@dashrender said in Buying new business desktops - what do you like?:
As the title says - I'm looking to buy a few new desktop PCs for my office. What do you guys like?
In the past I've purchased with HP elitedesk units.
Past purchases were in the $800 range (computer/keyboard/mouse).Dual monitor connections is a requirement. Display port converting to VGA/DVI is fine.
Dell micro OptiPlex's mounted to the back of a monitor is very nice to support.
@dbeato said in .local vs .com:
@bbigford said in .local vs .com:
@thwr said in .local vs .com:
@bbigford said in .local vs .com:
I'm not sure if this conversation has been completely talked to death. I'm wanting to get others' perspective on the use of .local vs. .com
.local has been used by a default for Windows Server for quite some time, up to 2012R2 Essentials. Many people prefer to use something like ad.domain.com
There have been a few client acquisitions, and what ends up happening is a company name changes a couple times before the servers are replaced within ~5 years. Rather than changing their domain name, I just create a new DNS suffix instead. Over time, I end up rebuilding the domain not only to clean stuff up, but to have the company name completely updated across the board. It takes a little more time, but it looks better in the end so there is no old hold-over.
I've read quite a bit over the years of people using corp.local ... don't have to worry about company name changes or anything else. But then people have run into issues where they need to have an internal CA since 3rd party certs can't be issued to non resolvable FQDN's.
Thoughts on consistency?
About com vs local: Many guides today suggest a real domain. The most important reason seems to be that you will be able to get "real" certificates. No chance for certs with invalid TLDs.
Right. I haven't found any pros/cons for ad.domain.com vs. domain.com though.
Is more on the website site of things for DNS, in which the main domain cannot be accessed internally (Website0 without www CNAME record or other records with it.
I posted that without thinking about it too much. There's a lot of reasons to not use domain.com 
I have yet to find anything that is as cost effective as BackBlaze B2 for appliance to cloud backups. Restore is painless (only had one critical issue with a Synology so far). Compared to CrashPlan, Azure blob storage, AWS S3, iDrive, etc. Nothing comes close in price.
Anyone using anything other than BackBlaze B2 to backup a Synology and loving the price/features?
@tim_g said in .local vs .com:
I've been working at a .local for almost 5 years now... no issues whatsoever, and no additional work required. No reason to change, probably never will unless a need comes up. We also use internal CA, for all users and public email... no issues there.
We've got a ton of clients using them from over the years. I just built a couple new environments this week and used ad.domain.com for them. It would help not having to deal with an internal CA.
@scottalanmiller said in Do we dislike Ubuntu:
@bbigford said in Do we dislike Ubuntu:
@scottalanmiller said in Do we dislike Ubuntu:
@bbigford said in Do we dislike Ubuntu:
@scottalanmiller said in Do we dislike Ubuntu:
@bbigford said in Do we dislike Ubuntu:
@scottalanmiller said in Do we dislike Ubuntu:
@bbigford said in Do we dislike Ubuntu:
No thanks on Ubuntu. I prefer Fedora for workstations and CentOS/RHEL for servers. I haven't tried Fedora on servers but have needed more stability and less bleeding edge features. Curious to start trying it out as a server instance in a lab though.
Fedora is not bleeding edge, that's not the right way to think of it. It's just current, if anything, I'd say that it is probably the more stable of the two. CentOS is "old", not "stable". The two are not the same thing. CentOS is for specific cases where you need to maintain unchanging libraries - not something you ideally want. We specifically want Fedora for better stability over CentOS.
I chose the wrong verbiage, having read back through what I wrote. I meant bleeding edge as in latest features and consistently up to date. Where things couldn't change due to requirements where things might break, I've used CentOS. Not necessarily that it is more stable, just that things wouldn't break as easily for that reason.
I think that it makes "meaningful" breaks way more likely. CentOS does basically all the same changes as Fedora, just saves them up to make it far more painful when you have to deal with many at once. It's not like Fedora makes "more" changes, it just makes them in smaller amounts more often which protects you in many ways.
I can understand that. Having small things break, or rather maybe smaller things often rather than big breaks rarely, comes down to preference. Would I rather deal with small "noise" or a late night here and there with big stuff? If the small stuff does not effect end users to a point it is unnoticeable, but the big stuff takes down a service, those are big differences.
It's not about just breaking things, that shouldn't happen in either case. In both cases you deal with that through testing. What we are talking about between the two is whether your developers fix things "as they go" or if they save things up for years and then have to do major fixes to fix not only not keeping up as they went, but years of accumulated technical debt that could have been avoided.
I should say I haven't had any stability issues beyond some odd graphical program issues with Fedora, ever. So stability isn't really the right word for me to use there. I wish the major releases were a little longer. Certainly not as long as CentOS because those releases are far too long in my opinion, but around 1 year is just a little quick for some healthcare environments. 1 environment I managed had around 70 or so CentOS 6/7 VMs. I don't want to upgrade those every year. Every other year or every 3 years would be okay. At the same time, I'm not going to run a version or 2 behind.
Why do you want any length over the "absolute minimum", though? What's the benefit to any length at all? There is a minimum time needed for testing and support, I'm not saying to shorted that. But even Fedora holds updates after that point for up to six months to hit their "cycle". I don't want even that, every day that those updates aren't released is a day that we might be making technical debt for no reason. I understand why they do it in six month releases, they want enough time to get the whole system into a state where people can target it for package announcements. And I'm okay with that. But why would you want it longer, rather than shorter?
Shorter for major releases? More maintenence for major patching. Having a slightly longer time between major releases frees me up to focus on things other than testing/implementing upgrades.
@black3dynamite said in If all hypervisors were priced the same...:
@bbigford said in If all hypervisors were priced the same...:
@black3dynamite said in If all hypervisors were priced the same...:
@bbigford said in If all hypervisors were priced the same...:
@dustinb3403 said in If all hypervisors were priced the same...:
XCP
What does xcp-ng mean? Couldn't find it on the introduction
Xen Cloud Platform
NG=New Generation?
I'm not sure, but it does makes more sense.
Possibly... https://github.com/xcp-ng
Found it. You have to share the site to any users first, before that option shows up. Just sharing documents doesn't actually generate that option. So once you share a document, it's shared. That option isn't for shared out documents, it's for the site itself.
I'm building a new beefy lab workstation. I considered getting some used servers, but doing some nested virtualization has worked out in the past and is going to carry a lower cost for what I'm doing. It's strictly for the purpose of working with HA.
I've virtualized some hosts with VMware, and have heard that Hyper-V Server 2016 now supports nested virtualization whereas 2012R2 had some issues. I haven't tried it though.
Has anyone tried nested virtualization with KVM, Xen, or Windows Server 2016?
Short back story: New setup with existing hardware. Synology appliances rsyncing between main site and offsite at one of the partner's houses. New client had brought an appliance back onsite after firing a previous provider for not verifying backups and there was a disaster. After assessing things, their appliance hadn't synced for months. Delta copy was around 3TB. After a week of copying, I sent it offsite and have been verifying the sync weekly (things are healthy and performing very well). I am going to be redoing this offsite solution when the appliance ages out in the next couple years. Risk mitigation and overall sync performance has been assessed compared to cost of redoing things during all of this.
I need to reach the appliance to be able to update the DSM firmware; ensuring both appliances are on the same firmware as well as just making sure software is generally up to date. I was looking up some tidbits on Synology external access as https://external:50XX using PAT to 5000 on the appliance is being setup using the owner's AiO edge appliance. Not using DDNS, there is a static IP on the resident's home for offsite backups. Can't reach the device, but the partner did set it up himself as he is a power user and it's tough to get him agree to let people do things for him, even though it actually costs less operationally to just let me get in and do it rather than provide details on what is needed. That aside...
First forum I hit... does anyone else find some of the information in the comments very odd? ISP blocking port 80... Synology using too many ports to be able to do PAT... DMZ setup being in a AiO user manual, as if it is just a standard home configuration for every use case...
https://forums.techguy.org/threads/solved-synology-nas-external-access.1100674/
@dbeato said in Zimbra help..multi-domain each with own external relay:
@vhinzsanchez said in Zimbra help..multi-domain each with own external relay:
@dbeato, thanks...I'm relieved that someone still has working with me on this.
I am building a server now with multiple domains to follow up on this.
@nashbrydges said in Synology external access - weird information:
@bbigford I manage 3 separate Synology NAS units for clients, 2 with dynamic IPs and 1 with static IP and the requirements were essentially exactly the same for all 3. Ensure the correct port was directed to the device and DSM just worked. Wonder if your user has missed something.
That's what I'm thinking. I responded a moment before you did with a previous conflict regarding proper PAT. If he would allow me to just log in and do it myself that would cost them less operationally. I typically follow up with reminder emails that if I'm left to do my work with proper access, it costs them less overall. Comes down to a trust issue; it is just going to take time to bust through their ego and allow me to do my job.
It comes down to security vs. convenience. Performance is something completely different and can be tuned/scheduled.
Do you leave your keys in your vehicles ignition? Do you leave your front door wide open? Do you write your personal identity numbers on your arm?
No? Use anti-virus.
I wish I was a technological freak of nature with overall experience and facts so I could rapidly help you out and tell you exactly what this issue requires to be resolved.
Sadly, I have no valid input. But I'll continue to follow this thread so I can learn more about this issue.
Re: KB4073701 kills QuickBooks
I thought you could filter WSUS to search for a specific KB. Can't find that option anywhere. Does it not exist?
Derp. Didn't have the action panel open. Thanks. :expressionless_face:
@mike-davis said in KB4073701 kills QuickBooks:
@BBigford glad I could save you some troubleshooting time.
If you're using a Venmo style delivery for drinks and/or strippers, I am willing to contribute for your helpful post to the community that directly impacted me. It has to be explicitly used on something such as strip clubs that take this type of gift card or similar. I cannot, by my own community standards, simply send money to you directly which could be spent on anything. It has to be a payment method that is only redeemable in the form of alcohol and/or strippers.
This one is stumping me. I resolved another engineer's issue, but I don't see why there was an issue to begin with. Here are some high points:
What I don't get is why the first SPF doesn't check out. There is a PTR record in GoDaddy, and a host record pointing at the correct IP. SPF should read "any MX records, and IPs, for exchange.ourdomain.com are allowed to send; including a provider, and for spoofing there will be a soft fail".
Where am I wrong?
When the heck does this actually go EOL? Does anyone have a link that clearly states it? All I can find are forum threads.
I've found a thread from "that other forum" that states WS2k8 is officially EOL in 2020, but this Microsoft link shows you need to refer to Service Pack end date... which is only 3 years after it's release. The other columns show as N/A. Obviously it wasn't EOL 3 years later, so the verbiage isn't clearly stating when it actually ends. I'm only concerned with security updates, nothing else.
The question is going to come up, "why would you support this?!"
It's a HIPAA client and I have to retain the data for 7 years. I can save the VHD to another server and backup that server, thus backing up the VHD should we ever have an audit in the next 3 years for that data. There is a proprietary DB and a front end installed on that server, which is an old electronic medical records system. I really don't want to just export the DB and try to find the software later when an auditor says "part of retaining data requires you to make it highly available when we ask. That includes available client programs to connect to the database and pull that data as needed."
The other alternative is just convert it in the next 60 days when they move from Hyper-V to VMware ESXi for an infrastructure upgrade, then keep that VM running. To be clear, this is a dead system; nobody has used it since November and people knew that time was coming for around a year. I'm handing this account off to another engineer and want to just make this as easy as possible for them to hand over information and availability of that data to any HIPAA auditors. Part of that compliance audit is allowing EOL systems access to the network. I just need an EOL date for planning purposes. If my thought is correct, they'd have to cut network access for this system in 2 years, which they would then have to extract data from an offline system in the last year should there be a demand-for-data during that time beyond just a standard annual compliance audit.
High Points:
@nashbrydges said in Synology NAS - Can't delete:
If you're using rsync to sync the 2 NASs then there's no air gap. The systems are obviously networked together. What about using Backup Copy from Veeam instead of rsync. Just wondering is rsync may be the cause here.
Air gap as in if one building was lost, the other is fine. I should have been more clear. Not two separate networks using wireless point to point.