@emad-r said in UrBackup vs Veeam:
Veeam tied with Veeam BR is amazing, it just can be costly abit.
One thing that may change things is that Veeam has extended the options for NFR keys for their products. Doesn't change costs for production setups but for labs, this makes the Veeam option even sweeter (for those who didn't already have a NFR key).
https://www.veeam.com/blog/how-to-get-free-veeam-nfr-key.html
Looking to see if there are specific commercial modules you typically recommend be purchased with a FreePBX setup?
@pmoncho said in RAID5 Still The Go-To Setup For SSD?:
@nashbrydges said in RAID5 Still The Go-To Setup For SSD?:
@dbeato said in RAID5 Still The Go-To Setup For SSD?:
Wow, that is a nice LAB and you will have many systems running. That’s a lot of hard drives too. What SSDs will you be using?
They're drives from a previous project I was working on. The drives are Kingston KC400s.
I'm consolidating from a few older 11th gen servers to slightly newer (without breaking the bank).
How does the server "react" to the Kingston drives since they do not have Dell's HD firmware?
I have a Dell R620 that didn't have any problems with off-the-shelf consumer Kingston drives. The indicator lights are all green even though, as expected, the SSDs appear as non-critical status because they don't have the Dell firmware (see screenshot from H710P Mini controller). The controller reads the SSD S.M.A.R.T. data and reports "failure predicted" even on those consumer drives.
These 512GB SSDs however were purchased directly from Dell so I'll know more once the server is setup. The previous project never panned out so they are still new.
@brandon220 I've had problems with noisy neighbors occasionally so now I make it a point to ask about their policies about what they do when someone complains about speed/performance.
@ambarishrh Ransomware protection is required because users open the files and run the contents (mostly). If your server is not going to open files but instead only host the files for users to access, then the ransomware protection should be on the endpoint.
File cloud compares mime type against file content. If someone uploads a real Word document that's been scripted to retrieve and launch a payload, and the user clicks to allow it to run, this mime checking will be of little consolation since the Word document will have passed the mime check and you're back as the user being the weak link (while their files are getting encrypted).
You're right though, the ransomware protection that is offered as an app for Nextcloud only check for known bad file extensions/names.
https://nextcloud.com/blog/nextcloud-presents-ransomware-protection-app/
Just setup Veeam Backup for Office 365 and going to give it a test to try and avoid this scenario.
@vhinzsanchez said in Do we dislike Ubuntu:
Really like what I'm reading here and the other threads/community...but I'm still a linux newbie (for several years)..I do not claim to know it all or anything to be advanced, but has stuck with what we have here (Ubuntu server) which I know enough on how to manage.
I'm with you here. While I know Ubuntu isn't the favoured distro here, there is SO much documentation out there that it was the easiest for me to begin learning Linux and it's been a huge help getting me out of the Windows comfort zone. I've just now started down the path of other distros.
I've never liked how limiting Weebly is. I realize you want to do this for as little as possible but a Vultr instance at $2.50 per month is nearly free. You can setup your own WordPress install for free and get setup properly right from the start.
So, watching @scottalanmiller video here got me thinking whether I should be backing up my entire VM file server or should I instead be focussing on just backing up the files?
It's not that the Windows OS is taking up a ton of space. After all, the entire VM with files is close to 30TB so the OS is simply a drop in the bucket. But am I gaining anything by backing up the entire VM?
I'm using Veeam to do the backups and to be honest, Scott makes a good point that if the OS ever gets corrupted in some way, I'm going to have to rebuild the server and want to only restore the files to a fresh OS. Restoring from a previous state is very useful if some patch broke something (rare) or if something else goes fubar and I lose a perfectly good VM, I can simple restore the whole thing, but in the grand scheme of things, would I be better off just looking to backup my files rather than the VM? Veeam gives me the ability to restore files rather than the whole VM so, do I gain or lose anything by backing up the whole VM? If I focus on saving only the files, then I'm not stuck with the same operating system to run as a file server.
Curious what people think.
I recently picked up a new (to me) Dell R720XD for my home lab, stuffed it full of SSDs and now that I've got a ton more capacity, I'm itching for a new project that I can try out. Hoping to get a few fresh ideas from anyone here who might be working on something interesting.
I'm already running VMs for:
I've been looking for an attractive, useful, functional wiki and wasn't really impressed any anything that was out there. Wiki.js was a potential option but with 1 primary contributor and functionality that didn't fully fit my needs, I kept looking and found this.
Takes the concept of Books -> Chapters -> Pages to the wiki
The mobile interface seems to be pretty useable too. I'm not sure how it will handle multiple clients and security but will be testing.
@scottalanmiller said in AntiVirus on Servers?:
@bbigford said in AntiVirus on Servers?:
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
Do you still use it if you have servers that are not accessed directly or accessing anything? What will the AV be scanning?
Are you referring to things like Nextcloud? If so, yes I do use AV. I've installed ClamAV and scheduled scans of the files that users upload. Yes the endpoints have their own AV/AM but I'm still scanning what's in Nextcloud. There's a slight performance hit, but one I'm willing to live with.
@scottalanmiller said in SSDNodes - Anyone used these for hosting?:
@dafyre said in SSDNodes - Anyone used these for hosting?:
@scottalanmiller said in SSDNodes - Anyone used these for hosting?:
@dafyre said in SSDNodes - Anyone used these for hosting?:
@black3dynamite said in SSDNodes - Anyone used these for hosting?:
@nashbrydges said in SSDNodes - Anyone used these for hosting?:
Some strange pricing options if you choose monthly lol
LTS Operating Systems templates only?
What's to stop you from doing an upgrade to the latest version if you're using Debian or Ubuntu?
But it forces you to do that, it's a huge update process and limits you only to those options.
True... but that raises the question: How often are you going to switch from Debian to CentOS ?
It's that you can't do Fedora, that's the bigger issue.
That's why I didn't go beyond signing up which was the only way I could see what they offered.
@scottalanmiller said in SSDNodes - Anyone used these for hosting?:
It's not the end of the world, but it definitely doesn't bode well for continuing support.
True. But combined with their "month-to-month" pricing of $80 instead of only slightly higher than the annual amount, that tends to set my spidey senses tingling.
@coliver said in Ubiquity Security appliance:
@nashbrydges said in Ubiquity Security appliance:
@coliver said in Ubiquity Security appliance:
@nashbrydges said in Ubiquity Security appliance:
@scottalanmiller has made it clear throughout Mangolassi that he's not generally a fan of UTMs but I have seen first-hand the benefits UTMs can bring to a small business (emphasis on "small"). I agree with all of his points but since I've been able to setup and manage UTMs that have actually prevented malware infections, even while using some of those DNS services, that tends to win me over pretty quickly.
I'll also agree with @scottalanmiller that it's a cost vs benefit analysis that you'll need to do.
For what it's worth, I tend to look at the type of activities and services running at a client's business and decide whether a UTM makes sense for them or not and go from there. And for performance vs cost, I've favored Sophos UTMs. For straight-up firewall, it's UBNT all the way, every time.
How do you know the local AV/Anti-malware wouldn't have resolved that issue? That's where I sit, UTMs are interesting and can be handy but are they that much better then just having a properly secured endpoint?
Local AV is great for scanning files and processes but does nothing to block access to a website. That is the effect I'm referring to. Blocking access to malicious sites. Preventing the downloading of an infected document/file is also a win. There's definite value in stopping the file from reaching the user if it is identified as malicious. Sure it might have been identified by the desktop AV, but if it hadn't, that additional buffer is beneficial.
Which could easily be done with things like Strongarm.io or PiHole. Some value in it sure, but does that value outweigh the massive cost of the appliance and support?
There are 2 problems with this statement:
There's an assumption that Strongarm (which is no longer and was only known to me for a few months) would have known about this site and blocked it. They do block malicious domains but not files. Also, Pi-hole is advertised as an ad blocker. They do not purport to be a malicious domain blocker although if the domain exists in the list of blocked domains, it would also block it. Other service like OpenDNS Umbrella and Quad9 perform similar malicious site blocks but only for known sites on their own lists or shared lists that they use. Again, none of those are 100%, and neither would a UTM, however when the UTM manufacturer gathers malicious domain lists from a variety of sources, they can block domains not known to others.
The other is "massive cost". When compared to what a EdgeRouter might cost, yeah quite the difference. But considering what my services cost for supporting clients, and the cost for recovering from some malware or crypto infection could outweigh the cost of the device and services.
Something else I'l say is that, I'm not an evangelist for UTMs, but I definitely think there are cases where they're a great fit!
It also isn't just for the filtering and AV services they provide, but many will also offer built-in VPN capabilities or HTML5 based remote desktop access, all of which are at times desirable functions (clients with no on-site servers can still have remote desktop or VPN access). Before someone pipes-up and says that EdgeRouters have built-in VPN, that's completely true, but in every case, you evaluate the overall need for the business to determine what device is needed.
@jaredbusch said in Windows 10 Refuses To Update:
Yes, we've encountered this.
Go download the current Cumulative update and install it manually.
Thanks, that did the trick!
@scottalanmiller said in Office 365 Email Gone After Forced Logoff:
Still on hold. "Experiencing longer than normal wait times"
That's code for "aw shit it's that guy again" 
I've run the update process 3 times now, just to make sure it wasn't a fluke and after each update, the same updates keep showing up as ready to install. This seems to be happening on one single server running Win2012R2. Other than those 2 patches, it's fully updated. My Google-fu fails me. Anyone else seeing this with KB4099635 and KB4103725? I see log entries that show "Package KB4103725 was successfully changed to the Installed state." and no log event for KB4099635 but yet both reappear as available updates on next reboot. Even tried one at a time to see if that helped but nope.
Here is the scenario I'm trying to accomplish.
Without any VLANs, this has been working perfectly. Now that I want to setup multiple VLANs within Sophos (of course after having setup my Edgeswitch with appropriate VLAN settings and assigned to correct ports), devices connected to those ports do not get an assigned IP address from Sophos even though both the VLAN is setup and DHCP server setup in Sophos.
After a couple days of troubleshooting, I figured out the issue lies with the way my Hyper-V virtual switch is handling VLANs. I've come to this conclusion because when I create this same configuration on Sophos XG installed on baremetal, everything works beautifully and all devices are getting IP addresses in the range they should based on VLAN. However, when I do this with Sophos XG as a VM, IP addresses are no longer assigned (same exact config between baremetal Sophos and VM Sophos).
I've easily configured virtual switches in Hyper-V when they get a single VLAN but this needs to allow ANY VLAN that gets setup through Sophos. Likely I need to setup the virtual switch as a trunk port to allow all VLANs but fail to find information on how to do this.
I realize there may not be a lot of love in this community for Sophos but hoping someone has had the need to assign more than 1 VLAN to a Hyper-V virtual switch before that can point me in the right direction.
This isn't for production use but for my lab.
