@scottalanmiller said in Handling Downvotes:

Votes should be public now.

On the condition that meta bitching about who downvoted you should be a ban

@Obsolesce said in How M$ shakedown stupid corporations:

Azure Resource Manager

Oddly enough I can't find any azure documents that abbreviate it (They always use the full product name for this reason).

Still back to the origional post. Is OP Seriously expecting new features on his 10 year old car?

@scottalanmiller said in How M$ shakedown stupid corporations:

He may be correct. I've talked to companies while living in Italy and it was common to take great pride is overspending, losing money, not having good Internet, etc. It's a massive problem there that is at the very core of why their economy is struggling. They don't look at business as business like we do here or in the UK or Germany. Culturally business is always seen as a hobby, always about emotions and pride, not about profits.

It's kinda a vicious circle. Company gets behind on spending and run 10 year old out of support crap. Good people leave, and the only skills left in who remains is how to maintain old crap (so they are proud of it, and kinda get a Stockholm syndrome with it)

Expecting free product updates for life is... an interesting opinion...

@Emad-R said in How M$ shakedown stupid corporations:

Dude you neglect alot of company that uses network isolation as security, and DMZ and LAN based security. They invest and policies and change controls forms instead of upgrading

Network isolation (at a logical level rather than physical) is very much a part of defense in depth. I'm not going to run an iSCSI network that's hosting VMFS volumes on a subnet that you can route to from the guest WIFI.

Micro-segmentation (which is policy driven, but automated) is really just layer 4 filtering brought all the way to the edge (through VTEP bridges, VxLAN or GENEVE overlays, a managed Virtual Distributed Switch etc).

Just because you update doesn't mean that you abandon these technologies, you just adapt them. I'd argue a "DMZ" network that has multiple edge services on the same subnet is a bit dated (and a stupid idea) but don't knock on network segmentation. Not everything will support TLS through a reverse proxy with IDS inspection.... (My beautiful SCSI and NVMe packets!)

@Pete-S said in How M$ shakedown stupid corporations:

BTW, already back in the Windows 3.1 days you had something called Tardis that you would run for NTP sync. Windows own time service was only designed to keep time reasonably synced for kerberos and stuff like that. I think it appears first in Windows 2000 Server.

I ran Tardis and K9 (The client and server)! worked shockingly well.

@Emad-R said in How M$ shakedown stupid corporations:

You have not seen much of "real business" then, I cannot disclose info, but I think this corp is like multi-million revenue.

Multi-million in revenue? That's cute. I worked for a crappy 50 man call center and we could do that.

Mainstream Support End Date was 10/9/2018 for Server 2012. It's in extended support (security patches only, no bug fixes). Complaining about a feature improvement (ultra precise timing which is needed for distributed clustered systems that didn't exist in 2012) is a REALLY odd thing to complain about.

Generally I don't side with calling anyone's business a hobby, but I don't particularly consider 1 billion in revenue to be really that impressive (outside of maybe the software industry where margins are higher). If your company is that small, and can't read when end of general support is, I would correctly argue they are a small business and not a serious enterprise by anyone's definition.

https://support.microsoft.com/en-us/lifecycle/search?alpha=windows server 2012

@Obsolesce said in How M$ shakedown stupid corporations:

It runs on a highly-customized extremely hardened and stripped-down version of Hyper-V basically, but that is where all similarities end. The management layer on top of that is ARM.

ARM isn't a management layer, it's a processor architecture. They might use an ARM processor for an out of band controller (I suspect that is what most out of band controllers run with the exception of whatever the hell is the custom silicon used for AWS Nitro).

@Dashrender said in Remote management of employees personal cell phones ...:

Huh - I can't say i agree with you at all. Why do you need access to non company servers over SSH?

In any regulated industry preventing the efiltration of data is a hard requirement. allowing outbound SSH would make it trivial for people to sneak data out (or bad stuff in).

@Dashrender said in Remote management of employees personal cell phones ...:

What MDM are you using?

We "own" workspace one/AirWatch.

@scottalanmiller said in Remote management of employees personal cell phones ...:

And then they said "We want to get back the thing we just gave up."
Which do they want, to not pay for the phones, or to control the data? They have to choose.

Not really. Proper MAM/MDM systems can surgically handle company data on a personal device...

1. The app keeps only an encrypted cache. It validates the account is active every xxx minutes, days, hours. encypted cache auto purged at xxx hours without communication with corp network.

2. The app usage is Geo-fenced to specific areas.

3. When possible, data doesn't actually live on the phone. You have a SSO app on the phone that validates your access (and other criteria like network or location) and then brokers access to the other apps, or externally hosted SaaS assets.

This is how we do it. No need to brick my phone to take out company data, or turn anyone's smart phone dumb.