Tower Server and Network Opinions
-
@scottalanmiller Your entire post makes a lot of sense, as for not going with Lenovo what is your biggest fear of them?
-
@christophergault said:
a single 240GB SSD (for ESXi)
You would never put a hypervisor on an SSD. They should be put on an SD card, this is both a general industry best practice as well as VMware's official best practice. If you were to avoid the SD card for some reason (don't) you would only do so to use the cheapest, slowest SATA drives in RAID 1 that you could get, never SSD. Every penny spent on those drives is lost as the speed of the hypervisor drive has no effect on the system.
-
@scottalanmiller Damn, I still have allot to learn about all this...
-
@christophergault said:
@scottalanmiller Your entire post makes a lot of sense, as for not going with Lenovo what is your biggest fear of them?
That you can't trust them. They have established themselves as the people you should be guarding against. You need you server vendor to be your partner, not your enemy. Lenovo is an all out enemy. In the past 1.5 years we have caught them running scam contests, installing malware designed to potentially steal your private data, putting on fake root certificates, putting code into the firmware to put malware back after you have removed it, getting their malware into the only available drives for their machines so that it cannot be avoided, etc.
And that's all on top of the recommendation before they did those things that their servers were of inferior quality and rarely of good enough quality to use. They just aren't cheap enough even if they weren't your enemy. But you can never trust Lenovo in your shop. They've established that they are the hackers you are trying to keep out.
-
Why VMware? Of the four enterprise hypervisors, VMware is the only one I'd start by almost ruling out. The other three are free and more featureful. VMware costs a fortune and cripples you out of the gate. It would be an exceptionally special case where I would even put VMware into the list to consider. Not that their software and support are not top notch, it is just that in a field of four products, they routinely come in fourth in nearly every aspect while being the only non-free option. So paying a premium to get crippled rarely works out well.
http://www.mangolassi.it/topic/5082/is-the-time-for-vmware-in-the-smb-over
-
@christophergault said:
The site where the server is located at already has an on-site natural gas powered generator with 22 second delay from power failure, in sight of this we already have a smart APC battery backup unit that will provide power for the dual redundant server as the generator is powering up.
Two UPS, right? You should have one UPS per power bar. Otherwise the UPS becomes a very risky single point of failure. The cost of high availability power is one of the biggest drivers to moving out of on premises hosting because it is just so costly to do power well without huge scale. But without it, lots of highly available servers doesn't provide the reliability expected.
-
If you want high end server hardware (like HPE or Dell) but want entry level prices (like SuperMicro or Lenovo) look to xByte (add appearing on the right currently) as they provide refurbed enterprise Dell gear, full warranty for a fraction of the price of new and bring a lot of experience and expertise to the table along with it. And they are active here in MangoLassi so you don't even have to reach out to them through another channel, you can talk to them right here on the community. They even have their own forum category here.
-
@scottalanmiller Sounds like Lenovo needs a beating haha, I heard Dell has allot of bloat ware however...
-
@christophergault said:
@scottalanmiller Sounds like Lenovo needs a beating haha, I heard Dell has allot of bloat ware however...
Well.... a couple things about the bloatware...
- It only applies to consumer equipment, not stuff we would see in IT. Just stuff for home.
- It only applies to things like consumer laptops and desktops, not servers of any type.
- You never accept anything setup or installed from your server vendor as a basic practice, so no matter what they install on there it should not matter as you would never see it.
http://mangolassi.it/topic/5474/never-let-the-vendor-set-up-a-server
-
Nine years of posting daily about this stuff results in having an already written article and long already hashed out discussions on every topic that you can imagine. It's amazing how many industry best practices that were never mentioned prior to SW and ML coming into existence are pretty well documented and established now.
-
@scottalanmiller That makes sense, however my father (owner of the business) has had a bad experience with Dell and has used Lenovo in the past and loves them. What could we do about the potential "Lenvo hacking" if we end up going with the TD350...
-
Not having the vendor set up your server goes far beyond installing the hypervisor. You would never let them set up the BIOS, RAID or any setting on the machine whatsoever. You need to be confident that you have documented every step and can reliably repeat every step to go from spare parts to working server to back to your original configuration. And you need to know what that configuration is. This is one of the things that drives me crazy with Dell's website - it forces you to give them configuration details that make no sense for them to have.
-
@christophergault said:
@scottalanmiller That makes sense, however my father (owner of the business) has had a bad experience with Dell and has used Lenovo in the past and loves them. What could we do about the potential "Lenvo hacking" if we end up going with the TD350...
Nothing really. It was built into the BIOS and you have to trust them to give you a clean image, which you can't.
They made a point to say it only affected some laptops, but then it was found to affect others so who knows what was and wasn't affected.
-
@johnhooks Well that is great, what type of private data have they been caught for stealing?
-
@christophergault said:
@johnhooks Well that is great, what type of private data have they been caught for stealing?
I don't know if anyone really knows what they captured. But if I remember correctly a lot was sent unencrypted. Is that correct @scottalanmiller?
-
@christophergault said:
What could we do about the potential "Lenvo hacking" if we end up going with the TD350...
Nothing. It's like asking "what can we do about letting a thief into the bank". You are letting a thief in. Sure, you can watch him, but you've intentionally let someone into the place you are trying to protect knowing that they will steal from you if you slip up. What's worse, is that you are hiring them to be the guard. So you are paying them to be the guard, trusting them to be the guard, but you know that they are the thief and you are just hoping that you guard the guard so well that the guard can't steal from you.
In any IT circle, once you have malware on your machine it is compromised and the only sure way back is scorched earth - meaning ground up rebuild. Because Lenovo has been doing very shady hardware level tricks to get around even that and has only been caught a few times suggests that they are still doing it, will keep doing it and are getting better and better at not getting caught.
Ask him if he feels that any data that passes through this server is not something he wants to voluntarily send to China. Not that Lenovo will get your data, but it kind of has to be assumed that they can and they are only putting in that capability for a reason.
So... does he want a Chinese backdoor to his company? I presume the bank accounts will be exposed here, for example. And customer data. And customer products.
-
@christophergault said:
@johnhooks Well that is great, what type of private data have they been caught for stealing?
None, if they got it they got away with it. They hijacked network data so in theory, they have gotten or have had the option to get absolutely everything.
-
@johnhooks @scottalanmiller Well why the hell would IBM sell their servers to Lenovo if they knew of this?
-
@johnhooks said:
@christophergault said:
@johnhooks Well that is great, what type of private data have they been caught for stealing?
I don't know if anyone really knows what they captured. But if I remember correctly a lot was sent unencrypted. Is that correct @scottalanmiller?
That's the thing, they only got caught setting up for the thefts. How much they got away with no one knows. How much they are stealing right now, no one knows. All we know is that they keep at it and companies keep inviting them to attempt to get their data too.
That's the thing about hacking. You never know what they got. You just sometimes get lucky and cut them off.
-
@christophergault said:
@johnhooks Well why the hell would IBM sell their servers to Lenovo if they knew of this?
Why would IBM care? Not their problem. This issue has no connection to IBM in any way. Far more importantly, why would people keep buying Lenovo now that they know this?