I was waiting for hypervisor integration, which is one thing Veeam had over StorageCraft without question. Kept hearing rumors from our rep stopping by, and I just checked their site today and it looks like it's finally here in full force.
Haven't used it quite yet, but appears to integrate ImageManager and SPX, along with hypervisor integration. ShadowProtect already has some very awesome features, and this convergence is pretty sweet.
Pretty excited to see this. I hope licensing flops back to not focusing on core density.
@scottalanmiller said in Remove Duplicate Entries from MongDB Collection:
You can add an index as well, to avoid having duplicates occur in the future:
db.myCollection.createIndex({"my_field_to_be_unique":1},{unique:true})
Good idea.
@zachary715 said in Shrink VMDK - VMware:
Option 2 would be to migrate the VM to a different datastore with dissimilar block size and specify "Thin Provision" when moving. If you have or can create a datastore with a block size different than your current config, then you can do this without downtime.
Funny you mention that. I had forgotten about that method until this morning. I ended up using that method on the server (after creating a datastore using NFS share on a Synology appliance), using it strictly as a backup for a couple days to make sure things are good. I'll likely not use the conversion in the future; though they both took around the same amount of time to complete, the conversion was such a pain.
One thing I've had a personal issue with... compared to other hypervisors, VMware has not made things very simple with disk shrinking. To shrink a VMDK, one has to turn off the previously used VM (or use the Powered On option and try to run it concurrently... which may or may not turn off the old VM, I've saw both situations in different environments. DNS will have no issue because the new VM is on DHCP) use VMware Standalone Converter, create a new VM during the process, leave the old VM off for DNS reasons, change the name of the old VM to something like DC2 - OLD SHRUNK (new changed from DC2.domain.com to DC2), change the NIC adapter IP properties, go back in and change the gateway because even though I defined it, everything else will stick but not the gateway (if you're on 6.0... vCenter is upgraded to 6.5 but previous provider didn't install out-of-band so I have to stay onsite an hour from home for the EXSi upgrade).
Using Essentials Plus. Got everything squared away after hours knowing what was going to break based on previous experience, but what a goddamn hassle to shrink a VMDK.
Free, but not sure about open source... LibreOffice Draw works well. Inkscape is worth checking out; typically a vector graphics tool, but also has some PDF editing capabilities.
I've used Foxit PhantomPDF across a few clients, and have had some issues with the driver just randomly experiencing issues when trying to print to PDF or to a printer. So, just a heads up. But their price is very attractive. As @JaredBusch also pointed out, PDf Element is a good alternative at a slightly lower cost than Foxit PhantomPDF (roughly $30).
@reid-cooper said in Docker in the wild:
I don't see a lot of use for Docker in IT circles. Good for testing out a product, but not how you want to run it when you are really getting down to brass tacks.
My intended use would be for app virt, which I see now is not what it is for.
@scottalanmiller said in The Myth of RDP Insecurity:
@bbigford said in The Myth of RDP Insecurity:
@scottalanmiller said in The Myth of RDP Insecurity:
@momurda said in The Myth of RDP Insecurity:
@scottalanmiller What about directly exposing RDP for a user's desktop computer?
Say for instance CEO or COO dont like using vpn, open rdp to their desktop on firewall?Absolutely. The VPN makes no difference. RDP already has a VPN, so if a VPN was good enough, RDP is good enough.
Agreed. The only thing I've changed in the past is port forwarding some random port, to 3389. Same reason why something like 2222 externally is forwarded to 22 internally.
I don't even change that. It can lower the log count, but that's minor.
More preference than anything I think. One could say "but you could have attacks on a common port", but the same could be said for someone trying to attack 443; I'm definitely going to keep using 443.
There is one clear use case for port forwarding, and that's if you need to remote into many different hosts. But doing it that way is messy and I've only saw it worthwhile for education, where students remote into their workstations to complete classroom projects.
@dbeato said in Docker in the wild:
Docker is a container running on either a host or the same computer that runs it and it has its own OS. Docker contains differ from Application Virtualization because they deliver application as a service.
The software as a service piece is what piqued my interest. But as Scott pointed out, more development than production I guess.
@scottalanmiller said in The Myth of RDP Insecurity:
@momurda said in The Myth of RDP Insecurity:
@scottalanmiller What about directly exposing RDP for a user's desktop computer?
Say for instance CEO or COO dont like using vpn, open rdp to their desktop on firewall?Absolutely. The VPN makes no difference. RDP already has a VPN, so if a VPN was good enough, RDP is good enough.
Agreed. The only thing I've changed in the past is port forwarding some random port, to 3389. Same reason why something like 2222 externally is forwarded to 22 internally.
I've tried the built in, I still cannot find anything that compares to BitTitan Migration Wizard. The cost is about $10-15/user but totally worth it.
I've saw Docker being used for some pretty cool software as a service delivery, but I'm curious to hear about what anyone else might be using it for if not just for SaaS.
The reason I'm wondering is because I've used XenApp, vApp, App-V, and RemoteApp, but have never setup Docker. Not sure if it is for totally different use cases or if it could be very useful for delivering legacy healthcare apps that don't run very well on Win10 (pushing them off legacy being a different thread).
@jaredbusch said in VPN and Exchange:
@bbigford you are totally overthinking this.
They obviously have on site Exhange. That will require some kind of DNS entry for OWA and OA to work.
They chose to use exchange.domain.com, this is perfectly normal.
They only have a single IP, or only have their router configured to use a single IP. This is also very common.
Then someone wants to use a VPN. They enable it in the firewall, or whatever device, and just use the existing FQDN that resolves to the site IP.
This is also perfectly normal and 100% ok.
Could they have added a CNAME, such as vpn.domain.com? Sure, but there is no technical reason to do so.
I don't think they have web services, but if they were to, those wouldn't be able to use 443 I'm guessing since that port is already forwarded. I am definitely overthinking that one.
@reid-cooper said in VPN and Exchange:
@bbigford said in VPN and Exchange:
@reid-cooper said in VPN and Exchange:
@bbigford said in VPN and Exchange:
I just tried a web browser to see what appliance I would hit, and it goes straight to OWA.
Just port forwarding, most likely.
So you're thinking that 'Exchange' coincidentally is what hostname was given to the vpn service.
Exactly, that's what I'm thinking. Someone was thinking of the VPN as existing to access OWA, so named it Exchange.
That'll get cleaned up. We already overhauled ~90% of what that provider had done for Company 2, and they've been very happy with the result. They have some serious pains with Company 1 setup.
I went to add a Windows built-in VPN connection a moment ago, to show a colleague. The Outlook splash screen doesn't show in the credentials window, but it did on the user's laptop (also Windows 10, but a much earlier release I believe). I've honestly never saw that in a VPN connection window before; not sure what that is about unless it is forwarded to Exchange and credentials from the email system are used for authentication and they can then have access to network resources. But that would be a really goofy setup.
@reid-cooper said in VPN and Exchange:
@bbigford said in VPN and Exchange:
I just tried a web browser to see what appliance I would hit, and it goes straight to OWA.
Just port forwarding, most likely.
So you're thinking that 'Exchange' coincidentally is what hostname was given to the vpn service. In a browser, 443 is just forwarded to the on-prem Exchange server when using https://exchange.domain.com... am I understanding you correctly?
@bbigford said in VPN and Exchange:
@reid-cooper said in VPN and Exchange:
@bbigford said in VPN and Exchange:
@reid-cooper said in VPN and Exchange:
@bbigford said in VPN and Exchange:
@jt1001001 said in VPN and Exchange:
Is Exchange/OWA being published by a Forefont TMG box or some other proxy?
Knowing this provider, it's likely a ZyWall.
I mean is it IPSec, OpenSSL, that kind of thing.
I had set it to auto because I wasn't sure on the other end, but I would say IPSec if I had to guess.
What tool are you using to connect?
Windows built-in. I asked about a VPN client and they said they don't have one. I just tried a web browser to see what appliance I would hit, and it goes straight to OWA.
Looking at Company 2 (configured before I took on their account), they have separate IPs for vpn.company2.com, mail.company2.com, and company2.com
@reid-cooper said in VPN and Exchange:
@bbigford said in VPN and Exchange:
@reid-cooper said in VPN and Exchange:
@bbigford said in VPN and Exchange:
@jt1001001 said in VPN and Exchange:
Is Exchange/OWA being published by a Forefont TMG box or some other proxy?
Knowing this provider, it's likely a ZyWall.
I mean is it IPSec, OpenSSL, that kind of thing.
I had set it to auto because I wasn't sure on the other end, but I would say IPSec if I had to guess.
What tool are you using to connect?
Windows built-in. I asked about a VPN client and they said they don't have one. I just tried a web browser to see what appliance I would hit, and it goes straight to OWA.
@reid-cooper said in VPN and Exchange:
What kind of VPN is this? It's possible that the public address that they use is just called Exchange for some silly reason.
What does DNS tell you?
I looked up their DNS and exchange.domain.com is resolved by an IP provided by their ISP, domain.com resolves to a GoDaddy IP.
@reid-cooper said in VPN and Exchange:
@bbigford said in VPN and Exchange:
@jt1001001 said in VPN and Exchange:
Is Exchange/OWA being published by a Forefont TMG box or some other proxy?
Knowing this provider, it's likely a ZyWall.
I mean is it IPSec, OpenSSL, that kind of thing.
I had set it to auto because I wasn't sure on the other end, but I would say IPSec if I had to guess.
@jt1001001 said in VPN and Exchange:
Is Exchange/OWA being published by a Forefont TMG box or some other proxy?
Knowing this provider, it's likely a ZyWall.