@Dashrender said in Protecting a NAS - Backups:

@BBigford said in Protecting a NAS - Backups:

@scottalanmiller said in Protecting a NAS - Backups:

Nothing that is replication and/or fault tolerance is a backup. Those are discrete ideas and have to be handled separately.

Right, it would be getting more into an area of undelete rather than backup control.

I think we're just going to end up virtualizing the file servers (they are old physical boxes that should have been virtualized years ago), keep them on Windows since we can continue to protect them with DPM, and call it a day.

Not trying to reinvent the wheel, but when the wheel can be repurposed to do something more efficiently...

I still am wondering what is wrong with the old servers other than you don't have enough local storage since you're hanging a USB drive off at least one for cold storage.

If you have the compute power in your VM host platform, you can easily put this there, the question is where will you store the data? You still might end up going with a NAS, sharing the storage to the VM fileserver itself, then shares from there.

After looking back over things, we're getting some new boxes for hosts to both replace EOL hosts and create another cluster (we have one cluster at one site, this would be a cluster at another site for different services), and what I'll end up doing is virtualizing the file servers. But then there was the question of storage. I'll move all the VMs and anything else off the local storage and move it over to the SAN, then increase the capacity on the local storage and dedicate that pool to the virtual file server, then backup that volume with our existing DPM. All in all, we'll end end up spending about $800 per server (just the cost of drives for some added local storage).

The reason for getting rid of the old servers... They are old Gateway servers that sometimes don't come back when you reboot them so you have to drive 45 minutes (for one colo... if its the other one I can call the NOC where it's located) to bring it back. They are slow and sometimes stall during peak hours. Overall, they should be virtualized anyway. I even scrapped the Synology idea because it would cost more, was a bit more complicated with backups, and I can't justify physical boxes for storage. If we run out of storage on the hosts after I increase the capacity, I could just add another drive shelf but that will be about 2-3 years at our current growth rate.

@IRJ said in AstroTurf is super green.:

@BBigford said in AstroTurf is super green.:

@IRJ said in AstroTurf is super green.:

How close are you to the degree? A degree in IT is rarely worth getting unless you want more of a hands off management position.

Not close. I just completed my first year. Still 3 to go. I don't want to be a manager. The last place I was at I managed 8 people and I hate it. Managing people vs. managing tech is not one of my strong points. I'm too hands on, and I find that I micro manage. Plus, I am too hard on people. When it comes to colleagues, I completely leave them alone unless they ask me for help so I'm a better team member than a manager/supervisor.

I just want to stick in systems. I'm not getting a management degree anyway. I'm getting a BAS in network administration (heavier emphasis on systems though).

With 10 years experience it really isn't going to help you much at all if at all.

I'm not doing it out of necessity. My family was never really big on college but I always wanted to go. This is 100% just a life goal, rather than "I need to do this to get a good job". I tried my first year out and did really well, so I want to see it through to the end. Whatever "the end" may be defined as... whether that is getting a 4.0 one year but flunking out the next, or seeing it through to graduation.

I once asked a vendor who were pitching an appliance that supported RAID0+1 and RAID1+0, "what would you recommend between the two, to a potential customer?" They said it didn't matter as they are both the same thing.

We didn't go with that vendor.

@BBigford said in Windows security groups...:

@Jason said in Windows security groups...:

@BBigford said in Windows security groups...:

I'm in Active Directory Administration Center...

People actually use that?

I like it for quick day to day stuff. Resetting passwords and checking memberships. Anything more than that and I use ADUC. If Microsoft completely dropped ADAC, I wouldn't be super sad... It's extremely stripped down anyway. About 90% of the reason I use it is I like that you can more easily locate things with the "Locate..." option. I haven't found that in ADUC, but I also haven't really bothered to look deeper...

I just use Locate for being able to quickly jump to the OU that the object is located in.

@wirestyle22 said in Adding certs to firewalls:

@Dashrender said in Adding certs to firewalls:

Certs absolutely can have something to do with UTM firewalls that are doing scanning at the network layer. If you're hosting your own website, then you could install your cert on the firewall, it would open the packets, scan them, then seal them back up and send them to your server.

Traffic Inspection? What part of the Sonicwall made it your recommendation @BBigford out of curiousity? I bought an ERX and the only thing it doesn't do that I needed was content filtering. I just set up a Squid Proxy at that site.

I didn't recommend them initially. I just replaced them with identical models when they broke and configured accordingly. They worked okay, well enough for what they needed, so I didn't opt to move them in a different direction like Watchguard/etc.

@scottalanmiller said in Adding certs to firewalls:

It IS important to realize that UTMs are just like MS SBS server...

That much I do understand... I was just under the misconception that the inspection was happening on the firewall side of services, rather than proxy/web server side of services. I had overlooked that in the link I posted as a response.

But I guess one could simply state that a firewall does nothing more than allow traffic to pass/redirect/drop/or be blocked based on rules, nothing more. It's not until you add additional services that you can inspect traffic, filter web content, or setup a secure tunnel/VPN.

@BBigford said in Moving to a New WSUS server:

If you changed the hostname or port on that server, nothing's going to work if you haven't adjusted the GPO.

@scottalanmiller said in Remotely control a Mac:

http://www.davidtheexpert.com/post.php?id=5

I made the mistake of associating VNC with RealVNC.

https://www.realvnc.com/products/vnc/

@scottalanmiller said in Remotely control a Mac:

@BBigford said in Remotely control a Mac:

use vnc://x.x.x.x between Macs... I guess I just need to download an open source VNC client and see if that works...

Why do you need a client? Same question as with the server. Mac has everything that you need included. What's the purpose of replacing the built in and supported VNC client with a third party one?

I'm trying to remotely control a Mac with Windows. Microsoft's RDP client from the App Store didn't seem to work. Even after enabling screen sharing on the Mac, I couldn't use Microsoft RDC from my Windows workstation. But after downloading TightVNC, I could use that to control the Mac after enabling screen sharing.

Trying to remote to a Mac Mini with Terminals from Windows. I can get in with UltraVNC and vnc://IP from another Mac.

*Firewall on Mini is disabled
*Tried VNC protocol from Terminals on default port 5900
*Tried using the VNC defined password (on the Mini, setup during the "Screen Sharing/Remote Administration" portion.
*Tried having the Mini bound to AD and using AD credentials as well as the local credentials.
*Mini is on the same LAN as my Windows workstation.

Any ideas what I'm doing wrong? Terminals logs just say it can't connect because the connection was refused. Pretty generic.

@thwr said in Terminals & VNC:

@BBigford Really don't want to disturb your monolog, but there's a password only auth option in some servers and clients. Maybe your client or server doesn't implement that very well. Have you tried something like good old TightVNC on the client side?

Haha I was starting to feel like I was going on with a monolog. I almost deleted stuff, but then didn't want to delete any relevant content.

TightVNC and UltraVNC works. I was just trying to figure out why Terminals was having so many issues with authentication then just randomly started working.

All of a sudden ping was working, authentication worked... and I hadn't even changed anything. I just got frustrated and kept mashing connect about a dozen times to get SOMETHING to show up in the logs.

@thwr said in Terminals & VNC:

@BBigford hehe, know that feeling. Very well. So problem solved?

Solved but not explained. That's okay though. If nobody can chime in about Terminals specifically then I'll just drop it. Wanted to at least pose the question.

@thwr said in Terminals & VNC:

@BBigford Features: http://mobaxterm.mobatek.net/features.html

MobaXterm will support that, and much more. Macros, SSH tunnel (local and remote port forwarding), a handy SFTP browser which always points to the current directory in your sh session, PuTTY keygen, X11 forwarding and even simple things like arranging and undocking windows (something very simple I'm missing from most other clients)

I think they are using PuTTY behind the scenes, but thats just a wild guess. IMHO, that tool is far superior compared to mRemoteNG (which isn't bad at all).

Cool, thanks for the suggestion. There's things I like about nRemoteNG and Terminals, but maybe it's time to switch to something paid if it's going to be a bit better.

You mentioned a SFTP browser, so I'd be able to combine Terminals and WinSCP it sounds like.

@thwr said in New KVM recommendation:

@scottalanmiller said in New KVM recommendation:

HA ha. Finally a use for a Mac!

We are working quite a bit with SysML and UML here. Maybe I should add a hard requirement for the next project: "Enough explosive compounds must fit into the device in case the customer is unsatisfied"

@BBigford : Sorry for getting offtopic

It's alright. Sometimes I'm not sure why I even bring up Apple products. I legitimately need to figure out what to do but their lack of support for enterprise is laughable. They tried with Xserve, then completely stepped away leaving lots of people holding the bag.

I can't NOT support Apple... so times like this I don't really know what to do to make the rack look nice (so the Mac server doesn't make it look terrible... ironic since people say they are so pretty), but also be functional and support C-level execs.

I think the Mini looks better like this...

But I also don't want to throw any janky Apple equipment next to about $300k worth of gear in our colo that touring clients will see.

What does your friend use currently? A semi-local Canadian carrier and multiple SIMs with various extra charges?

System Center Endpoint Protection (we're using SCCM 2012 R2) should be available... Every thread I've found says to find it in my volume licensing service center but Microsoft says we have to give them $15k to renew our SA (won't be approved for a couple months) before they will make that available.

I've been told it is somewhere on the server as well but the Data Source tab in Software Library > Overview > Application Management > Packages > Configuration Manager Client Package.

I go to that directory but the agent there is only for Windows. Thoughts???

@dafyre said in Hyperconvergence & VDI:

Scale is actually partnering with a company for this now, called Workspot. They had a webinar yesterday. I got to sit in on it for a few minutes. I'll see if I can dig up some details.

I talked with Workspot. From the sounds, it looks like they are a cloud company, directly competing with VMware & Citrix.

My only wonder (couldn't get the question answered well enough), is why couldn't someone just virtualize their Citrix or VMware environment. How is Workspot filling the gap?