Just got done with the configuration call with Dell, all of my Linux-ing worked!!!! Once the 1st replication job runs there will be another setup call (hopefully the final one), but everything is looking good so far. Thanks again for the assistance.
Even if I was only Windows, I would use VS Code over Notepad++ now.
There is nothing better available since it can be universally installed on Linux, Windows, or macOS.
I've been using a Mix. I use VSCode some days and I use Pycharm/GoLand other days. I like different things about both.
I like PyCharm and its related tools a lot. I just don't use them enough (or like them enough) to justify the extra price.
Pycharm is free. I did pay for Goland because the debugging and some extra features are worth it. I don't need to use pycharm because you can use the Python plugin in Goland but I had a couple issues one time and just decided to use pycharm separately.
It isn't the ability to automate that is the problem. It's the availablility of easy to use tools that is the problem.
Thats the whole point I'm making.
KVM is hard to automate. Not that it's impossible, but the tooling doesn't exist to where you can easily automate like with VMware.
Agreed, and I don't think that that's the point of concern here. The issue at hand should be "does that automation that VMware offers get used by or should be used by the OP?" I believe that the answer is no to being used today and likely no to should it be used. It's a very small deployment. The overhead to the automation, even when you have VMware, is too high. And regardless, even if we agree that it should be used, probably because an MSP/ITSP is brought in to effectively make the environment larger and changing some of the scale discussions, the bigger question would be "will the OP's environment opt to do that anyway?" If that answer is "no", in the practical sense, then the automation point becomes moot.
I "think" we can all agree that VMware has better standard built in automation. And that KVM is completely automatable if you put in the extra, non-standard effort. So if we were considering standard automation then VMware would have an important edge in that area. That point shouldn't be in dispute. We can argue how close KVM gets, while still being behind, sure.
But the key point here, for me, is that I believe based on knowing the environment a bit that that automation is not, and won't be, used if VMware remains.
I do the same thing for QuickBooks Database Manager that runs on a domain controller. Intuit made the decision to use ports that overlap the DNS Server ports and cause QBDBMgr to stop running. My powershell script checks the status of the QuickBooks services and if they are stopped restarts DNS Server and the QB services. Ugly but it works.
@jasgot apparently Unifi uses STUN for some UDP traffic stuff in some cases. None of the normal stuff, must be log shipping which is a communications channel. They recommend having the port opened and forwarded. But it shouldn't cause problems. They noted that they only added the warning recently so it might have always had the issue without reporting it previously.
If by recently they mean 3 years ago, then I guess that was recent.. I've been having those errors for what seems like ages.
Correct, this has been there for ages now. STUN errors are common on Cloud Controllers which is all we have.
I haven't done any research as of yet, but a friend has more than 30 SAS 10k 600GB drives that he'd like to see about testing for use. Only thing is that he's having some trouble finding an appropriate controller.
Hitachi and HGST are the main ones, with some Seagates in the mix.
Is there a suggested card that would drive, that doesn't require server class hardware?
Cards rarely, if ever, have hardware requirements. But also, a card doesn't likely make any sense for this use case. Plus the key factors in the use case, like cache and RAID level, are not mentioned.
But 99% chance, software RAID is appropriate here.
So whatever container solution you run, the core technology is the same.
It varies a lot. Docker is a super lean container tech, meant to run a process and its tightly coupled processes. But LXC includes the entire operating system sans kernel. So if you are using LXC containers, you can run Ubuntu on Fedora, Fedora on CentOS, CentOS on Ubuntu, Alpine on Ubuntu, CentOS on CentOS... the sky is the limit as long as they are okay sharing the same kernel compilation settings and version.
You can run an init process in an OCI container. It's assumed you pretty much won't but it is possible. It's helpful for testing some things and makes it work similarly to something like LXC/LXD.
As far as the internet connectivity issues are concerned, AuthLite has 0 dependencies apart from AD. It can also integrate with NPS / RADIUS + AD to provide MFA to just about anything that can use RADIUS.
It's also per-user perpetual licensing 🙂
oh nice, I will check that out immediately. I was looking at Duo too (of course) so I wonder how that compares. I like the idea that it has no other dependencies than AD - that's perfect for our current environment.
Yeah, DUO has dependencies with their service and if the computer doesn't have internet it has the option to let you login without a prompt so that happens. Not sure if AuthLite does the same.
Authlite has support for offline logins (meaning if the machine can't talk to a DC), it just requires the installation of their client on the workstation / server / endpoint in question. You can also require / enforce 2FA on your endpoints.
Duo seems to be the easiest and I've been playing with it with the tiral. Its super easy to configure it so without Internet or Duo service connectivity, MFA is bypassed. So in the event we have an Internet outage (happens 2-3 times a year here), users will still be able to get into their computers.
OK.... but then the only thing that you have to do to bypass the security is pull the network cable, right? Unless there's some other requirement it seems like a massive security hole.
I guess "knowing to unplug the cable" is the second factor? 😉
Also you can disable that setting and it won't let you login at all in Duo.
My main problem with this is that we lose internet connectivity a few times per year and people won't be happy if they can't get into their computers. We have limited providers in our small and rural area. I would do offline codes but apparently that is per/pc and we have quite a bit of computer sharing, which would essentially mean people would have to deal with the offline registration pop-up on every pc and/or have an offline MFA added to the app for multiple computers. If I find a good way around this in time, I will disable MFA bypass when offline.
With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.
Of course we are the domain administrator as well so...
Then their option is to hire their own onsite personnel that handle the same tasks, won't be as qualified and cost them more money. If you don't trust your IT team ... well time to move on. I don't want any clients that don't trust us.
Insider threat is the number one threat.
Yup, although even MSP support is still "insider" when used in that context. But it is true, employees of the primary company are a bigger threat than insiders of a secondary.
@scottalanmiller As someone who has had to deal with vendor supplied hardware and software for a medical practice, I have come to firmly believe vendors are the enemy, a $very $very $expensive enemy.
Yup. In some cases, a true enemy. In others, just on the other side of the chess board. It's not always malicious, normally it is not. But their interest are very, very different than ours and their financial responsibilities oppose ours. So they are stuck either being ethical to their employers, or ethical to the people they are paid to convince to do things not in their interest.
If they are true to their employer, they can be ethical across the board. If they try to be good for the customer, they have to be unethical to their employer. A nonsensical situation.