@hobbit666 said in MPLS alternative:

@Dashrender said in MPLS alternative:

What is your Citrix environment providing you? What are you deploying using it?

We use MS Dynamics GP. So instead of installing this on 300+ computers (then having to update 300+ computers when updated keys and modules come out) we have 15 Citrix Xen Desktop servers that these computers access to get onto the GP stuff. They've always used Citrix instead of RDS as "apparently" ICA protocol uses less bandwidth.

Yep, that's been generally true ICA has used less bandwidth than RDP (*pssst - the server side still has RDS installed on it as far as I know - they just add the Citrix stuff on top of RDS to gain access to ICA and other Citrix stuff)

@scottalanmiller said in MPLS alternative:

@hobbit666 said in MPLS alternative:

I'd guess we still would want a Firewall of some sorts at each site?

Every LAN should have a firewall (and has to have one, it is the firewall that makes it a network, it's literally impossible to have a network without a firewall.)

Note: This is because all firewalls are routers and all routers are firewalls. Technically you can make a router exist without being a firewall, but not if you need standard network addressing and no one has made one of these for decades because it would be useless. So while yes, they aren't the same thing in reality, they absolutely are in practice.

I can't agree with you here scott - only thing required to make a network is NICs and some type of connectivity between them. Now if you're talking about one that access the internet or other networks - then I agree with you.

@scottalanmiller said in MPLS alternative:

@hobbit666 said in MPLS alternative:

Those i get, but what about printing to office printers.....

So printing is a weird one. Typically printing desires physical proximity and no security. The nature of printing is insecure. Do you really need printing security? And do you really need to print from one site to another instead of printing locally? These things are possible, just really rare.

Printing does have options to use some LANless design, but typically we ignore this here as we are talking about a peripheral device that simply "doesn't matter" enough.

So I guess the real question is... since you can "just print" without any discussion or design whatsoever, what's the actual problem that you are trying to solve? I'm not sure what the question is. Whether you have LANbased or LANless design, if you hook up a USB printer you just print, if you hook up a network printer, you just print. They really fall outside of this discussion unless there is some extra factor that we can't anticipate.

We know they are old school setup - so we assume they are using Windows print queues to print (man I hope they are all local to each subnet and not flowing over the MPLS). with that type of thinking comes these questions.

I agree - assuming insecure printing is OK - then just move to direct IP/network based printing or USB based printing. problem solved.

@JaredBusch said in MPLS alternative:

@Dashrender said in MPLS alternative:

you meant that they somehow exposed those AD servers directly to the Internet

No, he clearly meant they used the existing local AD and made that the login for the Citrix farm.

Thus exposing it to the internet via the citrix log on process. No different than RDS..

Of course the fucking DC was not directly on the internet.. WTF, this was clear as a bell when he stated it.

My Fucking bad - the idea of standing up a completely separate AD just for Citrix completely escaped me until his more recent post. That just seems CRAZY complex... UNTIL you get rid of AD for users as well. users already complain about having to log into 37 different things every day, splitting AD from local logon vs Citrix logon means just one more set of creds to remember.. users will definitely complain..

yeah yeah - JB says F the user.

@scottalanmiller said in MPLS alternative:

@Dashrender said in MPLS alternative:

you meant that they somehow exposed those AD servers directly to the Internet - which is just crazy. But leaving them in the background behind the RDS/ICA servers should be pretty secure.?

So sadly, no. That's the problem with RDS. It exposes AD directly! That's why it sucks so much. It requires AD and then exposes it! WTF MS?!?!?

That's why we either have to isolate AD away from the LAN to being used only for RDS, or we need to replace AD, or we need to harden it significantly.

In NTG's RDP farm case, we do it by running without AD. But everyone has different needs.

yeah, this points back to the multiple credentials needed I just pointed out, driving users crazy - and to the use of aweful passwords. of course we can mitigate the passwords to a point, but that leads to other issues.

Basically if Hobbit is going to do this - he needs to get management to buy into a completely new paradigm of the design. which would be great, but a hard sell.

@hobbit666 said in MPLS alternative:

When you say your file less. Is using OD4B and the desktop apps of word/excel still classed as this? As I'm still using One Drive.
Or am I only truly getting to "file" less if everything is online? Like zoho or Google docs

Using OD or OD4B means you're using files.

Correct that Zoho/Google Docs or Microsoft Docs online are all fileless because they are stored in their vendors DB's, not as individual files.

@hobbit666 said in MPLS alternative:

@scottalanmiller said in MPLS alternative:

With what we do, there are literally no files anywhere in the process (till we send them to file-based organizations.) But even dealing with our partners, we are often able to remain fileless because of sharing mechanisms that we can leverage.

We have nothing like OneDrive because we don't have files to put in it (as mentioned we do HAVE NextCloud, but only a couple users use it at all and it's for special case large file items, mostly for marketing with big image files that we haven't gotten fileless yet.)

Are you using purely Zoho/Google Docs/O365 online type services and everything is just on their systems.

NTG is pushing as much as they can into Zoho... at least that's what he told me yesterday. I think they are already there for the most part.

@StorageNinja said in MPLS alternative:

@Dashrender said in MPLS alternative:

In that case, the home user upgrades to no cap or to a business connection, at least with Cox that solves the cap problem. On Cox it's about $50/m to go no cap.

He moved to AT&T Fiber. No caps on their gigabit product.

Nice - sadly not the case with Cox, their gig product has the typical 1 TB cap, which really, if you think about it - if you need the 1 gig, that cap is ridiculous!

@syko24 said in Old IT won't provide documentation or passwords:

@Dashrender said in Old IT won't provide documentation or passwords:

Classic error as many have said around here before... allowing someone other than the business owners/top brass owning the domain name.

Depending on the conditions of the domain name, the IT vendor might be the owners of the domain, and the company might not actually be able to force them to hand it over. I see lawyers in the client's future.

As for O365, that will probably be a bit easier, but it might have to wait until the disposition of the domain name is resolved.

Good luck.

Yeah definitely agree the company should always have the domain under their own account.

The office manager is new and when he first contacted the IT company they refused to give any information. The topic of the domain hasn't come up yet, but I assume they are not going to hand it over without issues.

This is a tricky situation - We recently talked about it here. In one case the IT company could claim it was their domain and they were setting it for their customers use, but not ownership... I have no idea how that would turn out in a court battle, except to say bloody.

As for the passwords - now that they have to hand over, otherwise it's stolen property in some sense....

@DustinB3403 said in Virtual WAF:

@Jimmy9008 said in Virtual WAF:

If this forum is not one that is able to help and would rather comment on structures that are entirely outside of my control, ill go elsewhere.

This is the place to discuss this sort of thing. @Dashrender is just trying to ruffle feathers. Ignore him.

You may see it that way - I see this is a shift of - they no longer have money, so they are going to pawn off the responsibility to someone else - that's at minimum seemingly disrespectful.

It might not be native - it very easily could be something they extend when you buy their solution.

Cisco does this with call manager - you run code against AD which adds several new attributes.

@Carnival-Boy said in Access 2003 in a 2021 World???:

@Dashrender said in Access 2003 in a 2021 World???:

If you have all those different products, you likely have tons of work-arounds you have to do to get data to work together... plus the cost of managing them all separately...

I agree, it does seem like a lot of work. I can't see the attraction. It feels a bit too 1980s.

The problem is getting a company to see how much they are actually spending on their ERP components.

I have a vendor that has an ancient AS400, running Daily and Wilcot. I don't think the software has received an update in 15 years, possibly more like 20+. I've been begging them to move to another platform for 5+ years - old hardware, hard to get replacements, etc...

They really need to move to another platform, In light of this conversation, I wonder if they would be better off hiring someone like Bundy or NTG (I think they do dev) to make them a platform for what they need...

Potentially one of the biggest hurdles is getting their old data out.

https://pisignage.com/homepage/index.html

Just found this too.

@AdamF said in Cellular backup options:

@scottalanmiller said in Cellular backup options:

@AdamF said in Cellular backup options:

What is the physical connection layout for the Cradle point? I understand that the static IP block that I have from Comcast would NOT work during a failover scenario. I can deal with that. However, under normal operation (not in LTE failover), is this configured in such a way that creates double NATing? We have VoIP phones connecting to a cloud PBX, and I would not want to deal with double NAT.

I've not tested with static, but the assumption would be that the static would still work.

I just heard from my rep. Static IPs will not work during LTE backup. Once normal service is restored, the IPs are available again, but not during the LTE backup.

I'm really not surprised by this - Making your IPs work across different networks is a pretty huge deal.

Personally - I just want the same IP (the one assigned by cellular) when I'm on cellular everytime - that way a backup VPN route can be setup to that IP, or whitelisted in firewalls for things like PBX's, etc.

@WrCombs said in Ipad guru/ Site connectivity issue:

@Dashrender said in Ipad guru/ Site connectivity issue:

Are customer's allowed on any SSID on this network? or only employee and business devices?

Only employees / business devices are allowed to connect.

so how many total devices are we talking about?
what is the bandwidth of the ISP connection?
what is the bandwidth utilitzation per endpoint for the application in question?
how much bandwidth is being chewed up by staff devices downloading FB, YT, updates, etc? perhaps that needs to be squeezed to next to nothing to ensure enough bandwidth for the business stuff.

@WrCombs said in Ipad guru/ Site connectivity issue:

some random bit of information unrelated because I can't log in.
But the owner was calling and texting me and my team because our "System is complete shit" and some other unpleasant things , then told me that it wasn't the network cause he has a Cellular backup in place and it has never once turned on so me saying it's a network issue is "utter bullshit and just an excuse"
Good to know that other people think the same thing.

What does not using cellular backup have to do with anything?

I hope you told him there are multiple aspects to the network....

The Wifi
The wired (switches)
the firewall
the ISP
hell - from a network POV, since the app is cloud hosted - The internet at large could be to blame
and the DC/ISPs used by the cloud service.

Tons of "networks" can be to blame here.

@scottalanmiller said in Ipad guru/ Site connectivity issue:

@Dashrender said in Ipad guru/ Site connectivity issue:

@scottalanmiller said in Ipad guru/ Site connectivity issue:

@WrCombs said in Ipad guru/ Site connectivity issue:

then told me that it wasn't the network cause he has a Cellular backup in place and it has never once turned on so me saying it's a network issue is "utter bullshit and just an excuse"

This is the spot where he is sabotaging. He knows that he made this up and has no idea what he's saying. Knowing that, he decided to say it anyway. That's what makes it sabotage, he's deciding to throw a monkey wrench in the troubleshooting process for whatever reason.

I have no clue what you are talking about here? he "knows" that the cellular option hasn't been used - now why he 'thinks' this has anything to do with anything at all - that's the real question...

He knows he doesn't know what a network is. The rest is him just making shit up to derail Will or try to sabotage something.

I really do see why you say this, but frankly, I don't think it's reality...

What is reality is the client is emotional/pissed and is just being irrational and lashing out...
do I think he's "making shit up to derail Will?" no - what real benefit does that provide the client?
Do I think he's willfully sabotaging Will? again no - again, what benefit does this give the client?

Do I think they NEED to be put in their place and informed that they hired Will for a job - and damnit, give him a chance to do it, and stop helping - yes. And if Will doesn't solve the problem in the client's timeframe - then fire Will's company and move on.

@DustinB3403 said in Ipad guru/ Site connectivity issue:

It's condescending and rude, even if you are correct in just moving an AP

I saw it mostly as Will's own frustration at the owner for being rude to him first, and likely Will didn't feel there was any other way to get through to him.. but instead of getting through... they guy fired him.. no surprise really.

I have a user who had had this happen twice, each time after they "closed the screen, then opened it the next day"

The issue is:
application is running and working fine.
user closes the lid.
user opens the lid after several or more hours.
Application is in start bar, highlighted as running, yet the user is unable to bring the window for the application into view.

When you cover over the icon, you see something like this

Troubleshooting steps that didn't work:

• right click and close the app - the halo around the program disappears, verify in task manager - app is not running, click the icon again, end up in same situation

• use task manager to kill the app, then relaunch - no go

• reboot - no go

• This application doesn't require local login - so I extracted another copy into a different folder and that new instance ran just fine, at the same time this one remained broken

Solution that fixed it:
hold the shift key while right clicking on the icon, choose move/show on desktop or some other option as shown, then the app's window returned to normal.

I'm wondering if any one else has run into this?

@scottalanmiller said in Ipad guru for Site connectivity issue:

@JaredBusch said in Ipad guru for Site connectivity issue:

@scottalanmiller said in Ipad guru for Site connectivity issue:

@JaredBusch said in Ipad guru for Site connectivity issue:

@WrCombs said in Ipad guru for Site connectivity issue:

@JaredBusch said in Ipad guru for Site connectivity issue:

@WrCombs said in Ipad guru for Site connectivity issue:

he looked me dead in the eye and said "does that make sense?"

and your answer?

"not really.."

Perfect.

Might make it worse.

Make what worse? I'm assuming he is in an at-will employement state. So honestly, if they want him gone he's gone. This matters not. It is also the appropriate answer to the question. Because it is the truth.

I just meant that the additional APs and higher power on the APs might exacerbate the networking issues.

This is definitely my thinking...