@Harry-Lui said in What do you use for petabyte storage?:

A company is wanted 3 years of footage of NVR and I calculated they needed about 1.5PB of storage.
I see Dell EMC has a Isilon Scale-Out NAS Storage line that looks nice.
What devices do you use?

1.5 PB per 3 year, is 500 TB/year, 1370 GB/day, 57 GB/h which is 16 MB/sec.

Dell EMC has the ML3 tape library which fits 40x12 TB raw data per 3U and can be expanded to hold roughly 3 PB.

I would be inclined to use disk storage for say 30 days (~40TB) and then archive to tape.

I think a tape library is a must. Just keeping track of the tapes manually is too much of a hassle. The tape library also identifies the tapes by their unique bar codes when you insert them. The tapes sits in a magazine so if you have a few spare magazines you can remove them and put them in storage if you want to archive them longer.

With the data rate above you will fill up one magazine (20 tapes) on a single ML3 in half a year.
https://www.dell.com/en-us/work/shop/dell-emc-data-storage-and-backup/dell-emc-ml3-ml3e/spd/ml3-tape-library/

Youtube Video – [00:37..]

Smart companies will not only allow a client to transition to another company, they will actively aid the client. Maybe not free but for a reasonable fee.

But also because maybe the client tries something new and then decides it was better the way it was. Or perhaps in the future you end up with another client going in the opposite direction.

If a web application firewall is going to be of some use, it needs a heavy set of rules.
The time spent will be much more expensive than the cost of the WAF.
Unless the purpose is to fill out some kind of compliance checkbox.

@StuartJordan said in Raspberry Pi-based KVM over IP:

https://pikvm.org/

A very simple and fully functional Raspberry Pi-based KVM over IP that you can make with your own hands without any soldering!

This device helps to manage servers or workstations remotely, regardless of the health of the operating system or whether one is installed. You can fix any problem, configure the BIOS, and even reinstall the OS using the virtual CD-ROM or Flash Drive.

It only costs between $30 and $100 depending on the features desired. Even the most expensive configuration will be cheaper than a $500 commercial IP-KVM

We've had this on here before. The idea is nice but the problem is that the alternative isn't a IP based KVM switch - it's out of band managament, like iLO, iDrac, IPMI etc. It's available on almost every server sold today and it's way more flexible. With it you can do everything that you can on a KVM switch and also do bios upgrades, get info from the system like ECC failures, monitor power draw but most importantly you can power on/off servers.

On Supermicro for instance full featured IPMI is free.

@siringo said in Another RDS server?:

With regards to physical CPU's. Would you upgrade the current CPU to something with more cores or add a 2nd CPU?

You might have to consider the budget here.

But in general you get better performance with one 16 core CPU than two 8 core CPUs.

It's because one CPU only has access to half the RAM and some of the I/O. So when a CPU need to communicate with something that is connected to the other CPU, the data has to pass through the interconnect between the CPUs. That's a bottleneck and slows it down.

@pete-s said in Simple comms. What to do?:

@siringo said in Simple comms. What to do?:

I have a site where the two main servers (Windows) are located about 15 'cable' metres from the switch (switch A) they plug into.

Each server has 3 NICs.

I'm wondering what others would do?

Would you run 6 cables from the servers to switch A

or

place a switch (switch B) near the servers and run 1 cable from switch B to switch A?

Thanks for any help.

15 meters (50ft) is not very long. No need for another switch.

The proper way IMHO is to set up a couple of patch panels. Use rackmounted if you have racks otherwise wall mounted.

Sorry if this is obvious. Just easier with a picture than text.

@stuartjordan said in XenCenter to XCP-NG Upgrade using Bash:

I use XCP-NG but someone is using Xenserver 6.5. I'm not happy them using that old hypervisor. I'm going to export them VM's as precautionary backup anyway, But I wondered if anyone on here a successfully use the upgrade script built into XCP-NG?

I wouldn't upgrade xcp-ng from the shell. The recommended procedure is to do an upgrade using the ISO.

Partition layout is different from version 7 and up, but it will either be automatically upgraded to the new layout (if there is space) or kept the same using the old partitioning scheme.

That said, there are things to be careful about. Some old guest OS might have problems running on a newer version hypervisor. It's not just the guest OS but also the virtualization modes (HV,PVM, HVPVM etc). Some modes are not available anymore.

Another problem is that the old hardware on the server might not have drivers in the newer hypervisor. Some things have been deprecated.

Xenserver 6.5 was released January 2015. Assuming the server hardware is the same age, I would strongly consider getting a newer server and then reinstalling / moving the workloads from the old to the new server. That gives you time to move the workloads without causing disruption if you encounter problems.

Tasks can technically speaking be shared between services that are using the iCal format. Similar to sharing calendars.

But not all services supports sharing tasks. We tried to get google tasks shared with zoho tasks but it was a no go. I think O365 and Google will work though.

Otherwise you have to move everyone to another platform. But whatever tool you select will then require you to set up accounts, add users and what not to get going. And you get a ton of functionality that the users will not need and will make it much more difficult for them.

@jasgot said in Looking for Security camera options:

@travisdh1 said in Looking for Security camera options:

@voip_n00b said in Looking for Security camera options:

I have no experience with them but I keep seeing hikvision everywhere.

https://us.hikvision.com/en

I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)

Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.

https://ipvm.com/reports/hik-backdoor

Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.

@dashrender said in Looking for Security camera options:

Since you're fortunate to be in that enterprise space, you generally come from that context, so I get it....

The grass is always greener on the other side.

Enterprises have lots of red tapes and things takes ages to get approved and involves lots of people, meetings and communication. Sane people have gone mad for less.

I think a medium size company, where management wants what's best for the company and are large enough to have the budget for it, is the sweet spot.

@fredtx

That's easy stuff.
You don't need patience with this method, you need resolve.

INVENTORY

• Figure out what is connected to what
• Figure out if ports on managed switches have different config
• Take "before" pictures

NEW DESIGN

• Decide the most logical place to put every rack item
• Determine if you need to add something, for instance patch panels, cable management or even a better rack
• Make a new rack layout drawing
• Guesstimate what patch cables you need and what length
• Don't color code (unless you are Google) - except maybe one cable that is "hot" (internet)
• Look at the power cables and decide what length you need, if you need an extra PDU etc.
• Get customer approval

ORDER

• Order the items you need
• Order MANY extra patch cables in 1 ft incremental lengths (cables are cheap, time is expensive)
• Get a roll of velcro
• Buy a labeller if you don't have one and labels to it
• Get a cable comb if you have many cables that are run in parallell (don't look like it from the pics)

RIP OUT AND REPLACE

• Plan a date to do it
• Shutdown everything
• Rip out every cable and throw them away
• Cut of any zip ties, leave them on the floor
• Move around things if needed, according to the new design
• Add any new rack items
• Connect everything and mark the new patch cables it with a labeller as you do it - if you want it to be labelled
• Do it in a logical order that you have decided before hand
• Use the right length patch cable for everything
• Use the right length power cable for everything

FINISH

• When everything is done - power up and verify that everything is working
• Clean up, sweep the floor, throw away old cables
• Take "after" pictures
• Leave the extra patch cables for the customer, so they have them at hand when things needs to be added or reconnected

This is an example of what you want:
Youtube Video

@stuartjordan said in So Windows 11??:

What are your thoughts? at least they got rid of the tiles, can't stand them in Win10.
They are saying updates are going to be 40% lighter, We will see about that and they are going to allow win32 exe apps inside the store with android. Be interesting to see if they have moved more of the control panel items.

WHAT? Windows 10 was their last Windows they said. They also said that artificial sweeteners were safe, WMDs were in Iraq and Anna Nicole Smith married for love.

@mr-jones said in New hire, make him build his own pc?:

As the title suggests, I'm getting a new hire for my department. He's got an unrelated bachelors, but has taken some computer science classes in the process and has some background at Geek Squad.

We have an HP Z440 workstation sitting on the shelf, that I was about to configure for him, but I had the idea of "why don't I just make him figure it out" as I remembered that I had a hiccup with it myself a ways back, before I knew the difference between a desktop and a workstation.

My intent wouldn't be hazing, but more of "you should be able to troubleshoot your own pc at the bare minimum" as I've been in the situation myself where I had tickets coming in, and I still had to figure out how to re-image my workstation and get it up and running in a hurry.

I'm a veteran (infantry) and this is the soldier equivalent to "knowing your rifle" I feel, but sometimes these mindsets don't translate well to the civilian sector, so this is an moral sense test if you will.

What do you guys think? Is this unneccessary, cruel, or half-brained?

Yes, why not? It's not really "building your own PC" - more like configuring and installing software on an already built system.

And besides, don't you have better things to do than setting up his PC for him? Meaning he was hired to work right? Not create work for others. So he might as well get started! And if he runs into problems you can help him out.

@dave247 said in best way to map various combinations of mapped drives to AD users?:

Problem: we have about 10 different shared folders as mapped drives and a handful of simple bat scripts used as AD logon scripts for users...

I think it would make more sense to just have one mapped drive and use sub directories for each department. That's probably how the files are organized anyway - at least judging from the looks of it.

The users that have permissions to a particular directory can use it and the other can't. That way you don't have to mess with the different drive mappings because everyone get the same one drive.

This also also how I have seen organizations with many departments do it. They basically use one drive mapping per entire file server. Everyone has gets the same shared drive(s) but permissions determine what directories they can access. It's more flexible to do it like that.

Try this:
https://regex101.com/r/Mv2Wlc/1
It's very educational if you hover over the different parts of the regexp.

To use the regexp in php to split the string:

   $s='Jitsi2.10.5550Windows 10';
   $regexp='/(\D+)([\d\.]+)(\D+.*)/';
   preg_match($regexp, $s, $result);
	
   print_r($result);

Results in this output:

Array
(
    [0] => Jitsi2.10.5550Windows 10
    [1] => Jitsi
    [2] => 2.10.5550
    [3] => Windows 10
)

Then use for example $result[1] for the brand.

@gjacobse said in SAS 10k 600GB Drive RAID Adapter:

Is there a suggested card that would drive, that doesn't require server class hardware?

What do you mean by that?

Any SAS controller PCIe card will work. If you don't have a backplane to put your SAS drives in, you need a SAS breakout cable.

Whats new?

About 6 months ago Zoho updated their Admin Console for Zoho Mail.
It was mostly a user interface refresh, or so it looked like.

What Zoho didn't mention is that they actually added the ability to have DMARC reports analyzed automatically and view the statistics.

If you have Zoho Mail (paid plans only) the reports are here:
https://mailadmin.zoho.com/cpanel/reports.do#reports/dmarc/failure

Documentation is here:
https://www.zoho.com/mail/help/adminconsole/organization-email-reports.html#alink5

---

How do I get the reports into Zoho?

To get these reports you have to have SPF, DKIM and DMARC set up on your domain with reporting enabled.

You should have a DNS TXT record on your domain called _dmarc.
For example set to: v=DMARC1; p=reject; rua=mailto:[email protected]

It looks like Zoho is snooping up reports automatically, if the receiving email set above is in your domain. We use [email protected]

---

What are DMARC reports?

For those that don't know, DMARC reports are the only way to detect if someone is using your domain to send out spam or malicious emails that looks like they came from your domain. Or if an email server is sending out emails that are legitimate but misconfigured - often causing the emails to end up in spam or rejected. Without DMARC reports you would never know if that happened.

The actual DMARC reports are xml files that are emailed back to you from other email providers, like Microsoft or Google. They provide information on how the receiving end analyzes incoming email looking at your DNS records for SPF, DKIM and DMARC settings and compare that to what is in the actual email.

---

I don't use Zoho - I use Microsoft, Google etc...

Well, normally your email provider can't help you with this.

You need to sign up with a third-party service to analyze your DMARC reports. And then they would provide the statistics for you.

Hopefully Microsoft, Google etc will follow suit and provide analysis directly in their mail admin panels.

@siringo said in Simple NAS advice:

School needs a NAS. Only needs about 6TB capacity.
Was thinking of a 4 bay thing & using 2TB disks so disk rebuilds will be as quick as possible.
Any recommendations for the NAS and what disks to get?
Will be going into a Windows environment.

If you need 6TB capacity, 4 bays with 2TB drives is not going to cut it. Well, not unless you want to run RAID-5.

You need 4TB drives if you want to run RAID-6, RAID-10 or have 2 independent RAID-1 arrays. Then you'll end up with about 7.1TB (TiB) of usable storage.

Maybe you should look into automating windows 10 installs instead.

A gold image is not ideal because you are doing lots of step, usually manually, to create the gold image. The image is large and it's basically out of date just a couple of days after creating it.

With an automated install you are basically installing windows from scratch with your own customizations and additional software and settings. It's much smaller and easier to maintain long-term.

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/automate-windows-setup?view=windows-10

@siringo said in Another new server question:

Thanks everyone for the thoughts and advice.

This server is going into an environment where what is chosen will, eventually, attract criticism, not formerly, but by way of passing comments.

I would be better to suggest a server with bells and whistles rather than one that did the job and cost less. But with that said, putting in place an overspec'd server would also be criticised.

If I were to select Dell as the vendor, that would be acceptable, Lenovo possibly less so.

I'll use the info from this post and go and take another look at what I can get my hands on.

I think I'll look for something with all SSDs that gives me 4TB of useable space, that's all I need, with some type of disk redundancy.

64GB RAM and a single CPU.

It will run Server 2022 with the Hyper-V role and house around 6 VMs.

I'm open to suggestions.

Thanks again.

CPU

Only needing 64GB of RAM suggest getting an E-2200/2300 series Intel CPU.

That's what used to be the called the E3-1200 series. Entry-level servers with Xeon CPUs that are similar to their desktop i7 equivalent. Up to 8 cores, max 128GB RAM (E-2300).

You pay for 16 cores with Windows so get what you feel is appropriate for the VMs running. But 6 cores is probably good enough.

RAM

• 4 x 16GB is probably your best bet
• 2 x 32GB will also work fine with 100% performance but might be more expensive

SSD

4TB options:

• 2 x 4TB RAID 1 (lower failure rate with only two drives)
• 3 x 2TB RAID 5

If you can get a good deal go for that - whatever combination.

Dell adds 200-300% on their SSD prices though. IMHO only enterprise customers get a fair price from Dell.

SSD price 3.84TB SATA enterprise drive

• Manufacturer $600-$700 (Samsung PM893)
• Lenovo $1,180 (maybe it's a special offer - I don't know)
• Dell $2,172

Server

Dell

• R250 is their entry level range (R240 old model)
• R350 has the same CPU range (R340 old model)
• R6515 (AMD Epyc) if you need more CPU or fast NVMe SSDs

Be aware of backplane configurations. Hotswap ability and backplanes is standard on high-end servers but not on entry level servers.

Lenovo SR250 seems to be their entry-level but it has more advanced option compared to Dell's R250.