Open to other suggestions to move from LDAP to LDAPS, but I'm in an environment that has too much legacy stuff to scrap it and / or AD so that whole possible course of action is the non-starter to end all non-starters.
In an on-prem only AD environment, no problem using self signed.
Mikrotik devices are usually very stable, rock solid. However, from time to time, there are serious problems with some models and it can take looooong time until they fix it. Last two fckups that I remember where problem with RB4011 disabling wifi interface for no reason and CCR2004 router rebooting on random. It took over a year in both cases to solve the problems.
It's a surprisingly cheap and easy bus to take. it's like $1.20 per person and maybe 45 minutes. Very easy. And they sell you snacks and drinks as you get onto the bus and it drops you off in a market with lots of taxis and food stalls.
I assumed, but thought I'd ask - you don't have a car there, right?
No, but we are casually shopping for one. It would be handy with all of the stuff that we do now in other cities. And our places aren't on the bus routes, so you have to go to the city then get a taxi. Makes it a pain as we expand. We have three businesses up north in Departmento Chinandega which isn't far, but it makes it hard to deal with especially as the buses aren't going to run at 1am when we'd often want to take them.
I have two roadblocks with a .net core console app I need to get resolved. I am looking for someone with the expertise to solve these issues for me.
I can discuss the app here, but if you are interested, let's negotiate the terms privately.
Is it a Linux issue, .NET on Linux issue, or an issue with the software? Running .NET on Linux is very straightforward and is an IT issue. The software is a programming issue. So important as it affects what type of firm you'd engage.
@scottalanmiller Let me clarify. I want to make sure the "good" backups are copied to the offsite storage. So if the building were to catch on fire or something, and the good copies are destroyed. I would want to be able to restore from the offsite storage. In my case, some of the data was missing from the offsite storage that should have been replicated from the local "good" backup. Not sure what happened, and why it was not copied over, but it did not. I figured there would be some kind of sync mechanism that would have caught that ahead of time, which Barracuda said there is no such sync. That is why I reached out to the community.
We understand. And that's important because clearly your sync failed. It's just that it also exposed the fact that the original backups are not application aware (unless there is no application) so something that you should see as a very, very large issue. If you are responsible for the backups, that is. Otherwise, not your monkeys, not your circus.
You're making an assumption that there's an app to backup - which wasn't 100% clear until this post. As you mention - he might just be backing up file servers - so no app involved - just files to backup.
Even a pure file server is normally accessed. "File server" is a form of "database". A very specific form, but surprisingly similar to a document database. It would be super weird, but not actually impossible, to have a file server that holds files but is never accessed. but once you start accessing files, it's an application doing the accessing and we are right back to where we started. File servers tend to have known usage patterns and accepted backup failure modes, but the issue hasn't changed. It just feels that way. No file exists without an application.
I'm thinking about running pure KVM on debian for virtualization hosts. Not Proxmox. There will be no GUI on the servers, no web interface, only ssh for management.
Do I need to do anything special to lock down the security?
I've never used KVM in production, only on my desktop and then I've had virt-manager as well as tools like virtsh. So I don't really know what is required for a pure KVM server to be as "secure" as proxmox, xcp-ng or whatever.
Keep the OS and everything updated. Keep drivers updated. Keep firmware updated. Use only key-based auth for SSH, add only specific devices to authorized_keys file. Ensure firewall configured well. Set up log alerts for access.
Actually the white wall that is just behind the laptop is much better than a ring light. Just bounce a light source of it and you'll get a very nice light. Search for "bounce lighting" if you want examples.
I have this setup - I have a LED lap that I pointed a the wall and turned the camera on - much better lighting for video calls and wat not.