@jaredbusch said in Free VM Backup:
That many VM's and it is not worth the money to buy a solution?
Just WTF?
You don't want free backup software. Because when it's 3AM and you're trying to do a restore and having an issue you need support. Free means no one verifies that a new patch in windows will not break it.
@scottalanmiller said in Anyone with Cisco download access (firmware) can help me ?:
I replaced a Cisco a few weeks ago because we could get a Ubiquiti that was new faster, delivered to the site, than we could get a cable to hook into the Cisco. Saved both time and money and got them better quality gear. Pure win. Cisco's "deal with our BS" overhead is very high and a huge factor on their TCO.
Their optics division makes 2 Billion a year I hear. 3rd party optics are made by the same people so I never blinked at using them and duck taping some spares to the side of the chassis.
@scottalanmiller said in To Cable, or Not to Cable:
@storageninja said in To Cable, or Not to Cable:
I'm pretty sure I got cancer (Wirelessly) reading that article and the responses.
I would never had even read it if you had not mentioned how bad it was earlier this morning.
It did make me realize that a LOT of people don't understand the OSI layer model, and how security at a higher level can completely mitigate any breach at a lower level.
@tim_g said in KVM - Virt-Manager on a Separate VM:
@storageninja said in KVM - Virt-Manager on a Separate VM:
@stacksofplates I can break your 4096 bit encryption with $5.
If your worried about state-level actors you have bigger concernsChallenge accepted.
Pst me your email and I'll give you a key to break.
Leave me an audit trail so I can confirm.
I assume you'll just ship me a beer and call it even?
@scottalanmiller said in Major Intel CPU vulnerability:
@dbeato said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@dbeato said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.
ARM's impacted.
How is ARM impacted?
@scottalanmiller said in Major Intel CPU vulnerability:
@storageninja said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
This year has really shown that Intel has no idea what they are doing. Time to get to AMD and ARM procs and stay there.
ARM's impacted.
How is ARM impacted?
They are saying all Intel, AMD and ARM devices.
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/Any reputable sources? I did a search and came up only with disputed claims by Intel.
Phoronix states the following:
https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-TestJust implies that Intel paid someone to include that on other processors. Not a good sign that it is included without information.
Did you not read Linus's response? It was hilarious.
https://lkml.org/lkml/2018/1/3/797
Couple things...
At 20K users you should have a dedicated SOC or an outsource SOC doing 24/7 analytics of the logs and logs should be going somewhere IMMUTABLE (LogLogic etc).
If someone who is fired is creating accounts you need to call local law enforcement and refer this to them.
Track the time and labor involved in the cleanup. Bring in an outside security audit firm. If this crossed state lines or other factors on the cost of remediation this may involve the FBI.
If this is a public company the EXTERNAL accounting auditors need to be notified of the lack of internal controls. There may be SEC violations if policies didn't exist that need to, or were not followed that did exist. Going to lunch with external auditors and telling them what was fucked up was a GREAT way as a consultant to make sure a fire got lit for someone to fix something.
If significant fraud or other things are found call the SEC directly and report. Whistleblowers get paid well.
Couple things....
If you are in the America's your email's may have fallen into the hell that is trying to reach field during Sales Kick office, and TechSummit (The only reason you'd see me and NetworkNerd fly into Toronto in the dead of winter).
For Commercial accounts (where you fall if you are small) you should talk to a partner (Ask the rep who the best partner is in the area). Partners tend to lead engagements (They have staff who are trained, resources etc). Commercial AE/SE's have a really wide mapping in channel sales driven companies (Which is most that are profitable and not startups burning VC cash). If you are a mid-sized account, then it's generally a joint engagement, if you are an enterprise then you tend to work primarily with the AE/SE's direct on everything and occasionally a partner.
What is it exactly you want to do with AirWatch? It's kinda the only serious game in town for MDM with diverse hardware platforms (Good and Best have kinda left the market).
When you buy Airwatch it's normally sold with deployment services. You have the guys in Atlanta (technically Alpharetta) set it up for you, and a PM keeps the project on track. Got an opportunity to go to ATL and talk to these guys a while back (Cross trained them on some vSAN deployments) and honestly given the opportunity of learning every quirk of MDM vs. just having someone who's a pro set up the 90% of stuff I'll never need to touch again I'd go that route.
In general with MDM where people get in trouble is trying to do it 100% themselves (this goes back to my BES days). It's shockingly easy for an untrained person in a MDM to start clicking on things and make a smartphone dumb (This reminds me of what happens when non-experienced people muck in GPO). Airwatch is better than most, but I just wouldn't waste my time with it vs. getting the PSO guys to do it for you.
@dave247 said in Trying to correctly understand core licensing in a vmware environment:
@obsolesce said in Trying to correctly understand core licensing in a vmware environment:
@dave247 said in Trying to correctly understand core licensing in a vmware environment:
@obsolesce said in Trying to correctly understand core licensing in a vmware environment:
So we're at like $35,000 of software licensing at this point... For what? What's the end goal here that justifies the costs? Oh, that's not even considering CALs. That could be many more thousands. And this is every few years without SA.
I'm not sure how you came up with $35,000 here... I calculated that it would be around roughly $3K for core licenses across those three hosts (per every 2 instances of Server 2016).
That $35,000 is a rounded up figure of you'd get Windows Server Licensing with SA for 9 VMs, plus the cost of VMWare, which you already have. I was figuring between $4-$5k per 2 VMs. Cheaper without SA, then it's about $3k per 2 VMs.
We purchased vSphere Essentials Plus 6 back in 2016 for like $5k, which allows for vCenter and up to 6 CPUs. I don't really know anything about licensing per vm with that... I will have to look into it again.vv
EDIT:
You have unlimited VM's across 3 hosts with up to 2 sockets. Note, you can upgrade this to newer versions until the end of time if you pay the support renewal (~1000 per year)
@stacksofplates said in KVM Backing and Support:
@storageninja said in KVM Backing and Support:
@stacksofplates said in KVM Backing and Support:
@stacksofplates said in KVM Backing and Support:
It also bothers me to no end that the systems we use to store our most important data (databases) have the least backup (and redundancy) options. I try to use solutions that rely on them as little as possible (that's why I use things like Grav).
This is also why I like Elasticsearch so much. Clustering is super easy and so are snapshots/backups.
It's a bit unfair to compare a cloud native No-SQL applications that can play fast and lose with ACID consistency on it's native capabilities against a relational database that's core engine was designed in the 1980's and has a mission to "never loose a transaction at any cost". I do think more data goes into RDMS's than needs to be. Even if I"m going to use something like Casandra I'd consider running a packaged build with added tools for backup/recovery operations (Datastax?) just as it simplifies the admin overhead.
That was kind of what I meant to point out. Those systems have been around for so long that they've had that amount of time to build in a native replication system (not just things like Galera). Postgres has something but I've never tried. It just seems that if you've been around for 30 years you could have an easier replication set up than currently exists.
The other problem with systems like this is their testing is very basic. Often simply checksums, or unit testing and not testing of a group of applications and VM's that require function to restore and hit a RPO point. If I"m using SRM or Veeam I can easily do an automated test and spin up a group of 10 VM's that make up the full dependency chain and make sure that a test can be done.
If I'm just scripting backups of PostGres DB I'm at the mercy of my entire build toolchain to do a full stack test (which is a massive non-trivial amount of IO and time vs. SureBackup labs, or linked clones triggered by SRM).
@phlipelder said in I think I am missing something about Hyper-V....?:
"No one is using it in production." <-- False.
figure cited is the number of currently active clusters reporting anonymized census-level telemetry, excluding internal Microsoft deployments and those that are obviously not production, such as clusters that exist for less than 7 days (e.g. demo environments) or single-node Azure Stack Development Kits. Clusters which cannot or do not report telemetry are also not included.
When you have 10K clusters, and your competitors have (Singular) customers closing in on that many clusters that's noise. VMware is reporting over 14K Customers.
The industry standard for reporting product usage is reporting total customer count. Microsoft either knows is embarrassing low, or outright doesn't have the information. My lab which includes a SSD cluster (which is nested on top of vSAN) qualifies as "production" by this definition. Hell if Starwind or Veeams QA lab is leaving stuff on over 7 days he's a production customer!
For comparison VMware and Nutanix both state the number of paying customers they have on earnings calls. This is audited, and making a false statement here could incur jail time. Since both sell discrete software SKU's for their HCI product (and can track generation of licensing keys in the portal) they can give real and actually specific numbers. VMware's phone home tracking (CEIP) can at least tell if a licensing key is a production key vs. a demo or lab license key. It also can tell if the deployment is nested (is the hardware detected as "VMware or some sort of paravirtual device) making it easy to filter and identify. Microsoft including all clusters more than 7 days old that were not on their network and include non-licensed clusters is highly dubious.
When a vendor uses odd qualifications to report customer adoption that are non-standard and use vague criteria you assume the reality doesn't smell like roses.
Sure:
The vendor itself doesn't provide phone support. I was talking to an Aruba sales guy last week on the plane and he was laughing about this when I mentioned I was using it at my house now. That's a non-starter for a lot of people (yes their forums are fine and I get why they do it as it causes support case deflection).
Cisco Clean Air, and the like can operate better in some crazy RF hostile environments.
Security integration like NAC with dynamic VLAN. In compliance shops, or people who care about edge security this is a thing. Other SDN integration might matter to some.
Opaque finances. SEC investigations in Feb, long term lack of a CFO. Really bizarre stuff for a public company. There is a crazy short squeeze going on right now something's going to blow. Networks are labor and capital intensive with little return on investment if you have to rip and replace.
@bbigford said in Ubiquiti WiFi vs... everyone:
In very high density areas with users who roam a campus, what kinds of issues have you had with an SSIF having to be on one channel in that case?
The average college student has something like 8 IP address's. It's not uncommon to have someone with an iPad, a cell phone, and a laptop. Imagine a room of 300 people all shouting in 3 languages. That's campus WIFI for you.
@scottalanmiller said in Hyper-V replication, Starwind, or something else?:
why do you see agentless as even something you want
At scale you get...
EVIL SALES GUY TRICK #403. DESCRIBE WHAT THE BENEFIT OF A PRODUCT RATHER THAN SIMPLY USE A VAGUE BUZZWORD 
If you Limit SD-WAN to just being "a separate control mechanism" then some Cisco stuff from the 90's falls under than and it's a meaningless term.
@gjacobse Is it Virtual? If so what hypervisor? (Different best practices)
@kelly said in Domain Computers: Clock Sync:
At least Hyper-V has the clients pull time from the host by default. It doesn't matter what the settings are in the OS, it is a hypervisor setting that has to be turned off before your w32tm settings will do a thing.
VMware VMtools will also pull time from the host. From this, you should..
Note there are a lot of free NTP clocks to poll from.
time.windows.com is generally up.
If you are running ESXi there is a built-in health check (under vSAN health Checks) that will alert you to time drift between any hosts and the vCenter to identify this.
@krisleslie said in Router / AP / Switch for business:
You know I'd personally only do ER but for this guy with the night hawk a USG is nothing short of an improvement but if the owner was being serious about his business then yea I'd stick with ER-4 or 6
USG doesn't do wireless so this is apple/oranges.
@scottalanmiller said in What are necessary/worthy/affordable tools for SMB?:
And one key difference, SMBs tend to use homogeneous desktop environments. They "choose" Windows. Enterprises almost never do. They almost always deploy desktops as needed. Windows, MacOS, Linux, etc. They don't just force one to everyone. Somewhere, some must, but it's rare.
Work for a 30K man company. I can have our VAR spec out whatever I really feel like and my boss will approve for a computer. Currently using the "standard choice" MacBookPro. When you use MDM API's and agents for management you don't really need to focus so much on a corporate "Image" (which Microsoft has been going away from as the SMB's tend to use it more). Our trusted stuff is behind SSO portals, or VDI generally.
@scottalanmiller said in Is the Physical Thin Client Era Dead?:
I bet the traditional thin client market is all but gone. The cost just doesn't make sense any longer. Given that alternatives are so common, so cheap, and so good, what use case remains for dedicated thin client branded hardware today?
While I agree we are seeing ChromeOS become a common thin client (it supports Horizon BTW) a few things in defense of the old brick...
Environmental. Some of the thin clients are designed to withstand crazy temperature, shock, dust etc. Throw in that they also are often ARM-based in leads into...
Low Power and weight. Every pound I put on an oil rig, needs 7 pounds of metal to float it. Go over 55 pounds and now fly something on a helicopter and need a boat. Weight above xxx requires another 2 man case for the marines, or can't fit in an overhead bin on a plane. There are MASSIVE niche markets where logistics of power and weight matter
Supply chain. Can I get a replacement in Kenya in under 4 hours? What about Bowerston OH in 2 hours? Shelf spares work for some, but having a spare PLUS a technician who will sort the migration of xxx matter to others.
Lifecycle tooling. Terradichi exists not because of PCoIP but because of their stateless Zero Clients ability to be destroyed and require ZERO effort to get full firmware etc upgraded to where it was before. As firmware security gaps become a bigger deal the lack of out of band lifecycle on a lot of IoT devices on ARM turn them from cheap to a nightmare. Aramco and other nation-state attack targets don't give a flying fuck about capital cost if it becomes the source of the next threat vector.
Compliance. A Wyse Thin client has passed xxx,yyy,zzz compliance requirements. They may be stupid tests that show if a child licks it, they don't die, or if it lights on fire it doesn't produce toxic smoke, but they sent them to a lab and spent the money.
Weird device redirection support as part of a certified end to end solution. Healthcare doesn't have the staff to verify workarounds, or 3rd party vendors like Impreveada may not certify your cheaper solution. A hospital who's spent a 9 figure some deploying EPIC and Cache doesn't give a shit about saving $50 on a thin client if they don't know up front "it's just going to work and my vendors will not complain".
Some thin client vendors will offer 10 years of support. Just like HDS VSP's, there is a market for people who don't have to replace everything in 3 years.
Not every company see's economic value in becoming an integrator.
I agree Chromebooks are a rising force in end-user computing (Google was a major sponsor at VMworld the past few years for this reason). ARM is powerful (I'm installing it on my PI3 this weekend). That said, VDI and thin clients are neither dying anytime soon, nor are they the future of End-user computing. I'd encourage you to watch Brian Madden's "is VDI Dead" session.
Couple things for a total cluster shutdown)
