Posts made by zachary715

@jaredbusch said in Migrate database from Hyper-V to VMware:

@dustinb3403 said in Migrate database from Hyper-V to VMware:

@jaredbusch said in Migrate database from Hyper-V to VMware:

@dustinb3403 said in Migrate database from Hyper-V to VMware:

@jaredbusch said in Migrate database from Hyper-V to VMware:

@dustinb3403 said in Migrate database from Hyper-V to VMware:

Instead, standing up a new installation with a fresh MS SQL waiting for a database and attaching the backup to the database means you don't have to worry about any wonkiness that might occur due to the conversion from Hyper-V to VMWare.

This has issues of its own to deal with. Because there are a lot of ancillary bits to most MS SQL (or any SQL really) deployments that are not part of a database backup.

Yeah while true, anyone who is setting up this database system should be able to account for these issues as they are a part of the "installation process".

Actually, no. Because these types of things are usually, setup once 5 years ago with vendor support, type scenarios.

Rather than some random bug or crash due to a registry entry that decided to go haywire in the middle of a production day.

It is a V2V, nothing is happening in production.

I like to lean on the "you have support for your production systems, right?!" argument. . . .

And it would be production if it was powered on and running for a while with entries being written etc that are no longer on the hyper-v installation.

I've seen weirdness (Hyper-v 2008 specifically) that VM's migrated had a lot of remanent hyper-v drivers and registry entries that have caused issues.

Are you saying you've not seen these?

Hyper-V 2008 was a horrible platform. Everyone knows it.

LOL I read this line in my favorite Donald Trump voice.

Yes we have our SPF record setup that if I try to send these alerts via [email protected], it will get blocked. I don't require it to be from my domain though at this time. I'm perfectly satisfied with it being from internaldomain.local just as long as I get the reports I need.

So we've had a couple of recent incidents of e-mail accounts being compromised due to phishing e-mails. The first issue we weren't made aware of until a good while later due to our own fault to some degree and not checking all 14 different places where Microsoft contains logs. To another degree though, many of the reports we'd like, such as failed login attempts etc, are only available via an Azure AD Premium subscription.

We're looking at some tools now that offer better insight and reporting such as AdminDroid, but I wanted to see if any of you out there had any services or tools you were using to get reports and insight into your Office 365 accounts.

@tim_g said in How to receive e-mail alerts from internal devices:

@zachary715 said in How to receive e-mail alerts from internal devices:

@black3dynamite said in How to receive e-mail alerts from internal devices:

To have postfix relay to Office 365, you would need to setup postfix to use TLS.

If you are using Fedora make sure you have these packages installed:

sudo dnf -y install postfix cyrus-sasl cyrus-sasl-plain mailx

Installing cyrus-sasl and cyrus-sasl-plain is needed if you want to configure postfix to use TLS.

Start at the section where it talks about configuring postfix to use TLS.
https://gordan.jandreoski.me/how-to-configure-postfix-relay-to-office365-on-ubuntu-14-04/

Well this is part of my initial question is DO I NEED IT TO RELAY TO OFFICE365 AT ALL if it'll all be internal devices? You could make the argument I guess that eventually there may be an external device I wanted to use this for so set it up this way, but this is what I'm trying to uncover. Complete noob here.

You don't need a relay if whatever is sending alerts/emails does full authentication by itself. The problem is that many things do not, and many do not even do authentication at all and just have a spot for server and port only.

Ahh so I skipped over this. The device I'm sending from now doesn't require authentication, although it is available. I have skipped it. Should I desire authentication for security reasons? Are there other devices I'll likely run into which will require authentication, therefore requiring me to connect to Office365?

@jaredbusch said in How to receive e-mail alerts from internal devices:

@zachary715 said in How to receive e-mail alerts from internal devices:

@jaredbusch said in How to receive e-mail alerts from internal devices:

@zachary715 said in How to receive e-mail alerts from internal devices:

Well this is part of my initial question is DO I NEED IT TO RELAY TO OFFICE365 AT ALL if it'll all be internal devices? You could make the argument I guess that eventually there may be an external device I wanted to use this for so set it up this way, but this is what I'm trying to uncover. Complete noob here.

How is the email "internal"? Do you have a local email server hosting email?
I do not think you even understand what you are asking here.

Yeah good point. It has to go external since I'm using Office 365. My point though was simply do I need to relay to Office 365 to get what I need, or is a simple postfix server sufficient?

You have to SEND to O365 always. You have no local mail server to send to. It is not necessarily a "relay". It can just send to anyone, your own MX included.

I understand what you're saying. Step Q of your guide is what I've skipped thus far and I'm trying to determine if/when it's needed. I haven't connected this postfix server to any SMTP connectors with Office365. As far as Office 365 is concerned, this postfix server doesn't exist and isn't interacting, other than when it sends email to one of its recipients.

In what scenario would I need/want to connect the postfix server to an SMTP connector with Office 365? What functionality, security, or otherwise do I gain?

@jaredbusch said in How to receive e-mail alerts from internal devices:

Setting up a Postfix relay. I need to rewrite this as I took the blog down.

http://web.archive.org/web/20170320084803/http://jaredbusch.com/2014/12/28/setup-postfix-on-centos-7-to-relay-mail-to-an-internal-exchange-server/

Note: this works for O365 also if you setup your public IP as a connectoer in Office 365.

Yeah I actually saw that thread but as you stated, the blog was down so I just started a new thread to discuss it. I wanted to know more than "How to setup with Office365" though to understand why that was needed at all. Obviously will be very helpful though if I get to needing it so thanks for sharing.

@jaredbusch said in How to receive e-mail alerts from internal devices:

@zachary715 said in How to receive e-mail alerts from internal devices:

Well this is part of my initial question is DO I NEED IT TO RELAY TO OFFICE365 AT ALL if it'll all be internal devices? You could make the argument I guess that eventually there may be an external device I wanted to use this for so set it up this way, but this is what I'm trying to uncover. Complete noob here.

How is the email "internal"? Do you have a local email server hosting email?
I do not think you even understand what you are asking here.

Yeah good point. It has to go external since I'm using Office 365. My point though was simply do I need to relay to Office 365 to get what I need, or is a simple postfix server sufficient? I have my first device setup and working fine the way I intended. Not sure if other devices will cooperate as easy or not.

Is there a security or other reason to not set it up this way? Are there any benefits to running the relay through Office 365? All questions I have to better wrap my head around this.

@black3dynamite said in How to receive e-mail alerts from internal devices:

In the /etc/postfix/main.cf file, the following would need to be changed:
inet_interfaces needs to be changed from localhost to all
mynetworks should include the networks or hosts that will be accessing your postfix server.

Made these changes along with ensuring that SMTP ports were open and I am now receiving email from the UPS device via Postfix.

Settings on UPS:

From: [email protected]
SMTP Server: Postfix server IP Address (192.168.1.x)
Port: 25
No authentication

If this works on the rest of my devices, then I believe we'll be in business and I won't have to involve Office365 at all.

@black3dynamite said in How to receive e-mail alerts from internal devices:

To have postfix relay to Office 365, you would need to setup postfix to use TLS.

If you are using Fedora make sure you have these packages installed:

sudo dnf -y install postfix cyrus-sasl cyrus-sasl-plain mailx

Installing cyrus-sasl and cyrus-sasl-plain is needed if you want to configure postfix to use TLS.

Start at the section where it talks about configuring postfix to use TLS.
https://gordan.jandreoski.me/how-to-configure-postfix-relay-to-office365-on-ubuntu-14-04/

Well this is part of my initial question is DO I NEED IT TO RELAY TO OFFICE365 AT ALL if it'll all be internal devices? You could make the argument I guess that eventually there may be an external device I wanted to use this for so set it up this way, but this is what I'm trying to uncover. Complete noob here.

@tim_g said in How to receive e-mail alerts from internal devices:

@zachary715

I'm doing the same thing (also on a .local) using an O365 relay server. It's a Windows Server set up to be an SMTP relay for O365.

If you fire an email to it, it'll relay it to O365, and send as whatever "from address" you use, so long as the SMTP Relay account is able to send on behalf of that email.

What I do, is set up an O365 security group for each email I want to send as.

Example:

• Set up a security group in O365 and set the email to [email protected]
• Give the "smtp relay" account permission to send as/send on behalf on the above.
• Use that email as the "from address", and point your server to the SMTP relay server.

I haven't done it on Linux, so I'm completely unfamiliar with that, but I can walk you through setting it up on a Windows Server using the built-in components (it uses IIS), if you go the Windows Server route.

@Tim_G Looks like a good opportunity for a write-up/guide :winking_face: I'd like to do this Linux first but if all else fails, I will revert to this. Would be nice to have a write-up to fall back on and for others who come looking. I'd love to know how to do it both ways for future use case.

@nashbrydges said in How to receive e-mail alerts from internal devices:

@black3dynamite said in How to receive e-mail alerts from internal devices:

In the /etc/postfix/main.cf file, the following would need to be changed:
inet_interfaces needs to be changed from localhost to all
mynetworks should include the networks or hosts that will be accessing your postfix server.

I've also added my fixed IP address to the SPF record in Office 365. I discovered a while ago that without this, emails eventually get blocked as unauthorised to send on behalf of the domain I was using.

And I've seen this mentioned, but didn't know if I even needed to go through Office 365 to accomplish this since I'm doing internal only. I was running into this before though when trying to send e-mails from the UPS and they were blocked as spoofed.

Before we get too deep off into postfix specifics, my main question is about the proper or "best" way to accomplish this and whether postfix is that method.

@black3dynamite I'm implementing these steps now. Will test once I've tweaked these settings and see where I get. Thanks

Maybe it's me, but I find the search function of this website hit or miss, so forgive me if there are already good resources available for this question, and point me to the right place.

Goal:

We have a number of internal devices that have the ability to send logs via e-mail, however I do not currently have anything setup to do this. What I would like ideally is to be able to...

1. Customize the "From" address based on the device being sent or
   1A) Customize or format the subject of the e-mail being sent to more easily identify from what device it's coming (I would think this would rely more on the device sending the email vs the "email server" itself.

2. Specify based on device and log messages different recipients. For instance, we have some engineers who would need to receive these alerts from some devices but not all.

Additional Info:

• We currently are Office365 users.
• Our internal Windows domain is a .local (if that matters)
• For my firewall currently, I'm authenticating logs through my email account and Office365 so it appears as though I'm emailing myself. I've had some difficulty getting this config setup in other devices, and I would just like to customize the "From" if possible based on device without setting up a new mailbox for each device (if possible).

Ideally, I'd do this in a Linux server. I've setup a basic Postfix server after finding Basic Email Sending with Linux. I've got that postfix server sending email direct, but am having trouble connecting other devices to send through it.

Hopefully that's enough info of my goal for someone to help point me in the right direction.

Option 2 would be to migrate the VM to a different datastore with dissimilar block size and specify "Thin Provision" when moving. If you have or can create a datastore with a block size different than your current config, then you can do this without downtime.

Yeah you're definitely going the long way here. If these are Windows VM's, you can do the following, although it does require some downtime. Downtime depends on the size of the VMDK.

In a thin VM, it will only utilize the storage space that it actually needs at a time, even if you provision more for it as a whole.  However, once you have increased the amount of used storage, even if you later cleanup and delete files from that VM, the .vmdk file will not reduce automatically.  Once you have cleared space, you have to manually go through the process of reclaiming that disk space.

NOTE: THIS PROCESS DOES REQUIRE SOME DOWNTIME, SO PLAN ACCORDINGLY.

NOTE: At step 3, running the sdelete command will fill the .vmdk to the provisioned file size. For instance, if you have a thin provisioned VM with 100GB of provisioned space and are only using 40GB currently, the sdelete utility will zero out the unused space causing the .vmdk to fill up to the full 100GB.  As a result, ensure that you have enough disk space on the server for this temporary growth until you can get to step 6 and reduce it back down.

1) Install SDelete tool from Microsoft on the Windows machine you want to reclaim disk space.

2) From an elevated command prompt, cd to the location of the SDelete utility (e.g. cd C:/Users/admin/Downloads/SDelete)

3) From this location, run the following command...

	sdelete.exe -z drive:\  (e.g. sdelete.exe -z C:\)

	This process will take some time depending on the size of the disk and amount of space it has to zero out.

4) Once completed, you will then need to shut down the VM as the next process requires the VM to be off to run properly.

5) Once shut down, SSH into the VM host which houses the VM using Putty or other utility.  CD to the datastore and volume where the .vmdk file is located. (e.g. cd /vmfs/volumes/datastore1/Server1)

6) Once in the VM's folder, run the following command on the .vmdk file to reclaim disk space...

	vmkfstools -K (disk).vmdk (e.g. vmkfstools -K Server1.vmdk)

	NOTE: Attempting to run this command on a .vmdk with spaces in the name (Server 1.vmdk vs Server1.vmdk) may cause the command to not be able to successfully run.  If you have created a VM with a space or foreign character in the name and .vmdk file, you may need to modify it before you can continue.

	NOTE: The K in this command MUST be capitalized. A lowercase k implies different actions.

	Allow this process to continue and when it is finished, power on the VM and ensure the disk space has been recovered and no issues are found.

@dbeato said in Multiple NVR/VMS on Same Server:

@zachary715 said in Multiple NVR/VMS on Same Server:

We are currently due for an upgrade to our camera systems. We currenlty have two separate systems, a cheap 8-camera system for the front office area and then a pretty high dollar industrial Pelco system for our manufacturing area with about 13 cameras currently.

The 8 front office cameras definitely need replacing and I've been looking at the Unifi system.

The Pelco cameras in the plant are fine, but the NVR that was purchased was done so poorly as it's not equipped to handle the throughput of even the 8 IP cameras we have on it.

Pelco offers their NVR (VMS?) software freely available, with one-time licensing per camera after 4 cameras. This is appealing since I can control the hardware and it would be cheaper than their own offerings. It needs a Windows OS to be installed on.

What I'm curious about is whether or not it would be a good idea to run a virtualized Unifi system and this Pelco system on the same server. Something like an older Dell R420 I can get for around $1,000 and put SSD in RAID 1 for the OS's and then some SATA disks for storage. They'll both be doing effectively the same thing (recording video) so I don't see why this would be an issue but don't have much experience in the camera realm.

Just out of curiousity, would you consider putting a camera software system like Unifi or Pelco onto a virtualized system already running things like your file server, domain controllers, WSUS, etc if you had the available IOPS? I'm leaning towards no but wanted to see what others thoughts were.

I would put the Unifi NVR System on a Linux VM and provide enough storage for it and backup. I would definitely do it.

The Unifi would definitely be on a Linux VM. The question is surrounding whether it would be a good idea to have it and another NVR VM on the same server using the same resources.

The alternative is currently to build two separate custom builds with the resources needed for each to run. This may end up costing me a little more money and wouldn't be as clean and out of the way as one rackmount server, but in the end I want to do what makes the most sense. I'm weighing these options now.

@taurex said in Multiple NVR/VMS on Same Server:

Hi Zachary,

Yes, you can fire up a Linux VM on a host but you don't want your video recording data to compete with other VMs for write IOPS especially when using slow SATA disks.

Yeah this is what I was thinking as well, and why I wanted to go with a separate machine/server.

Why wouldn't you consider a business grade NAS like the Synology DS918+ with WD Red Pros for >storing video recordings? You can run Unifi Video even on an old Intel based laptop because it does >not require much processing power for handling just 8 Full HD feeds. Just link it with an NFS share >from a NAS and you are good to go!

Because at this point, I feel like I could buy a server as I mentioned in my OP for $1,000 and run two camera systems on it locally. Haven't looked at the Synology prices, but would think it would cost me more than that.

Thanks for your input

We are currently due for an upgrade to our camera systems. We currenlty have two separate systems, a cheap 8-camera system for the front office area and then a pretty high dollar industrial Pelco system for our manufacturing area with about 13 cameras currently.

The 8 front office cameras definitely need replacing and I've been looking at the Unifi system.

The Pelco cameras in the plant are fine, but the NVR that was purchased was done so poorly as it's not equipped to handle the throughput of even the 8 IP cameras we have on it.

Pelco offers their NVR (VMS?) software freely available, with one-time licensing per camera after 4 cameras. This is appealing since I can control the hardware and it would be cheaper than their own offerings. It needs a Windows OS to be installed on.

What I'm curious about is whether or not it would be a good idea to run a virtualized Unifi system and this Pelco system on the same server. Something like an older Dell R420 I can get for around $1,000 and put SSD in RAID 1 for the OS's and then some SATA disks for storage. They'll both be doing effectively the same thing (recording video) so I don't see why this would be an issue but don't have much experience in the camera realm.

Just out of curiousity, would you consider putting a camera software system like Unifi or Pelco onto a virtualized system already running things like your file server, domain controllers, WSUS, etc if you had the available IOPS? I'm leaning towards no but wanted to see what others thoughts were.

@scottalanmiller said in AMD chip flaw:

@zachary715 said in AMD chip flaw:

If an exploit or vulnerability is discovered, yet is probably getting little to zero traffic at the time, why disclose it publicly immediately before allowing the vendor/manufacturer to research the issue and patch.

That bit is an unknown. We have to assume that if one researcher has found something, others might have, too. We can never make the assumption that it is not already a broadly known and used exploit.

If a researcher was a true white hat, they'd always be looking to warn the victims, not third parties that have a reputation to defend.

The current trend of telling vendors, not victims, is about "big business' reputations are more important ideologically than customer's safety."

You keep mentioning third parties here, and I agree about that, but I'm talking about the manufacturers. If AMD has a chip flaw, I don't believe Facebook should be made aware much, if at all, before me, but I have no problem with AMD and whoever AMD employs to resolve the issue is aware 90-180 days prior to my knowing. I have zero skills to fix this issue myself, therefore I'm relying on AMD to solve the problem before others can exploit it.

You are correct we do not know the amount of activity going on prior to these types of disclosures, but I feel pretty confident that once these vulnerabilities are disclosed, traffic significantly increases because now EVERYONE knows. Unless there's something significant that I can do as a workaround in the meantime, I just assume keep it private until the issue is resolved or the company is unwilling to resolve the issue in a timely manner and needs public shaming.