Best posts made by NetworkNerd

Charter Business just turned up a 50/5 coax circuit for us at one of our sites. Originally we had ordered one public ip address for this location, but we ended up having to order another after the service was turned up to make it easier to allow our video monitoring company to watch the cameras at this location (recently installed as well).

So when I called Charter to get a second public ip address they gave me one no problem. But, it's on a different subnet and has a different gateway than the first public ip we had to start.

We have an ASA 5505 at this location currently, and there should be a way to configure it to use both ip addresses since this is not a dual ISP situation or trying to configure failover, etc. When you have a block of ip addresses it is pretty easy to configure the ASA to use them. I can do that. But it's this public ip on an alternate subnet that is throwing me for a loop.

I should also mention that we are using 10.0.1.0/24 for the LAN at this location and will be using 10.192.0.0/23 for the cameras. There will be no VLANs. The cameras just need to be on a different subnet. The ASA provides DHCP for devices on the 10.0.1.0/24 subnet only. Devices on the 10.192.0.0/23 subnet will have static ip addresses.

ASA 5505 Config

We have one interface tied to a switch port (port 0) for the first public ip and every other switch port on the ASA tied to the LAN ip block we are using at this location. I'd leave port 0 for public ip 1 and port 1 for LAN1 (10.0.1.0/24). Here's what I am thinking for the rest:

• list itemCreate a new interface tied to a 3rd switch port (port 2) that is set with the 2nd public ip I mention above.
• list itemCreate a matching static route for the second public ip.
• list itemCreate one more interface tied to a 4th switch port (port 3) for LAN2 (10.192.0.0/23).
• list itemConfigure all devices on each LAN to use the LAN gateway ip address for their specific segment.

Will what I have mentioned above work? I would then create access rules and NAT rules for the camera traffic using the second public ip. I'd really like to do one-to-one NAT for the second public ip and the NVR at this location since accessing the camera software seems to play better with that than NAT with PAT.

Have I over-complicated it? Any advice is much appreciated. The second ip being on a different subnet is really throwing me for a loop.

@Bob-Beatty said:

It depends on the job. If you have to support end users, you need to be at the office when they are, that is usually a scheduling task. But for engineers, administrators, etc... I don't care, nor do I pay attention. If I have to micro manage that, then I'm in the wrong job and I hired the wrong person.

In this case it was end user support. The part about hiring the wrong person is what turned out to be true in my case, but we've resolved that problem now. Thanks everyone for your advice on this one.

The rise of group health care premiums is really starting to upset me. It's up about $200 per month from last year. My wife and I are taking a hard look at healthcare sharing networks like Samaritan Ministries. This is just one of the many out there, but from what I gather, this covers you from receiving a tax penalty for not having health insurance.

Has anyone considered using something like this and moving away from group insurance? I'd love to hear feedback from any who have done this. I feel like by doing it we would be saving a ton of cash and could put a fair amount away in an emergency fund just for medical expenses.

Imagine having just racked 4 new Dell PowerEdge R730 servers. The network and power cables are all in place, and the disks are in the proper slots. The journey to deploy a new hybrid vSAN 6.6 cluster has begun.

Prerequisites
Before going any further, it is important to note that ESXi 6.0 was factory installed on mirrored SD cards within these hosts. Each host had to be upgraded to ESXi 6.5d to get the bits for vSAN 6.6. That process will not be detailed here.

All host hardware is on the VMware HCL for vSphere 6.5. The PERC H730 Mini as well as all capacity and solid state drives are on the vSAN HCL for vSAN 6.6.

Jumping the Gun
After ensuring the hosts were at the proper ESXi patch, I couldn't wait to get my hands on the vCenter Server Appliance 6.5d installer. After all, this version contains the Easy Install workflow to make greenfield vSAN deployments simple. It will configure a vSAN datastore on one host of your choice and deploy a Platform Services Controller (PSC) and vCenter Server Appliance (VCSA) on that datastore. Once vCenter is up and running, you can use it to configure the rest of the hosts which will be part of the cluster.

I launched the installer from my workstation, and as I was stepping through it to install an external PSC, I reached the point for claiming disks in the target host for the initial vSAN datastore configuration.

As you can see, the installer can see no disks in the host. Oops.

Back to Basics
I realized at this point that although all hardware was on the proper HCLs, I had forgotten to check the configuration of the PERC card in my target host. I connected to our KVM switch and rebooted the host. And not long after that, the problem was very obvious. Even though there were no virtual drives setup, all physical disks were marked for RAID use.

After entering the configuration utility for the PERC card, here's what I found:

All disks show to be unconfigured. That only means the physical disks were unconfigured for any kind of RAID level. They were still, however, marked as usable in a RAID configuration. If it is not highlighted already, use the up arrow to highlight the PERC card, and press F2 to get to the Operations menu from here. You won't see these options if any specific disk is selected.

Once you select Convert to Non-RAID and press Enter, you are immediately taken to the screen below where you must select which physical disks will be converted to Non-RAID disks. Use the space bar to mark each disk as Non-RAID. In my case, there were 12 physical disks. Once all disks have been marked, use the right arrow to highlight the OK button, and then hit Enter.

At this point, here is what you see inside the Virtual Disk Management menu.

Press ESC to exit the configuration utility, and the host will reboot. This time when the host rebooted, it's easy to see that we have 12 disks ready for vSAN.

And this time, when I ran through the Easy Install, you can see there were disks ready to be claimed for use with vSAN as expected.

Lessons Learned
In the end, it was pretty simple to configure the PERC card in each server for use with vSAN. Don't make the mistake of assuming the vendor has configured the hardware optimally for the technology you are implementing.

@JaredBusch said:

@ajstringham said:

3. What is your long-term backup plan?

Depends on a few things. When I talked to Unitrends I got completely run around, AFTER getting Katie involved. It was a completely horrible experience.

That said, I am looking for a solution to handle offsite pushing of the backups so I am basically going to use Veeam or UEB. One thing I have not done with Veeam is actually see how the offsite functionality works. Not enough hours in the day it always seems. UEB was quoting me stupid numbers for backing things up using my own hardware both onsite and offsite, I was not impressed. Where my understanding of Veeam is a $1600 purchase of Essentials to handle 4 sockets (my two servers that i will be keeping) and then I can install the offiste side of that with no extra licensing needed.

You would do well to look at Enterprise Plus licenses of Veeam to get the WAN Accelerator for backup copy jobs here. I am hoping to try this out in the next 4-8 weeks since we just beefed up internet connections at 2 of our sites.

@Ambarishrh said in Book suggestions:

@WingCreative said in Book suggestions:

I enjoyed reading through The Phoenix Project - for one thing, the first chapters made me feel better about the workload I had on my plate But the whole book itself was a great (fictional) case study on shifting from traditional Development & Operations departments to a DevOps environment. It's basically a story of a dysfunctional enterprise IT environment getting better, told from the perspective of someone uniwttingly tossed into the role of IT director. It helped me see the problems DevOps practices solve along with the challenges that can arise when shifting over to them.

Old thread, was thinking about posting about this book and found this!

I just signed up for Audible trial and started with this book. Just on chapter 5 but i am already liking it!

I guess as long as you cancel the trial before the 30-day mark you avoid charges? I saw this, and it made me consider an Audible trial as well. I'm not really used to audio books. I have seen The Phoenix Project recommended so many times that I feel it is a must read / listen at some point.

I know I mentioned in a previous thread that my wife and I recently moved to a HSN (Healthcare Sharing Network) called Samaritan Ministries. The idea is you are supposed to cover up to $300 in medical bills on your own and can submit a need to the group if you end up with a bill higher than that.

It looks like today will be the first day we explore this new avenue. My daughter (6 years old) has a badly infected cuticle on her toe. We've tried peroxide and a few other treatments, but the infection is not getting better.

I'm wondering how much to expect to pay at urgent care up front. Can anyone share their experience with self-pay at a place like this? I was going to call them and ask before I take her this afternoon but wanted to get some feedback from others. I realize I should know more about what I got myself into by now, but alas, I am unprepared.

I'm in Texas (Dallas / Fort Worth area) by the way.

Suppose you decide to start your own technical blog, and suppose further that you're working to decide on a blogging platform that's easy to use and requires little maintenance. More than anything, you're focused more on writing good content than amazing people with the best looking site on the planet.

Of course, you don't want to host it yourself when it's so easy to get a 1-click install of either of these applications from many hosting providers.

If you had your choice between Wordpress and Ghost, which one would you choose? And what are your reasons for the choice?

For now let's ignore the reasons for separating the blog from any content you might generate on ML (other than perhaps posts with a synopsis and link to your latest blog) and the effort required to continue producing content.

Did you end up using the Dell ESXi ISO here or just the one you can download from VMWare? This is more for my own curiosity than anything. I had some issues on a Dell R510 recently and could only resolve them by using the Dell ESXi ISO.

Does anyone out there use meetup.com and go to specialized user groups (i.e. for containers, programming languages, open source technologies, industry specific tech)? I was just curious how helpful those groups have been for you and how often they usually meet.

@dafyre said in Fighting the Afternoon Energy Dip:

B12 after a meal is probably good. Or after a mid-morning snack.

Water and walking will usually help me as well.

I drink water like a fish all day long but could definitely use more movement. I'm on one of the higher floors of a building and have been going either up or down a flight for restroom breaks during the day.

I ran into a really interesting problem when trying to deploy the Hytrust OVA on a non-vCenter managed ESXi 6.5 box via the embedded host client. At first I thought for sure it was a software bug, but it turns out it was my lack of reading skills. Hopefully this will keep someone from making the same mistakes I did.

You can read the full details of the errors I was getting and some interesting observations here - http://blog.thenetworknerd.com/2017/07/17/error-deploying-hytrust-ova-in-the-esxi-6-5-embedded-host-client-and-learning-to-read/.

I am building a Server 2012 VM this morning, and I thought to myself, when would someone use the core install instead of the GUI? I know people probably do that, but when does that make more sense? And additionally, why would you do that instead of just using some Linux distro if you really want command line?

@stacksofplates said in Using Meetup.com?:

I just joined a few weeks ago. Not a ton in my area but doing a RedHat thing this month.

Definitely post back here with feedback if you don't mind.

@kelly said in Fighting the Afternoon Energy Dip:

You might also look at your work schedule. I've recently become aware of the fact that the tasks that seem to come up during the morning are the ones that are outside of my "sweet spot" from a personality perspective. When those occupy my morning and spend zero time doing things that give me life I end up wiped by lunch regardless of diet or exercise.

That's a good point. When you're really excited about doing something or find it very engaging, it normally does not matter how tired you might be. I say normally here because there are truly times where you are just too wiped out to even do what you enjoy.

After finding out I was approved to attend VMworld this year, I signed up to present a vBrownBag Tech Talk on VMware vSAN. Just a few weeks before the conference, I was lucky to secure an official slot on the agenda for Thursday afternoon.

The idea for the talk was pretty simple and was inspired based on the talk @scottalanmiller asked me to do at the DFW Mango Meetup a while back. If vSAN powered The Matrix, would we plan it carefully like an enterprise technology rather than trying to run it on whatever hardware is available in the server closet? Is cost really a barrier to people using this technology, or are there ways to save money and still harness the power of VMware vSAN? What are some other pitfalls to be aware of? Watch the video, and see for yourself [VMTN6733U]. I hope you will find it helpful.

http://blog.thenetworknerd.com/2017/09/04/if-vsan-powered-the-matrix/

For us it would be ITAR compliance for e-mail at a reasonable price. It's not cost efficient unless you have thousands of users. But we enjoy the ProPlus software licensing with O365 (newly purchased).

I think the technology experience you list depends on whether it is 1) relatable to the technology the new role requires you to use or 2) is specifically the technology the new role requires you to use. Anything else is just noise. I'd encourage you to watch the video here
titled A Recruiter's Advice to the IT Pro. It has some good advice for LinkedIn, etc.

Make sure LinkedIn is updated with all of your skills and experience (and I mean all of it). Then take that and whittle down to those items that can be highlighted to get you the new job.

One of the best things to do is get up and move, even if it is going for a walk. And let your mind wander, whether you listen to music or a podcast or nothing at all. Manual labor is pretty freeing as well when you are under some stress. Get out in the yard and trim a few trees or dig those holes to put new plants in the landscaping, etc. Learning new things is fun for me too, but nothing relives stress as much as movement / some kind of exercise. Otherwise everything gets tense, and I eventually am going to move wrong and tweak my back.

This year was the first time I was able to attend VMworld US, and it was an amazing experience. Just before the conference, I was contacted by someone at Spiceworks and asked to write a few articles about what it’s like to attend. Since there were several articles, I wanted to list all of them here. It was a blast writing each of these, and I hope sharing my experiences will provide some value to the community as a whole. The last article in the list is more general and contains some recommendations for any tech conference.

Read the full post with information about VMworld, VMUG UserCon, and Spiceworld here - http://blog.thenetworknerd.com/2017/09/24/conf-heartbeat-vmworld-vmugusercon-spiceworld/