• RE: Barracuda vs Meraki - firewalls

    EVIL SALES GUY TRICK #403. DESCRIBE WHAT THE BENEFIT OF A PRODUCT RATHER THAN SIMPLY USE A VAGUE BUZZWORD 🙂

    If you Limit SD-WAN to just being "a separate control mechanism" then some Cisco stuff from the 90's falls under than and it's a meaningless term.

    posted in IT Discussion
  • RE: Barracuda vs Meraki - firewalls

    @scottalanmiller said in Barracuda vs Meraki - firewalls:

    From Wikipedia: "SD-WAN is an acronym for software-defined networking in a wide area network (WAN). An SD-WAN simplifies the management and operation of a WAN by decoupling (separating) the networking hardware from its control mechanism. This concept is similar to how software-defined networking implements virtualization technology to improve data center management and operation."

    Notice that what it IS does not guarantee or even suggest any of those things. You are working form revisionist marketing material and not what an SD-WAN actually is. Very dangerous because it makes it trivial for salesman to sell you an SD-WAN with you thinking that they sold you all this stuff, and get nothing. And they did nothing wrong, because they were being honest.

    Or keep reading the wikipedia article and see that I was largely describing the feature section....

    I'll argue it's pedantic to try to separate SD-WAN from Hybrid-WAN at this point as (the majority) of deployments of SD-WAN will be Hybrid-WAN. Wayyyyy to much of IT spend in companies is telco's, and the combined technologies are going to do what virutaliation in x86 did to compute, and what HCI and cloud is doing to storage.

    posted in IT Discussion
  • RE: Barracuda vs Meraki - firewalls

    @jaredbusch said in Barracuda vs Meraki - firewalls:

    Bullshit. Those things all together are what makes it SD-WAN instead of some random guy trying to say all of his Ubiquiti ERLs with IPSEC tunnels are SD-WAN, because they are not.
    @StorageNinja is exactly right on this.

    SD-WAN in general simplifies management at large scale (and nore than just the devices, but also the links), optimizies performance in ways BGP, Shaping DSCP alone can't (and with a 1000x less work, no need for bespoke optimizations), enables unlimited choice on the WAN links without unlimited management hell as you try to deal with 10 different CLEC providers, and brings costs down for CPE gear (Virtualized, x86 rather than proprietary ASICs).

    posted in IT Discussion
  • RE: Liability Insurance

    @scottalanmiller Some customers (Gov and larger shops) require it before they will sign you up as a vendor at all.

    posted in IT Business
  • RE: Barracuda vs Meraki - firewalls

    @scottalanmiller said in Barracuda vs Meraki - firewalls:

    @jt1001001 said in Barracuda vs Meraki - firewalls:

    I won't do manage sd wan from the carrier ever again! Ask around here how much I love carriers!

    OH yeah, such a bad idea. Just a VPN that you don't control and pay a fortune for.

    SDWAN is a hell of a lot more than VPN tunnels...

    1. Link bonding. Mix MPLS/Cable/T1/4G etc.
    2. Per packet routing. Have the same session use multiple links depending on requirements...
    3. Jitter management for the above. Can strategically use buffer bloat to make 2 similar segments match on one way latency (Inflate the lower link to match the higher one). This reduces the need for packet re-odrering (expensive from a compute basis).
    4. Per segment monitoring. Latency isn't symmetric. Using things like 2 party clock synchronization and packet tagging you can measure with packet stamps in real time the one way latency of a link (Critical to keep jitter under control).
    5. Automated rules engines with multiple factors that can even handle encrypted. Massive centrally collected rules engines based on destination IP, Ports, CNAME on SSL Cert for encrypted, packet headers if not encrypted etc.
    6. Packet loss mitigation. For bulk media store and re-forward to avoid TCP retransmits keep throughput up. More sensitive real time protocols that are narrower can benefit from duel transmit (send packet down both links) as well as parity injected into packet streams.

    Reason why you would pay a 3rd party....

    1. Management of hardware for disparate links. Someone to deal with all the 4G cards, Cable Modems etc.

    2. Management of billing. Having to sort and verify through billing for 5 different carriers

    3. Awareness of options and scale. WAN resellers who do this for a living tend to aggregate a lot more demand and can get better pricing, as well as already have the fiber maps and quote tooling backend hooks for the tier 1 players so they can quickly identify the best options for each site.

    Here's the dirty secret about not wanting to deal with someone else reselling someone else's links.... You always are. Thats how the internet (and wireless Networks) work. Everyone is leasing lines and transit from everyone.

    posted in IT Discussion
  • RE: Barracuda vs Meraki - firewalls

    @jt1001001 said in Barracuda vs Meraki - firewalls:

    I would eliminate the need for a mesh VPN and just go pure Internet/"Cloud" for everything. We are working our way towards that but at the time mesh VPN was the quicker option. I would have put my resources on moving to cloud and just needing very basic firewall/routing options for our branches.

    While I agree with you (I only use VPN to get to a handful of things like R&D, and even then VDI is a better choice most of the time), there tends for IT people to be some things that need VPN. Sometimes replacing the HVAC management equipment is more expensive than setting up a VPN back to the main site.

    It's also worth considering some sort of SD-WAN solution. One benefit to this is if you backhaul your internet pop to a central place you can centralize edge security and content filtering. Some of the SD-WAN systems are managed by the ISP leaving you with even less to mess with.

    posted in IT Discussion
  • RE: Barracuda vs Meraki - firewalls

    @dustinb3403 said in Barracuda vs Meraki - firewalls:

    ou can include your wireless equipment and optical GPON devices as well

    My understanding is it manages their WISP targeted (AirMax) and EdgeSwitch and not their Commercial/enterprise focused UniFI. The edge line of firewall/routers also lack any layer 7 content etc filtering.

    posted in IT Discussion
  • RE: Barracuda vs Meraki - firewalls

    @jaredbusch said in Barracuda vs Meraki - firewalls:

    @dustinb3403 said in Barracuda vs Meraki - firewalls:

    @scottalanmiller said in Barracuda vs Meraki - firewalls:

    @bbigford said in Barracuda vs Meraki - firewalls:

    The reason for Meraki is central management. This client is spread across many states. I've been fortunate in the past to see their MSP setup; it's amazing and I might like to get back to it.

    That's not a reason. Ubiquiti already has that. Meraki doesn't offer anything special there.

    UNMS right?

    https://unms.com/

    Yes.

    0_1531337403067_7b328766-584d-4002-b4c6-4e331a16ed5d-image.png

    That can't manage switches or AP's though right? One of the selling points on Meraki is it can do the entire "stack" in a single UI/management tool.

    posted in IT Discussion
  • RE: StarWind VSAN crashes with USB device attached

    OK, it turns out somebody is taking old bugs (2+ years old) reported on our forum and push them to the other forums. I have no idea why...

    posted in Starwind
  • RE: Hyper-V replication, Starwind, or something else?

    @scottalanmiller said in Hyper-V replication, Starwind, or something else?:

    why do you see agentless as even something you want

    At scale you get...

    1. Block based backups. wayyyy faster than hair-pinning out a VM's networking stack. In some cases avoiding the LAN entirely for backup.
    2. CBT Backup API's. Zero need to do any IO in guest to identify what has changed and what needs to be backed up. File based index's aren't good enough here especially with large files that have minor changes (have to shard and hash compare the entire damn file). If you've ever seen Avamar or Comvault's in guest agents do differential based backups (and the mountain of IO and CPU they generate locally) it's nuts.
    posted in IT Discussion