@scottalanmiller said in Battery Backup with SSD raid:

SSD NV protection is to allow the SSD's cache to flush safely should power be lost. RAID NV / battery protection is to allow the RAID's cache to flush safely should power be lost. Each is important on its own, neither covers for the other one.

That's technically slightly incorrect.

The non-volatile cache memory on the raid controller is to be preserve the data that has not yet been written to the drives, until power is restored again.

On the SSD the capacitors hold enough charge so that the drive can write the remaining data in the cache memory to the actual flash memory after the power is gone. The cache is DRAM so it will loose it's contents after a few seconds.

The only time details like this matter is if you remove the battery from a raid card, your data might be lost.

I like it. If you were applying for a sales job it would be terrible. But for an infosec job it looks good.

@obsolesce said in DHCP Logic:

@pete-s said in DHCP Logic:

@g-i-jones said in DHCP Logic:

From what I found it's a common phrase in the UK that means "and there you have it"

Yeah, there you have it.

But what are the odds Bob is really someone's uncle?

The odds are 100% if he has a camera.
https://photo.stackexchange.com/questions/94238/who-or-what-is-an-uncle-bob

@g-i-jones said in DHCP Logic:

From what I found it's a common phrase in the UK that means "and there you have it"

Yeah, there you have it.

@g-i-jones said in DHCP Logic:

@dustinb3403 said in DHCP Logic:

@pete-s "Bob's your uncle". . . Huh?

Currently googling what this means.

It's English.

@g-i-jones said in DHCP Logic:

I disagree entirely. Here's why. You rely on a static IP for a printer right? Because you don't want them switching up all the time, but printers do go to standby mode, and then now you have a samsung phone (seems to always be the damn samsungs) that steals that IP and now the printer doesn't work. Happens all the time. I typically do both; I'll set a static IP for a printer, and then make the reservation on the DHCP server. This way nothing steals it. Additionally I'll do this same thing with anything of importance that has a static IP.

Well, we use different ip ranges for static IPs and for dynamic IPs (reservations or not). That's why you can set the range in any dhcp server. And also in most cases we don't have any dhcp server on vlans for static IPs.

When the printer doesn't work IT support can just put a new one in it's place, go into the menu and change the static IP to what it should be and Bob's your uncle.

Same thing with IP cameras, switches and what have you.

Honestly though, I feel you could go two ways. Either make it very comprehensive CV with a resume summary up front and then pages and pages of info. The pages are not meant to be read, unless someone is very interested, but rather reflect your large and various experience and knowledge.

The other way would be to cut it down even more. First take away everything that is more than 10 years old.
Make some thing more compact and group more things together.
For instance:

UNIX: Linux: Red Hat, CentOS, Suse, Oracle, Fedora, Ubuntu.

UNIX: Solaris, MacOS, AIX, FreeBSD.
Windows: Windows Server 2019 - Windows NT 4.

Becomes something like:

Operating Systems: Windows, various Linux and Unix variants, MacOS

Just keep those things that you know are most relevant today.
The more filler you remove, the more impressive the resume becomes.

What? No mainframe experience, no Novell Netware, no NT 3.x experience, no C/C++ and not even a tiny bit of assembler. Makes you look like a rookie...

@donahue said in DHCP Logic:

I like the idea of reservations because in theory everything could be managed and organized from the DHCP server. That being said, I have not really used reservations for this purpose yet, too many other things on my plate.

That is another problem. It means that if you are replacing server hardware or a NIC you also have to have access and redo the dhcp reservation since you have new mac addresses.

@obsolesce said in DHCP Logic:

@pete-s said in DHCP Logic:

@obsolesce said in DHCP Logic:

@pete-s said in DHCP Logic:

It's another question but it's debatable of DHCP reservations is a good idea in the first place. In general I would say no.
Better to use static IPs, at least for anything that is important.

Static only makes sense if you plan on having that server come up on another network that does not have the reservation in place, and nobody can figure out why it's not reachable through the known IP. Otherwise, what's your reasoning for thinking DHCP reservations is a bad idea? In what ways?

It's bad because you are dependent on the DHCP server to assign an address. So every server, VM whatever that get their DHCP reservation will fail if the DHCP server doesn't work. Basically the DHCP server becomes a single point of failure for a bunch of servers. Something you will find out after a power failure.

I think it's also bad practice to mix "clients" and "servers" in the same subnet, which is typically what has been done when you see DHCP reservations in use.

If there's a power failure, nothing will need an IP as they'll be turned off. When the power comes back on, the DHCP server comes up first (yes, the host is static, as well as DC like Scott mentioned).

If the DHCP server has some random failure, it's no issue at all, everything will keep using it's currently assigned address. It's not the issue you seem to think it is.

We have a separate subnet for servers and users, no issues there.

If the DHCP server doesn't come up after power failure, the rest of the servers booting up will not use their last given ip address if that is what you think. They will not have an IP address at all.

@obsolesce said in DHCP Logic:

@pete-s said in DHCP Logic:

It's another question but it's debatable of DHCP reservations is a good idea in the first place. In general I would say no.
Better to use static IPs, at least for anything that is important.

Static only makes sense if you plan on having that server come up on another network that does not have the reservation in place, and nobody can figure out why it's not reachable through the known IP. Otherwise, what's your reasoning for thinking DHCP reservations is a bad idea? In what ways?

It's bad because you are dependent on the DHCP server to assign an address. So every server, VM whatever that get their DHCP reservation will fail if the DHCP server doesn't work. Basically the DHCP server becomes a single point of failure for a bunch of servers. Something you will find out after a power failure.

I think it's also bad practice to mix "clients" and "servers" in the same subnet, which is typically what has been done when you see DHCP reservations in use.

@dustinb3403 said in DHCP Logic:

@pete-s said in DHCP Logic:

It's another question but it's debatable if DHCP reservations is a good idea in the first place. In general I would say no.
Better to use static IPs, at least for anything that is important.

A static IP and a reservation have nothing to do with each other.

For example you can assign a static IP address to your main file server, and while that server is online, it will continually use it. But if it goes offline and a client comes in, that client device could get that static address. When the server comes back online there would be an IP conflict and cause all sorts of issues.

A reservation doesn't mean you can't statically assign. It's literally just keeping that IP address for the MAC address.

You're confusing DHCP reservation with DHCP exclusion. You make a reservation to make the DHCP client MAC address get the same IP, gateway etc info always. You make a DHCP exclusion if you have something not using DHCP occupying an address in the DHCP range.

@dustinb3403 said in How secure are databases in general?:

How are you managing the user accounts that access these discrete databases? Assuming your ACL's are sound I wouldn't think there could be any compromise.

Yes that's true when everything works as expected. But have there been many security vulnerabilities that would allow hackers to defeat the security and access the data anyway?

How vulnerable are databases to unprivileged data access?

I'm thinking about a scenario where you have multiple users accessing the same database server but they don't have access to each others data.

It's another question but it's debatable if DHCP reservations is a good idea in the first place. In general I would say no.
Better to use static IPs, at least for anything that is important.

Vultr has bare-metal hosting too. Then you are locked to one physical server and you know the CPU/cores of the hardware (4-core e3-1270v6).

@dave247 said in Questions on redundant switch setup:

@pete-s said in Questions on redundant switch setup:

@dave247 said in Questions on redundant switch setup:

@pete-s said in Questions on redundant switch setup:

@jaredbusch said in Questions on redundant switch setup:

@dave247 said in Questions on redundant switch setup:

@pete-s

What kind of firewall and switches are you running?

One option: if you're switches have stacking, then you can put them in a single stack and then create a port group that spans the two switches and then connect that to your NIC teams on the other end. This guards against switch failure, switchport failure, server NIC port failure, Ethernet cable failure, etc..

This adds a level of complexity that you don't have to deal with when using a simple team. But the plus side is higher bandwidth per connected server.

The "switch independant team" what bonding mode is that in linux? Is it mode 1, active/backup policy?

You will have to look at your individual network card's drivers and management software with regards to Linux. AKA, read the manual. My guess is that you're running Broadcom NICs and the management software that I've seen/used is called "Broadcom Advanced Control Suite 4" and the "switch independent mode" or team type is called, "Smart Load Balancing and Failover (SLB)".

I'm all Intel on the NIC side in this case as Supermicro is predominately intel NICs and they are very well supported both in freebsd and linux.

Contrary to Windows, linux actually have bonding of different types in the kernel (a module called bonding). So the drivers don't have to do bonding.

oh nice. I have no idea. I haven't done much with Linux lately. Still, I would read the NIC documentation as it pertains to Linux.

Looking at Dell switches it seems like Dell N1124 will do the job. It's 24x1G switch with 4x10G for uplinks and stacking and has most of the features of it's bigger brothers in the N2000, N3000 series.
Pricing looks very attractive where I'm at (<$400 USD per switch), otherwise it's $1259 in the dell.com store.
I've never used Dell switches though.

@dave247 said in Questions on redundant switch setup:

@pete-s said in Questions on redundant switch setup:

@jaredbusch said in Questions on redundant switch setup:

@dave247 said in Questions on redundant switch setup:

@pete-s

What kind of firewall and switches are you running?

One option: if you're switches have stacking, then you can put them in a single stack and then create a port group that spans the two switches and then connect that to your NIC teams on the other end. This guards against switch failure, switchport failure, server NIC port failure, Ethernet cable failure, etc..

This adds a level of complexity that you don't have to deal with when using a simple team. But the plus side is higher bandwidth per connected server.

The "switch independant team" what bonding mode is that in linux? Is it mode 1, active/backup policy?

You will have to look at your individual network card's drivers and management software with regards to Linux. AKA, read the manual. My guess is that you're running Broadcom NICs and the management software that I've seen/used is called "Broadcom Advanced Control Suite 4" and the "switch independent mode" or team type is called, "Smart Load Balancing and Failover (SLB)".

I'm all Intel on the NIC side in this case as Supermicro is predominately intel NICs and they are very well supported both in freebsd and linux.

Contrary to Windows, linux actually have bonding of different types in the kernel (a module called bonding). So the drivers don't have to do bonding.

@jaredbusch said in Questions on redundant switch setup:

@dave247 said in Questions on redundant switch setup:

@pete-s

What kind of firewall and switches are you running?

One option: if you're switches have stacking, then you can put them in a single stack and then create a port group that spans the two switches and then connect that to your NIC teams on the other end. This guards against switch failure, switchport failure, server NIC port failure, Ethernet cable failure, etc..

This adds a level of complexity that you don't have to deal with when using a simple team. But the plus side is higher bandwidth per connected server.

The "switch independant team" what bonding mode is that in linux? Is it mode 1, active/backup policy?

@dave247 said in Questions on redundant switch setup:

@pete-s said in Questions on redundant switch setup:

@dave247 Thanks Dave, looks like a good solution.

I don't have any switches yet so any recommendations on what to get?

Regarding the firewall, I'm leaning toward software based firewalls, like pfsense (freebsd) or vyos (linux) - mainly for performance reasons (openpvn) and flexibility.

I think the Dell N series switches are great. We use a bunch of Dell N3048s where I work but they have a lot of features we wont ever use. I would suggest looking at Dell N1100 or N2000 series depending on your needs.

Here's info on the N1100 series and at he bottom right of that page are white-sheets on the various other models.

Thanks, I'll have a look at them.

I've used pfSense before and I think it's pretty good. You would have a lot more flexibility with how you set up your interfaces if you build out a custom system. Or are you buying one of their appliances?

No, I will run it on standard server hardware (supermicro) so I have flexibility when it comes to NICs, storage, RAM & CPU.