@Ambarishrh said:

Is it a good practice to have a firewall first between internet and WFE servers and then between WFE and Application Servers? I am looking for a design diagram for such a setup

Depends on your needs. For a small setup, probably unnecessary. For compliance, potentially required.

We use firewalls against every single device on our network at the VM level. Communication in and out is always monitored and we have procedures on allowing traffic through. This provides compliance and proper lockdown between machines.

Don't think of the firewall as another device. If you have a single device, additional subnets with it inspecting the traffic is sufficient.

Best get some update done tomorrow 🙂

Looks like there is a beta...

http://docs.citrix.com/content/dam/en-us/xenserver/xenserver-65/windows10techpreview.pdf

@JaredBusch said:

@IT-ADMIN said:

is this feeling is wrong???
because whenever i'm doing something on the cloud i start have concern on security

I most certainly do not. The only reason to feel safe locally is because you are practicing security through obscurity, and that is not security.

Well known reputable providers have security teams dedicated to ensuring their services are secure.

^^^ This. Not only do they have teams of people that do this, and they have people with a lot more experience than you are likely to have, and lots of them... but they also have more money and resources, take security much more seriously, don't deal with SMB politics crippling their security efforts, have tons of reputation on the line and the big one... they know their product far better than anyone else and simply have more capability to protect it.

So many things use snapshots under the hood, space can grow and shrink pretty rapidly in confusing ways.

@Dashrender said:

@scottalanmiller said:

@Dashrender said:

You'll probably pay the same for support in either case.

Not likely, like Cisco gear, Cisco support is normally charged at a premium.

NTG charges more for Cisco support than they do for UBNT support?

WE don't, but we aren't a Cisco reseller either, as nearly anyone dealing with Cisco is going to turn to. Although ERL support goes faster than Cisco support, so it is cheaper naturally as it is cheaper to support.

@scottalanmiller said:

@dafyre said:

@scottalanmiller said:

@Jason said:

@dafyre said:

@NetworkNerd said:

@JaredBusch said:

@NetworkNerd said:

@Dashrender said:

Zero LAN?

yeah for the OP, I was wondering if going to a cloud solution would be workable.

Moving to Azure AD requires all the endpoints to move to Windows 10, or ditch Windows altogether and move to Linux.

I don't know that Azure AD is feasible for us at the moment. Keep in mind we are a manufacturing company that often times needs to support legacy software which works with machines out in our shops. Windows 10 for everyone is not really an option just yet.

Right, so you can easily keep the hub and spoke and only use it for AD authentication and such.

Really you need to look at what you are pushing over the pipes.

In a hub and spoke design, do folks often allow VPN access to the hub but then allow the vpn connected clients to connect to other site resources as well (i.e. might need access to a file server at each location)?

This is why you see @scottalanmiller pushing for things like ownCloud or SharePoint, et al... It doesn't matter where you are connected from... as long as you have internet, you can access your ownClooud / Sharepoint instances.

Yeah but that doesn't work for everyone. Mosltly SMBs that can get away with that.

Having worked in the enterprise space.... what about the enterprise would make that harder than in the SMB space? Other than massive legacy investments to replace?

Like you said... Legacy applications... My second thought would be scale. How many end-users do you have to separate from the LAN / Servers -- especially if it is a typical office environment.

Legacy applications can generally be used without a LAN, just takes a little work. Not 100% of the time, but commonly.

Actually I think that scale makes it easier because some of the difficult mesh things that SMBs do enterprises don't because they don't scale - like using desktops as file servers.

I can agree with this mostly, I think. Scale is not such a big issue for the enterprises because they have the funding to pay for it, so they get the benefit of the economy of scale as well. (Buy more, get it cheapter, etc).

@ryanblahnik said:

I'm open to learning about any area. Networking, Linux and system administration have been some of the most interesting to me so far, and I keep sensing I'll be needing to start a base in programming too.

I would open a new thread for each topic you are interested in resources for and we can talk about ones that we know or dig up some stuff to check out.

Definitely most everyone that I have seen is on .local. It was the advised standard for so long and it was so during the era when the majority of companies moved to AD. Even though the new standard has been around for a little bit now, nearly every company I deal with moved to AD prior to that time period. New companies get new AD, obviously, but as a market percentage they aren't so much yet, that I've seen.

@Dashrender said:

Yeah, even as complex as they are, everything else in my thinking is considerable much harder to use. Things like SharePoint are definitely use when using with online versions of the Office apps, but local version, adds a challenge, maybe not a lot of one, but one non the less.

I agree with you but only insofar as we are talking about users for whom the process and tradition of using them is already well established. For users who are new to computers, users who have already made the transitions or users coming from a mobile background (iOS, Android or ChromeOS) I think that it is the opposite. File servers are actually rather complex when you remove the "but we are already used to it" factor.

I think that it is a lot like Windows and Linux. Find someone who has never used a computer and let them try both and every time I've attempted this the answer has been that Linux was easier and more obvious. But it is nearly impossible to find someone who hasn't already been trained on Windows. Same thing here. The idea that you have to shift through a pile of files and that files might be hidden nearly anywhere within folders and folders within folders and you have a rather complicated solution requiring knowledge of filesystems and of the storage decisions being made. Pretty much all major alternatives from "cloud drives" like ownCloud to database style systems like Sharepoint make this far more natural, powerful and intuitive for end users. It's just very hard to find end users not already extremely versed in the old way.

@MattSpeller said:

@scottalanmiller said:

Do you have front to back cooling like hot aisle cold aisle? The racks should be sealed front to back when possible 🙂

lol we have top down cooling - it's highly custom. One big AC unit in ceiling blowing cold down.

Nothing is sealed, no doors front or back, no sides on racks.

Can't imagine that it matters then.

@BRRABill Swimmingly until I restarted over Teamviewer... 😛

BTW: I reached out to Cameron at Kingston about this, just to get a manufacturer's opinion. (I also invited him to join the forum as Kingston has been very helpful with demos and stuff.) Same as what the experts here have said. 🙂

He said:
TRIM is not as critical today as it was several years ago. The SSD controllers now do a good job at garbage collection which is effectively trying to accomplish the same thing by trying to keep the invalid data areas empty for new writes to come in efficiently. We've studied the performance affects of TRIM in our labs here at Kingston and have found that most reputable SSD manufacturers today are making SSD's that perform well whether TRIM is enabled or not on the operating system.

TRIM support is definitely necessary from a marketing standpoint but less necessary from a technical stand point at this point in time.

Very cool! 🙂 Small world! Glad to hear the community here has others from upstate NY

@scottalanmiller

Wait wait, so you are saying no F500 company is running Office 2010 or earlier?

I say this all of the time. RAID 5, even with small high end SAS drives, rarely gets better than 99% chance of successfully not losing your data. 1% chance of losing data is way, way higher risk than business side people are generally led to believe their RAID will protect them against.

Like.

I believe that Incinga has really picked up speed and is the more popular approach now. Just less to deal with.

I've never overcommitted memory. No idea 🙂

@Jason said:

AD integrated password manager? No thanks. I use KeePass and it's synced to a cloud drive. I need to get to the passwords even if everything is down. Unless this thing offers some off site version of it and to use cached credentials.

It does, there is a mobile app.