@Dashrender said in Compare Azure to Windows On Prem for Normal Business Workloads:

@Pete-S said in Compare Azure to Windows On Prem for Normal Business Workloads:

@scottalanmiller said in Compare Azure to Windows On Prem for Normal Business Workloads:

@Dashrender said in Compare Azure to Windows On Prem for Normal Business Workloads:

Hosting Costs
1U Colocation America, /24 IP Range
Monthly cost: ~$250/month
Yearly cost: 12 x 250 = $3000
5 year cost: 5 x $3000 = $15K

Last I looked, 1U was more like $225 with that many IPs. And I think typically you'd get fewer for a lot less cost and/or go IPv6. /24 is two IPs per VM. No need to pay for that.

Yes, the basic 1U was $100 with two power outlets and then you get four usable IPv4s.

A smaller server, say 16c EPYC, 128GB RAM, 2x500GB SSD, would be about $3500 and something even smaller, like a 8c Xeon @ 3.7Ghz, 64GB RAM, 2x500GB SSD around $2K.

So you could scale down everything substantially if you wanted. But if all you are doing is running a few very small workloads then a couple of $5 Vultr VM would be cheaper.

another factor is - are you running windows VMs, likely always cheaper to have your own hardware, but yeah, the amount of workloads definitely plays a factor here.

That's true, Windows workloads make cloud computing harder to justify. Not much, but a little.

@Dashrender said in A different mindset:

@DustinB3403 said in A different mindset:

@Dashrender said in A different mindset:

No, how do you make a Mac update Citrix without a third party tool?

Are you referring to a specific piece of software, like Citrix Receiver? If you had no other tool (brew.sh is the one to use by the way) you'd either have to use the App Store or download updates directly from the software provider's website.

Then I don't understand what you were saying about Windows requiring third partdy stuff - does does Apple by the sounds of it.

Apple, specifically doesn't if you want to use the App Store, but using a tool like brew is much more simple and straight forward.

@G-I-Jones said in Group Policy points to wrong DC:

@scottalanmiller said in Group Policy points to wrong DC:

It really only boiled down to I don't want to wait 15 minutes (the minimum replication between DC's) for a GPO to apply.

Then time to go to a single DC 🙂

But GPOs aren't meant to work this way, really. If you want faster results, GPO is the wrong tool.

What alternative to Group Policy do you recommend?

Salt, Ansible, Chef, Puppet, etc.

@scottalanmiller said in Software to complete Disable/Enable Windows updates on Windows 10?:

@Dashrender said in Software to complete Disable/Enable Windows updates on Windows 10?:

But fixes are coming more rapidly today than in the past, Zero Days are seeming to be found more frequently, etc. The need to patch ASAP is higher then ever.

They are, but not the fix for needing to reboot for every little thing 😉

True, that's MS's whatever you want to call it for doing their big rollups, instead of smaller non rebooting patches.

@Dashrender said in lpadmin Printer drivers are deprecated and will stop working in a future version of CUPS:

@DustinB3403 said in lpadmin Printer drivers are deprecated and will stop working in a future version of CUPS:

Keeping a system out of date on purpose for this though. . . ugh kill me now.

Better get used to it - it's exactly what those shops running old XP machines on million dollar printing presses had to do.

😧

@scottalanmiller said in Windows 10 Enterprise licensing...:

@Dashrender said in Windows 10 Enterprise licensing...:

Then they added Enterprise as part of E3 and better O365 licenses,

I think you mean M365, not O365. Do they really offer it now in the regular Office levels?

You're right - M365, O365 never includes the Windows OS, that I know of.

@nadnerB :face_with_tears_of_joy: 🤣 :face_with_tears_of_joy: 🤣 :face_with_tears_of_joy:

@stacksofplates said in Microsoft plans on retiring the MCSA,MCSD,MCSE certifications in June 30,2020:

This is just like that time when @JaredBusch and I argued with you because you said "we were laughing at people not using APIs in the 90s" meanwhile there are still a ton of companies making client/server architecture including a piece of software you have to support.

Actually, no, it's completely different.

You are conflating the idea of people doing things poorly with that lots of people do do things poorly.

If you stop putting words in my mouth and actually read what I write, you'll see absolute consistency. Your understanding or assumptions jump around wildly because I'm being realistic and evaluating each situation on its own merits, not in spite of it.

In the example you just gave, yes, I'm mocking people for doing things poorly. But that in no way claims that I believe that people don't do things poorly. In fact, I've stated ad nauseum that the majority of the world does things poorly. And I've said many times that we should make people doing things be more accountable.

@zubairkhanzhk you're welcome!

@Romo said in Cisco SPA504G Call Reparking issue:

Totally agree, the phones suck, but they are what the client has as they didn't want to upgrade to new phones =(

Same here, we have an office full of that Cisco garbage, but hopefully we will be switching out our provider soon.

@JaredBusch said in Optimizing Fedora 31 VM w/GUI for remote access:

@wirestyle22 said in Optimizing Fedora 31 VM w/GUI for remote access:

Currently Windows 10 RDP works incredibly well but trying to loan Gnome or Fedora has been much slower.

What is the point here. What are you "trying to learn" in a GUI?

You do not "learn" desktop environments. You simply use them. If your desktop environment requires a lot of education to use, it is shit and you need to choose another one.

load, not learn. I typo'd

@IRJ said in Choosing a WAF:

@dbeato said in Choosing a WAF:

I use AWS WAF with Cloudfront, Terraform, Cognito and any functions for the applications so it is very powerful.

@dbeato said in Choosing a WAF:

I use AWS WAF with Cloudfront, Terraform, Cognito and any functions for the applications so it is very powerful.

Are you using owasp top 10 rules?

Yes

Starting on Server 2012 you can have as many SSLs on your IIS Because of SNI support as you want however anything OS than that you can have multiple SSLs but won’t be able to apply them to different sites. I use certifytheweb for Let’s encrypt client with Windows Servers and it works beautifully with Exchange, RDS servers, Application Servers and even internal servers as they use DNS Verification.

@Pete-S said in sftp without ssh shell access?:

Thanks guys.

To summarize the link above, it's these lines in sshd_config that does the magic.

Match User sftpuser ForceCommand internal-sftp <snip>

The first line will tell sshd what user(s) the rest of the settings apply to.
The second line tells it to go straight into sftp mode. So this will only apply to the users that match the rule above.

Just make sure to test SSH after you do the changes ok a new session otherwise you might just have broken SSH access.

@scottalanmiller I haven't used them, but from what I hear it's only network storage. I could easily build something that would be faster for less money.

@Obsolesce said in MFA - who pays for authentication solution?:

@JaredBusch said in MFA - who pays for authentication solution?:

@Dashrender said in MFA - who pays for authentication solution?:

@stacksofplates said in MFA - who pays for authentication solution?:

@Dashrender said in MFA - who pays for authentication solution?:

@stacksofplates said in MFA - who pays for authentication solution?:

@Dashrender said in MFA - who pays for authentication solution?:

@IRJ said in MFA - who pays for authentication solution?:

Why not just supply hardware tokens? They are not that expensive.

for multiple sites? Just what everyone wants, a pocket full of tokens.

EHR
email
2nd EHR
3rd EHR
4th EHR
5th EHR

it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

Interesting.. thanks.

It is the same for using Authy instead of Google Authenticator. A lot of sites only say Google Authenticator, but they all use standards, thus Authy works just fine.

Exactly. Anything that says it uses Google Authenticator, can also use MS Authenticator. Same standards as JB said.

That part I know, but Symantec VIP uses their own what they call credential IDs, it's not a generic number like GA or MS auth uses... but I'll have to dig into it to see if it's cross compatible.

@Dashrender said in Weird thing on O365 account:

@Kelly said in Weird thing on O365 account:

@Dashrender said in Weird thing on O365 account:

Alright, the user has confirmed that she made changes yesterday, and those change could associate with GMT based time.

Anyone know if the logs are only/mainly in GMT?

Almost all O365 logs are UTC 0 regardless of the timezone of the server or requestor.

yeah, OK that makes the time line up for when the user added the rules, I'm just curious why it took MS 6 hours to send the noticed of alert?

They batch some of their processes, so it may have had to wait for the group to run rather than being on demand/occurrence.

@JaredBusch said in Installing Windows 10 without a Microcoft account:

@computerchip said in Installing Windows 10 without a Microcoft account:

@Dashrender I did an install last weekend of a freshly created usb installer from MS website, and there was no option to create local for the home version.

Do not connect to the network during setup is the only way around that on a home install now.

Yep,

@magicmarker said in Renaming a Hyper-V Host:

@PhlipElder said in Renaming a Hyper-V Host:

@magicmarker said in Renaming a Hyper-V Host:

I want to rename a Hyper-V host to comply with a new server naming scheme. The Hyper-V host runs 2 production servers that are replicating to another host along with being a host that other Hyper-V hosts replicate to. I’ve been unable to find anything that says this not a good idea or explaining what this can break. If this can break things, or is a hassle, I’ll leave the name alone. I don’t know how the Hyper-V replication handles a host name change. Has anyone renamed a Hyper-V host?

How is Replica set up? HTTPS or are both members of the guest's domain?

Off the top the rename would break things either way. With the need to re-establish replication the existing replicated data should be okay to use as a seed.

Replica is setup on HTTP. I'm leaning towards not renaming the host. Seems like it will not be worth the effort.

Not HTTPS so not using certificates? It's not much of a chore if straight HTTP.

That being said, if it is HTTPS then the certificates need to be generated, seated, and applied again to get them happy with each other.