Sounds as though your users have gotten used to using the slower pipe.

Two might be just fine. Keep your options open by buying the ability to get a third pipe in. So if the users suddenly see all this bandwidth, they might start getting sassy and slurp down shit, plugging in their own equipment and doing crazy crap. You might also start needing that much more bandwidth, start using O365, Sharepoint, and all kinds of cloud storage. You might get another site fired up, and those few users at the remote site will need to share ~13Mbps upstream with each other. Your also need to determine if you need HA at some point, adding another DSL pipe would let in some bit of redundancy.

If you are going like for like, yes, with your plan now it should be fine. But since these are usually two to three year contracts, start future proofing yourself now. Look longterm, but don't go bleeding edge.

As for a 100Mbps DSL loop, totally possible. AT&T's U-Verse Gigapower is VDSL2+, but the loop has to be super short, so lots of it is new construction areas with fiber to the VRAD and 1000' loops to the locations. CenturyLink is offering a 100Mbps DSL pipe over a pair bonded VDSL implementation, but I don't believe they are offering symmetrical loops.

Well then, buy three pipes each site, get some 380s and watch some serious speed go through them.

Usage is gonna go up considerably versus what you saw before with the different sites. Remember all those goons are now gonna be concentrated to a single site. Where one user slurping YouTube wasn't a problem before, they are all now together and slurping down YouTube, making things horrible.

Two 50/10 pipes each site for VPN connections and mission critical data, schlep interwebs over to the low bandwidth pipe. So what if they can't stream audio and get their cat pictures as fast as home?

@Dashrender said:

My current situation is:
Main location with SonicWall 2400 and internet pipe 10/10
There are 4 site to site VPN tunnels to our remote locations. user VPN tunnels are created at night to this location as well, max 12, but normal would be 2.

The remote locations each have a SonicWall T210 with internet 15/3.

I would bring in two pipes to each of the remote locations, maybe grab a cheap one from the local ILEC. At the main location, bring in three large pipes. The main problem here is that there isn't much upload on those el-cheapo pipes. Then use the Peplink with their Speedfusion VPN bonding to get the tunnels to use the entire range of the pipes.

Main site the sweet spot would probably be the 380, remote sites could use One's since they are not needing some of the other stuff except Speedfusion.

Using two firewalls like this is like using two condoms. One of them is gonna break.

This is the kind of thinking that morons who install two AV products "to watch the other one" do.

Simplify yo' shit!

@Dashrender said:

I really need a device that can handle 400 Mbps for my 50-500 users when my pipe is only 10 Mbps?

You can safely ignore the number of users. If they are just farting around on text websites, you could have thousands of users on a 10Mbps pipe. If you have one idiot slurping down YouTube, then 10Mbps wouldn't be enough.

The number you need to pay attention to is the max speed. I have a Peplink 300 sitting on a shelf at the house. It can handle ~20Mbps between three pipes, no more. It hard caps at that level, so Peplink's numbers are very much the highest that you can go.

Don't short sell on your router now because you don't see things increasing. Especially with cheap commodity cable pipes, they change underlying technology all the time. DOCSIS3.1 is around the corner, with 16 channel bonding to bring you 500Mbps. TWC in my neck of the woods upgraded everyone with a DOCSIS3 modem to 100Mbps if they were setup for the 50Mbps profile. This was the main reason I had to drop my RV042, because it couldn't handle more than 75Mbps. With my 24Mbps U-Verse line, the box was screaming in agony. The pfSense setup I got now can handle lots of bandwidth, almost line speed. But if I had the money, I would be picking me up another Peplink.

@JaredBusch said:

@scottalanmiller said:

And remember the time period that we are talking, HDSL, for example, had products on the market in 1993 and was ratified in 1994 and was up to 2Mb/s up. That's a long time ago.

Those services were NOT on the market anywhere in 2000. Let alone in 1994.

Your times are off as well.

G.HDSL was sold by Verizon ~2002, a little earlier if I recall. I bought one because I wanted faster upload speed versus the frame relay ADSL that was prevalent in VZ West aka GTE. They also ran very hot ATM based g.lite service at the time, but I couldn't flip to it because there wasn't a DSLAM available for me to hop into. I could get close to 768K up with ADSL, G.HDSL gave me a solid 2Mbps. Of course, I was one of the beta testers in DeKalb, IL for GTE's ADSL product at the time in 1997. Holy shit it was cool to have 256Kbps/64Kbps at the time. When I moved to Dallas, I was third on the list to get GTE's ADSL in the town it rolled out to first in 1998. Guy who put it in took a day to get things right, with me testing as well on the loop.

SBC didn't bother with lots of that stuff, only for hi-cap, where they been using SDSL and/or HDSL for a long time. CLECs on the other hand in MOKAT, PacBell, and especially Ameritech, went nuts on crazy bandwidth.

Best bet, use Peplink.

http://www.peplink.com/products/balance/model-comparison/

Their shit just works. And the VPN component is pretty fuckin' sweet if you have multiple sites.

I currently use a pfSense router on my ESXi box to run both a TWC pipe and an AT&T U-Verse pipe into the house. It serves its purpose fairly well. I was using a Mikrotik router for that stuff before, but it wouldn't do the load balancing the way I was wanting it to go.

@scottalanmiller said:

The "locked in the garage" incident, which I should say that the police stopped me and deemed me to be fine, involved something like....
Each FDP is a full sized 16oz beer, plus a shot of liqueur and Bacardi 151 on top. So quite a bit more than a single "shot" value.

It's actually about 8oz. They are served in 12oz glasses about half full. And Lone Star generally runs about 4.5%ABV

They aint lightweight by any means with the Bacardi.

http://www.cisco.com/c/en/us/support/docs/wan/t1-e1-t3-e3/14171-T1-error.html

"Path code violations are frame synchronization errors for SF, and cyclic redundancy check (CRC) errors for ESF. Path code violations and line code violations are typically present simultaneously. Always verify that your line coding is correct. "

Shouldn't be getting one without the other. My method is still correct, check line, check smartjack, check CPE. An MLT takes about 5 minutes, remote smartjack check on something like an Adtran should take another 5. Then it's just checking the CPE for any modifications, frame type, clock drift, etc. etc. I would assume that you have documented info and change revisions listed somewhere.

We have a guideline for a secured host, be it Windows or Linux. On our stuff we deploy our images, we have processes for others. We don't have one for CentOS 7, mostly because we are not deploying it yet.

They can be either. The only time you care about them is when they increment up. I once had an ATM circuit increment OAM frame errors in the 10K a second, guy was complaining about slow speed.

Only way to find out which is which is to perform testing from the telco side. Lock the port, run an MLT, see what happens. Then test the smartjack for errors. Then look at CPE.

name : WSUS Administration
id : 335135760
state : Started
physicalPath : C:\Program Files\Update Services\WebServices\Root
Bindings : https :8531: sslFlags=0;http :8530:
LogFile : %SystemDrive%\inetpub\logs\LogFiles
attributes : name=WSUS Administration;id=335135760;serverAutoStart=True;state=1
PSComputerName : YOU GET NO SERVER NAME
RunspaceId : efe0ac55-5847-4e71-8549-1c6b6ebaf828

Runs and get output, don't know what you need from it though.

@scottalanmiller said:

Terremark appears to be gone and they don't appear to have a public IaaS offering. If you need a sales rep to use a $5 service, you've got major issues.

http://vcloudexpress.terremark.com/

There's your self serve portal.

@scottalanmiller said:

@PSX_Defector said:

Verizon Terremark.

Definitely not a player by any stretch for the SMB market. I've never seen a good IT shop in the enterprise that entertained them at all. They seem to be the domain of the "sales people bought you a golf club membership" set and not "IT selected best option for the company" set.

Considering that they have tons of SMBs using the cloud service, a chunk using managed services, and a boatload using colo, I would think SMBs are well represented in the environment.

Verizon is an ISP, so that alone would put them on a very scary list. Not completely eliminate them from consideration, but Verizon's track record as Verizon is enough to make Terremark a complete no go for sure. Verizon is not a company I would want in charge of my infrastructure. That's a very scary thought.

This is something that really clouds the industry.

Verizon is not Verizon but is Verizon. Wireless is different than wireline which is different from long haul backbone traffic which is different from residental ISP. Maybe it's one umbrella, but they are very different divisions. You wouldn't fault GE for making poor products under one division when they make some fine stuff in others.

It's like when my boss wanted me to combine our AT&T bills into one big bill. You can't combine hi-cap lines with POTS and cellular. They are very different divisions.

For a all around service, I think you forgot about one provider there Scott. They have been around since the late 90s, own some of the largest datacenters in the US, and have seriously rock solid equipment behind it.

Verizon Terremark.

They provide a complete solution to everything, from colo, managed OS, VPS, to SaaS, VDR, and even lowly DNS services. They are a one stop shop for anything you need.

Mind you, I wouldn't be over there because of reasons, and I would prefer that you come to my new employer, but as compared to the others you listed, they offer the best of all worlds.

Now, if you need security, compliance, flat out speed and don't mind paying a few bucks for it, let me know.

You do know you are ripping off Microsoft's logo right?

@scottalanmiller said:

Yes, 1099 I would understand, as that is not a form of employment but is the tax paperwork for a corp2corp contract.

Not to say that there couldn't be a W2 "contract worker", but seems to be counterintuitive to offer a contract that way, both for employer and employee. Which dovetails back into the main point I was going for before this train derailed, consideration.

If I was offered an at-will W2 employee position, with benefits, 401(k), time off, etc. etc., what would the consideration be for signing a non-compete? The prestige of working for someone? Now, if the going rate for the job was plenty more than other comparable positions, that would be consideration in that regards. Hence why on the face some of the non-competes are unenforceable. In our Jimmy John's example, if one were to fight it, there is nothing proprietary nor magic about making a sammich. When someone can go "sudo @Dominica make me a sammich" that is not a trade secret and couldn't be protected by making an employee sign a non-compete because he is gonna take his talents to Subway. Since the amount of money isn't significantly more (plenty of indication that it's less than market rate working for that prick) then what consideration was given to the employee to compensate them for their inability to work in the industry? On the face of it, they appear to be unenforceable.

@thecreativeone91 said:

@PSX_Defector said:

It cuts both ways. If an employer can fire you for no reason, an employee can leave for no reason.

But that's not in at-will employment law, some people think it is. That right comes from not having an employment contract. In VA we are at will but, if you have an contract you don't have the right to quit until the contract is expired.. they still can fire or terminate you.

Contract work is different, just as if I had a union contract. Yes, if I had a contract I couldn't just up and quit, not without suffering the remedies the contract has. The company also faces liability if they up and "fire" you, as they would also suffer the remedies the contract had. Unless you are dumb and negotiated a contract where they can fire you without cause, slap a non-compete for the entire world, and make it so you have to pay the contract back in full if you quit.

If I agree to work for a company without a formal contract, I am at-will. If I work for a company with a formal contract, I am a commodity. An apple can't quit the grocery store.

There are different kinds of employment, at-will is what people would consider a "job". I apply for the job, get interviewed, then start working for them. There is no formal agreement of when I start or when I am done working there, just they offer a job and I get money certain times of the month for it. They pay me out of an account identified as "payroll" and is reported to the various tax agencies and government bric-a-brac. A "contract" worker is usually (not even delving into the usual 1099 abuses from people) hired for a set of tasks or jobs that has a start and end date. I am not paid out of payroll but out of capex. I have a document that says what I will do, what I don't do. I am no different than the guy they buy their widgets from. I am just selling my labor.

@thecreativeone91 said:

@PSX_Defector said:

Me leaving a job is an at-will situation.

Not sure which state's laws you are referring to but, here it is not. at will in no way protects your right to leave a job. It just protects the employers right to fire you.

It cuts both ways. If an employer can fire you for no reason, an employee can leave for no reason. There is professional decorum that comes into play, like two weeks notice and such, but if I got a job offer tomorrow I have no legal obligation to my employer to tell them anything in an at-will situation.

Without a contract stating otherwise, it's pretty much like that everywhere. There is the implied things Scott was talking about, but not like what happens in Montana. There is the only true non-at-will employment situation in the United States.

@scottalanmiller said:

Actually California, like eleven other states, have clauses to make that specifically difficult for an employer to do just that. You have to have a cause for letting them go. It's the good faith clause.

Not codified in law like Montana. An implied consent doesn't equal a protection codified. But one can still fire for no reason or cause. You just have to be much more on the ball and know the game well to keep it from coming back on you.

And that's not to say that I can't just change the rules mid-stream. If I hired a Packers fan, then changed the rules in the office, they either can suck it up and root for someone else or leave.

It's like union employees. People think they can't be fired. My friend used to do it all the time at AT&T, so well that my CWA steward friends knew about him. You have to have your ducks in a row, know your contracts and ensure that folks are lined up properly to be spanked. Hasn't had a single one come back yet.