@Pete-S said in What do you use as an identity provider?:

You mean if you paid for M365 then you're already using Azure AD as your identity provider in which case JumpCloud serves no purpose?

For one thing, Azure AD is lacking connectors for normal things like Linux desktops. Doesn't even WORK in our environment or most of our customers, almost none. At most it works for SOME workloads.

@WrCombs said in vLANs random question.:

Claiming its more secure, reduced PCI Questionaire (which I dont see how it reduced the questionaire), but they've been told it's possible - which I agree it is, but I still dont get why.

If the two can talk to each other, the PCI exposure spreads between them.

@siringo said in Migrating to xxxxx:

If you get hit by a bus, will the setup be able to be supported by your replacement?

This is a great example of why you want to use things like Salt or Ansible, in fact. If you use industry best tools, you are vastly more likely to end up hiring qualified shops at low cost to do the job. If you run AD, there is a really high chance that a VAR or an inexperienced person that you can't identify as being clueless will get hired because AD is so well "known" and meant to look so easy that anyone can walk off the street and say that they can do it without really knowing anything about it.

There's a lot of "reading in" to these kinds of questions that I think need discussing.

Some key things to consider:

• No one should be in a position of a replacement being found AFTER they are hit by a bus. The replacement or failover position has to be there all along as it has to be part of a business workflow. That's how sick days, vacation, holidays, peer review and more is handled. So that position should already be trained and ready and involved. And I mean always. If you are big enough to hire IT, you are big enough to hire it well. No one can't afford to make money. Good IT is cheaper than bad IT. Even a tiny one person company can afford this. No viable business has any issue covering this cost at all. It's so minimal. I guarantee any company saying that they can't afford this is already spending way, way too much and is throwing away more on IT than it would cost to do things well.
• No environment within this reasonable range should have internal IT, it should be a firm. You can have one man firms, but realistically, you should never hire them unless they are part of a support group. Your IT outsourcer should always have the "hit by a bus" stuff covered for you, that's a huge part of their value. This is, again, so cheap that there is no business that can't afford it. It's cheaper than any other approach.
• No quality industry tools have any shortage of people to support them. None. There is not "can't find someone so we have to pick this inferior tool because it has more support". That's a message that unscrupulous MSPs pushing cookie cutter script reading techs have made into a mantra to trick business people into believing in order to push less than ideal, high cost solutions and lock customers into their services. But it doesn't hold water. I know people on here (not you, but people have) claim that there aren't an excess of skilled IT people on the market, but they are intentionally not hiring them and burying their heads to say that. High quality IT can handle extreme work loads and there is no shortage. No company, anywhere in the world, needs to worry about a lack of skills. The only concern is not hiring good IT and being stuck with IT extorting the business to adapt to IT, rather than IT to adapt to the business. Any IT department or team worth its salt will be constantly adapting to meet business demands, that's its job. That's its value. If someone is a good AD admin and understands that stuff, they can learn SALT in a weekend. Skills aren't an issue in hiring, aptitude is.

So the easy answer is... this point is moot. These aren't quirky one off tools, they aren't a unique paradigm that only some peoples' brains can understand (like functional programming), they are simple, standard components of IT that anyone calling themselves a system admin should be able to learn when necessary quite quickly and any IT department should be ready to take on and any IT outsourcer should be using or ready to use. If your company can't handle this with its resources, you've got other things to fix. Hiding issues by buying products to cover up a lack of IT agility is the start of a very bad IT process that will ultimately create great risk and cost.

The hard answer is... I truly believe it is vastly (and I mean VASTLY) easier in the real world to find and hire qualified, skilled people when you require more "advanced" or less common skills where the market isn't flooded with unskilled people who claim that they know the skill. AD and Windows carry a lot of risk from this, sadly. That's one of the reasons I always want to see Windows administered purely from PowerShell or Ansible or similar - because it eliminates the people who are just pretending. It's also more efficient and repeatable and easier to document. Just do that one thing, take away the crutches that make Windows and AD feel so simple, and the same tools will suddenly become so much better.

The job world is flooded with people who claim that they can admin Windows and can move around a GUI and can memorize cert answers. Those that know PowerShell are few and are between and, of course, you can get a terrible idiot that just happens to know PowerShell... but by forcing that (or using Linux or making someone use Ansible) you automatically eliminate 99% or more of the fakers who dont' know what they are doing and you make the process of selecting a candidate much safer and easier.

Now people will say "but there aren't very many people that can do that, that's risky". It's true that there are far, far fewer skilled admins than unskilled admins, sure. But you should never want to hire one of the unskilled ones, and there's not a shortage of skilled ones. So while there aren't as many in relative numbers, it's an irrelevant statement. There aren't as many skilled admins as there are McDonald's cashiers either, but that doesn't mean we want to hire a cashier instead of a qualified admin. It's a statement meant to make us emotionally feel that unqualified people might be better than qualified ones, but when you actually think about it, it's a red herring (shot!)

There is a world full of qualified admins and qualified IT shops that are ready to handle this task. If you make it hard for the "fluff" of the industry to apply for the job, you'll actually find a replacement really easy to find.

And in the real world, there are plenty of people on this thread that could do this, that no real world number of companies that you will ever encounter won't be able to leverage this specific pool, let alone the universal pool, of that talent.

@siringo said in Migrating to xxxxx:

But how do you/we get around the problem of an interview panel asking " so how much experience do you have with Ansible, Salt, AD etc"

In this case, YOU are the panel. Don't ask those questions. This means the panel isn't qualified to hire someone in IT and/or isn't bothering to do their job. Either hold them accountable or get someone else to do it.

I had this conversation this week on LinkedIn actually.

This is a great question, but it is really important to frame its context. Because basically what we end up doing is this.... we make bad IT decisions with the anticipation that our company will also do a bad job at managing the company, and will hire bad IT, so we give them bad solutions that feel like maybe bad IT will be able to handle it.

Every step of that process is bad. It's a bad approach. Maybe your company IS bad, but if it is, you can't fix that. But don't be the problem, be the solution. If they screw it up after you are gone, that's 100% their problem. If you give them a bad solution believing that they are screw ups or can't be helped, that's your problem. Don't make it your problem, make it theirs. Leave them with the tools to do things well. If they choose not to, there was never anything that you could have done about it.

Basically, never use politics as an excuse to do IT badly. To IT well and ensure that true blame can never fall to you. Bad companies will always be bad. Just don't add to the problem.

however, even if they did ask this question, going to less common tech will still make them more likely to get reasonable results from a bad process. Using AD sets them up for the worst likely results.

@brandon220 said in Proxmox in 2022:

The vendor is pushing harder than ever to purchase the full VMWare suite and is clearly not taking NO for an answer. We finally got our point across.

And that vendor is still your vendor? Why?

Not familiar with Wix at all, I'm afraid. They don't have a good reputation. The new GeoCities.

@Fredtx said in Multiple Tombstoned DC's:

I was thinking of having a Hub And Spoke topology to our main site, especially with the fact that our main site handles radius authentication for all the branch offices.

Definitely helps, but the fundamentally flawed network design is still the core issue.

@Pete-S said in So You Lost Your ERP MSP?:

In nature the normal state of things are decay. In business it's the same and it requires lots of effort and constant work to keep things from decaying.

It's a lot of decay for ONE WEEK!

@Pete-S said in Proxmox in 2022:

Proxmox works but we prefer xcp-ng.

Virtualization itself is a commodity so it's the tools around it that matters most. We have many hosts and xcp-ng is the best fit for our needs.

What's amazing is that even when it has become a commodity, VMware has failed to make it feel that way. It still feels like it has all the problems of a one off, special case product that the never managed to polish.

Fedora 36 is out. Assuming you are already on Fedora 35, below are the commands to quickly and easily update! If you aren't on 35, update to 35 first.

sudo dnf install dnf-plugin-system-upgrade

sudo dnf --refresh upgrade

sudo dnf system-upgrade download --releasever=36

sudo dnf system-upgrade reboot

After the last step, follow the directions to reboot and voila.

@pmoncho said in SIP Extension for Maintenance Staff in Noisy Environment:

@scottalanmiller said in SIP Extension for Maintenance Staff in Noisy Environment:

@pmoncho said in SIP Extension for Maintenance Staff in Noisy Environment:

@JaredBusch said in SIP Extension for Maintenance Staff in Noisy Environment:

I have one of these.
https://www.amazon.com/Sennheiser-SDW-5066-507024-Double-Sided/dp/B07P68C84D

The noise cancellation works really good. I don't know about factory floor good, but real good.

Do you find the (roughly) 500' range to be accurate? I only need 100' but with a few walls in between.

Walls hit Bluetooth pretty hard.

Yeah. The Jabra and Plantronics headsets I have states 200' but the two walls kill it in about 30'. UGH. I have to transfer call to cell when I need to go to the another part of the office.

BT is mostly designed around walking around a room, not between rooms. In an open air house I can normally walk around a living room, kitchen, dining room kind of area, but that's about the extent of it in most cases.

@Mr-Jones said in Website down, but only for organization Network:

Would a PHP error cause this? That's the only thing I can think of, as I was editing some conditional logic on the website yesterday morning, but I'm failing to see the correlation given the context of the issue. I feel like if the site had funky PHP, that would take the site down for everyone.

The right kind of PHP error could definitely cause this.

@syko24 said in ONLYOFFICE has released ONLYOFFICE Docs version 7.1.:

OnlyOffice is a pretty nice alternative to MS Office. If they had an email client that would definitely be a huge plus for their product.

An email client? When would that be useful? All business email products have their own clients when needed and use web interfaces for most things (including offline handling.) Generally email clients as standalone things aren't considered a good thing (think the disaster that is Outlook.) I think no one offers one because no one should want it.

What are you looking to do with an email client? What's the use case?

I know lots of people still use Outlook because users are addicted to it. But if you are going to leave Outlook, you'd not move them to another fat client, but to the modern interfaces everyone offers.

@syko24 said in ONLYOFFICE has released ONLYOFFICE Docs version 7.1.:

@travisdh1 said in ONLYOFFICE has released ONLYOFFICE Docs version 7.1.:

@scottalanmiller said in ONLYOFFICE has released ONLYOFFICE Docs version 7.1.:

@syko24 said in ONLYOFFICE has released ONLYOFFICE Docs version 7.1.:

OnlyOffice is a pretty nice alternative to MS Office. If they had an email client that would definitely be a huge plus for their product.

An email client? When would that be useful? All business email products have their own clients when needed and use web interfaces for most things (including offline handling.) Generally email clients as standalone things aren't considered a good thing (think the disaster that is Outlook.) I think no one offers one because no one should want it.

What are you looking to do with an email client? What's the use case?

I know lots of people still use Outlook because users are addicted to it. But if you are going to leave Outlook, you'd not move them to another fat client, but to the modern interfaces everyone offers.

Outlook is so much better when using the PWA version, even with it you should be getting rid of the fat client!

Not for someone who has multiple email addresses. Having to constantly click back and forth to change the user account is not ideal.

Don't have that problem with my web client. That functionality is built in.

@syko24 said in ONLYOFFICE has released ONLYOFFICE Docs version 7.1.:

@scottalanmiller said in ONLYOFFICE has released ONLYOFFICE Docs version 7.1.:

@syko24 said in ONLYOFFICE has released ONLYOFFICE Docs version 7.1.:

OnlyOffice is a pretty nice alternative to MS Office. If they had an email client that would definitely be a huge plus for their product.

An email client? When would that be useful? All business email products have their own clients when needed and use web interfaces for most things (including offline handling.) Generally email clients as standalone things aren't considered a good thing (think the disaster that is Outlook.) I think no one offers one because no one should want it.

What are you looking to do with an email client? What's the use case?

I know lots of people still use Outlook because users are addicted to it. But if you are going to leave Outlook, you'd not move them to another fat client, but to the modern interfaces everyone offers.

While I agree that fat clients are not always the best option, most end users prefer Outlook as you said. My point was having something like emclient or similar would make OnlyOffice more of an apples to apples comparison to MS Office.

Preferring Outlook, though, isn't solved by having a different fat client anymore than having a web client. The desire for Outlook is a specific thing. If that's what people want, you end up stuck with it.

Nothing will be apples to apples as it's conceptually not really possible as the issue isn't functionality (nor desirable.)

@krzykat said in Password Managers:

People that are using bitwarden, are you self-hosting?

No, but it is on our radar to consider soon as we keep growing and it becomes more important, and more cost effective, once you get to any size.

@Saba said in Windows 10 and RHEL 9 Dual Boot help.:

I used the RHEL installation for a few hours then rebooted to Windows 10.

Was this starting from a boot? Is it possible that you hadn't installed yet and were just running live?

@scottalanmiller said in Unable to send emails to Gmail from my domain:

DMARC is free. It's just a matter of filling out the details. I did DMARC setup for a customer just this week.

They were using GoDaddy too! Which no one should be. That should be CLoudFlare or some other enterprise DNS host, never GoDaddy. GD DNS is just for testing use when you purchase a domain, it should be moved off before you start using it.

@Mario-Jakovina said in Unable to send emails to Gmail from my domain:

I don't think that email only justify cost of O365.
I have excellent mail experience with different web hosting providers that provide email service included for a fraction of price of O365.

I would agree. MS365 email is, to me, only a middle of the road product. It's certainly good, but it's nowhere near the best. But it is a price premium for people who think that they have to buy from MS, not for people doing price comparisons.

We use Zoho here for 25% the cost of MS365, we love it. AND we get MS365 for free. So for us, we find that paying for Zoho is better than getting MS365 for free! So imagine how hard it seems it must be to choose to pay 400% more for something we see as significantly inferior.

@NHCSAdmin said in Scale Computing VS Proxmox:

@scottalanmiller Thanks for the detailed explanation!

You bet! Glad to assist.