@scottalanmiller said in Using name-spaces or address pools for domain controllers? (things to make replacing DC's easier):
This is what DHCP is for. In a typical environment you have to update almost nothing when replacing a DC.
So would you typically put your servers on DHCP reservation? Also, I thought you once told me about the very thing I am asking about in my OP.. I just forgot the details
@dbeato said in Anyone running SonicOS 6.5.0.2-8n?:
@dave247 said in Anyone running SonicOS 6.5.0.2-8n?:
We run a SonicWall NSA 3600 where I work and I am staring to look into upgrading to the new 6.5 firmware (6.5.0.2-8n). I have heard of some issues with the last two updates, and wanted to get more input if anyone has any to give..
I am not, I am using the 6.2.9 on the production Sonicwalls we have. I would recommend to test it out if possible.
Unfortunately I can't realistically test it out. Even if I had an extra, non-production unit, I doubt I could effectively detect issues since production factors would not be present enough to fully test. I suppose I could just always roll back if necessary... but I think I will probably be waiting a few more releases.. that or just move to a different UTM all together..
@scottalanmiller said in Disaster Recovery as a service companies that support IBM iSeries / AS400 systems?:
Oh. My. Fucking. Balls.
This accurately describes my boss (the company's CIO/CTO).
Fuck.
I was doing some server builds for 2x R740's and an R640. I spec'd everything out using Dell's website based on our needs and noted the retail price. I then sent my builds to my Dell VAR who of course quoted me ballpark -$1,000 than the retail price. Then, just now, I happened to think of xByte again and I went through and selected the exact same build and the price difference going through xByte is AT LEAST $16,000 LESS total. What gives???!
I know the stuff at xByte is "refurb" which does not mean used in this case. I just thought it was stuff that was maybe a bit older and that Dell no longer supported. But I see that xByte on these servers that I just checked out also offer the exact same Dell ProSupport options as the Dell website. So it's like essentially the same thing as going through Dell, just not as insanely expensive.
So this seems like one of those things that seems too good to be true... or maybe it's that my Dell VAR is ripping us off... I don't know. Obviously, if I can get equipment that is just as good as the stuff I'd get going through my Dell VAR and I get Dell ProSupport options, then I would be going through xByte for sure.
@scottalanmiller said in What's with the massive price difference between Dell VAR prices vs xByte prices??!?:
@dave247 said in What's with the massive price difference between Dell VAR prices vs xByte prices??!?:
@scottalanmiller said in What's with the massive price difference between Dell VAR prices vs xByte prices??!?:
@dave247 said in What's with the massive price difference between Dell VAR prices vs xByte prices??!?:
@jaredbusch said in What's with the massive price difference between Dell VAR prices vs xByte prices??!?:
@dave247 said in What's with the massive price difference between Dell VAR prices vs xByte prices??!?:
I think I will go through xbyte even if my VAR tells me they can match their prices...
They can't. That is not how it works.
Well actually one time my VAR matched the exact refurb prices that I was going to get from xbyte like last minute. I got like 5x Dell N series switches brand new for refurb price - which was like $2,500 each instead of the $7k or w/e they were when I was buying them.
They can take a loss if they want, most likely they were just having xByte deliver them directly and not marking them up.
But here is a simple rule... if you need your VAR to match a better price somewhere else, your VAR is making you do extra work and burn other relationships up front to lock you in. You waste time and effort (that's money) and other vendors won't keep quoting you good prices if you don't then buy from them. Tricking you into raising the price from other vendors is how price matching works out for your VAR.
I don't understand this part: "Tricking you into raising the price from other vendors is how price matching works out for your VAR."
The vendor is convincing you to go get good prices from other people. Those people are providing good prices in the hopes of earning your business by being better. Your vendor then convinces you that even though the new vendor treated you better, to stick with them. Your old vendor (the price matcher) now knows that you aren't loyal and will shop around, so they know it's time to "drive to the bottom" and lower prices by lowering service. The new vendor (the one giving you a good price) gets taught that doing a good job for you gets them nowhere and getting you a good quote is a waste of resources, so they will stop doing so and just start quoting rack rates, because you are just wasting their time.
"Shopping around" for prices is a dangerous game unless you are just looking up public web prices. But a VAR, by definition, is not about price but about services. If you care about price, then using a VAR is a mistake every time. You want a pure reseller who isn't marking up to add services to the product. Yes, in IT we need to ensure our prices are good. But you can't get good prices by going around to everyone and getting quotes, it will feel like you are getting good prices, but the products are not directly comparable and the best prices exist only for loyal customers with good relationships.
At this point though, I'm thinking my VAR is really just a re-seller. He doesn't add too much value and when he does give his input, I think it's usually based on a bit of antiquated IT knowledge.. We've bought workstations, servers, firewalls and MS licenses through him but he also does consulting and services sort of like a MSP. My boss has in the past hired him to do consulting and things so we've paid him for "services" and things.... So going back to all the stuff I've seen you post on SW, we were buying stuff from the guy who was also doing the consulting... you know the rest of the story. However, I more or less halted this when I came on. I started asking questions, doing my own work and shopping around for better deals on hardware. I still go to him now and again mainly for MS licensing and the last thing was new Dell switches which I got refurb price.
So as the title says, we use SonicWALL firewall/UTM at our company. It's really nice and we make good use of it between the various security services, but it still seems to lack some of the functionality we are looking for. We did a little bit of research and Sophos XG looks like it might be a really good fit for us as a firewall/UTM, and we would also be using their endpoint protection services well.
I was just wondering if anyone had any experience with Sophos XG and could offer some input/ feedback. Was there anything unexpectedly negative about it? How is support?
We did have a product demo and everything looked really good but I'm still looking around for various bits of feedback from actual customers.
Man, I just finished upgrading us to Windows 7 64 bit. Got the last XP machine removed last week...
I wanted to see if anyone else here works in banking and if you have any input on BSA/AML solutions. I'm looking to explore other options as our current software is poorly maintained and quite expensive.
Never mind - found out that it was one of the October Windows updates that knocked out Bit Locker to go on USB flash drives...
@dashrender said in Exchange Environment - Lab:
@dave247 said in Exchange Environment - Lab:
@travisdh1 said in Exchange Environment - Lab:
@stuartjordan said in Exchange Environment - Lab:
@travisdh1 said in Exchange Environment - Lab:
@stuartjordan said in Exchange Environment - Lab:
I can see what others are saying, onsite exchange not really no point, but a lot of MSP's still host their own copy of exchange normally in a datacenter and you could sell your own hosted exchange to customers. This only would be advantageous with lots of users. But you just cannot beat the costs of 365 with normal Businesses.
If you want to host email, why would you use the worst platform possible to find? Why not Zimbra for example?
I'm not on about me, I personally use mailcow. But I'm stating big MSP'S and hosting companies still use hosted exchange in a datacenter enviroment.
I guess that requires the discussion about management not caring about the company and treating it like a hobby business yet again.
What are you even talking about?
you must be new around here - This is a general theme in many, I'd go so far as to say most, discussions around here.
Don't treat your company like a hobby. Do business correct, i.e. don't use local Exchange unless you have a regulation forcing you too.
Run the company like a real company - care about costs, do the 'right' thing, not just the simple get it done thing, etc.
No, I'm not that new around here but I don't view that many threads to be honest.
Arguing about someone treating their business like a hobby is stupid because at a certain point it's going to come down to matter of opinion, knowledge and experience - all things that are subject to change as people and businesses grow. Just because someone is using Product X vs Product Z doesn't mean they don't give a shit about making the business money.
@dashrender said in Exchange Environment - Lab:
@stuartjordan said in Exchange Environment - Lab:
At the end of the day, if the op want's to learn exchange that's up to him. This is a forum where we can give constructive criticism but, there is also no need to go on about it and give a little help instead. Just a thought??
At this point I was just trying to let dave know of the typical MO around here.
Yes, I understand that, in summary, it is the unified intent of the original initiative of SAM (and others) over at Spiceworks, before the banning and exodus. Given what that place was/still is, I guess I don't blame you all for the general tone and approach - but gottdamn, most the new posters here might be confused but they are friendly and want to learn. No need to push them away with rudeness.
@scottalanmiller said in WSUS Location:
@dashrender said in WSUS Location:
@scottalanmiller said in WSUS Location:
@dafyre said in WSUS Location:
Splitting to split failure domains is terrible thinking. That doubles the chances of AN outage, and they don't solve anything.
Why is it terrible thinking? If I have two failure domains, half keeps working and the other half is down. Yes, there's an outage, but we're not completely dead in the water.
That's not at all correct. If DHCP fails and your IP fails, then AD fails TOO. If AD fails and DHCP does not, you still have a partial outage.
Your system makes ANY failure twice as likely. Half of the time it is just as bad as having them combined. The other half of the time isn't AS bad, but not good.
So it's that easy. Your dead in the water time is equal either way, because you have a complete DHCP dependency apparently. The other half of the time, even though you are not completely dead, is 100% unnecessary risk caused solely by having designed the system to fail unnecessarily often (by 50%.)
By merging the services you can dramatically reduce your overall risk with literally zero downsides.
I'm really trying to understand the math here considering - two AD servers, two DHCP servers - and crazily, we'll assume one DNS server, because he never stated that he has two DNS servers.
Assuming the DNS is either with the AD or with the DHCP. As DNS is an AD dependency, you have to keep them together for safety. However DHCP is also an AD dependency that you have to keep together for safety. So who knows.
Scott Allan Miller - excellent video and thanks for you awesome input as always. I made it about 5 minutes before I got lost in your beard though xD
I have 4 monitors set up 2x2 vertical because I'm 1 out of 2 IT guys at my company. 1 screen for email and the other 3 for all other insanity.
@scottalanmiller said in I can't even:
when no IoT exists, and people fearing Windows 10 compared to 7. WTF people?
What does IoT even mean in this case? I've always been unclear on it..
@kooler said in Can I get some direction on setting up Hyper-V server with a storage cluster?:
@dave247 said in Can I get some direction on setting up Hyper-V server with a storage cluster?:
I have a few servers that are now available for whatever I want, since I've virtualized them to our vSphere 6.5 environment. We currently have a single SAN unit for our vm datastore which connects to two switches and then to three virtual hosts (SAM's Inverted Pyramid of Doom thing).
Anyway, I am trying to experiment with a different design as well as set up a new test environment. I want to install Hyper-V 2016 Server on my most powerful spare server, then I want to use my other two servers as mirrored or a distributed storage cluster.
I am not 100% on what is best practice on how exactly to set this up, so I'm hoping for some input. I mean, I'm a sysadmin at my job, so I understand how to install and configure stuff.. but I've not set up a completely new environment from scratch before.
Any advice is much appreciated!
SAM has a point (thanks for reference!)
Dave ping me anton AT starwind DOT com and I'll get you in touch with engineers who could help. You're welcomed to proceed with either commercial or a free version (no time bombs, no capacity or feature limits there).
https://www.starwindsoftware.com/starwind-virtual-san
https://www.starwindsoftware.com/starwind-virtual-san-free
Good luck
Sure, I may do that if I need help. I really only plan to use this as a lab + backup testing environment at work, so I would use the free version.. not sure what the difference is though.
@scottalanmiller said in I can't even:
@dave247 said in I can't even:
What does IoT even mean in this case? I've always been unclear on it..
IoT is not a real term, it doesn't mean anything specific. It's a loose reference to devices that you'd not expect to be computing devices that are networked, but are. POS doesn't fall into that category. Your toaster, microwave, or fridge would. A sensor in your attic might. Thermostats really can't be considered this any longer, they are full computing devices and expected to be so, now. So they've left IoT, IMHO.
IoT is a useless term based around the cluelessness or expectations of the observer. It is always subjective and can't be used in any technical context.
Lmao, I love it. I always though it seemed like an odd/vague term.
@dashrender said in VLAN confusion:
VLANs in most cases aren't needed unless you have a security reason to do so, and must share hardware over these networks, i.e. one set of APs but two wifi networks - corporate and guest.
Switches perform their job which can easily allow thousands of devices to be on a single flat IP network without the need to break them down into smaller and smaller segments. So if you don't have a security related reason to keep them separate, then your life will be much simpler if you just have a /23 or /22 network instead of the typical /24 (limited to 256 devices).Onto your current setup:
From the sounds of it, your Sonicwall is doing the routing between your VLANs at this point, assuming cross VLAN traffic is happening.You mentioned that you made a VLAN for wifi - then you talk about a guest and corporate wifi - Does this mean your corporate wifi is on the default VLAN and the guest is exclusively on the new VLAN? What provides DHCP to the guest network? What provides DNS to the guest network?
As for your Lab network, you have choices, you can create a completely separate VLAN that only has access to itself and the internet via the sonicwall, or you can enable ACLs that allow the two networks to talk to each other and the Sonicwall will route information between the two.
Ah, I'm an idiot. My brain sucks at recalling information.
So I set up two VLAN's: one for corporate wifi and one for guest wifi. Then Sonciwall handles the routing and DHCP for each network, plus the firewall functionality. DNS to corp is our DC and I just used google's DNS for the guest wifi. Guest wifi doesn't touch our internal systems at all.
@jaredbusch said in VLAN confusion:
Your router will should be the only point that connects traffic from one VLAN to another.
At a very basic level:
You will want to have rules in your router's firewall that allows new/established/related connections from the company LAN to the Lab LAN. But from the Lab LAN to the company LAN it should only allow established.
This will allow you to connect in and have the Lab thing respond but the Lab thing cannot initiate a connection to the company LAN.
OOOOH yeah.. ok that seems obvious now. I can just allow myself access to that network through my Sonicwall via the firewall rules..
@jaredbusch said in VLAN confusion:
Expanding your subnet is simple.
You change your router first.
Then you change your DHCP scope to hand out the /22
But you also add a block in the DHCP assignment to not give out addresses in the new section.
Then you change your few static devices (if you do not have only a few static systems, you have other issues).
Once your static devices are changed, you remove the block in your DHCP assignment.
Process complete.
Well I have about 35 or so servers and appliances that have static addresses. It will be a bit of a pain to manually go through an update all the network settings, but I'd do it. Good thing is that I just changed all of our workstations back to DHCP as the previous sysadmin had put EVERYTHING on static as a band-aid fix for DHCP issues he couldn't solve.
@scottalanmiller said in VLAN confusion:
@dave247 said in VLAN confusion:
Also, my CIO is adamant about keeping the voice traffic segregated for "security reasons" as it will satisfy an item on one of our various IT audits (we are a financial institution that has a lot of audits).
That's fine IF he can prove that the audit is legit (normally they are fake) and find some regulation that the auditor is following. I'm not aware of any here, so he's need to produce this. This sounds like collusion to me. If this was an actual security concern, VLANs aren't an option, you have to encrypt the voice traffic. If someone is suggesting a VLAN to meet this audit requirement, something inappropriate is going on. No regulation makes you put in VLANs.
Good point. I will ask for the specific audit request on this and find out more.
