@gjacobse said in VPN vs SDP?:

Because - a LinkedIN advert is where you want to learn from - but taking a referenced technology FROM there and doing your search and learn.

This advert implied that SDP is the next thing to replace a VPN - Oh-kay what is it. What is an SDP and why would I want to investigate it.

That's not really a great comparison. VPN and SDP are truly apples and oranges. Alot of websites do try to compare SDN to VPN for some reason. I think that might be because some legacy places think VPN equals security. Yet they have flat networks with virtually no firewall rules.

I think it's easier to think about zero trust model which will require you to use SDN concepts. Zero Trust has been industry standard for probably a decade. Many companies are choosing to make the transition to ZT as they move workloads in the cloud. Cleaning up enterprise on premise networks can be a nightmare which is why many have made the transition in tandem with moving to public clouds.

Another reason they are being done on cloud workloads is because the major public clouds deny traffic by default. The fact that things don't work out of box with all access blocked. It does alot to encourage only opening what you absolutely need.

Zero Trust defends your biggest threat, internal actors. Internal actors can be malicious or just plain stupid. Both are extremely dangerous in an on premise network. VPN does nothing to protect you since they are employees who have VPN access.

@stuartjordan said in Why do we have a downvote limit?:

What does **** mean? lol

Sexy
Cute
Thic

@dustinb3403 said in Why do we have a downvote limit?:

@irj because you're a little ****

Why can't we downvote more than 3 posts per user per day?

Sql in azure is so easy. You could also run it on Linux if you wanted to do so, but I'll take one click backup and restores in Azure for ease of use. Who wants to deal with database servers when you don't have to do so.

@dustinb3403 said in Where to start...:

@irj said in Where to start...:

@mmicha said in Where to start...:

Hello,

Just looking for some help on where to start first...

My company needs to start upgrading some of our infrastructure. Currently we are running on ESXi, with less than 15 VM's across two hosts. Everything is Windows (2012) and linux.

We still have Exchange (2013) on-premise.

My thought is that first step should be get the email to Exchange Online.

Then move our systems to a cloud somewhere. Build out a site to site to a their datacenter and slowly build / upgrade things.

Total storage of VM's / Exchange is less than 5TB.

Thanks.

I agree with your plan overall, but I'd also consider taking a hard look at those 15 VMs and see how you can deploy those in the cloud while reducing costs. Cloud workloads give the advantage of being elastic which can save you money if you deploy your applications correctly. If you just move VMs over 1:1 you aren't really leveraging the power of the cloud.

Can these applications be deployed so they can scale by using containers or at a minimum leverage autoscaling! Keep your normal operating cost is low, and only spikes when you need the resources.

Cloud is not a solution for everything. Get off of your high horse.

The conversation needs to be understood if cloud performance would even work for the individual environment. Latency delays or large file usage to Azure or wherever don't work for solutions like AutoCAD without crazy high Opex costs to get the performance to match local performance considerations.

@dustinb3403 said in Where to start...:

l
Cloud has these negatives

• Long term cost
• Vendor lock in
• Limited support - support package dependent
• Performance (internet) can be a limiting factor

You have no idea what you're talking about.

@mmicha said in Where to start...:

Hello,

Just looking for some help on where to start first...

My company needs to start upgrading some of our infrastructure. Currently we are running on ESXi, with less than 15 VM's across two hosts. Everything is Windows (2012) and linux.

We still have Exchange (2013) on-premise.

My thought is that first step should be get the email to Exchange Online.

Then move our systems to a cloud somewhere. Build out a site to site to a their datacenter and slowly build / upgrade things.

Total storage of VM's / Exchange is less than 5TB.

Thanks.

I agree with your plan overall, but I'd also consider taking a hard look at those 15 VMs and see how you can deploy those in the cloud while reducing costs. Cloud workloads give the advantage of being elastic which can save you money if you deploy your applications correctly. If you just move VMs over 1:1 you aren't really leveraging the power of the cloud.

Can these applications be deployed so they can scale by using containers or at a minimum leverage autoscaling! Keep your normal operating cost is low, and only spikes when you need the resources.

@dustinb3403 said in What Are You Doing Right Now:

@irj said in What Are You Doing Right Now:

@dustinb3403 said in What Are You Doing Right Now:

why haven't you worked to get let go and collect unemployment while you get a better job?

Wow what an idiotic statement, even for you.

Sure, but its better then being brow-beaten for resolving a paying customers issue. He's repeatedly stated the issues he has here. And unemployment would literally force him to find better working conditions.

I agree about him leaving. I also agree he's not doing enough to leave. I don't believe in abusing unemployment as a motivator. Usually it's a demotivator of anything.

@dustinb3403 said in What Are You Doing Right Now:

why haven't you worked to get let go and collect unemployment while you get a better job?

Wow what an idiotic statement, even for you.

@dustinb3403 said in What Are You Doing Right Now:

Just doing some really simple math on the cost savings of switching to the paid version of LibreOffice compared to Microsoft 365 Apps for Business (literally just the office suite).

$2,720 vs $15,840 annually.

Or simply put for just an office suite $13,120 a year in savings for an office of 160 people.

Mind blown.

Percentage wise that appears to be huge. I'm not sure $13k is worth loss of a ton of features and productivity.

@laksh1999 said in login code need:

@vignesh said in login code need:

hello im new to reactjs i need a login code to run in vs code. please help me

https://code.visualstudio.com/docs/nodejs/reactjs-tutorial

@jaredbusch said in A Startdocprinter Call Was not Issued:

@dafyre said in A Startdocprinter Call Was not Issued:

@gjacobse said in A Startdocprinter Call Was not Issued:

they should be ONEDRIVE, but doesn't always happen...

Hopefully you find this out before re-imaging the machine...

Not an IT problem.

Chair to keyboard interface problem

I had a discussion with a coworker yesterday about when to use kubernetes and when to use serverless. I found this article to be a good overview of pros and cons of each.

https://dysnix.com/blog/kubernetes-vs-serverless-part-1/

https://dysnix.com/blog/kubernetes-vs-serverless-part-2/

@scottalanmiller said in What Are You Doing Right Now:

@wrcombs said in What Are You Doing Right Now:

Horrible day at the office- my manager and I have so little to do , that we have sat here and talked about how little we have to do - after I asked him if there was anything that needed to be worked on and if there was anyway I could get extra hours cause I'm not making very much on a straight 80 pay period.. needless to say I'm extremely bored.

Unless your job forbids you to do extra stuff (yeah, I've seen it), this is when you should be so excited that you get to pull out the certification book that you are working through, watch that YouTube educational series you haven't had time for, or as you mentioned, start scripting things. There's no limit to the things that you should be just waiting for a free moment to do that are huge for your career advancement, while also positive for your current job (so that you don't get in trouble.)

That that Network+, then move on to more and more certs if you have time. Figure out PowerShell. Learn other cool tools. Write articles, watch videos, blog about your learning, etc.

I used to work the most boring job in the universe. But the job was boring, I was not bored. I worked my tail off getting certified in anything and everything while doing that job (it was an overnight job, more security than anything else.) I built my career on the few years that I had there. I learned so much because it was "boring".

Boring = opportunity for you to really do what matters most.

I feel like even if your job forbids it, you can spin at improving your current job during downtime. It's one of the things I do without asking permission and I've never had a single issue ever. I have been asked about it before by one boss who thought I trained a little too much, but it's not something they can really stop. A boss yelling at someone for training never looks good in any form. It's not a battle they are usually willing to fight.

@gjacobse said in A Startdocprinter Call Was not Issued:

Is this something that it's likely as easy to re-install Windows as it is to spend a few hours trying to correct?

I know in enterprises, not too much effort is spent on troubleshooting workstations on the Lan. Generally users save everything to one drive or similar and it is much faster (10 mins) to reimage workstations.

Remote users require a bit more troubleshooting, because reimaging is not as fast over WAN or especially VPN. @Obsolesce might be able to speak a bit more on this.

Also another related question, would you even use kubernetes for databases or would be better to use a hosted service like RDS?

@stacksofplates said in Greenfield Kubernetes Architecture and Security:

.

1 will get really expensive and complicated really fast.

2 is complicated in networking, but less complicated in that you need less rolebindings (also more expensive).

3 makes the most sense but adds complexity with SAs and rolebindings. Let the namespaces be the logical separation. Use a mesh like Istio/Kuma for mTLS. If you pay for Kuma you get OPA integration in the sidecar with a CRD for the policy, if you use Istio you still get OPA but I believe it's a configmap that you need to load into a central OPA I can't remember. This way you can define policy for each app but your app doesn't need to understand how authentication mechanisms work.

1.) Is that because you have masters for each cluster, but if combining all clusters your master would still need to scale out, right? Why is it complicated? It seems like to me for organizing backups and for administration it's probably the easiest?

2.) You are saying you'd have a cluster called postgressql and then have names paces like app1-postgresql app2-postgresql app3-postgresql, etc. If you're backing up an entire application you would need to create some type of orchestration for restore on multiple clusters simultaneously to bring the application back up.

3.) I need to do some research and reading on this before I can ask more questions

@jaredbusch said in Greenfield Kubernetes Architecture and Security:

@irj said in Greenfield Kubernetes Architecture and Security:

create a few kubernetes clusters and separate applications by namespace and use network policies to filter traffic?

But, to me, I would go this route. Of course that is without a enough knowledge of Kubernetes best practices. But I like separating things by logical things like namespace or task or department group, etc.

Interestingly enough that was also a recommendation from someone who I consider a Kubernetes guru.

One thing I am thinking about is controlling access via IAM accounts on a CSP. It's easier to separate roles and permissions when you can separate them into different projects or VPCs on a major cloud provider. I am still learning kubernetes, but I wonder how much effort it would be to manage permissions on a namespace level.

Let's say your organization has 50-100 different applications running on kubernetes. Historically each cluster runs one application.

You have the ability to greenfield and re-architect how everything is built.

1. Would you keep one cluster per application and use network policies to control data flow?

2. Would you break up clusters similar to how you'd separate a 3 or 4 tier web app? One of the advantages to this approach is perhaps you can keep DevOps engineers from accessing database clusters at all. The disadvantage of course being complexity on the network side.

3. Would you create a few kubernetes clusters and separate applications by namespace and use network policies to filter traffic?

Note : For sake of discussion Kubernetes will be hosted on major CSP (AWS, Azure, or GCP) so no need to worry about hardware requirements for this topic.