drives on different units we’ve reviewed, just like the Aventum X, Microsoft surface Studio 2, and Huawei MateBook 13. It’s even slower than the Lenovo Legion C730, which comes with a smaller 256GB SK Hynix SSD.

    There’s also a 1TB tough power on this device, and clients who need more storage ability can add a third power. each complicated drives are effortlessly attainable within the challenging drive bays, and swapping out the M.2 SSD is an easy assignment, only requiring unscrewing a single Phillips-head screw.

    Ray tracing capable gaming

    fortunately, despite a little bit slower processing speeds relative to modern rivals, the Obelisk continues to be aggressive within the snap shots branch, thanks to its Nvidia GeForce RTX 2080 pics. nonetheless, despite sharing an identical pictures card because the Asus ROG Strix GL12CX, the Omen Obelisk carried out just a little worse across 3DMark Time secret agent, Sky Diver, and fire Strike assessments. each devices’ ratings have been in a similar fashion lessen than the beginning Chronos, which is to be expected due to the fact the Chronos ships with an RTX 2080 Ti card. With 3DMark’s new Port Royale benchmark, which measures ray tracing, the Obelisk scored 5,598 aspects with a standard of 25.ninety two FPS (frames per 2d).

    In our gaming tests, the Omen Obelisk again delivered similar efficiency levels as other techniques with Nvidia’s RTX 2080 graphics. In widespread, marks throughout the board in titles like Civilization VI, Deus Ex: Mankind Divided, Battlefield I, and Rocket League had been just a little reduce on the Obelisk than the foundation Chronos.

    In Battlefield I, Civilization VI, and Deus Ex: Mankind Divided, the Obelisk delivered smartly over 60 FPS throughout all online game settings, even in 4K decision. In Deus Ex: Mankind Divided at 4K in ultra mode, there turned into a noticeable dip in performance, but the Obelisk performed 10 FPS improved than the Asus ROG Strix GL12CX’s 39 FPS mark regardless of each programs sharing identical graphics cards. This indicates that even with an growing old eighth-gen Intel processor, the Obelisk changed into nevertheless capable of sustain with rivals operating more recent ninth-gen silicon.

    Given the continually amazing efficiency of the Obelisk, game enthusiasts may no longer be aware a lot of a efficiency hole, even with an older processor. In conventional, we found that the RTX collection pix delivered extra constant outcomes across 1080, 1440p, and 4K resolutions than the older GTX collection, which showed a slowdown in framerates at larger resolutions.

    With the true-time ray-tracing enabled on Battlefield V, we observed that the game appeared greater simple, and we preferred the added degree of particulars. The characteristic, youngsters, does tax the system at larger resolutions, and there’s a noticeable dip in performance when ray-tracing is cranked to “extremely” in 4K resolution. With ray-tracing off and HDR enabled, the video game played on commonplace between 56 to 59 FPS in 1080p, 1440p, and 4K resolutions at approximately 60Hz. When ray-tracing is enabled, framerates remained constant at lessen 1080p and 2K resolutions, but in 4K, performance within the “Nordlys” mission dropped to just 32 FPS.

    warranty

    HP presents a common one-yr off-web page warranty masking constituents, labor, and shipping expenses to ship the unit to a restore core. game enthusiasts who want longer peace of mind can choose an upgraded two-12 months assurance for $239 or a two-yr plan with accidental damage coverage for $279. The latter covers unexpected events, like water spills or even drops, that could come in useful in case you find yourself often toting the Obelisk to LAN events.

    HP’s base one-year guarantee falls based on what mainstream manufacturers, like Dell’s Alienware and Lenovo’s Legion offers, however these rivals offer longer top rate programs that can lengthen the protection of your device for up to five years. greater expensive construct-to-order techniques from boutique manufacturers like beginning computer and Digital Storm come with a base three-yr restrained warranty.

    Our Take

    HP made some sacrifices to rush the Omen Obelisk out at the conclusion of 2018, and this means that the unit doesn’t top out with the premiere CPU or GPU on the top of the line configuration. nonetheless, at a sub-$2,000 fee aspect, the Obelisk’s eighth-Gen Intel – instead of the newer 9th-Gen silicon – processor and RTX 2080 pics does a commendable job at coping with framerates in online game play.

    In our benchmarks, we discovered that HP’s decision to go together with Intel’s final technology processor didn’t have an awful lot of an affect on gaming efficiency. And until you’re pushing the gaming envelope with ray-tracing titles on the optimum video game settings at 4K resolutions, going with the Obelisk’s RTX 2080 photographs, as an alternative of the flagship RTX 2080 Ti will doubtless save you a bit of of cash, as efficiency with ray-tracing enabled frequently simplest dropped at resolutions more suitable than 1440p.

    Is there a better choice?

    in case you’re k with Intel’s remaining era processors, HP’s Omen Obelisk is very cost-effective for its requisites. Asus’ competing ROG Strix, as an example, charges about $1,200 more than the Obelisk at $three,299. At that rate, you’re getting a newer ninth-generation Intel Core i7-9700 processor. Dell’s Alienware enviornment-fifty one desktop expenses the identical cost as the ROG Strix, however you’re getting an eight-core Intel Core i7-7820X processor, 16GB RAM, and 128GB M.2 solid-state pressure coupled with a 1TB complicated pressure.

    Boutique computer company foundation workstation’s Chronos laptop additionally comes in a in a similar fashion compact kit. When configured with an Intel Core i7-9700K processor and an RTX 2080 pics card, the origin starts at $2,432, which is a $400 top rate over the Obelisk. origin offers way more customization alternatives in case you want to trick out your rig, but the Chronos doesn’t include HP’s single-pane window design.

    in case you’re a more serious gamer, you’ll want to look forward to the 2019 edition of the Omen Obelisk that HP introduced at CES. The 2019 Obelisk continues the identical aesthetics and design as our evaluation unit, however the better configuration maxes out with newer Intel Core i9 processor, improved RTX 2080 Ti portraits, and a radiator for liquid cooling. This up-to-date model is anticipated to bring more energy for computational projects and more suitable gaming performance. It’s slated to arrive in March beginning at $2,249, so pricing on the 8th-gen Intel configuration may drop at that time.

    HP Omen Obelisk compared to

    How long will it last?

    inspite of which configuration you choose, the HP Omen Obelisk will satisfy your gaming needs for years to return. all of the internal components are upgradeable, and if you decide on an RTX series pics card, you’re purchasing a future-proof computer. The challenge for most gamers who buy this and different RTX-equipped gadget is looking ahead to builders to add assist for ray tracing into their titles, and that procedure can take ages.

    if you purchase it?

    yes. in case you don’t have the persistence to source your personal materials to build your own laptop, HP’s Omen Obelisk is a great pre-built option that’s competitively priced and well equipped to deliver the efficiency most game enthusiasts need. though it’s a gaming tower that’s centered at mainstream gamers, it’s obtained ample facets – ease of improve, RTX vigour, and a contemporary design – that makes this laptop attractive to the enthusiast.


    Whilst it is very hard task to choose reliable exam questions / answers resources regarding review, reputation and validity because people get ripoff due to choosing incorrect service. Killexams. com make it certain to provide its clients far better to their resources with respect to exam dumps update and validity. Most of other peoples ripoff report complaint clients come to us for the brain dumps and pass their exams enjoyably and easily. We never compromise on our review, reputation and quality because killexams review, killexams reputation and killexams client self confidence is important to all of us. Specially we manage killexams.com review, killexams.com reputation, killexams.com ripoff report complaint, killexams.com trust, killexams.com validity, killexams.com report and killexams.com scam. If perhaps you see any bogus report posted by our competitor with the name killexams ripoff report complaint internet, killexams.com ripoff report, killexams.com scam, killexams.com complaint or something like this, just keep in mind that there are always bad people damaging reputation of good services due to their benefits. There are a large number of satisfied customers that pass their exams using killexams.com brain dumps, killexams PDF questions, killexams practice questions, killexams exam simulator. Visit Killexams.com, our test questions and sample brain dumps, our exam simulator and you will definitely know that killexams.com is the best brain dumps site.

    [OPTIONAL-CONTENTS-2]


    COG-135 questions answers | 000-529 bootcamp | HP2-B148 free pdf | 650-368 sample test | MA0-100 cram | 000-797 free pdf | S90-03A test prep | A2010-503 braindumps | 000-005 practice questions | A2010-579 questions and answers | HP0-S34 practice questions | P2040-052 pdf download | 3306 VCE | 650-987 practice exam | TB0-123 cheat sheets | 1K0-002 exam prep | 642-415 test prep | HP0-M54 mock exam | HP0-781 questions and answers | HP0-J43 practice test |


    [OPTIONAL-CONTENTS-3]

    killexams.com HP0-922 real question bank
    If are you burdened how to pass your HP HP0-922 Exam? With the help of the confirmed killexams.com HP HP0-922 Testing Engine you will learn how to boom your abilties. The majority of the scholars start identifying when they discover that they have to seem in IT certification. Our brain dumps are complete and to the point. The HP HP0-922 PDF documents make your imaginative and prescient large and assist you lots in instruction of the certification exam.

    At killexams.com, we provide thoroughly reviewed HP HP0-922 exactly same Questions and Answers that are just required for Passing HP0-922 test, and to get certified by HP. We really help people improve their knowledge to memorize the Q&A and certify. It is a best choice to accelerate your career as a professional in the Industry. Click http://killexams.com/pass4sure/exam-detail/HP0-922 killexams.com proud of our reputation of helping people pass the HP0-922 test in their very first attempts. Our success rates in the past two years have been absolutely impressive, thanks to our happy customers who are now able to boost their career in the fast lane. killexams.com is the number one choice among IT professionals, especially the ones who are looking to climb up the hierarchy levels faster in their respective organizations. killexams.com Huge Discount Coupons and Promo Codes are as under;
    WC2017 : 60% Discount Coupon for all exams on website
    PROF17 : 10% Discount Coupon for Orders greater than $69
    DEAL17 : 15% Discount Coupon for Orders greater than $99
    DECSPECIAL : 10% Special Discount Coupon for All Orders

    Quality and Value for the HP0-922 Exam: killexams.com Practice Exams for HP HP0-922 are made to the most raised standards of particular accuracy, using simply certified theme experts and dispersed makers for development.

    100% Guarantee to Pass Your HP0-922 Exam: If you don't pass the HP HP0-922 exam using our killexams.com testing programming and PDF, we will give you a FULL REFUND of your purchasing charge.

    Downloadable, Interactive HP0-922 Testing Software: Our HP HP0-922 Preparation Material gives you that you should take HP HP0-922 exam. Inconspicuous components are investigated and made by HP Certification Experts ceaselessly using industry experience to convey correct, and authentic.

    - Comprehensive questions and answers about HP0-922 exam - HP0-922 exam questions joined by displays - Verified Answers by Experts and very nearly 100% right - HP0-922 exam questions updated on general premise - HP0-922 exam planning is in various decision questions (MCQs). - Tested by different circumstances previously distributing - Try free HP0-922 exam demo before you choose to get it in killexams.com

    killexams.com Huge Discount Coupons and Promo Codes are as under;
    WC2017: 60% Discount Coupon for all exams on website
    PROF17: 10% Discount Coupon for Orders greater than $69
    DEAL17: 15% Discount Coupon for Orders greater than $99
    DECSPECIAL: 10% Special Discount Coupon for All Orders



    Killexams 000-922 free pdf | Killexams ST0-030 braindumps | Killexams 000-382 practice exam | Killexams HP0-244 study guide | Killexams ANP-BC brain dumps | Killexams A2180-188 study guide | Killexams HP2-B80 braindumps | Killexams EE0-512 real questions | Killexams 050-892 cram | Killexams M6040-419 test prep | Killexams P2070-092 questions answers | Killexams HP0-P10 study guide | Killexams 000-007 free pdf download | Killexams 190-982 practice questions | Killexams HP0-729 Practice Test | Killexams HP0-Y40 questions and answers | Killexams 9A0-314 cheat sheets | Killexams ST0-067 practice test | Killexams HP0-J25 free pdf | Killexams C90-06A dumps |


    [OPTIONAL-CONTENTS-5]

    View Complete list of Killexams.com Brain dumps


    Killexams A00-260 exam questions | Killexams PW0-104 questions and answers | Killexams 920-352 dump | Killexams LX0-104 test prep | Killexams 70-544 pdf download | Killexams 1Z0-042 examcollection | Killexams 000-142 study guide | Killexams IC3-2 practice test | Killexams 500-701 VCE | Killexams HP2-H25 mock exam | Killexams NS0-310 brain dumps | Killexams TB0-104 questions answers | Killexams HP0-785 braindumps | Killexams VMCE_V8 practice questions | Killexams 2B0-015 dumps questions | Killexams 190-712 free pdf download | Killexams HP3-C24 real questions | Killexams ASC-099 exam prep | Killexams A2010-598 study guide | Killexams HP2-K01 free pdf |


    Implementing and Supporting HP Storage Essentials v5.1

    Pass 4 sure HP0-922 dumps | Killexams.com HP0-922 real questions | [HOSTED-SITE]

    VMware vSphere 6 release good news for storage admins | killexams.com real questions and Pass4sure dumps

    No matter how you look at it, the vSphere 6 release from VMware was a big deal. It was announced at VMware's Partner Exchange in February 2015 and the big news was the introduction of Virtual Volumes, or VVOLs. There were also serious improvements to VSAN, fault tolerance, vMotion, high availability, scalability, security, data protection, replication and more.

    When viewed holistically, it is clear that VMware is pushing toward a completely software-defined data center in which all layers of the infrastructure are virtualized; the virtual machine (VM) is the center of attention; and provisioning, monitoring and management are all conducted by policy.

    In this model, an application's importance dictates the level of resources it gets and how its SLA will be maintained, regardless of hardware or software failures and other calamities. The vSphere 6 release was a major step toward enabling this vision.

    Fault Tolerance enhancements

    Fault Tolerance (FT), which was first introduced with vSphere 4, is a way to keep an application running with zero downtime and zero data loss in face of a host failure. Unlike High Availability (HA), which requires an application to be restarted on another host, after experiencing a failure, FT works on the principle of keeping two hosts working in lockstep, so a failure of one simply becomes a non-event and the application simply keeps on running. No application-specific or OS-specific agents or configurations are needed. FT provided the ultimate in application protection but was always limited to simple applications that used only one vCPU. With vSphere 6, an application with up to 4 vCPUs can be FT-enabled. This brings FT into the world that needs it most: mission-critical applications.

    Until now, FT hosts needed to share a common data store and a shared VM disk (VMDK). This limitation is now removed and each host can have its own VMDK on different data stores. In vSphere 5.5, one could not take a snapshot of an FT-enabled VM and, therefore, the only way to back up the VM was to add an agent on it. Now that limitation is removed and vSphere API for Data Protection is supported.

    Previous versions of FT required a very specific type of virtual disk: thick provision eager zeroed. This restriction is now removed and the virtual disk can be eager zeroed, thick or thin provisioned. The host compatibility list, which was extremely restricted before, has now been expanded to be the same as for vMotion.

    vMotion upgrades

    Historically, vMotion was limited to moving a VM from one host to another, both supported by one vCenter. This is no longer the case. Now VMs can be moved across different vCenters. VMware also removed the distance restriction that existed in vSphere 5.5. Now, hosts are no longer limited to a metro area with distances of less than 100 miles, or round-trip times (RTT) of less than 10 ms. The vMotion can take place across intercontinental distances as long as the RTT is less than 150 ms.

    Now, vMotion can be genuinely used to migrate VMs for temporary or permanent migrations across data centers. Temporary migrations can be particularly useful for load balancing, moving applications close to where people will use them (call centers or international development groups, for instance) or as a precaution against impending weather events.

    Improvements to HA

    VMware High Availability (HA) works on the principle of maintaining a heartbeat between the hosts that run the protected VMs (in the same cluster). Upon detection of a hardware or OS failure, the application is failed over and restarted on the working host. While there is a short period of "application downtime," there is no data loss and, in most cases, it is imperceptible to the user.

    Typically, storage issues have been the most difficult to deal with, in context of HA. With the vSphere 6 release, VMware has added support for Virtual Machine Component Protection, which provides enhanced protection from All Paths Down (APD) and Permanent Device Loss (PDL) in block (FC, iSCSI, FCoE) or file (NFS) storage.

    Previously, vSphere had limited ability to detect PDL situations and no ability to deal with APD in the past. Now these conditions are detected, vCenter is informed, and automatic failover is triggered, requiring no administrator involvement.

    Now, vSphere HA supports VVOLs, vSphere Network I/O Control, IPv6, NSX and vMotion across vCenter Servers. One can also configure up to 4,000 virtual machines on up to 32 hosts in HA configurations (which is the equivalent of a full 64 host/8,000 VM maximum cluster size).

    Microsoft WSFC integration

    In the past, if you wanted to use Windows Server Failover Clustering (WSFC) for applications with vSphere, the support for applications was pretty limited. With vSphere 6, support has been added for Windows Server 2012 R2 and SQL Server 2012, two key applications that were missing before. AlwaysOn Availability Groups are also now supported. Paravirtual SCSI adapter support brings much better performance to the clustered environment compared to the use of standard SCSI adapters. Now, vMotion and Distributed Resources Scheduler (DRS) are fully supported with WSFC.

    Data protection improvements

    VMware made major enhancements to data protection products in late 2013, with the advent of VMware Data Protection Advanced (VDP-A) in vSphere 5.5. The new release, VDP 6.0, merges the functionality of VDP and VDP-A and is the only release available under vSphere 6 (it is free to all customers of Essentials Plus Kit 6.0, vSphere with Operations Management 6.0 editions, and all vCloud Suite 6.0 editions).

    Before the vSphere 6 release, moving a replica of a VM on the remote site using Storage vMotion required a full synchronization before the VM could be moved.

    VDP 6.0 is based on EMC Avamar and uses variable-length data deduplication technology to perform disk-based backups for small to medium-sized businesses. It is integrated with vSphere and ESXi and is managed entirely by the VM administrator, using vCenter and VMware Web Client. It is designed to protect up to 800 VMs (using up to 10 VDP appliances, each of which can support up to 200 VMs and 8 TB of deduplicated data), even though realistically it works best for about 100 to 250 VMs. For larger configurations, a customer can integrate with Data Domain appliances. VDP 6.0 has built-in functionality for replication for backups, either to other VDP 6.0 appliances or to EMC Avamar appliances that may already be present in some larger accounts.

    External proxies are now supported. These can be deployed in other vSphere clusters in the local site, or in remote sites for increased efficiency in network bandwidth utilization. Up to 24 concurrent streams of backup are feasible with external proxies. Red Hat Enterprise Linux Logical Volume Manager and Ext4 file system are supported.

    But, VDP 6.0 has limitations. It is designed for customers that find an RPO of 24 hours to be acceptable. VMs can be recovered within a range of five minutes to a few hours, according to VMware. SRM is not supported. If better RPOs and RTOs are required, VMware recommends using third-party backup products and vSphere Replication for VM replication (vs. backup replication, as in the case of VDP 6.0).

    vSphere Replication updates

    Full synchronizations are now more efficient for specific storage arrays, because vSphere Replication can interact with vSphere and get storage allocation information to reduce network traffic. Before the vSphere 6 release, moving a replica of a VM on the remote site using Storage vMotion required a full synchronization before the VM could be moved. This is no longer the case. The end result is it is much easier to balance resources using Storage vMotion and DRS, without violating RPOs for VM recovery.

    Up to 24 recovery points can be chosen per VM. RPOs as fine as 15 minutes may be set on a per-VM basis. The vSphere Replication already used CBT to minimize network traffic but now the admin may choose compression as an option, for even more network bandwidth efficiency.

    It is important to understand that vSphere Replication is not associated with VDP 6.0, which has its own replication engine. Also, vSphere Replication is designed to replicate VMs whereas the replication engine built into VDP is designed to replicate backup objects that contain VMs. No data deduplication technology is built into vSphere Replication. Unlike VDP 6.0 this product is designed to be used with third-party tools, not just VMware's own tools.

    VSAN introduces all-flash configuration

    The introduction of Virtual Volumes (VVOLs) and improvements to Virtual SAN (VSAN) are the most important aspects of the vSphere 6 release. Both of these products are designed to abstract and pool storage and storage services to allow provisioning, monitoring and management of storage on a policy basis, at a VM level of granularity.

    The introduction of Virtual Volumes (VVOLs) and enhancements to Virtual SAN (VSAN) are the most important aspects of the vSphere 6 release.

    The previous version of VSAN only supported a hybrid configuration in which flash was used exclusively as read cache and hard disk drives (HDDs) as persistent capacity tier. VSAN 6.0 introduces an all-flash configuration where a portion of the flash capacity (solid-state drive- or PCIe-based) is used exclusively as write cache and the remaining capacity is used as a persistent tier. Scaling can be achieved across both performance and capacity by adding fully configured nodes (hybrid or all-flash), or independently by adding additional flash for performance or additional HDDs for capacity. In an all-flash configuration, additional capacity can be added with PCIe flash or solid-state drives by marking them for capacity, rather than caching. VMware also increased the maximum capacity of a virtual disk to 62 TB.

    The performance of both the hybrid and all-flash models was enhanced with a new disk format. In like configurations and workloads, the hybrid configuration performance increased by a factor of 2x over VSAN 5.5, according to VMware. The all-flash version delivers a 4x performance multiple over a similarly configured VSAN 5.5 (i.e., 2x the performance of a hybrid).

    The maximum cluster size was increased from 32 to 64 nodes. Both hybrid and all-flash models can support up to 200 VMs per node, for a maximum of 6,400 VMs per cluster. The new models allow VSAN-based configurations to support workloads exemplified by tier 1 mission-critical applications.

    In a 32-node cluster, VMware measured in excess of 4M IOPS for 100% reads and greater than 1.2M IOPS for mixed workloads of 70% reads and 30% writes, yielding 40K IOPS per host. In an all-flash version, the IOPS jump to 7M for read-only workloads, for an average of 90K IOPS per host. The 64-node clusters are expected to yield linear increases in performance.

    Snapshot and clone functionality was improved as well. The system allows the creation of up to 32 snapshots/clones per VM, or 16K snapshots/clones per cluster.

    Additional improvements relating to power failures or rack failures were added and blade infrastructures are now supported.

    Vendors vouch for VVOLs

    What VSAN does for direct attached storage, VVOLs achieve for external storage. I covered VVOLs extensively in an April 2015 article for Storage magazine. Since then, we have learned more about the wide variety of implementations from various vendors.

    On the surface, most, if not all, storage vendors have pledged support for VVOLs. But under the covers, the differences in implementations are astounding. In a survey of 11 vendors (Dell, EMC, HDS, HP, IBM, Kaminario, NetApp, Nexenta, NexGen, Pure Storage and SolidFire) conducted in March 2015, Taneja Group asked 32 questions to understand these differences. We categorized the vendors into one of three types:

  • Type 1 products deliver the most rudimentary support of VVOLs in which the user can carve out a number of static storage containers, each with a unique set of qualities (class of service). These could include the type of storage and the variety of storage services available (snapshots, compression and so on).
  • Type 2 products are exemplified by the creation of a single storage container with a wide variety of storage types and services, any of which may be selected (or not) to produce a unique set of capabilities that can then be applied to a given VM. Quality of service (QoS) is also a hallmark of Type 2 products. That means minimum or maximum resources (capacity, IOPS, latency, throughput) can be assigned to a given VM and the SPBM policy engine would honor these.
  • Type 3 extends Type 2 with the ability to deal with resource contention. In other words, not only does it offer QoS functionality but it also knows how to deal with multiple VMs vying for resources when the array functionality is maxed out.
  • Most vendor products fell in the Type 1 and Type 2 categories, with only NexGen showing up in the Type 3 category.

    Beyond the type of implementation, we discovered vast differences in scalability of products. For instance, the number of Protocol Endpoints (PEs) per Storage Container (SC), SCs per array, VVOLs-based VMs per array, VVOLs per array, VVOL-snapshots per array, clones per VM and clones per array varied widely across vendor products and sometimes even between different products from the same vendor. For example, the total number of VVOLs per HDS arrays was listed as 400,000 (file) or 64,000 (block) plus 1 million snapshots (for either file or block products). This contrasted with only 1,024 supported VVOLs per array for Dell's EqualLogic product.

    The number and type of data services that can be surfaced via VASA 2.0 to Storage Policy-Based Management also varied across the board. These differences point out several facts. First, implementing VVOLs support in existing arrays is nontrivial and the architecture plays a significant role in how fully VVOLs can be supported. Second, the specs will dictate how far one can scale a product. The number of VMs an array can support is directly related to the number of VVOLs it can support, given each VM uses up a minimum of three VVOLs and each snapshot costs one VVOL. These are not necessarily an indication of weakness, as many other factors dictate which array is right for a given job, but it does indicate how far the array can go in the dimension of VVOL support. The full list of questions we asked in the survey is available by sending us an email.

    Make no mistake: vSphere 6 is a major release from VMware by any standard. It is loaded with storage functionality from top to bottom, with significant increases in configuration maximums and major enhancements in VSAN, HA, FT, WSFC, data protection, replication and vMotion. And of course, the introduction of VVOLs puts VM-centricity in the forefront and brings external storage within VMware's software-defined vision.


    Secure Technology Integration Group, Ltd. (STIGroup, Ltd.) Joins Pano Logic Reseller Network | killexams.com real questions and Pass4sure dumps

    SOURCE: Pano Logic

    Pano Logic

    March 17, 2011 08:00 ET

    REDWOOD CITY, CA--(Marketwire - March 17, 2011) - Pano Logic, the leader in zero client desktop virtualization (VDI), today announced Secure Technology Integration Group, Ltd. has joined its network of resellers that assist organizations with centralizing their desktop computing infrastructures using Pano Logic's innovative hardware and software solution. As a channel partner, STIGroup, will bring the Pano Logic solution to organizations in Information Technology throughout New York City and its tri-state region as well as locations throughout the U.S. and abroad. Pano Logic utilizes a network of more than 250 partners worldwide to deliver its solutions to end users and assist in deployment and support.

    "Today's unique market conditions are forcing businesses to modernize and scale technology implementations without the benefit of a corresponding increase in IT staffing. Desktop virtualization technologies that offer cost and operational efficiencies are compelling in this context, but many don't demonstrate a clear upgrade path for existing implementations with a predictable ROI," said Richard Shinnick, President of STIGroup. "Our clients look to us for a VDI solution that allows their IT organization to be an enabler for their corporate vision in spite of the challenging market conditions. Pano Logic enables STIGroup to deliver on this challenge."

    Pano Logic's purpose-built solution for desktop virtualization is sold through strategic channel resellers, who have core expertise and have invested in Pano Logic certification. Pano Logic offers the only zero client certification program to train resellers on assessing, deploying and optimizing Pano Logic across a range of network infrastructures. Partners ensure that Pano Logic pilot programs are deployed successfully and provide the guidance needed to calculate total cost of ownership to achieve buy-in within the organization.

    In addition, Pano certified partners may offer the QuickStart Service, a one-day program that pairs new customers with a certified partner for assessment, planning, building and managing new rollouts. The QuickStart service also sets up end users with post-implementation ROI models and TCO savings reports for evaluation and reporting purposes.

    "We are aggressively investing in and expanding our channel worldwide to meet the rising demand for our VDI solution and we welcome the arrival of STIGroup in our network," said David Butler, Vice President of Sales, Pano Logic. "We're seeking to provide customers with the best experience possible and resellers such as STIGroup play a meaningful role in our success."

    The Pano System is a complete end-to end virtual desktop solution that includes the Pano Manager, a virtual machine manager and connection broker, the unique Pano Device zero client, and Pano Direct, providing the connection to completely centralized virtual desktops. Pano Logic is the only zero client system that independently interoperates with all three leading hypervisors and their management systems. The Pano System starts at $389 per seat, which includes one year of support and maintenance, and is also available in a pre-configured, pre-loaded all-in 50-user suite, Pano Express, combining VMware vSphere™ Essentials, Microsoft Windows 7/XP licenses, and HP server and storage hardware with Pano Logic's award-winning zero client platform.

    About Pano Logic Pano Logic is the leader in Zero Client Desktop Computing. Pano Logic's innovative hardware and software solution -- Pano System -- redefines the delivery and management of end user computing by radically centralizing desktop management. The Pano Logic zero client platform is a complete end-to-end solution purpose-built for desktop virtualization, simplifying the complexity and management of virtual desktops and slashing TCO by as much as 80 percent. The patent-pending Pano Direct technology eliminates the need for costly processing power at the endpoint, making it possible to have an endpoint device that contains NO processor, NO operating system, NO memory, NO drivers, NO firmware, NO software, NOR any moving parts, completely eliminating endpoint management and security breaches, while slashing energy consumption by 95 percent as compared to a PC. The Pano generation of computing, built for virtualization, can plug and play into 99 percent of all hypervisor infrastructures, including VMware, Microsoft HyperV and Citrix XenDesktop and interoperate with their management systems. To learn more, visit http://www.panologic.com


    GSSAPI Authentication and Kerberos v5 | killexams.com real questions and Pass4sure dumps

    This chapter is from the book 

    This section discusses the GSSAPI mechanism, in particular, Kerberos v5 and how this works in conjunction with the Sun ONE Directory Server 5.2 software and what is involved in implementing such a solution. Please be aware that this is not a trivial task.

    It’s worth taking a brief look at the relationship between the Generic Security Services Application Program Interface (GSSAPI) and Kerberos v5.

    The GSSAPI does not actually provide security services itself. Rather, it is a framework that provides security services to callers in a generic fashion, with a range of underlying mechanisms and technologies such as Kerberos v5. The current implementation of the GSSAPI only works with the Kerberos v5 security mechanism. The best way to think about the relationship between GSSAPI and Kerberos is in the following manner: GSSAPI is a network authentication protocol abstraction that allows Kerberos credentials to be used in an authentication exchange. Kerberos v5 must be installed and running on any system on which GSSAPI-aware programs are running.

    The support for the GSSAPI is made possible in the directory server through the introduction of a new SASL library, which is based on the Cyrus CMU implementation. Through this SASL framework, DIGEST-MD5 is supported as explained previously, and GSSAPI which implements Kerberos v5. Additional GSSAPI mechanisms do exist. For example, GSSAPI with SPNEGO support would be GSS-SPNEGO. Other GSS mechanism names are based on the GSS mechanisms OID.

    The Sun ONE Directory Server 5.2 software only supports the use of GSSAPI on Solaris OE. There are implementations of GSSAPI for other operating systems (for example, Linux), but the Sun ONE Directory Server 5.2 software does not use them on platforms other than the Solaris OE.

    Understanding GSSAPI

    The Generic Security Services Application Program Interface (GSSAPI) is a standard interface, defined by RFC 2743, that provides a generic authentication and secure messaging interface, whereby these security mechanisms can be plugged in. The most commonly referred to GSSAPI mechanism is the Kerberos mechanism that is based on secret key cryptography.

    One of the main aspects of GSSAPI is that it allows developers to add secure authentication and privacy (encryption and or integrity checking) protection to data being passed over the wire by writing to a single programming interface. This is shown in FIGURE 3-2.

    03fig02.gifFigure 3-2. GSSAPI Layers

    The underlying security mechanisms are loaded at the time the programs are executed, as opposed to when they are compiled and built. In practice, the most commonly used GSSAPI mechanism is Kerberos v5. The Solaris OE provides a few different flavors of Diffie-Hellman GSSAPI mechanisms, which are only useful to NIS+ applications.

    What can be confusing is that developers might write applications that write directly to the Kerberos API, or they might write GSSAPI applications that request the Kerberos mechanism. There is a big difference, and applications that talk Kerberos directly cannot communicate with those that talk GSSAPI. The wire protocols are not compatible, even though the underlying Kerberos protocol is in use. An example is telnet with Kerberos is a secure telnet program that authenticates a telnet user and encrypts data, including passwords exchanged over the network during the telnet session. The authentication and message protection features are provided using Kerberos. The telnet application with Kerberos only uses Kerberos, which is based on secret-key technology. However, a telnet program written to the GSSAPI interface can use Kerberos as well as other security mechanisms supported by GSSAPI.

    The Solaris OE does not deliver any libraries that provide support for third-party companies to program directly to the Kerberos API. The goal is to encourage developers to use the GSSAPI. Many open-source Kerberos implementations (MIT, Heimdal) allow users to write Kerberos applications directly.

    On the wire, the GSSAPI is compatible with Microsoft’s SSPI and thus GSSAPI applications can communicate with Microsoft applications that use SSPI and Kerberos.

    The GSSAPI is preferred because it is a standardized API, whereas Kerberos is not. This means that the MIT Kerberos development team might change the programming interface anytime, and any applications that exist today might not work in the future without some code modifications. Using GSSAPI avoids this problem.

    Another benefit of GSSAPI is its pluggable feature, which is a big benefit, especially if a developer later decides that there is a better authentication method than Kerberos, because it can easily be plugged into the system and the existing GSSAPI applications should be able to use it without being recompiled or patched in any way.

    Understanding Kerberos v5

    Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. Originally developed at the Massachusetts Institute of Technology, it is included in the Solaris OE to provide strong authentication for Solaris OE network applications.

    In addition to providing a secure authentication protocol, Kerberos also offers the ability to add privacy support (encrypted data streams) for remote applications such as telnet, ftp, rsh, rlogin, and other common UNIX network applications. In the Solaris OE, Kerberos can also be used to provide strong authentication and privacy support for Network File Systems (NFS), allowing secure and private file sharing across the network.

    Because of its widespread acceptance and implementation in other operating systems, including Windows 2000, HP-UX, and Linux, the Kerberos authentication protocol can interoperate in a heterogeneous environment, allowing users on machines running one OS to securely authenticate themselves on hosts of a different OS.

    The Kerberos software is available for Solaris OE versions 2.6, 7, 8, and 9 in a separate package called the Sun Enterprise Authentication Mechanism (SEAM) software. For Solaris 2.6 and Solaris 7 OE, Sun Enterprise Authentication Mechanism software is included as part of the Solaris Easy Access Server 3.0 (Solaris SEAS) package. For Solaris 8 OE, the Sun Enterprise Authentication Mechanism software package is available with the Solaris 8 OE Admin Pack.

    For Solaris 2.6 and Solaris 7 OE, the Sun Enterprise Authentication Mechanism software is freely available as part of the Solaris Easy Access Server 3.0 package available for download from:

    http://www.sun.com/software/solaris/7/ds/ds-seas.

    For Solaris 8 OE systems, Sun Enterprise Authentication Mechanism software is available in the Solaris 8 OE Admin Pack, available for download from:

    http://www.sun.com/bigadmin/content/adminPack/index.html.

    For Solaris 9 OE systems, Sun Enterprise Authentication Mechanism software is already installed by default and contains the following packages listed in TABLE 3-1.

    Table 3-1. Solaris 9 OE Kerberos v5 Packages

    Package Name

    Description

    SUNWkdcr

    Kerberos v5 KDC (root)

    SUNWkdcu

    Kerberos v5 Master KDC (user)

    SUNWkrbr

    Kerberos version 5 support (Root)

    SUNWkrbu

    Kerberos version 5 support (Usr)

    SUNWkrbux

    Kerberos version 5 support (Usr) (64-bit)

    All of these Sun Enterprise Authentication Mechanism software distributions are based on the MIT KRB5 Release version 1.0. The client programs in these distributions are compatible with later MIT releases (1.1, 1.2) and with other implementations that are compliant with the standard.

    How Kerberos Works

    The following is an overview of the Kerberos v5 authentication system. From the user’s standpoint, Kerberos v5 is mostly invisible after the Kerberos session has been started. Initializing a Kerberos session often involves no more than logging in and providing a Kerberos password.

    The Kerberos system revolves around the concept of a ticket. A ticket is a set of electronic information that serves as identification for a user or a service such as the NFS service. Just as your driver’s license identifies you and indicates what driving permissions you have, so a ticket identifies you and your network access privileges. When you perform a Kerberos-based transaction (for example, if you use rlogin to log in to another machine), your system transparently sends a request for a ticket to a Key Distribution Center, or KDC. The KDC accesses a database to authenticate your identity and returns a ticket that grants you permission to access the other machine. Transparently means that you do not need to explicitly request a ticket.

    Tickets have certain attributes associated with them. For example, a ticket can be forwardable (which means that it can be used on another machine without a new authentication process), or postdated (not valid until a specified time). How tickets are used (for example, which users are allowed to obtain which types of tickets) is set by policies that are determined when Kerberos is installed or administered.

    You will frequently see the terms credential and ticket. In the Kerberos world, they are often used interchangeably. Technically, however, a credential is a ticket plus the session key for that session.

    Initial Authentication

    Kerberos authentication has two phases, an initial authentication that allows for all subsequent authentications, and the subsequent authentications themselves.

    A client (a user, or a service such as NFS) begins a Kerberos session by requesting a ticket-granting ticket (TGT) from the Key Distribution Center (KDC). This request is often done automatically at login.

    A ticket-granting ticket is needed to obtain other tickets for specific services. Think of the ticket-granting ticket as something similar to a passport. Like a passport, the ticket-granting ticket identifies you and allows you to obtain numerous “visas,” where the “visas” (tickets) are not for foreign countries, but for remote machines or network services. Like passports and visas, the ticket-granting ticket and the other various tickets have limited lifetimes. The difference is that Kerberized commands notice that you have a passport and obtain the visas for you. You don’t have to perform the transactions yourself.

    The KDC creates a ticket-granting ticket and sends it back, in encrypted form, to the client. The client decrypts the ticket-granting ticket using the client’s password.

    Now in possession of a valid ticket-granting ticket, the client can request tickets for all sorts of network operations for as long as the ticket-granting ticket lasts. This ticket usually lasts for a few hours. Each time the client performs a unique network operation, it requests a ticket for that operation from the KDC.

    Subsequent Authentications

    The client requests a ticket for a particular service from the KDC by sending the KDC its ticket-granting ticket as proof of identity.

  • The KDC sends the ticket for the specific service to the client.

    For example, suppose user lucy wants to access an NFS file system that has been shared with krb5 authentication required. Since she is already authenticated (that is, she already has a ticket-granting ticket), as she attempts to access the files, the NFS client system automatically and transparently obtains a ticket from the KDC for the NFS service.

  • The client sends the ticket to the server.

    When using the NFS service, the NFS client automatically and transparently sends the ticket for the NFS service to the NFS server.

  • The server allows the client access.

    These steps make it appear that the server doesn’t ever communicate with the KDC. The server does, though, as it registers itself with the KDC, just as the first client does.

  • Principals

    A client is identified by its principal. A principal is a unique identity to which the KDC can assign tickets. A principal can be a user, such as joe, or a service, such as NFS.

    By convention, a principal name is divided into three parts: the primary, the instance, and the realm. A typical principal could be, for example, lucy/admin@EXAMPLE.COM, where:

    lucy is the primary. The primary can be a user name, as shown here, or a service, such as NFS. The primary can also be the word host, which signifies that this principal is a service principal that is set up to provide various network services.

    admin is the instance. An instance is optional in the case of user principals, but it is required for service principals. For example, if the user lucy sometimes acts as a system administrator, she can use lucy/admin to distinguish herself from her usual user identity. Likewise, if Lucy has accounts on two different hosts, she can use two principal names with different instances (for example, lucy/california.example.com and lucy/boston.example.com).

    Realms

    A realm is a logical network, similar to a domain, which defines a group of systems under the same master KDC. Some realms are hierarchical (one realm being a superset of the other realm). Otherwise, the realms are non-hierarchical (or direct) and the mapping between the two realms must be defined.

    Realms and KDC Servers

    Each realm must include a server that maintains the master copy of the principal database. This server is called the master KDC server. Additionally, each realm should contain at least one slave KDC server, which contains duplicate copies of the principal database. Both the master KDC server and the slave KDC server create tickets that are used to establish authentication.

    Understanding the Kerberos KDC

    The Kerberos Key Distribution Center (KDC) is a trusted server that issues Kerberos tickets to clients and servers to communicate securely. A Kerberos ticket is a block of data that is presented as the user’s credentials when attempting to access a Kerberized service. A ticket contains information about the user’s identity and a temporary encryption key, all encrypted in the server’s private key. In the Kerberos environment, any entity that is defined to have a Kerberos identity is referred to as a principal.

    A principal may be an entry for a particular user, host, or service (such as NFS or FTP) that is to interact with the KDC. Most commonly, the KDC server system also runs the Kerberos Administration Daemon, which handles administrative commands such as adding, deleting, and modifying principals in the Kerberos database. Typically, the KDC, the admin server, and the database are all on the same machine, but they can be separated if necessary. Some environments may require that multiple realms be configured with master KDCs and slave KDCs for each realm. The principals applied for securing each realm and KDC should be applied to all realms and KDCs in the network to ensure that there isn’t a single weak link in the chain.

    One of the first steps to take when initializing your Kerberos database is to create it using the kdb5_util command, which is located in /usr/sbin. When running this command, the user has the choice of whether to create a stash file or not. The stash file is a local copy of the master key that resides on the KDC’s local disk. The master key contained in the stash file is generated from the master password that the user enters when first creating the KDC database. The stash file is used to authenticate the KDC to itself automatically before starting the kadmind and krb5kdc daemons (for example, as part of the machine’s boot sequence).

    If a stash file is not used when the database is created, the administrator who starts up the krb5kdc process will have to manually enter the master key (password) every time they start the process. This may seem like a typical trade off between convenience and security, but if the rest of the system is sufficiently hardened and protected, very little security is lost by having the master key stored in the protected stash file. It is recommended that at least one slave KDC server be installed for each realm to ensure that a backup is available in the event that the master server becomes unavailable, and that slave KDC be configured with the same level of security as the master.

    Currently, the Sun Kerberos v5 Mechanism utility, kdb5_util, can create three types of keys, DES-CBC-CRC, DES-CBC-MD5, and DES-CBC-RAW. DES-CBC stands for DES encryption with Cipher Block Chaining and the CRC, MD5, and RAW designators refer to the checksum algorithm that is used. By default, the key created will be DES-CBC-CRC, which is the default encryption type for the KDC. The type of key created is specified on the command line with the -k option (see the kdb5_util (1M) man page). Choose the password for your stash file very carefully, because this password can be used in the future to decrypt the master key and modify the database. The password may be up to 1024 characters long and can include any combination of letters, numbers, punctuation, and spaces.

    The following is an example of creating a stash file:

    kdc1 #/usr/sbin/kdb5_util create -r EXAMPLE.COM -s Initializing database '/var/krb5/principal' for realm 'EXAMPLE.COM' master key name 'K/M@EXAMPLE.COM' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: master_key Re-enter KDC database master key to verify: master_key

    Notice the use of the -s argument to create the stash file. The location of the stash file is in the /var/krb5. The stash file appears with the following mode and ownership settings:

    kdc1 # cd /var/krb5 kdc1 # ls -l -rw------- 1 root other 14 Apr 10 14:28 .k5.EXAMPLE.COM

    The directory used to store the stash file and the database should not be shared or exported.

    Secure Settings in the KDC Configuration File

    The KDC and Administration daemons both read configuration information from /etc/krb5/kdc.conf. This file contains KDC-specific parameters that govern overall behavior for the KDC and for specific realms. The parameters in the kdc.conf file are explained in detail in the kdc.conf(4) man page.

    The kdc.conf parameters describe locations of various files and ports to use for accessing the KDC and the administration daemon. These parameters generally do not need to be changed, and doing so does not result in any added security. However, there are some parameters that may be adjusted to enhance the overall security of the KDC. The following are some examples of adjustable parameters that enhance security.

  • kdc_ports – Defines the ports that the KDC will listen on to receive requests. The standard port for Kerberos v5 is 88. 750 is included and commonly used to support older clients that still use the default port designated for Kerberos v4. Solaris OE still listens on port 750 for backwards compatibility. This is not considered a security risk.

  • max_life – Defines the maximum lifetime of a ticket, and defaults to eight hours. In environments where it is desirable to have users re-authenticate frequently and to reduce the chance of having a principal’s credentials stolen, this value should be lowered. The recommended value is eight hours.

  • max_renewable_life – Defines the period of time from when a ticket is issued that it may be renewed (using kinit -R). The standard value here is 7 days. To disable renewable tickets, this value may be set to 0 days, 0 hrs, 0 min. The recommended value is 7d 0h 0m 0s.

  • default_principal_expiration – A Kerberos principal is any unique identity to which Kerberos can assign a ticket. In the case of users, it is the same as the UNIX system user name. The default lifetime of any principal in the realm may be defined in the kdc.conf file with this option. This should be used only if the realm will contain temporary principals, otherwise the administrator will have to constantly be renewing principals. Usually, this setting is left undefined and principals do not expire. This is not insecure as long as the administrator is vigilant about removing principals for users that no longer need access to the systems.

  • supported_enctypes – The encryption types supported by the KDC may be defined with this option. At this time, Sun Enterprise Authentication Mechanism software only supports des-cbc-crc:normal encryption type, but in the future this may be used to ensure that only strong cryptographic ciphers are used.

  • dict_file – The location of a dictionary file containing strings that are not allowed as passwords. A principal with any password policy (see below) will not be able to use words found in this dictionary file. This is not defined by default. Using a dictionary file is a good way to prevent users from creating trivial passwords to protect their accounts, and thus helps avoid one of the most common weaknesses in a computer network-guessable passwords. The KDC will only check passwords against the dictionary for principals which have a password policy association, so it is good practice to have at least one simple policy associated with all principals in the realm.

  • The Solaris OE has a default system dictionary that is used by the spell program that may also be used by the KDC as a dictionary of common passwords. The location of this file is: /usr/share/lib/dict/words. Other dictionaries may be substituted. The format is one word or phrase per line.

    The following is a Kerberos v5 /etc/krb5/kdc.conf example with suggested settings:

    # Copyright 1998-2002 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "@(#)kdc.conf 1.2 02/02/14 SMI" [kdcdefaults] kdc_ports = 88,750 [realms] ___default_realm___ = { profile = /etc/krb5/krb5.conf database_name = /var/krb5/principal admin_keytab = /etc/krb5/kadm5.keytab acl_file = /etc/krb5/kadm5.acl kadmind_port = 749 max_life = 8h 0m 0s max_renewable_life = 7d 0h 0m 0s default_principal_flags = +preauth Needs moving -- dict_file = /usr/share/lib/dict/words } Access Control

    The Kerberos administration server allows for granular control of the administrative commands by use of an access control list (ACL) file (/etc/krb5/kadm5.acl). The syntax for the ACL file allows for wildcarding of principal names so it is not necessary to list every single administrator in the ACL file. This feature should be used with great care. The ACLs used by Kerberos allow privileges to be broken down into very precise functions that each administrator can perform. If a certain administrator only needs to be allowed to have read-access to the database then that person should not be granted full admin privileges. Below is a list of the privileges allowed:

  • a – Allows the addition of principals or policies in the database.

  • A – Prohibits the addition of principals or policies in the database.

  • d – Allows the deletion of principals or policies in the database.

  • D – Prohibits the deletion of principals or policies in the database.

  • m – Allows the modification of principals or policies in the database.

  • M – Prohibits the modification of principals or policies in the database.

  • c – Allows the changing of passwords for principals in the database.

  • C – Prohibits the changing of passwords for principals in the database.

  • i – Allows inquiries to the database.

  • I – Prohibits inquiries to the database.

  • l – Allows the listing of principals or policies in the database.

  • L – Prohibits the listing of principals or policies in the database.

  • * – Short for all privileges (admcil).

  • x – Short for all privileges (admcil). Identical to *.

  • Adding Administrators

    After the ACLs are set up, actual administrator principals should be added to the system. It is strongly recommended that administrative users have separate /admin principals to use only when administering the system. For example, user Lucy would have two principals in the database - lucy@REALM and lucy/admin@REALM. The /admin principal would only be used when administering the system, not for getting ticket-granting-tickets (TGTs) to access remote services. Using the /admin principal only for administrative purposes minimizes the chance of someone walking up to Joe’s unattended terminal and performing unauthorized administrative commands on the KDC.

    Kerberos principals may be differentiated by the instance part of their principal name. In the case of user principals, the most common instance identifier is /admin. It is standard practice in Kerberos to differentiate user principals by defining some to be /admin instances and others to have no specific instance identifier (for example, lucy/admin@REALM versus lucy@REALM). Principals with the /admin instance identifier are assumed to have administrative privileges defined in the ACL file and should only be used for administrative purposes. A principal with an /admin identifier which does not match up with any entries in the ACL file will not be granted any administrative privileges, it will be treated as a non-privileged user principal. Also, user principals with the /admin identifier are given separate passwords and separate permissions from the non-admin principal for the same user.

    The following is a sample /etc/krb5/kadm5.acl file:

    # Copyright (c) 1998-2000 by Sun Microsystems, Inc. # All rights reserved. # #pragma ident "@(#)kadm5.acl 1.1 01/03/19 SMI" # lucy/admin is given full administrative privilege lucy/admin@EXAMPLE.COM * # # tom/admin user is allowed to query the database (d), listing principals # (l), and changing user passwords (c) # tom/admin@EXAMPLE.COM dlc

    It is highly recommended that the kadm5.acl file be tightly controlled and that users be granted only the privileges they need to perform their assigned tasks.

    Creating Host Keys

    Creating host keys for systems in the realm such as slave KDCs is performed the same way that creating user principals is performed. However, the -randkey option should always be used, so no one ever knows the actual key for the hosts. Host principals are almost always stored in the keytab file, to be used by root-owned processes that wish to act as Kerberos services for the local host. It is rarely necessary for anyone to actually know the password for a host principal because the key is stored safely in the keytab and is only accessible by root-owned processes, never by actual users.

    When creating keytab files, the keys should always be extracted from the KDC on the same machine where the keytab is to reside using the ktadd command from a kadmin session. If this is not feasible, take great care in transferring the keytab file from one machine to the next. A malicious attacker who possesses the contents of the keytab file could use these keys from the file in order to gain access to another user or services credentials. Having the keys would then allow the attacker to impersonate whatever principal that the key represented and further compromise the security of that Kerberos realm. Some suggestions for transferring the keytab are to use Kerberized, encrypted ftp transfers, or to use the secure file transfer programs scp or sftp offered with the SSH package (http://www.openssh.org). Another safe method is to place the keytab on a removable disk, and hand-deliver it to the destination.

    Hand delivery does not scale well for large installations, so using the Kerberized ftp daemon is perhaps the most convenient and secure method available.

    Using NTP to Synchronize Clocks

    All servers participating in the Kerberos realm need to have their system clocks synchronized to within a configurable time limit (default 300 seconds). The safest, most secure way to systematically synchronize the clocks on a network of Kerberos servers is by using the Network Time Protocol (NTP) service. The Solaris OE comes with an NTP client and NTP server software (SUNWntpu package). See the ntpdate(1M) and xntpd(1M) man pages for more information on the individual commands. For more information on configuring NTP, refer to the following Sun BluePrints OnLine NTP articles:

    It is critical that the time be synchronized in a secure manner. A simple denial of service attack on either a client or a server would involve just skewing the time on that system to be outside of the configured clock skew value, which would then prevent anyone from acquiring TGTs from that system or accessing Kerberized services on that system. The default clock-skew value of five minutes is the maximum recommended value.

    The NTP infrastructure must also be secured, including the use of server hardening for the NTP server and application of NTP security features. Using the Solaris Security Toolkit software (formerly known as JASS) with the secure.driver script to create a minimal system and then installing just the necessary NTP software is one such method. The Solaris Security Toolkit software is available at:

    http://www.sun.com/security/jass/

    Documentation on the Solaris Security Toolkit software is available at:

    http://www.sun.com/security/blueprints

    Establishing Password Policies

    Kerberos allows the administrator to define password policies that can be applied to some or all of the user principals in the realm. A password policy contains definitions for the following parameters:

  • Minimum Password Length – The number of characters in the password, for which the recommended value is 8.

  • Maximum Password Classes – The number of different character classes that must be used to make up the password. Letters, numbers, and punctuation are the three classes and valid values are 1, 2, and 3. The recommended value is 2.

  • Saved Password History – The number of previous passwords that have been used by the principal that cannot be reused. The recommended value is 3.

  • Minimum Password Lifetime (seconds) – The minimum time that the password must be used before it can be changed. The recommended value is 3600 (1 hour).

  • Maximum Password Lifetime (seconds) – The maximum time that the password can be used before it must be changed. The recommended value is 7776000 (90 days).

  • These values can be set as a group and stored as a single policy. Different policies can be defined for different principals. It is recommended that the minimum password length be set to at least 8 and that at least 2 classes be required. Most people tend to choose easy-to-remember and easy-to-type passwords, so it is a good idea to at least set up policies to encourage slightly more difficult-to-guess passwords through the use of these parameters. Setting the Maximum Password Lifetime value may be helpful in some environments, to force people to change their passwords periodically. The period is up to the local administrator according to the overriding corporate security policy used at that particular site. Setting the Saved Password History value combined with the Minimum Password Lifetime value prevents people from simply switching their password several times until they get back to their original or favorite password.

    The maximum password length supported is 255 characters, unlike the UNIX password database which only supports up to 8 characters. Passwords are stored in the KDC encrypted database using the KDC default encryption method, DES-CBC-CRC. In order to prevent password guessing attacks, it is recommended that users choose long passwords or pass phrases. The 255 character limit allows one to choose a small sentence or easy to remember phrase instead of a simple one-word password.

    It is possible to use a dictionary file that can be used to prevent users from choosing common, easy-to-guess words (see “Secure Settings in the KDC Configuration File” on page 70). The dictionary file is only used when a principal has a policy association, so it is highly recommended that at least one policy be in effect for all principals in the realm.

    The following is an example password policy creation:

    If you specify a kadmin command without specifying any options, kadmin displays the syntax (usage information) for that command. The following code box shows this, followed by an actual add_policy command with options.

    kadmin: add_policy usage: add_policy [options] policy options are: [-maxlife time] [-minlife time] [-minlength length] [-minclasses number] [-history number] kadmin: add_policy -minlife "1 hour" -maxlife "90 days" -minlength 8 -minclasses 2 -history 3 passpolicy kadmin: get_policy passpolicy Policy: passpolicy Maximum password life: 7776000 Minimum password life: 3600 Minimum password length: 8 Minimum number of password character classes: 2 Number of old keys kept: 3 Reference count: 0

    This example creates a password policy called passpolicy which enforces a maximum password lifetime of 90 days, minimum length of 8 characters, a minimum of 2 different character classes (letters, numbers, punctuation), and a password history of 3.

    To apply this policy to an existing user, modify the following:

    kadmin: modprinc -policy passpolicy lucyPrincipal "lucy@EXAMPLE.COM" modified.

    To modify the default policy that is applied to all user principals in a realm, change the following:

    kadmin: modify_policy -maxlife "90 days" -minlife "1 hour" -minlength 8 -minclasses 2 -history 3 default kadmin: get_policy default Policy: default Maximum password life: 7776000 Minimum password life: 3600 Minimum password length: 8 Minimum number of password character classes: 2 Number of old keys kept: 3 Reference count: 1

    The Reference count value indicates how many principals are configured to use the policy.

    The default policy is automatically applied to all new principals that are not given the same password as the principal name when they are created. Any account with a policy assigned to it is uses the dictionary (defined in the dict_file parameter in /etc/krb5/kdc.conf) to check for common passwords.

    Backing Up a KDC

    Backups of a KDC system should be made regularly or according to local policy. However, backups should exclude the /etc/krb5/krb5.keytab file. If the local policy requires that backups be done over a network, then these backups should be secured either through the use of encryption or possibly by using a separate network interface that is only used for backup purposes and is not exposed to the same traffic as the non-backup network traffic. Backup storage media should always be kept in a secure, fireproof location.

    Monitoring the KDC

    Once the KDC is configured and running, it should be continually and vigilantly monitored. The Sun Kerberos v5 software KDC logs information into the /var/krb5/kdc.log file, but this location can be modified in the /etc/krb5/krb5.conf file, in the logging section.

    [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log

    The KDC log file should have read and write permissions for the root user only, as follows:

    -rw------ 1 root other 750 25 May 10 17:55 /var/krb5/kdc.log Kerberos Options

    The /etc/krb5/krb5.conf file contains information that all Kerberos applications use to determine what server to talk to and what realm they are participating in. Configuring the krb5.conf file is covered in the Sun Enterprise Authentication Mechanism Software Installation Guide. Also refer to the krb5.conf(4) man page for a full description of this file.

    The appdefaults section in the krb5.conf file contains parameters that control the behavior of many Kerberos client tools. Each tool may have its own section in the appdefaults section of the krb5.conf file.

    Many of the applications that use the appdefaults section, use the same options; however, they might be set in different ways for each client application.

    Kerberos Client Applications

    The following Kerberos applications can have their behavior modified through the user of options set in the appdefaults section of the /etc/krb5/krb5.conf file or by using various command-line arguments. These clients and their configuration settings are described below.

    kinit

    The kinit client is used by people who want to obtain a TGT from the KDC. The /etc/krb5/krb5.conf file supports the following kinit options: renewable, forwardable, no_addresses, max_life, max_renewable_life and proxiable.

    telnet

    The Kerberos telnet client has many command-line arguments that control its behavior. Refer to the man page for complete information. However, there are several interesting security issues involving the Kerberized telnet client.

    The telnet client uses a session key even after the service ticket which it was derived from has expired. This means that the telnet session remains active even after the ticket originally used to gain access, is no longer valid. This is insecure in a strict environment, however, the trade off between ease of use and strict security tends to lean in favor of ease-of-use in this situation. It is recommended that the telnet connection be re-initialized periodically by disconnecting and reconnecting with a new ticket. The overall lifetime of a ticket is defined by the KDC (/etc/krb5/kdc.conf), normally defined as eight hours.

    The telnet client allows the user to forward a copy of the credentials (TGT) used to authenticate to the remote system using the -f and -F command-line options. The -f option sends a non-forwardable copy of the local TGT to the remote system so that the user can access Kerberized NFS mounts or other local Kerberized services on that system only. The -F option sends a forwardable TGT to the remote system so that the TGT can be used from the remote system to gain further access to other remote Kerberos services beyond that point. The -F option is a superset of -f. If the Forwardable and or forward options are set to false in the krb5.conf file, these command-line arguments can be used to override those settings, thus giving individuals the control over whether and how their credentials are forwarded.

    The -x option should be used to turn on encryption for the data stream. This further protects the session from eavesdroppers. If the telnet server does not support encryption, the session is closed. The /etc/krb5/krb5.conf file supports the following telnet options: forward, forwardable, encrypt, and autologin. The autologin [true/false] parameter tells the client to try and attempt to log in without prompting the user for a user name. The local user name is passed on to the remote system in the telnet negotiations.

    rlogin and rsh

    The Kerberos rlogin and rsh clients behave much the same as their non-Kerberized equivalents. Because of this, it is recommended that if they are required to be included in the network files such as /etc/hosts.equiv and .rhosts that the root users directory be removed. The Kerberized versions have the added benefit of using Kerberos protocol for authentication and can also use Kerberos to protect the privacy of the session using encryption.

    Similar to telnet described previously, the rlogin and rsh clients use a session key after the service ticket which it was derived from has expired. Thus, for maximum security, rlogin and rsh sessions should be re-initialized periodically. rlogin uses the -f, -F, and -x options in the same fashion as the telnet client. The /etc/krb5/krb5.conf file supports the following rlogin options: forward, forwardable, and encrypt.

    Command-line options override configuration file settings. For example, if the rsh section in the krb5.conf file indicates encrypt false, but the -x option is used on the command line, an encrypted session is used.

    rcp

    Kerberized rcp can be used to transfer files securely between systems using Kerberos authentication and encryption (with the -x command-line option). It does not prompt for passwords, the user must already have a valid TGT before using rcp if they wish to use the encryption feature. However, beware if the -x option is not used and no local credentials are available, the rcp session will revert to the standard, non-Kerberized (and insecure) rcp behavior. It is highly recommended that users always use the -x option when using the Kerberized rcp client.The /etc/krb5/krb5.conf file supports the encrypt [true/false] option.

    login

    The Kerberos login program (login.krb5) is forked from a successful authentication by the Kerberized telnet daemon or the Kerberized rlogin daemon. This Kerberos login daemon is separate from the standard Solaris OE login daemon and thus, the standard Solaris OE features such as BSM auditing are not yet supported when using this daemon. The /etc/krb5/krb5.conf file supports the krb5_get_tickets [true/false] option. If this option is set to true, then the login program will generate a new Kerberos ticket (TGT) for the user upon proper authentication.

    ftp

    The Sun Enterprise Authentication Mechanism (SEAM) version of the ftp client uses the GSSAPI (RFC 2743) with Kerberos v5 as the default mechanism. This means that it uses Kerberos authentication and (optionally) encryption through the Kerberos v5 GSS mechanism. The only Kerberos-related command-line options are -f and -m. The -f option is the same as described above for telnet (there is no need for a -F option). -m allows the user to specify an alternative GSS mechanism if so desired, the default is to use the kerberos_v5 mechanism.

    The protection level used for the data transfer can be set using the protect command at the ftp prompt. Sun Enterprise Authentication Mechanism software ftp supports the following protection levels:

  • Clear unprotected, unencrypted transmission

  • Safe data is integrity protected using cryptographic checksums

  • Private data is transmitted with confidentiality and integrity using encryption

  • It is recommended that users set the protection level to private for all data transfers. The ftp client program does not support or reference the krb5.conf file to find any optional parameters. All ftp client options are passed on the command line. See the man page for the Kerberized ftp client, ftp(1).

    In summary, adding Kerberos to a network can increase the overall security available to the users and administrators of that network. Remote sessions can be securely authenticated and encrypted, and shared disks can be secured and encrypted across the network. In addition, Kerberos allows the database of user and service principals to be managed securely from any machine which supports the SEAM software Kerberos protocol. SEAM is interoperable with other RFC 1510 compliant Kerberos implementations such as MIT Krb5 and some MS Windows 2000 Active Directory services. Adopting the practices recommended in this section further secure the SEAM software infrastructure to help ensure a safer network environment.

    Implementing the Sun ONE Directory Server 5.2 Software and the GSSAPI Mechanism

    This section provides a high-level overview, followed by the in-depth procedures that describe the setup necessary to implement the GSSAPI mechanism and the Sun ONE Directory Server 5.2 software. This implementation assumes a realm of EXAMPLE.COM for this purpose. The following list gives an initial high-level overview of the steps required, with the next section providing the detailed information.

  • Setup DNS on the client machine. This is an important step because Kerberos requires DNS.

  • Install and configure the Sun ONE Directory Server version 5.2 software.

  • Check that the directory server and client both have the SASL plug-ins installed.

  • Install and configure Kerberos v5.

  • Edit the /etc/krb5/krb5.conf file.

  • Edit the /etc/krb5/kdc.conf file.

  • Edit the /etc/krb5/kadm5.acl file.

  • Move the kerberos_v5 line so it is the first line in the /etc/gss/mech file.

  • Create new principals using kadmin.local, which is an interactive commandline interface to the Kerberos v5 administration system.

  • Modify the rights for /etc/krb5/krb5.keytab. This access is necessary for the Sun ONE Directory Server 5.2 software.

  • Run /usr/sbin/kinit.

  • Check that you have a ticket with /usr/bin/klist.

  • Perform an ldapsearch, using the ldapsearch command-line tool from the Sun ONE Directory Server 5.2 software to test and verify.

  • The sections that follow fill in the details.

    Configuring a DNS Client

    To be a DNS client, a machine must run the resolver. The resolver is neither a daemon nor a single program. It is a set of dynamic library routines used by applications that need to know machine names. The resolver’s function is to resolve users’ queries. To do that, it queries a name server, which then returns either the requested information or a referral to another server. Once the resolver is configured, a machine can request DNS service from a name server.

    The following example shows you how to configure the resolv.conf(4) file in the server kdc1 in the example.com domain.

    ; ; /etc/resolv.conf file for dnsmaster ; domain example.com nameserver 192.168.0.0 nameserver 192.168.0.1

    The first line of the /etc/resolv.conf file lists the domain name in the form:

    domain domainname

    No spaces or tabs are permitted at the end of the domain name. Make sure that you press return immediately after the last character of the domain name.

    The second line identifies the server itself in the form:

    nameserver IP_address

    Succeeding lines list the IP addresses of one or two slave or cache-only name servers that the resolver should consult to resolve queries. Name server entries have the form:

    nameserver IP_address

    IP_address is the IP address of a slave or cache-only DNS name server. The resolver queries these name servers in the order they are listed until it obtains the information it needs.

    For more detailed information of what the resolv.conf file does, refer to the resolv.conf(4) man page.

    To Configure Kerberos v5 (Master KDC)

    In the this procedure, the following configuration parameters are used:

  • Realm name = EXAMPLE.COM

  • DNS domain name = example.com

  • Master KDC = kdc1.example.com

  • admin principal = lucy/admin

  • Online help URL = http://example:8888/ab2/coll.384.1/SEAM/@AB2PageView/6956

  • This procedure requires that DNS is running.

    Before you begin this configuration process, make a backup of the /etc/krb5 files.

  • Become superuser on the master KDC. (kdc1, in this example)

  • Edit the Kerberos configuration file (krb5.conf).

    You need to change the realm names and the names of the servers. See the krb5.conf(4) man page for a full description of this file.

    kdc1 # more /etc/krb5/krb5.conf [libdefaults] default_realm = EXAMPLE.COM [realms] EXAMPLE.COM = { kdc = kdc1.example.com admin server = kdc1.example.com } [domain_realm] .example.com = EXAMPLE.COM [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log [appdefaults] gkadmin = { help_url = http://example:8888/ab2/coll.384.1/SEAM/@AB2PageView/6956 }

    In this example, the lines for domain_realm, kdc, admin_server, and all domain_realm entries were changed. In addition, the line with ___slave_kdcs___ in the [realms] section was deleted and the line that defines the help_url was edited.

  • Edit the KDC configuration file (kdc.conf).

    You must change the realm name. See the kdc.conf( 4) man page for a full description of this file.

    kdc1 # more /etc/krb5/kdc.conf [kdcdefaults] kdc_ports = 88,750 [realms] EXAMPLE.COM= { profile = /etc/krb5/krb5.conf database_name = /var/krb5/principal admin_keytab = /etc/krb5/kadm5.keytab acl_file = /etc/krb5/kadm5.acl kadmind_port = 749 max_life = 8h 0m 0s max_renewable_life = 7d 0h 0m 0s Need moving ---------> default_principal_flags = +preauth }

    In this example, only the realm name definition in the [realms] section is changed.

  • Create the KDC database by using the kdb5_util command.

    The kdb5_util command, which is located in /usr/sbin, creates the KDC database. When used with the -s option, this command creates a stash file that is used to authenticate the KDC to itself before the kadmind and krb5kdc daemons are started.

    kdc1 # /usr/sbin/kdb5_util create -r EXAMPLE.COM -s Initializing database '/var/krb5/principal' for realm 'EXAMPLE.COM' master key name 'K/M@EXAMPLE.COM' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: key Re-enter KDC database master key to verify: key

    The -r option followed by the realm name is not required if the realm name is equivalent to the domain name in the server’s name space.

  • Edit the Kerberos access control list file (kadm5.acl).

    Once populated, the /etc/krb5/kadm5.acl file contains all principal names that are allowed to administer the KDC. The first entry that is added might look similar to the following:

    lucy/admin@EXAMPLE.COM *

    This entry gives the lucy/admin principal in the EXAMPLE.COM realm the ability to modify principals or policies in the KDC. The default installation includes an asterisk (*) to match all admin principals. This default could be a security risk, so it is more secure to include a list of all of the admin principals. See the kadm5.acl(4) man page for more information.

  • Edit the /etc/gss/mech file.

    The /etc/gss/mech file contains the GSSAPI based security mechanism names, its object identifier (OID), and a shared library that implements the services for that mechanism under the GSSAPI. Change the following from:

    # Mechanism Name Object Identifier Shared Library Kernel Module # diffie_hellman_640_0 1.3.6.4.1.42.2.26.2.4 dh640-0.so.1 diffie_hellman_1024_0 1.3.6.4.1.42.2.26.2.5 dh1024-0.so.1 kerberos_v5 1.2.840.113554.1.2.2 gl/mech_krb5.so gl_kmech_krb5

    To the following:

    # Mechanism Name Object Identifier Shared Library Kernel Module # kerberos_v5 1.2.840.113554.1.2.2 gl/mech_krb5.so gl_kmech_krb5 diffie_hellman_640_0 1.3.6.4.1.42.2.26.2.4 dh640-0.so.1 diffie_hellman_1024_0 1.3.6.4.1.42.2.26.2.5 dh1024-0.so.1
  • Run the kadmin.local command to create principals.

    You can add as many admin principals as you need. But you must add at least one admin principal to complete the KDC configuration process. In the following example, lucy/admin is added as the principal.

    kdc1 # /usr/sbin/kadmin.local kadmin.local: addprinc lucy/admin Enter password for principal "lucy/admin@EXAMPLE.COM": Re-enter password for principal "lucy/admin@EXAMPLE.COM": Principal "lucy/admin@EXAMPLE.COM" created. kadmin.local:
  • Create a keytab file for the kadmind service.

    The following command sequence creates a special keytab file with principal entries for lucy and tom. These principals are needed for the kadmind service. In addition, you can optionally add NFS service principals, host principals, LDAP principals, and so on.

    When the principal instance is a host name, the fully qualified domain name (FQDN) must be entered in lowercase letters, regardless of the case of the domain name in the /etc/resolv.conf file.

    kadmin.local: ktadd -k /etc/krb5/kadm5.keytab kadmin/kdc1.example.com Entry for principal kadmin/kdc1.example.com with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/kadm5.keytab. kadmin.local: ktadd -k /etc/krb5/kadm5.keytab changepw/kdc1.example.com Entry for principal changepw/kdc1.example.com with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/kadm5.keytab. kadmin.local:

    Once you have added all of the required principals, you can exit from kadmin.local as follows:

    kadmin.local: quit
  • Start the Kerberos daemons as shown:

    kdc1 # /etc/init.d/kdc start kdc1 # /etc/init.d/kdc.master start

    Note

    You stop the Kerberos daemons by running the following commands:

    kdc1 # /etc/init.d/kdc stop kdc1 # /etc/init.d/kdc.master stop
  • Add principals by using the SEAM Administration Tool.

    To do this, you must log on with one of the admin principal names that you created earlier in this procedure. However, the following command-line example is shown for simplicity.

    kdc1 # /usr/sbin/kadmin -p lucy/admin Enter password: kws_admin_password kadmin:
  • Create the master KDC host principal which is used by Kerberized applications such as klist and kprop.

    kadmin: addprinc -randkey host/kdc1.example.com Principal "host/kdc1.example.com@EXAMPLE.COM" created. kadmin:
  • (Optional) Create the master KDC root principal which is used for authenticated NFS mounting.

    kadmin: addprinc root/kdc1.example.com Enter password for principal root/kdc1.example.com@EXAMPLE.COM: password Re-enter password for principal root/kdc1.example.com@EXAMPLE.COM: password Principal "root/kdc1.example.com@EXAMPLE.COM" created. kadmin:
  • Add the master KDC’s host principal to the master KDC’s keytab file which allows this principal to be used automatically.

    kadmin: ktadd host/kdc1.example.com kadmin: Entry for principal host/kdc1.example.com with ->kvno 3, encryption type DES-CBC-CRC added to keytab ->WRFILE:/etc/krb5/krb5.keytab kadmin:

    Once you have added all of the required principals, you can exit from kadmin as follows:

    kadmin: quit
  • Run the kinit command to obtain and cache an initial ticket-granting ticket (credential) for the principal.

    This ticket is used for authentication by the Kerberos v5 system. kinit only needs to be run by the client at this time. If the Sun ONE directory server were a Kerberos client also, this step would need to be done for the server. However, you may want to use this to verify that Kerberos is up and running.

    kdclient # /usr/bin/kinit root/kdclient.example.com Password for root/kdclient.example.com@EXAMPLE.COM: passwd
  • Check and verify that you have a ticket with the klist command.

    The klist command reports if there is a keytab file and displays the principals. If the results show that there is no keytab file or that there is no NFS service principal, you need to verify the completion of all of the previous steps.

    # klist -k Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal ---- ------------------------------------------------------------------ 3 nfs/host.example.com@EXAMPLE.COM

    The example given here assumes a single domain. The KDC may reside on the same machine as the Sun ONE directory server for testing purposes, but there are security considerations to take into account on where the KDCs reside.

  • With regards to the configuration of Kerberos v5 in conjunction with the Sun ONE Directory Server 5.2 software, you are finished with the Kerberos v5 part. It’s now time to look at what is required to be configured on the Sun ONE directory server side.

    Sun ONE Directory Server 5.2 GSSAPI Configuration

    As previously discussed, the Generic Security Services Application Program Interface (GSSAPI), is standard interface that enables you to use a security mechanism such as Kerberos v5 to authenticate clients. The server uses the GSSAPI to actually validate the identity of a particular user. Once this user is validated, it’s up to the SASL mechanism to apply the GSSAPI mapping rules to obtain a DN that is the bind DN for all operations during the connection.

    The first item discussed is the new identity mapping functionality.

    The identity mapping service is required to map the credentials of another protocol, such as SASL DIGEST-MD5 and GSSAPI to a DN in the directory server. As you will see in the following example, the identity mapping feature uses the entries in the cn=identity mapping, cn=config configuration branch, whereby each protocol is defined and whereby each protocol must perform the identity mapping. For more information on the identity mapping feature, refer to the Sun ONE Directory Server 5.2 Documents.

    To Perform the GSSAPI Configuration for the Sun ONE Directory Server Software
  • Check and verify, by retrieving the rootDSE entry, that the GSSAPI is returned as one of the supported SASL Mechanisms.

    Example of using ldapsearch to retrieve the rootDSE and get the supported SASL mechanisms:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -b "" -s base "(objectclass=*)" supportedSASLMechanisms supportedSASLMechanisms=EXTERNAL supportedSASLMechanisms=GSSAPI supportedSASLMechanisms=DIGEST-MD5
  • Verify that the GSSAPI mechanism is enabled.

    By default, the GSSAPI mechanism is enabled.

    Example of using ldapsearch to verify that the GSSAPI SASL mechanism is enabled:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -D"cn=Directory Manager" -w password -b "cn=SASL, cn=security,cn= config" "(objectclass=*)" # # Should return # cn=SASL, cn=security, cn=config objectClass=top objectClass=nsContainer objectClass=dsSaslConfig cn=SASL dsSaslPluginsPath=/var/Sun/mps/lib/sasl dsSaslPluginsEnable=DIGEST-MD5 dsSaslPluginsEnable=GSSAPI
  • Create and add the GSSAPI identity-mapping.ldif.

    Add the LDIF shown below to the Sun ONE Directory Server so that it contains the correct suffix for your directory server.

    You need to do this because by default, no GSSAPI mappings are defined in the Sun ONE Directory Server 5.2 software.

    Example of a GSSAPI identity mapping LDIF file:

    # dn: cn=GSSAPI,cn=identity mapping,cn=config objectclass: nsContainer objectclass: top cn: GSSAPI dn: cn=default,cn=GSSAPI,cn=identity mapping,cn=config objectclass: dsIdentityMapping objectclass: nsContainer objectclass: top cn: default dsMappedDN: uid=${Principal},ou=people,dc=example,dc=com dn: cn=same_realm,cn=GSSAPI,cn=identity mapping,cn=config objectclass: dsIdentityMapping objectclass: dsPatternMatching objectclass: nsContainer objectclass: top cn: same_realm dsMatching-pattern: ${Principal} dsMatching-regexp: (.*)@example.com dsMappedDN: uid=$1,ou=people,dc=example,dc=com

    It is important to make use of the ${Principal} variable, because it is the only input you have from SASL in the case of GSSAPI. Either you need to build a dn using the ${Principal} variable or you need to perform pattern matching to see if you can apply a particular mapping. A principal corresponds to the identity of a user in Kerberos.

    You can find an example GSSAPI LDIF mappings files in ServerRoot/slapdserver/ldif/identityMapping_Examples.ldif.

    The following is an example using ldapmodify to do this:

    $./ldapmodify -a -c -h directoryserver_hostname -p ldap_port -D "cn=Directory Manager" -w password -f identity-mapping.ldif -e /var/tmp/ldif.rejects 2> /var/tmp/ldapmodify.log
  • Perform a test using ldapsearch.

    To perform this test, type the following ldapsearch command as shown below, and answer the prompt with the kinit value you previously defined.

    Example of using ldapsearch to test the GSSAPI mechanism:

    $./ldapsearch -h directoryserver_hostname -p ldap_port -o mech=GSSAPI -o authzid="root/hostname.domainname@EXAMPLE.COM" -b "" -s base "(objectclass=*)"

    The output that is returned should be the same as without the -o option.

    If you do not use the -h hostname option, the GSS code ends up looking for a localhost.domainname Kerberos ticket, and an error occurs.



  • Direct Download of over 5500 Certification Exams

    3COM [8 Certification Exam(s) ]
    AccessData [1 Certification Exam(s) ]
    ACFE [1 Certification Exam(s) ]
    ACI [3 Certification Exam(s) ]
    Acme-Packet [1 Certification Exam(s) ]
    ACSM [4 Certification Exam(s) ]
    ACT [1 Certification Exam(s) ]
    Admission-Tests [13 Certification Exam(s) ]
    ADOBE [93 Certification Exam(s) ]
    AFP [1 Certification Exam(s) ]
    AICPA [2 Certification Exam(s) ]
    AIIM [1 Certification Exam(s) ]
    Alcatel-Lucent [13 Certification Exam(s) ]
    Alfresco [1 Certification Exam(s) ]
    Altiris [3 Certification Exam(s) ]
    Amazon [2 Certification Exam(s) ]
    American-College [2 Certification Exam(s) ]
    Android [4 Certification Exam(s) ]
    APA [1 Certification Exam(s) ]
    APC [2 Certification Exam(s) ]
    APICS [2 Certification Exam(s) ]
    Apple [69 Certification Exam(s) ]
    AppSense [1 Certification Exam(s) ]
    APTUSC [1 Certification Exam(s) ]
    Arizona-Education [1 Certification Exam(s) ]
    ARM [1 Certification Exam(s) ]
    Aruba [6 Certification Exam(s) ]
    ASIS [2 Certification Exam(s) ]
    ASQ [3 Certification Exam(s) ]
    ASTQB [8 Certification Exam(s) ]
    Autodesk [2 Certification Exam(s) ]
    Avaya [96 Certification Exam(s) ]
    AXELOS [1 Certification Exam(s) ]
    Axis [1 Certification Exam(s) ]
    Banking [1 Certification Exam(s) ]
    BEA [5 Certification Exam(s) ]
    BICSI [2 Certification Exam(s) ]
    BlackBerry [17 Certification Exam(s) ]
    BlueCoat [2 Certification Exam(s) ]
    Brocade [4 Certification Exam(s) ]
    Business-Objects [11 Certification Exam(s) ]
    Business-Tests [4 Certification Exam(s) ]
    CA-Technologies [21 Certification Exam(s) ]
    Certification-Board [10 Certification Exam(s) ]
    Certiport [3 Certification Exam(s) ]
    CheckPoint [41 Certification Exam(s) ]
    CIDQ [1 Certification Exam(s) ]
    CIPS [4 Certification Exam(s) ]
    Cisco [318 Certification Exam(s) ]
    Citrix [48 Certification Exam(s) ]
    CIW [18 Certification Exam(s) ]
    Cloudera [10 Certification Exam(s) ]
    Cognos [19 Certification Exam(s) ]
    College-Board [2 Certification Exam(s) ]
    CompTIA [76 Certification Exam(s) ]
    ComputerAssociates [6 Certification Exam(s) ]
    Consultant [2 Certification Exam(s) ]
    Counselor [4 Certification Exam(s) ]
    CPP-Institue [2 Certification Exam(s) ]
    CPP-Institute [1 Certification Exam(s) ]
    CSP [1 Certification Exam(s) ]
    CWNA [1 Certification Exam(s) ]
    CWNP [13 Certification Exam(s) ]
    Dassault [2 Certification Exam(s) ]
    DELL [9 Certification Exam(s) ]
    DMI [1 Certification Exam(s) ]
    DRI [1 Certification Exam(s) ]
    ECCouncil [21 Certification Exam(s) ]
    ECDL [1 Certification Exam(s) ]
    EMC [129 Certification Exam(s) ]
    Enterasys [13 Certification Exam(s) ]
    Ericsson [5 Certification Exam(s) ]
    ESPA [1 Certification Exam(s) ]
    Esri [2 Certification Exam(s) ]
    ExamExpress [15 Certification Exam(s) ]
    Exin [40 Certification Exam(s) ]
    ExtremeNetworks [3 Certification Exam(s) ]
    F5-Networks [20 Certification Exam(s) ]
    FCTC [2 Certification Exam(s) ]
    Filemaker [9 Certification Exam(s) ]
    Financial [36 Certification Exam(s) ]
    Food [4 Certification Exam(s) ]
    Fortinet [13 Certification Exam(s) ]
    Foundry [6 Certification Exam(s) ]
    FSMTB [1 Certification Exam(s) ]
    Fujitsu [2 Certification Exam(s) ]
    GAQM [9 Certification Exam(s) ]
    Genesys [4 Certification Exam(s) ]
    GIAC [15 Certification Exam(s) ]
    Google [4 Certification Exam(s) ]
    GuidanceSoftware [2 Certification Exam(s) ]
    H3C [1 Certification Exam(s) ]
    HDI [9 Certification Exam(s) ]
    Healthcare [3 Certification Exam(s) ]
    HIPAA [2 Certification Exam(s) ]
    Hitachi [30 Certification Exam(s) ]
    Hortonworks [4 Certification Exam(s) ]
    Hospitality [2 Certification Exam(s) ]
    HP [750 Certification Exam(s) ]
    HR [4 Certification Exam(s) ]
    HRCI [1 Certification Exam(s) ]
    Huawei [21 Certification Exam(s) ]
    Hyperion [10 Certification Exam(s) ]
    IAAP [1 Certification Exam(s) ]
    IAHCSMM [1 Certification Exam(s) ]
    IBM [1532 Certification Exam(s) ]
    IBQH [1 Certification Exam(s) ]
    ICAI [1 Certification Exam(s) ]
    ICDL [6 Certification Exam(s) ]
    IEEE [1 Certification Exam(s) ]
    IELTS [1 Certification Exam(s) ]
    IFPUG [1 Certification Exam(s) ]
    IIA [3 Certification Exam(s) ]
    IIBA [2 Certification Exam(s) ]
    IISFA [1 Certification Exam(s) ]
    Intel [2 Certification Exam(s) ]
    IQN [1 Certification Exam(s) ]
    IRS [1 Certification Exam(s) ]
    ISA [1 Certification Exam(s) ]
    ISACA [4 Certification Exam(s) ]
    ISC2 [6 Certification Exam(s) ]
    ISEB [24 Certification Exam(s) ]
    Isilon [4 Certification Exam(s) ]
    ISM [6 Certification Exam(s) ]
    iSQI [7 Certification Exam(s) ]
    ITEC [1 Certification Exam(s) ]
    Juniper [64 Certification Exam(s) ]
    LEED [1 Certification Exam(s) ]
    Legato [5 Certification Exam(s) ]
    Liferay [1 Certification Exam(s) ]
    Logical-Operations [1 Certification Exam(s) ]
    Lotus [66 Certification Exam(s) ]
    LPI [24 Certification Exam(s) ]
    LSI [3 Certification Exam(s) ]
    Magento [3 Certification Exam(s) ]
    Maintenance [2 Certification Exam(s) ]
    McAfee [8 Certification Exam(s) ]
    McData [3 Certification Exam(s) ]
    Medical [69 Certification Exam(s) ]
    Microsoft [374 Certification Exam(s) ]
    Mile2 [3 Certification Exam(s) ]
    Military [1 Certification Exam(s) ]
    Misc [1 Certification Exam(s) ]
    Motorola [7 Certification Exam(s) ]
    mySQL [4 Certification Exam(s) ]
    NBSTSA [1 Certification Exam(s) ]
    NCEES [2 Certification Exam(s) ]
    NCIDQ [1 Certification Exam(s) ]
    NCLEX [2 Certification Exam(s) ]
    Network-General [12 Certification Exam(s) ]
    NetworkAppliance [39 Certification Exam(s) ]
    NI [1 Certification Exam(s) ]
    NIELIT [1 Certification Exam(s) ]
    Nokia [6 Certification Exam(s) ]
    Nortel [130 Certification Exam(s) ]
    Novell [37 Certification Exam(s) ]
    OMG [10 Certification Exam(s) ]
    Oracle [279 Certification Exam(s) ]
    P&C [2 Certification Exam(s) ]
    Palo-Alto [4 Certification Exam(s) ]
    PARCC [1 Certification Exam(s) ]
    PayPal [1 Certification Exam(s) ]
    Pegasystems [12 Certification Exam(s) ]
    PEOPLECERT [4 Certification Exam(s) ]
    PMI [15 Certification Exam(s) ]
    Polycom [2 Certification Exam(s) ]
    PostgreSQL-CE [1 Certification Exam(s) ]
    Prince2 [6 Certification Exam(s) ]
    PRMIA [1 Certification Exam(s) ]
    PsychCorp [1 Certification Exam(s) ]
    PTCB [2 Certification Exam(s) ]
    QAI [1 Certification Exam(s) ]
    QlikView [1 Certification Exam(s) ]
    Quality-Assurance [7 Certification Exam(s) ]
    RACC [1 Certification Exam(s) ]
    Real-Estate [1 Certification Exam(s) ]
    RedHat [8 Certification Exam(s) ]
    RES [5 Certification Exam(s) ]
    Riverbed [8 Certification Exam(s) ]
    RSA [15 Certification Exam(s) ]
    Sair [8 Certification Exam(s) ]
    Salesforce [5 Certification Exam(s) ]
    SANS [1 Certification Exam(s) ]
    SAP [98 Certification Exam(s) ]
    SASInstitute [15 Certification Exam(s) ]
    SAT [1 Certification Exam(s) ]
    SCO [10 Certification Exam(s) ]
    SCP [6 Certification Exam(s) ]
    SDI [3 Certification Exam(s) ]
    See-Beyond [1 Certification Exam(s) ]
    Siemens [1 Certification Exam(s) ]
    Snia [7 Certification Exam(s) ]
    SOA [15 Certification Exam(s) ]
    Social-Work-Board [4 Certification Exam(s) ]
    SpringSource [1 Certification Exam(s) ]
    SUN [63 Certification Exam(s) ]
    SUSE [1 Certification Exam(s) ]
    Sybase [17 Certification Exam(s) ]
    Symantec [134 Certification Exam(s) ]
    Teacher-Certification [4 Certification Exam(s) ]
    The-Open-Group [8 Certification Exam(s) ]
    TIA [3 Certification Exam(s) ]
    Tibco [18 Certification Exam(s) ]
    Trainers [3 Certification Exam(s) ]
    Trend [1 Certification Exam(s) ]
    TruSecure [1 Certification Exam(s) ]
    USMLE [1 Certification Exam(s) ]
    VCE [6 Certification Exam(s) ]
    Veeam [2 Certification Exam(s) ]
    Veritas [33 Certification Exam(s) ]
    Vmware [58 Certification Exam(s) ]
    Wonderlic [2 Certification Exam(s) ]
    Worldatwork [2 Certification Exam(s) ]
    XML-Master [3 Certification Exam(s) ]
    Zend [6 Certification Exam(s) ]





    References :


    Dropmark : http://killexams.dropmark.com/367904/12832342
    Dropmark-Text : http://killexams.dropmark.com/367904/12936692
    Blogspot : http://killexamsbraindump.blogspot.com/2018/01/just-study-these-hp-hp0-922-questions.html
    Wordpress : https://wp.me/p7SJ6L-2GF
    Box.net : https://app.box.com/s/whbs0m4dhqx3pl5q7y7ttokde4lev0x5






    Back to Main Page

    You really have to study hard. These questions are a big help and worth the price. Test Engine has specific steps which you need to follow in order to install it. But is a nice piece of software.

    Rajesh | INDIA



    I ordered this exam prep. The content is well formatted and pretty clean. I was able to use the PDF and the Test Engine to prepare. Quite helpful.

    Lisa | UNITED STATES



    Great Black Friday deal and good content. I am impressed

    Mike | Anonymous



    fast and easy order. No issues. I can't wait to pass this test!

    teechee | UNITED STATES



    Wouldn't have passed if I had not studied from this dump. Good job guys.

    Mitul | INDIA



    I did get about 80-85% of the questions in my exam. So it is a valid one.

    James | UNITED STATES



    What joy!
    I passed my exam today.

    Zan | UNITED KINGDOM



    Good Content

    Raj | UNITED STATES



    Trying to download the updates. Pretty solid braindumps.

    cpinkney | UNITED STATES



    Excellent!

    elixir | UNITED STATES



    Good, Definitely worth the investment.

    Tom | UNITED STATES



    I just completed the test and got a 96%. missed only 2 questions.

    Sahil | Franfurt



    I thought i should thank you for assisting me to obtain my ITIL qualification. I received the exam on Thursday and i studied the moment i received it. I must say i was very nervous before the exam. Well I wrote and passed. The pass mark was 65% and I scored 92%.
    Thank you so much guys.

    Nahid | Bremen



    I just completed my exam today and wanted to share the great news. Your study guide in combination with self study have helped me to achieve another certification. After the conclusion to this upcoming fall semester I plan to pursue my other goals... I hav

    John | koln



    Great Job. I passed my exam with score of 868. I got 100 questions and could finish the exam within 20 minutes, ofcourse after my two weeks of hard work.

    Anon | Anon



    I took my exam today and passed with a score of 87%. After taking the practise exam with all the 200+ questions included with your material and reading the student manual once I felt that I had no problem passing this exam. Great material!

    JK | Dortmund



    Today, I passed my Exam and I have to say that the your materials for the Exam helped get me into the right frame of mind for taking the exam. The Help button for each question is an invaluable feature. Great job getting this together!

    Munchi | Rotterdam



    I just had to say thank you so much for such a fantastic product ! I just completed my exam in 30 minutes with a score of 95%.

    Angili | Emmen



    I just took my Certification testing for Apple exam and passed it with full score. Your questions covered the essence of the exam material.

    Madu | Nederland




    I truely appreciate your prompt response. It has been nice doing business with you. I have already registered for the exam (taking it this weekend) and it went smooth as you assured. I plan to come back to your site in future for my other certification.

    Priyanka | Ireland



    Thanks a lot for your help. I have successfully completed my exams studying your materials. It was a great help by you.
    "It was an excellent total immersion exams material."

    Peter | Leeds UK





    I just passed the exam with 90%. Thanks for your help.

    Audreena | Norwich




    hello again. First of all i'd like to inform you'll that i passed my oracle 1zo-042 exam with the help of your questions. I owe it all to you'll so thank you. Thank you so much. You really changed my life!

    Viki | Belfast



    Yesterday I cleared Solaris 9 Administration Certification Paper Part 1 ( CX 310-014). Your Cheat-Test paper is really very helpful. My test result was 91%.

    Josef | Dundee



    Hey Guys. I wanna thank you for helping me through providing 310-012 exam and Training Material. It is so good that I will recommend all my friends to use.

    Josh | Cardiff



    I just passed my Exam using your QA product. Thanks!

    Reddy | Glasgow



    Warm greetings and let me thank you so very much for the great stuff you are doing. I am now a 000-207 Certified. I passed all with flying colors.

    Jessica | SD



    I passed the written exam with 920. Thank you very much for your services. It was worth every penny of it.

    Bella | VA



    I just wanted you all to know that you have really changed my life. Recently I passed the CCSA exam and now just passed the CCSE exam. My employer is so delighted with my integrity that I just received a 12% pay increase. This is too good to be true. Thank

    Mike | Victoria



    I was feeling helpless for my exam and then find material at your website and passed with 90. thank you guys.

    Racheal | colima



    I purchased your products, it was great, really helped me pass the exam. thank you

    Lisa | Mexico



    I just bought the exam prep two days before writing my exam. I studied the guide inside out and wrote the exam in under 45 minutes! The most amazing part is that I passed with a score of 1000!! WOW, you are the greatest and I will always use your products.

    Vishal | Lahor



    Tried many websites for my 70-500 Exam Preparation but no vain and finally i tried your study material for my exam and it was impressive and I was able to clear Exam with confidence. thanks you very much!

    Aalia | Deli



    I will, you guys have always been really good whenever i buy stuff from u and need questions answering....keep up the good work
    THANK YOU !

    Jacob | Piaui



    I passed the the NSO-111 with flying colors. Thank your for your help.

    Mark | Para



    You gusy Rock!
    killexams.com provided everything you could want and made things very comfortable.

    Tanisha | Sinop



    Great products!! I passed the CCIE written exam on my first attempt!

    Neesha | India



    I have already given up...but your exam and study packs finally made me pass this CCNA exam!

    Angus | Kansas



    My company needed me to pass the CCIP exams, as we are a Service Provider offering more and more Voice Services. Great exam materials you provide!

    Terah | San Angelo



    I was lucky enough to use killexams.com for my 000-630 Certification Exam Training. The difference is clear. I passed the exam without a problem. Have you done it yet or not?

    Kim | Lubbock



    I am very happy with the performance of your 000-094 QA from you. It is no doubt the best.

    Martin | Calgary



    I just made it in the 000-215 Exam. Your 000-215 QA is outclass. Made it so easy for me to succeed.

    Shila M. | Montana



    I have passed all the 7 Windows 2000 MCSE tests with the help of your great guides. Those questions I met in my tests are very very similar, if not the same, with the ones in your guides. 70-220 and 70-221 are so difficult. I can't imagine how I could pass

    Rosa | Monitoba



    Hi, I passed today!!! I passed both my exams within ONE WEEK!!! THANK YOU VERY MUCH!!!

    Aaron G. | vancouver



    I just passed (310-025) SCJP test yesterday. Your guide is right on the money and almost covers every question word for word. Great work !

    seagal | Edmonton



    I passed my exam today with a score of 964. This was a difficult test but the preparation guide was very good. I would not have passed without the materials. Thank you very much for giving me the opportunity to better my life.

    Illya | Alberta



    Exam syo-101 Exam
    I passed my exam today with no problem whatsoever. I just wanted to say a sincere thank you for the outstanding study guide. You guys are a phenomenal help when it comes to study assistance. Thanks and definitely expect to see me again.

    Jackson | MJ



    Exam 1Z0-040: 1Z0-040 passed!!!
    I have passed my exam 59/60. You people are the boom. Thanks for the exam questions. They were so real!!

    CJ | DC



    Dear Support,
    I passed (as you expected) the Sun Solaris Admin I (310-011) at first trial. Thank you so much.

    Oshrit | Israel



    Just thought I would let you know I took the CCDA test on Tuesday, like I planned and scored a 902!"

    Lee W. | China



    I have used your Exams for preparation for 70-290, 70-291, 70-292, 70-296, 70-298, 70- 299, 70-300, 70-305, 70-310, 70-315, 70-316,70-320. I also passed all those on the first round. I'm currently preparing for the CCNA.

    Micheal C. | ON



    Now my dream has come true. I thank you a million times for the best study guides that you provided to a poor kid like me....I got it. Finally MCSE.

    Best regards,

    kris J. | GTA



    I passed my CCNA exam yesterday. I would like to make some comments. "Excellent Study Guide, Excellent Support Service, Excellent Examination Web Site"
    Best Regards

    Jason | California



    Thanks for your study guides, i have passed it. All questions in your material, we study this only 2 days. Thanks very very much!!!!!

    Micheal | US



    Thanks very much for your study guides, with your help i only use 3 weeks to take the MCSE. Your study guides are very very good.

    L. Woo | China



    I passed the CCIE Written exam 350-001 last Friday, Thanks very much for your study guide and your help.

    Mick H. | US



    i ust wanted to thank you folks at braindumgalaxy.com for your assistance. I used your CCNP exams for practice and to identify my weak areas. Passed the CCNP recert on Tuesday without any big problems.

    Hagit | Israel



    I have found that your resources are probably the best on the market...and I work at Cisco.

    Cisco Engineer | USA



    A well Good morning Dear killexams.com Team I wanna say that I passed the 000-888 yesterday and i am happy

    Koshani | NYC



    I took the A+ hardware exam yesterday and thanks to your excellent and helping preparation material. I got a nice score.

    Aized | Pakistan



    I passed the exam with great distinction!

    Nazanin | Toronto



    Great Price....Great Product. Keep up the good work!

    Xiwan W | China



    So far your practice exams are extremely helpful. My test scores keep on going up every time I do them and I feel very confident now.

    Ashwin | India



    The exams was excellent and helped me pass without any doubt.Very helpful! Thank you! I passed!

    Mike M | Dubai