@eleceng said in WSUS Location:
Should WSUS be a separate server / VM or added as a role on one of the 2 domain controllers?
What's best practice, experience?
Best practice is that your DC is never anything other than a DC 
Realistically this is rarely possible, but I personally would never combine WSUS with a DC. Regardless of where you put it, make sure to automate the maintenance scripts from Microsoft's own care and feeding instructions.
@gjacobse said in I can't even:
@dustinb3403 said in I can't even:
Taking from a previous post I made about a certain piece of equipment, I've just learned that the equipment must run Windows 7... because of course it does for legacy hardware.
(Nuclear Eye Roll)
So know that pain. State Unemployment app was like that for scanning... Pain ITA.
I see your state unemployment app and raise you old-ass manufacturing equipment.... XP + serial ports... luckily it didn't fall to me to try to convince it to work on something newer, but still. one of the other guys was trying to get virtualized XP to talk nice to the gear with serial pass-through from vbox and couldn't convince things to play ball
@gjacobse said in I can't even:
Users who can't do a proper shut down or restart of their computer. And then complaining that it's dog in winter slow.
Uptime was 22days (not the worst I've seen). Disk and Memory were at 100% usage before restart.....
With the W10 fast-boot / hybrid shutdown I've seen last boot times upwards of 9 months and a year on some machines.
@dustinb3403 said in Backup Solution for XenServer:
@jon-chris said in Backup Solution for XenServer:
@dustinb3403
Sorry, I did not get my question clear.
I am using XCP-ng Hypervisor and hoping to get a backup solution combining backup with management. Any good advice?Yes, xen orchestra like @Danp recommended.
Edit as I didn't add it last night you can use my github process to install the Open Source edition without having to do much of anything, follow this link.
Make sure to do the install and the update for the extra features
@pete-s said in Experience with Supermicro Microcloud servers?:
@notverypunny said in Experience with Supermicro Microcloud servers?:
Based on experience with what appears to be re-branded SuperMicro stuff I'lm not a fan. I can't speak to your option specifically but they've been nowhere near as reliable as anything we've gotten from Dell.
That doesn't sound good for sure. Was it any kind of blade or just regular servers?
Do you remember the brand?
A backup appliance from a vendor who shall remain nameless
Also some blade-style appliances for a hyperconverged plaform who shall also remain nameless.
Based on experience with what appears to be re-branded SuperMicro stuff I'lm not a fan. I can't speak to your option specifically but they've been nowhere near as reliable as anything we've gotten from Dell.
Might be worthwhile checking to see if there's something already available within your payroll or HR software. Just to avoid re-inventing something that you might already have.
@jaredbusch If I was still at work I'd quiz our HW guru, but I think your answer is somewhere in here: https://www.velocitymicro.com/blog/nvme-vs-m-2-vs-sata-whats-the-difference/
IIRC the nvme and SATA M2 drives don't have the exact same connectors
@dustinb3403 said in Hardware Management Solutions:
@notverypunny said in Hardware Management Solutions:
@dustinb3403 How severe is the data isolation requirement? From a view / workflow / alerting standpoint things can be broken out by client / site etc with maps and / or dashboards but yeah, most of the centralized logger / ticketing / MSP / rmm-y type solutions will use a common database behind the scenes. From a data isolation standpoint, if you've got multiple clients and sites pushing to a common email address there's the same potential for data intermingling in that common repository as a shared database.... Just some food for thought.
It's a semi-quazy requirement that the data at least be separated into their own "customer". While overlap is expected, I can't have system Y from one customer populate details or mix with Customer B.
That shouldn't be possible.... I'll hope that someone else can chime in, but since each host in Zabbix has a discrete configuration I would expect that even if there are overlapping IP ranges there shouldn't be any way for cross-contamination.
@jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:
@notverypunny said in Routing from LAN/Sonicwall to Comcast DHCP Client:
Have you got the appropriate rules in place to allow WAN > LAN as well as the NAT rules on the Comcast CPE? Can you get to the webserver from another connection? Keep in mind that since you're using the public IP it's got to be configured and managed as an independent, internet-facing service. Are all 3 devices (the 2 SW and the Comcast CPE) on the same connection and the IPs part of the same subnet or are we dealing with multiple discrete ISP lines? There's lots of room for incorrect assumptions to be made with the info you've provided. If possible, I'd put everything on one device, preferably the strongest of the 2 SW units and manage everything that way.
I have rules in the Sonicwall to allow from 10.1.10.x to 192.168.1.x, even though they are not required. (The traffic is initiated by the device on the 192.168.1.x LAN network)
No NAT rules on the Comcast CPE. It shouldn't be needed because I am not trying to use the CPE public IP address as a destination, only as a gateway.
Yes, all three are the same. The two SWs are plugged into the CPE.
CPE = xx.xx.xx.98
SW1 = xx.xx.xx.97
SW2 = xx.xx.xx.96Only one ISP in the mix.
So this is what your setup looks like?
I'm not sure, but I wouldn't be surprised if the SW simply goes bork trying to deal with private IP ranges on a port that you've designated as a WAN.
Still puzzled as to why you've got 3 edge devices...
@dustinb3403 How severe is the data isolation requirement? From a view / workflow / alerting standpoint things can be broken out by client / site etc with maps and / or dashboards but yeah, most of the centralized logger / ticketing / MSP / rmm-y type solutions will use a common database behind the scenes. From a data isolation standpoint, if you've got multiple clients and sites pushing to a common email address there's the same potential for data intermingling in that common repository as a shared database.... Just some food for thought.
Have you got the appropriate rules in place to allow WAN > LAN as well as the NAT rules on the Comcast CPE? Can you get to the webserver from another connection? Keep in mind that since you're using the public IP it's got to be configured and managed as an independent, internet-facing service. Are all 3 devices (the 2 SW and the Comcast CPE) on the same connection and the IPs part of the same subnet or are we dealing with multiple discrete ISP lines? There's lots of room for incorrect assumptions to be made with the info you've provided. If possible, I'd put everything on one device, preferably the strongest of the 2 SW units and manage everything that way.
@dustinb3403 said in Hardware Management Solutions:
@notverypunny said in Hardware Management Solutions:
@dustinb3403 said in Hardware Management Solutions:
@notverypunny yeah I thought about that, but for my specific need it may not work.
Too bad. Technical reasons or "political" reasons if you don't mind my asking?
Technical
So, since I'm too full of steak and potatoes to be productive around the house.... You know the crowd and we're always more than willing to try to figure out a way around a technical challenge.... Just trying to figure out what would be easier from a technical standpoint with a commercial / proprietary solution vs Zabbix... I have to admit that I've got 0 experience or knowledge with regards to the HP ILO, but assuming that it's similar in implementation and functions to the Dell iDRAC your options are probably to have the boxes actively shipping logs and alerts to something, have something polling the box and collecting data or a combination of the 2..... Worked for a short spell doing support and monitoring using one of the HPE solutions, can't recall which but it was a clunky SOB from a user standpoint, I can only imagine what it must have been like to configure and admin.... So yeah... feed us details and we'll see what happens
@krzykat said in Looking to learn/research MeshCentral:
@notverypunny
I'm curious on this as well. We have used MC successfully and now want to add TacticalRMM ... what is the advantages of having them seperate versus being on the same box? Don't like the idea of redoing all the existing MC clients, but if it makes things better, fine.
For your scenario it you really shouldn't have to re-do a deployment, IIRC you're in the same situation as @scottalanmiller (Mesh deployed and then adding TacticalRMM after). I got the go-ahead to give Tactical a try in our enterprise environment as a compliment or possible replacement to parts of our existing tool-stack / workflow so I'm not quite in the same situation from the jumping off point. I've got a mix of machines deployed and really like what I'm seeing so far.
@scottalanmiller said in Looking to learn/research MeshCentral:
@notverypunny said in Looking to learn/research MeshCentral:
@stuartjordan said in Looking to learn/research MeshCentral:
Tatical RMM integrates with meshcentral as well apparently. Although I've only tried the demo but looks promising. https://github.com/wh1te909/tacticalrmm
Doesn't just integrate, mesh now appears to be an integral part. Stood up a tactical server and it automatically installed and configured a mesh instance. Have to say that I'm pretty impressed with things so far.
It does that, but if you do that you get less flexibility. We run our own MC instance and our own Tactical instance and connect the two.
Hey Scott, can you elaborate on the increased flexibility? I have to admit that I'm not familiar enough with either product to see what the advantages of different deployment models could be.
@stuartjordan said in Looking to learn/research MeshCentral:
Tatical RMM integrates with meshcentral as well apparently. Although I've only tried the demo but looks promising. https://github.com/wh1te909/tacticalrmm
Doesn't just integrate, mesh now appears to be an integral part. Stood up a tactical server and it automatically installed and configured a mesh instance. Have to say that I'm pretty impressed with things so far.
@dustinb3403 said in Hardware Management Solutions:
@notverypunny yeah I thought about that, but for my specific need it may not work.
Too bad. Technical reasons or "political" reasons if you don't mind my asking?
Shoot from the hip answer is Zabbix... lots of plugins and config options. Could probably have a PI or NUC as a proxy / collector at each site or have the devices setup for active monitoring (if supported).
Don't have any HP servers to test with but the Zabbix site appears to have official templates for HPE gear.
@dustinb3403 said in RMM Service:
@fateknollogee said in RMM Service:
@dustinb3403 said in RMM Service:
@fateknollogee said in RMM Service:
@dustinb3403 said in RMM Service:
@fateknollogee said in RMM Service:
@dustinb3403 said in RMM Service:
@fateknollogee said in RMM Service:
Does the patch management in Tactical work or are those buttons just placeholders?
It works. On the demo it appears to be disabled
Have you actually tried it?
Yes I set it up in my lab and used it on some equipment/vms without issue.
I meant have you tried the patch management function?
Yes.
And the machines got patched?
Mine isn't working, that's why I'm asking.Yeah mine did.
Ditto. Just have to invoke the scan or setup some automation
Started playing with this at work. Our existing toolset is too legacy-minded for the current covid reality. So far I'm very impressed. I'd like to have more granular permissions options (like allowing users access to workstations but blocked on servers) but it's not a deal-breaker.
