Best posts made by NetworkNerd

Here's something interesting about Intermedia. They do not support T.38. In the words of their channel manager, "In regards to T.38 Faxing…unfortunately Intermedia does not support T.38 faxing on our SIP trunks. We had tested T.38 for quite some time, but found the failure rate to be much higher than standard uncompressed g.711 codec, so we made a company decision to not support this protocol."

They have some kind of web fax product you can get for an extra $3.99 per month per number (i.e. client software that allows you to use a printer installed on your computer to send faxes). We had that with our Faxfinder, and I just really don't like client fax software when you can do it all through a web GUI. That may be a deal breaker.

I guess I could roll with G711u if I wanted but will have to give it some thought. Most of the "fax" numbers are higher volume outbound than inbound. But even so, none is that high when it comes to volume.

@scottalanmiller said:

@NetworkNerd said:

Here's something interesting about Intermedia. They do not support T.38. In the words of their channel manager, "In regards to T.38 Faxing…unfortunately Intermedia does not support T.38 faxing on our SIP trunks. We had tested T.38 for quite some time, but found the failure rate to be much higher than standard uncompressed g.711 codec, so we made a company decision to not support this protocol."

Could just be marketing spiel, but could be true, too. Very interesting information.

I was surprised by it a little because I thought T.38 would be better than G711u across the board.

Last Christmas my mother bought my daughter (now about to be 6) a Kindle Fire for kids. She loves the device for games and for watching tv, but the internal storage is only 8 GB with no way to expand. I know they have a newer Kindle Fire for Kids out there, but I have not decided if I want to get it for her.

The primary purpose is for watching tv shows here and there and playing educational games (approved by mom and dad first, of course). I got an e-mail from Barnes and Noble recently about some trade-in incentives toward a new Nook tablet. Take a look - http://nook.barnesandnoble.com/u/trade-in-your-nook/379004337?cds2Pid=49036. We could trade in the Kindle Fire she has now, our 1st gen iPad, and a Kindle e-reader I have but never use to get some cash off a new Nook. I don't know how we would get rid of these devices if we go with some other kind of tablet (i.e. the next generation Kindle Fire for Kids).

They have 3 different models, but I don't see why this wouldn't do the trick - http://nook.barnesandnoble.com/u/samsung-galaxy-tab-4-nook-tablet/379004262.

My concern is the app store. Does anyone out there use a Nook? Do you feel like the app store is comparable to that of Kindle's app store? Another concern is getting a protective case as nice as the one we got for the Kindle Fire for Kids. It is wonderful and very durable. I'd love to hear any feedback.

We were using Seagull Bartender v10.0 Automation Edition with a 30-printer license to print Epicor ERP system data on labels in our manufacturing shops. Our company intranet site writes a bt file into a specific location that is watched by Commander. The file gets converted to btp by Commander, and the label prints. Bartender was running on a Server 2012 VM (all components - Seagull License Server, Commander, and the Bartender Suite) and humming along with no issues. We use a mix of Seiko Smart Label 440 / 650, Zebra ZT 220, and Zebra ZP 450 printers throughout our shops (all connected to Windows 7 Pro computers via USB), and the server had been serving the label printing needs of 4 physical sites.

Our shop workers have told me things worked great before we made any changes.

Then, we acquired a new location. They are using Bartender also, but it's a later version of the software. My boss requested we upgrade to 10.1 SR 4 so we can use their label files and just adjust them slightly to pull in ERP data since we host Epicor here at HQ.

The upgrade was simple enough to do, but the after effects just plain stink. We began to see inconsistency in label printing reliability. The right file would get created for Commander to detect, it would be converted, but a label might print a few seconds later or 15 minutes later. Sometimes the label would not print at all and never get to the print queue of the workstation in question. We're getting this information from shop leads, and sometimes by the time we would test, all would be fine.

I contacted Seagull to get some recommendations on what to do to try and resolve this. We turned on all kinds of logging and found Bartender was throwing errors and creating dump files. This would happen once or more per hour (sometimes many dump files and sometimes only one). The error messages would look like this:

2015-11-03 00:46:04 6668 Error Miscellaneous OK BarTender Image Dump: Saved dump file to 'C:\ProgramData\Seagull\BarTender\Dump\BarTend_0151.dmp'

2015-11-03 00:46:20 6668 Error Miscellaneous OK BarTender Image Dump: Saved dump file to 'C:\ProgramData\Seagull\BarTender\Dump\BarTend_0152.dmp'

2015-11-03 00:48:29 6668 Error Miscellaneous OK BarTender Image Dump: Saved dump file to 'C:\ProgramData\Seagull\BarTender\Dump\BarTend_0153.dmp'

2015-11-03 00:48:55 6668 Error Miscellaneous OK BarTender Image Dump: Saved dump file to 'C:\ProgramData\Seagull\BarTender\Dump\BarTend_0154.dmp'

2015-11-03 00:51:29 6668 Error Miscellaneous OK BarTender Image Dump: Saved dump file to 'C:\ProgramData\Seagull\BarTender\Dump\BarTend_0155.dmp'

2015-11-03 00:51:47 6668 Error Miscellaneous OK BarTender Image Dump: Saved dump file to 'C:\ProgramData\Seagull\BarTender\Dump\BarTend_0156.dmp'

2015-11-03 00:56:44 6668 Error Miscellaneous OK BarTender Image Dump: Saved dump file to 'C:\ProgramData\Seagull\BarTender\Dump\BarTend_0157.dmp'

2015-11-03 00:57:10 6668 Error Miscellaneous OK BarTender Image Dump: Saved dump file to 'C:\ProgramData\Seagull\BarTender\Dump\BarTend_0158.dmp'

They recommended doing things like using only Seagull drivers for the Zebra printers, making sure we had no corrupt drivers on the servers or the workstations, re-installing Bartender on the same server with AV disabled, running Commander as an application and not a service, or possibly installing on a new server.

It's not a terribly complicated setup, so after documenting the configuration and backing up the VM, I deleted the VM and built a new Server 2012 VM from scratch. I patched it with all Windows updates and then installed the latest version of Bartender Automation Edition (10.1 SR4). I checked driver versions on every workstation, found some version mismatches, and resolved them so that all Seiko label printers of the same model were on the same driver version. I ripped off the Zebra drivers from every workstation that had them and used the Seagull drivers as recommended. Then I installed the necessary drivers and could print to every single printer by dropping a bt file in the right spot. I would watch the print queue on each workstation from print management on the Bartender server to make sure printing worked. I also setup a single dedicated user account as a local admin for folks to login to the server with to avoid processes running under multiple user accounts.

About 36 hours ago (around 11 PM Sunday night) the newly provisioned server went into production. Things worked well with minimal issues all day yesterday...until last night. I was told the same issues were happening again. I found out Bartender is still creating dump files with the same errors as shown above.

I thought I would crack open one of these in Visual Studio and see what is happening. It's a similar story every time (before the server rebuild and after it).

Has anyone seen something like this happen? We could roll back to the previous version with a good bit of leg work, but after investing the time and effort thus far I would really like to make the newest version work. Any advice is much appreciated.

We decided to pull the trigger with Intelepeer for the option to use G711u or T.38 for faxing. Well, there's that and the fact that they allow unlimited concurrent calls. We could easily scale our call volume for pennies (just pay for extra minutes of use).

I will also say SmartDeploy has released / will release a product called PointFlip that creates layers on your end user PCs, allowing you to install an application on a reference computer and then push that application install to another computer running PointFlip. I believe you can also use it to upgrade the OS of a machine from 7 to 8.1 or probably to 10 at some point. I did some beta testing for this product earlier in the year but ran out of time to test it as much as I wanted. But it looks like it will be something very useful. It might be worth a look also down the road.

I used to have that article bookmarked. Apparently it is time to edit the location for the bookmark.

We use Backblaze for Business and have for a couple of years now (the domain license that Aaron mentions). I had been using it at home on my wife's computer (2 internal drives and an external HD backed up for $50 per year) when I found out they had a business option. We have around 30 pcs in the account now, mostly C-level and outside sales computers on which you are most likely going to find local files of a very important nature. It definitely works really well, and I do like the alerts for when machines have not backed up in X number of days. You get a weekly alert for all computers in the account telling you the last backup of each machine, how much data may be left to backup based on change rates, etc.

The web portal for restores is easy to use. The only thing missing from Backblaze in my opinion is the ability to store file revisions as well as Crashplan does (allowing specific retention period for revisions to be backed up). That is why I like Crashplan better for some use cases (i.e. backing up the server with all of our enterprise software). I must say Backblaze has worked very well for us thus far based on our use case.

I am definitely curious about B2 like others here.

At the moment, our network is a hub and spoke design, and I have been wondering if this design is best based on what we are running.

Our company as a whole is a group of companies operating under different names but part of the same master company (same owner for all except one company that is co-owned by our owner and a 3rd party). The company continues to grow through acquisition, with IT being centralized in Fort Worth at HQ.

The main site and remote sites 1-7 are in the Dallas / Fort Worth metroplex. Remote sites 8-10 are in Mississippi. The sites in Mississippi may eventually need to be connected to each other. At the moment, all sites with an ASA 5505 are connected back to HQ via site-to-site VPNs. This approach has worked pretty well for the most part.

The limitation on ASA 5510s for site-to-site vpns is 10. If we continue to grow, we are going to outgrow our firewall gear. There is only one ISP connection at each site.

Main site - ASA 5510, 50/50 fiber (Charter Spectrum)
Two ESXi hosts located here that provide AD, Exchange, Sharepoint, file servers, web server, VMs for Engineering software, VPN access, ERP system, a Barracuda 410 appliance, PBX, security cameras, Veeam, etc.

Remote site 1 - ASA 5505, 10/10 fiber (Time Warner)
One ESXi host here that provides file servers and VMs for Engineering software to this site only, including a DC

Remote site 2 - ASA 5505, 10/10 fiber (Verizon)

Remote site 3 - ASA 5505, 35/5 coax (Time Warner) - site to be shut down in next six months (in the process of moving to site 4)

Remote site 4 - ASA 5505, 35/5 coax (Time Warner)
Soon to have an ESXi host for local storage, AD, and Engineering software VMs

Remote site 5 - ASA 5505, 50/5 coax (Charter Spectrum)
Security cameras

Remote site 6 - ASA 5505, single T1 (Vergent Communications) - site to be shut down in next 6 months

Remote site 7 - coming in early 2016 and is 2 miles from HQ, no ISP yet

Remote site 8 - ASA 5505, 15/3 coax (some communications company in Mississippi)

Remote site 9 - no connection to HQ (currently on DSL, ATT I think)

Remote site 10 - no connection to HQ (currently on DSL, ATT I think)

In the next six months we will go from 11 sites total to 9 sites total (including HQ). I'm looking to future proof our WAN so it makes getting new sites online easier. As you can see, we have a potpourri of ISPs since each site was turned up at a different time. We tend to shop around for a deal rather than trying to go with the same ISP everywhere.

Some folks connect their sites with MPLS, point-to-point connections through an ISP, or gear that can do site-to-site VPNs. With services becoming more and more distributed here, is the hub and spoke approach really going to be the best for us? Newer gear may not make connections between sites faster, but I think it would allow us to turn up new sites and get them connected to HQ or other sites if needed easier than the Cisco gear we have currently.

Routing and switching is an area where I could really improve. I normally have to contract new firewall setups to a 3rd party but can manage them pretty well once initially configured.

For those of you with many sites to manage, what made you decide between hub and spoke, partial mesh, and full mesh? And additionally, what made you decide between connecting the sites leveraging ISP connections or with your own routing gear? I'd love to hear some feedback from others on this.

@Dashrender said:

Zero LAN?

yeah for the OP, I was wondering if going to a cloud solution would be workable.

Moving to Azure AD requires all the endpoints to move to Windows 10, or ditch Windows altogether and move to Linux.

I don't know that Azure AD is feasible for us at the moment. Keep in mind we are a manufacturing company that often times needs to support legacy software which works with machines out in our shops. Windows 10 for everyone is not really an option just yet.

@scottalanmiller said:

I've got a couple of articles underway that talk about exactly or nearly this and the biggest thing that I have to ask is... is an extended LAN the right way to go in the future? The idea of the traditional LAN was having everything exposed to everything else because it makes things easy. But it also creates a lot of risk. Do you need to have all of your desktops talk to each other? Do you need a big LAN extended over VPN or MPLS links to each other? What are the actual resources being shared that you need to provide to the end users?

End users need e-mail, a place to store files, access to Sharepoint, access to our internal web server, access to the ERP system (whether connecting directly to it or via RDS), VOIP (centralized PBX), etc. There's not a great deal of printing from one site to another with the exception of using our Bartender server in conjunction with our webserver to print labels to kiosks out in the shops. We're using LogMeIn or RDP to manage machines at remote sites. We also use Spiceworks and have a remote collector at each location that pushes inventory data back to the central server at HQ (which can run over the WAN link and would not need site-to-site VPN with proper NAT and ACLs).

I forgot about AV. We have a central server with VIPRE installed. But we may be moving to Webroot this month (I hope) and can kill that one.

@JaredBusch said:

Open the entire UDP range above 1024? like WTF kind of generic shit is that?

To me, that right there is a red flag. This provider cannot be serious if they cannot provide specific port information.

I believe that you are running Elasitx? So that means you need 5060 inbound open for your phones by default and 10000-20000 for RTP.

So then it comes to what you need open for the SIP trunk. If it is a registered trunk, you do not need inbound 5060 open to the outside at all, because the trunk will make the outbound registration and the trunk should generally always send incoming call SIP info back on that existing connection. If it is not a registered trunk, then yeah you will need 5060 open to their IP.

The RTP again cannot be outside of 10000-20000 unless you have modified your Elastix install because Asterisk will not recognize anything else.

They did provide specifics. They said open UDP 1024 - 65535 for RTP traffic specifically but UDP 5060 for SIP.

Yes, we are running Elastix and tweaked the RTP range on the PBX to match 1024 - 65535 (recommended by their support team). It's not a registered trunk (just ip authentication).

I can literally create a new trunk in the Intelepeer portal and change my routing profile so that all traffic moves to the secondary trunk in the event my PBX tanks. I can change the routing profile at any time, create a trunk at any time, etc.

@art_of_shred said:

@NetworkNerd said:

@Minion-Queen said:

That's awesome! That will make things much easier.

They can do ip authentication (tie the trunk to a specific public ip) or the standard registration string (whichever you prefer).

I know Vitelity offers that now, too. When you authenticate via IP, it utilizes load balancing on their servers. If you just do registry string, once you lock to a server, it's final for the duration of that connection.

Some providers will even let you register multiple PBXs at once with their registration string (NexVortex).

Which version of E9 are you running? We ran 9.05.702A on VMs at the time (1 Server 2008 VM that ran SQL 2008, 1 Server 2003 VM that was an appserver for E9, and 1 Server 2003 VM running terminal server). All of those VMs were on the same ESXi host connected to the same vSwitch. With TS 2003, folks would have to RDP into the terminal server and run E9. At that time, from what I recall, running E9 via RDP to the terminal server was faster than running it locally, even at the site where the servers were. We also rebooted the terminal server every night to keep it running well.

I want to know more about the architecture of the servers themselves. Are these all VMs? Are they physical servers? And along the lines of what @scottalanmiller mentioned, are you having folks login to your terminal server via RDP to run the Epicor client, or are you using RemoteApp?

Is there some way the terminal server is getting saturated with network traffic and just cannot connect to the appserver as fast as local clients (i.e. some older network gear in between that may not be working as expected)?

Can the external sales force try installing the E9 client locally and connecting to the site where the appserver and database servers are via VPN client software to see how things go? While I understand TS seems better in this scenario, have you tried it with a couple of folks to see what happens?

We run E10.0.700.3 at the moment (1 Server 2012 VM that runs SQL 2012, 1 Server 2012 VM that runs the E10 appserver, and 1 Server 2012 VM that runs RemoteApp for the E10 client - all on the same ESXi host) and will likely move to E10.1 in the next few months. We actually found that at sites with low internet bandwidth, RemoteApp is a little slower than when the client is installed locally. One site running a T1 told us that, and we confirmed it to be the case. It may have had to do with the nice metro interface in E10. The sites with 35/5 coax or 10/10 fiber seem to run RemoteApp about the same as installing the client locally.

I actually heard someone say at Epicor Insights 2015 that Epicor 10 ran better when installed locally on client machines connecting over site-to-site VPN. We never really had to test that theory other than at the site with a T1 that I mention here.

I will say if you put the NEC in place in the last couple of years (which I thought I saw that you did), it may be possible to sell it on eBay or to some kind of firm that buys old PBXs to make up a little bit of money toward new handsets / something else. When we got rid of our Avaya IP Office 406 system in 2013 and moved to Elastix, a company bought all the hardware from us for around $1500 - $2000 if memory serves (including about 70 Avaya 5410 desk phones as well).

Compare the cost of the system to the money saved over a period of 2-3 years switching to a SIP provider and using some type of open source PBX. You may make that money up pretty quickly.

This is related to my thread from last year (http://community.spiceworks.com/topic/1204753-replacing-traditional-firewalls-with-utm-appliances-how-do-you-know-it-s-time?page=3&source=year-in-review).

We are quickly approaching the Cisco ASA 5510 limit to have 10 ipsec peers because we keep adding sites. And since the 5505s at our remote sites are headed to end of life, it could be time to look at replacements. Cisco devices work well if configured properly, but I am wondering if there might be something better out there that can do the job and provide some additional features. I realize there is a cost to get those features. Cisco has newer models, but I want to make sure I am considering other vendors as well.

I looked at Sophos UTMs and remember that they have some measure of web filtering included. That's certainly an option we will consider.

I'd love to hear from anyone out there who is using the Barracuda NG series firewalls. I recently saw a demo of them and was both intrigued and impressed. I may see if I can do an evaluation. We have a Barracuda 410 web filter appliance at HQ, and I would love to get rid of the ASA 5510 and the Barracuda appliance and replace it with a single device (perhaps a Barracuda NG series firewall). I would then look to get the NG series firewalls at our remote sites for the ability to easily provision site-to-site tunnels, to provide a measure of web filtering to each location (at the granularity we need - block specific domains or regular expressions by user, ip, etc.), and to make our client and site-to-site VPNs operate a bit faster. These firewalls also allow a deeper level of QoS than what we have. To some extent I know the client VPNs are dependent on internet speed and saturation levels, but I don't believe our client or site-to-site VPNs move as fast as they could.

For IDS / IPS, we are using Arctic Wolf, and they do a great job of providing an extra set of hands in the security department. That portion is not necessarily something we must have in a firewall / gateway device.

And i know Barracuda has stellar support. They have always been responsive and very helpful on support calls.

I'd love to hear thoughts on the Barracuda firewalls and their web filtering capabilities. What made you choose Barracuda for your firewall? What made you decide you needed only this device and no additional web filter?

@scottalanmiller said:

@NetworkNerd said:

To some extent I know the client VPNs are dependent on internet speed and saturation levels, but I don't believe our client or site-to-site VPNs move as fast as they could.

What you likely want there is inline compression, not something widely available. Riverbed is the leader for that.

I've heard of Silverpeak as a competitor in that space as well.

@johnhooks said:

@NetworkNerd said:

Unifi controller VM (servicing all sites) - 1 VM as controller for APs across all sites

This probably won't make a big difference at all, but could this be put on a hosted VM somewhere? That would at least alleviate restoring this VM if something happens.

Same with the Elastix server. At least in a DR scenario this would still be running.

They certainly could. Those are definitely good suggestions that take the heat off the infrastructure at HQ. I'll have to see what pricing is like to do that. Thanks.