RADIUS Profile in UNifi
NPS Connection Request Policies
APs are configured under RADIUS Clients with the Authentication password used on the RADIUS profile in the Unifi Controller.
Nothing to change here
**NPS Network Policy **
Under the Editing of the PEAP settings make sure to select your CA Certificate Authority
One would ask if any of those are needed today?
Functional separation I could see if you have two desperate networks but need to use a single ethernet fabric. I have that, my Guest WiFi has it's own firewall and own internet connection, yet we share the APs. it's on it's on VLAN with no routes between prod and guest.
But on the prod side, in a LANLess world, is that really needed? Of course, few of us likely actually have LANLess set ups.
Skimming through the LANLess explanation @travisdh1 posted a while back, I think we're somewhat a mashup of it and segmentation. Some of the VLANs in question are end-point only and as such the security isn't as tight as the ones that are used in the server-room / data center functions. If I were designing something from scratch, LANLess would certainly be something to consider, but since this is far from a new build, I doubt I could start to justify the headaches that changing VLANs and IP addressing would entail.
To come back around to my initial question, can anyone point me to any pros / cons with regards to having multiple instances of spanning tree given that we no longer have 2 devices acting as root bridges?
Netwrix works well. I know people that have purchased it and love it.
The product looks good, but from an IT perspective I don't like the licensing as it's on a per AD user model, (which IT has no control over) whereas ManageEngine is based on a per DC model which is much easier to manage.
Is there a reason IT should have control over that? All IT expenses are just business expenses anyway. Just make it a per-seat cost like other per-seat costs. You already have to pay for Windows, Office, CALs, and whatever else "per seat", it's just another line item for whoever is paying for those.
So why dig a deeper grave?
Why not lay out exactly what you are talking about, what you consider the option to be?
Because I'm not an IT buyer and don't just buy the first turn-key product with a pretty web interface I find. I can see the appeal, especially for a smb with no staff, or an MSP with no time. The thing is, for those solutions, you may end up doing and maintaining more in the end anyways. Not always, but depending on the environment and how it changes over time. Yeah, maybe a turn key solution is best, I don't know the environment at all, just one requirement, which is literally no need for third party product and can be completed in an hour, without needing much if any maintenance.
OK, maybe I mis-spoke. Nothing community / unsupported.
Oh, that's entirely different. No connection to open source there. Open source has more support, not less.
Community versions of commercial products definitely help find bugs. Support is generally well searchable and many people are knowledgeable about it since it is more widely used than paid versions. Being able to have a community product where you then add support and features to it, is ideal.
So, all kidding aside (about me becoming the boring thing) is there something that I'm overlooking or missing out on or have computers and OSs in general gotten really boring over the last few years? I used to recall getting interested in new features, a new distribution or a DE's latest release not so many years ago. Now it seems that things are more or less the same across the board... a boring game of IT theme and variation. Anyone else seeing the same thing(s) out there?
It's your age (as in experience). And the fact that the technology is becoming relatively mature.
It's natural to not feel enthusiasm when you see something similar for the 15th or 30th time.
If some completely new mind-boggling technology showed up, you'd probably feel like a kid again!
He should go play in the clouds ;)
Ouff, cloud..... being forced to play there but not exactly enthusiastic about the whole idea.... damn I'm starting to sound (and feel) like an old curmudgeon :P
Cloud DevOps is pretty damn cool. You can spin up complex and secure environments in automated fashion that IT people only dreamed about 15 years ago.
Cloud Infrastructure and Autoscaling is definitely interesting as well. You think differently about deploying servers and can easily restore things in a disaster.
Cloud DR is awesome.You could potentially have your entire infrastructure in warm storage that you can deploy very quickly, and only pay storage costs.
Cloud Security is all whitelist only and is very granular. Cloud is much more secure than on-prem in most cases
Yeah, further troubleshooting shows that DMZ1 can't initiate communication to anything that's on the other side of the FG. Will be testing against stuff in the management subnet tomorrow. Also going to try enabling asymmetric routing as a short-term test. Otherwise it's going to have to be an all-at-once move, which we were hoping to avoid.
Thanks to all for the suggestions and just for a place to get this out of my head and somewhat organised.
@DustinB3403 Going through the 7.1 version of the same thing right now. Not much is making it through this sinus headache / migraine though.... Maybe another coffee will help. From what I see on the XCP-ng forum they're trying to move away from the notion of supplemental packs in favor of standard rpms.
Yup, because SPs are essentially private, where as the entire XCP-ng project is FOSS. It makes it way easier to just run yum install <something> and keep it all updated with the yum upgrade
Makes perfect sense for the XCP-ng project, but playing with yum and adding repos would put our hosts in an unsupported state with Citrix. Other way I might be able to do this is some sort of query over SSH from a linux machine to the bare-metal (Dell idrac) and / or the XenServer install. FusionInventory does wonders with SNMP for network devices and printers but I haven't seen anything that applies to my setup.
You'll have to build an SP, and use that to ensure you can maintain your support from Citrix. Nothing else would fly with them.