@jmoore said in Why Do Recruiters Never Get Involved in Forums Like This:

@Carnival-Boy I understand your point of view. However I will say that myself and probably others would change jobs if the pay and other conditions were right.

I talk to a lot of people about changing jobs (My company pays decent money for referrals!) and I see more than I expected of the following...

1. I don't want to travel for work.

2. I'm stuck in xxx market for yyy reason. Despite TONS of jobs that would pay 40% more, I can't or am unwilling to work around it. On one side It's "My spouse doesn't want to leave her family". On the other, it's "I have a divorce and would effectively lose custody of my child". Some are stronger than others but they are at the end of the day a personal choice.

3. I'm unwilling to spend any time/money on acquiring any skills that would increase my value to employers above its current one.

4. I'm strangely loyal to a company that doesn't pay me enough.

Currently survey's show a LOWER demand for moving than at previous times, so labor that is willing to move can get paid a lot better than before.

@DustinB3403 said in Why is VMWare considered so often:

@Carnival-Boy I must've missed that part.

But still the justification of cost for such a tiny deployment of a single host and 2 VM's to have to pay even the $500 seems insane.

Why do you need the Backup API's for 2 VM's. Just use in guest agent backup tools (Unitrends, ShadowProtect). There are backup options for ESXi Free (Trilliad, and GhettoVCB).

The backup API's (CBT/VADP) are only valuable at scale, and given that Hyper-V hasn't had a CBT API Until 2016 (which isn't wildly supported yet by backup products) Arguing that you NEED essentials license to get a comparable functionality isn't actually true. Xen doesn't have a CBT based backup API (Doing external backups still requires doing a full read). XO does have a non-application consistent forever reverse incremental snapshot system, but that's still going to require a full read of IO for synthetic roll ups, and the lack of application consistency makes it un-usable for transnational workloads.

For some reason everyone on SW and ML seems to think that the Backup API's are CRITICAL when your talking about a tiny SMB (they aren't) and ignores their value at scale (Where they are critical to reducing backup windows by 95%). I've never really understood this...

@magicmarker said in How do you guys handle counter offers?:

It's a 19% NET raise when factoring in benefits, commute, etc. The GROSS raise is 27%. Plus a year end bonus depending on company and personal performance.

Reminder of all the things to compare: https://thenicholson.com/thinking-taking-offer-need-know/

@scottalanmiller If your doing a 3 node vSAN for a low cost deployment you should go single socket and get more core's per proc. Leaves you room to scale later and costs the vSAN cost in half.

Also that cost study on vSAN is funky. The costs don't make sense to me based on quotes I've seen (I suspect no one actually was trying to get a discounted quote, and put 5 years or support or something on it). It also uses SATA drives (not certified for vSAN) for capacity instead of NL-SAS drives, and looks to be using a non-certified cache tier drive.

@scottalanmiller said in Why Right to Fire (and Hire) May Be in the Employee's Favour:

Even rare unskilled labour today is generally highly mobile

When I was a waiter with at least 3 months exerpiance, you could always tell the manager to go fuck thesmelfs and walk into another resturant in the same town without an issue. The bottom and the top of the job funnel always seem to have comical amounts of "another option willing to pay me what I"m being paid". Either because your value is too high, or your pay is too low.

@scottalanmiller Starwind on vSphere requires a VM (Linux or Windows). vSAN is the only fully in kernel SDS option on vSphere. (ScaleIO has a VIB for the client side, but not the target side code which still runs in Linux).

@Tracy_Burton

I'm going. Flying in Friday Evening, and flying out Friday mid-day. I should have 3-4 presentations but will be around the bar's, parties, casinos etc.

Just saw this...

If you have a PSOD you generally want to take picture of it, and pull the crash dumps and open a ticket with Vmware GSS.

The other useful thing to do is check the syslog (LogInisght is part of vROPS).

I know I"m crazy late to this but I'll throw my 2 sense out....

Vendor neutral for what?

VMworld (and VMware in general) is essentially Switzerland if your curious what people are doing for networking, and storage. You can talk with Cisco, and AWS people at the conference. You could go to this conference and focus on non ESXi related conversations and sessions the entire time if you wanted (there are like 700 different sessions). Throw in the brownbag and booth theatre sessions and there are likely over 1000 unique presentations. The other reason I'm a fan of the conference for al long time is the community. There is a conference before the conference (Opening Acts) put on by the VMunderground team where it's panels's and you can talk to people over vBrisket lunch about how/why they are doing things. A conference with a lot of people in your field gives you the opportunity to talk to peers about not just what people are saying on stage but also validate what others are doing.

DellWorld is neutral if your wanting to see where non-hardware overlay vendors are going (Microsoft, RedHat, VMware are all there to talk and present).

AWS and Microsoft conferences will yield similar benefits partly because they (like VMware and Dell) have so many products (and partner ecosystem partners) surrounding them that while there are always slightly rose tinted glasses on things they had enough product diversity that you can learn a little about everything in them.

If you want an analyst driven conference about the future of IT, IDC is what Gartner promises to be IMHO. Any of their presentations at other conferences (I saw their people speak in vForum in Kuala Lumpur and their vision for digital transformation is really spot on with what I see in the field).

The "vendor focused" conferences really only get tunnel vision when they are about a single vendor who only has a single product (or maybe 2 products) in a very narrow filed. Pure Storage's conference would be an example (Where you can expect the sessions on HCI to be pure FUD, because they don't have an HCI product).

I'm pretty sure I attend more conferences than everyone else on this website.

@scottalanmiller said in Zertø Virtual Replication:

Isn't Zerto the one that is unstable and can corrupt your storage because it depends on a deprecated and never production released kernel hook - so its' not a supported product. It's a big deal that Veeam just released something like this because Veeam is the first to do it with Vmware support. Zerto has been doing it and has been done to down VMware from messing with the kernel in inappropriate ways.

Yah they were corrupting data on NFS by re-writing SCSI Sense codes. They also don't use a supported API and are abusing an old security API that is deprecated. They can crash a host pretty easily too because of it.

They are not working within the VMware TAP framework as a supported product, and refuse to provide VMware GSS or engineering with any documentation of what they are doing, like how other TAP partners work. The are a bad apple in the ecosystem and with Veeam offering VAIO support I expect them to loose market share quickly.

@NerdyDad said in Zertø Virtual Replication:

@JaredBusch said in Zertø Virtual Replication:

Have any of you looked at Zertø?

I just found someone using it and they love it.

https://www.zerto.com/zerto-virtual-replication-version-5-0/

I saw them at Pure//Accelerate and they say that they are more for replication, similar to Veeam, but solely focus on replication. They say that they do it faster because of their proprietary compression and deduplication of the data on the way to the secondary site.

I've never used them before, so take that with a grain of salt.

Veeam is matching them on RPO time by using a SUPPORTED API that is stable called VAIO. The feature support was announced at VeeamOn.

@Jimmy9008 said in When to use VMWare over free hypervisors?:

Where did I say 100% uptime? I didn't. 12 VMs is small. Everywhere has downtime, yes, but this isn't complex and for IIS and SQL Server etc... this is not an unreasonable setup. Not hard to manage or design either. I'm shocked y'all think its suck a crazy setup.

Why I like having hypervisor clusters even for app clusters is it let me do host maintenance in the middle of the day when resources are cheap vs at night where they are expensive (overtime pay, comp time, or just burning out my operations staff). Also Proactive HA will detect a host is failing (FANs fail, thermal warnings, memory errors) and evacuate a host and put it into quarantine. Still collecting stats on what % this prevents on host failure but you'd be surprised how many hosts give off warning signs that they are failing.

@Tim_G I've seen something that looks strikingly similar for ESXi (Maybe it's just every angular node.js app looks the same). Note these UI's are REALLY limited to only the most absolute basics of management (Partly because it takes YEARS to build a "full feature" UI for the 200K+ API calls that a hypervisor platform can perform, and when done on a platform with notoriously changing API's (KVM historically) this only works when you control the full stack (and even then Scale and AVH both are still focused on the 10% that are 90% of your workflow).

@dashrender said in 2FA - when required by your vendors, do you stipend your staff?:

@penguinwrangler said in 2FA - when required by your vendors, do you stipend your staff?:

Why not buy them some cheap Android Tablets. I mean you can pickup some really cheap ones, less than 50 bucks. As long as they are on the wifi then they use those. You have total control over the 2FA devices that way.

Now they are carrying around two devices with them, phone and this tablet.

It's worse than that. The device battery 6 months in last 10 minutes, the screen takes 2 minutes to use because it's some ancient touch screen, the Android release is 4 versions behind. The MDM API's are so crippled you can't get Airwatch or any real MDM solution to work. When you have labor resources that cost $100-500 an hour WTF would you try to save a few $ per person that will cripple their workflow? I've seen so many people try this and fail.

For what it's worth hospitals devices tend to be shared on call devices. My wife's on-call phone is locked down so tight that if she takes 2 steps out side air watch bricks the device till it comes back in the hospital. They use special Android devices that are properly patchable, have the full KNOX API's for air watch to hook, and have extra battery kits and hot docks everywhere.

@aaronstuder said in KVM Poor Man Replication HA:

Ceph would be a better option

I think Redhat knows why they aren't using it. Its core feature set was high-speed transactional object and not block (the Block have was explicitly not production ready when they acquired it). While it is architecturally better for the block, It's dynamic failure handling is non-existent (Gluster is a bit better here because of the layering it tends to sit on and use of Local RAID which was what RedHat was packaging for HCI). Ceph is the #1 reason I've seen for OpenStack deployments to crash and burn in a disastrous way. With Careful testing, validation, lifecycle control, and prescriptive deployments it's powerful. It's just... Kinda a glass cannon, and you'll see it openly cursed at OpenStack conferences and presentations (with people talking about using CINDER + something commercial like SolidFire etc).

@stacksofplates There are other costs to GIMP (I've used it, honestly prefer Paint.NET).

1. Training. There are a bazillion classes, youtube videos, books, and even college courses that include photoshop. GIMP has significantly less available in this realm and while it has some free content it's less than 1% of what is out there for PS.

2. Sunk Cost software - Photoshop for many is a sunk cost (They own it, have an Adobe subscription for Illustrator or other things you use, their company has paid for it). This also extends into arguments for why you should leave other commercial products when you already have an ELA etc for given software.

3. Sunk Cost Training - If my staff knows how to use PS or other software, and has 5000 hours of experience with it, it's going to take a while for them to switch to GIMP. Even at 200 hours of lost productivity or slow work to get back up to speed on GIMP, if my labor is at $150 an hour (what I got quoted for a conversion job recently) It's going to cost me 30K to switch to GIMP.

@matteo-nunziati said in Is this server strategy reckless and/or insane?:

About bench. I've made some tests with my new server before deployment. Disabling controller and disk cache helped a lot understanding real perf of disks.
I've seen sata ssd x4 raid5 outperform 15k sas x4 raid 10.
Enabling cache at controller level blends things, even with big files making benches a bit more blurry.

Running benchmarks is a dark art. Especially with Cache.

1. Some workloads are cache friendly (So a hybrid system of DRAM or NAND cache and magnetic drives will work the same as an "all flash").

2. There are a lot of Cache's.. There are controller caches, their are DRAM caches inside of drives (You can't disable this on SSD's, and can only sometimes turn they off on SATA magnetic drives and others). Some SDS systems use one tier of NAND as a Write Cache also, some do read/write caches.

3. Trying to maximize drives when testing them for Throughput or IOPS is different than trying to profile steady state latency under low queue depth.

99% of people I talk to who are testing something are doing something fairly terrible that doesn't test what htey want. They are doing Crystal Disk or some desktop class system to test a single disk, on a single vHBA, on a single VM that's touching only a handful of the disks or a single cache device.

For bench-marking on VMware vSAN with HCI bench there is now a cloud analytic platform that will diagnose if you are properly creating a workload and configuration that is truly trying to maximize something (Throughput, Latency, IOPS). If it's not optimized it will give you improvements (Maybe stripe objects more, tune disk groups, generate more queued IO with your workers). This is actually pretty cool in that it helps make sure you are doing real benchmarking and not testing the speed of your DRAM

https://www.youtube.com/edit?o=U&video_id=wAz4h48pZZI

It also completely ignores what DWPD is often a proxy for. Write latency consistency. A drive with .3DWPD MIGHT be good enough for your endurance requirements but might also completely implode on performance if all your writes are done within a short period of time and the application has end users accessing it.

@jaredbusch said in SW Roomate?:

Re-book at the Hampton.
Seriously. You will pay more in Uber/taxi than you will save.

I can expense Uber (automatically loads into my expense report).

@scottalanmiller said in Malicious Logins To Zimbra Mail Server:

@anthonyh said in Malicious Logins To Zimbra Mail Server:

@scottalanmiller said in Malicious Logins To Zimbra Mail Server:

@anthonyh said in Malicious Logins To Zimbra Mail Server:

@scottalanmiller said in Malicious Logins To Zimbra Mail Server:

@storageninja said in Malicious Logins To Zimbra Mail Server:

@scottalanmiller said in Malicious Logins To Zimbra Mail Server:

Correct, MTA is always on 25 unless you have an agreement with someone. Then it could be anything.

I'm a bigger fan of having an external service or device (that can mailbag) do your filtering, and then you only accept SMTP with TLS from that service (So your firewall rules don't allow port 25 from the world to the actually mail back end).

Yup, agreed. You never really want to be accept email directly yourself (on your email server, at least.)

What about doing a Zimbra multi-server install and installing the MTA on one VM and the rest of the services on another VM?

Not a bad idea, but doesn't provide you with enterprise mailbagging. It would in no way eliminate the best practice of having an HA hosted mailbagging system.

Right. After I replied I realized what you meant by not accepting mail directly yourself....ha.

I have been considering diving into a multi-server deployment at some point. I've been considering putting the mailbox service on it's own hosts for performance reasons, but maybe instead I can organize services by publicly facing/not publicly facing and do two VMs that way.

In no way does this help in the scenario of the OP, though.

Just got to a larger VM in most cases. Separating them rarely will speed it up until you are going to lots of separate hardware.

I've seen a single VM handle 5000 users just fine (With Exchange). For Zimbra I can't imagine what the point of separating them out is unless it has functionality similar to DAG.

Also to be blunt, why on earth are you manually reading the logs for this stuff? This is a colossal waste of manpower. For security auditing, you should...

1. Outsource this. There are a lot of great SOC/IDS systems.
2. Have an IDS layer 7 devices and reverse proxy manage a lot of this or you. (You shouldn't need to be tweaking brute force detection on different systems).
3. If you care about security stop running your own email server. Pay someone who has dedicated SOC teams, patch management teams, massive spends on layer 7 inspection devices etc.
4. If you work for a F500 you might have a internal SOC, but if you do this you basically are dedicated to this.
5. Invest in internal security (MicroSegmentation and security inspection). Most of your DC traffic (~70%) is east wast and focusing on the external means your likely missing the real attacks as the control channel will be encrypted and tough to find on the stuff coming in north south.

When I worked in consulting, people who were wasting time chasing down hits on their firewall were generally the people looking for a new job a bit later.