Posts made by biggen

@jaredbusch Then have them upgrade. Seriously, what in IT lasts 10 years? Its time for a new unit that has cellular connectivity. All the contacts, PIR, etc.. could stay the same obviously as you well know being in the industry.

All of my alarms are installed with a cellular communicator only. My alarm guy says he only wires in telephone in the event there is no cellular coverage (which is non-existent unless extremely rural). I haven't had a telephone cellular communicator in over 5 years.

@scottalanmiller Yup I understand. But my brain would have a hard to dumping wifi guests and corporate services all in the same subnet even if it knew the guests were already isolated. Personally, I'd rather do two VLANs in this case. Would be easy to remember that wifi guests are on 10.100.100.0/24 and corporate is on 10.200.200.0/24.

@scottalanmiller said in Hotel and wifi isolation question:

@biggen said in Hotel and wifi isolation question:

So my brainstorming becomes a rather trivial setup of placing all the APs onto one VLAN and make sure all APs are broadcasting the same SSID with guest network checked in the controller (for Unifi). Then downstream at the router, prevent the wifi guest VLAN from accessing any other VLAN internally.

The point of the system is to remove the need for VLANs.

I’d still like a separate network for guest wifi and separate network for corporate trusted wifi. So, no, a vlan isn’t needed I suppose. The two networks just need different subnets.

@scottalanmiller I'm not sure I understand your last post. Are you saying that on a Unifi setup with L2 isolation activated that clients can or can't talk to other clients on different APs even on the same SSID?

Edit: So just playing with a spare Unifi AP, enabling "guest network" for a SSID fully isolates clients not only connected to the AP, but also all clients in the subnet even if those clients are plugged into a physical port on the switch. So the AP must drop all unicast destined frames which is nice.

So my brainstorming becomes a rather trivial setup of placing all the APs onto one VLAN and make sure all APs are broadcasting the same SSID with guest network checked in the controller (for Unifi). Then downstream at the router, prevent the wifi guest VLAN from accessing any other VLAN internally.

Next time I check into a hotel I'm going to fire up nmap and see how locked down they are.

@travisdh1 Yes, I saw they have the option to enable a "guest network". I was just reading about that here: https://help.ui.com/hc/en-us/articles/115000166827-UniFi-Guest-Network-Guest-Portal-and-Hotspot-System

I'll have to play with it at home to see exactly what it does.

I don't have a specific job in mind just brainstorming. I was thinking about how a 50 or 100 room hotel would handle wifi for clients while also trying to lock down the system to prevent Room 101 from accessing clients in Room 102. I'm thinking hotel wifi guest clients should only be allow to access the internet and nothing else. All on the same SSID throughout the facility.

Lets say I wanted to place an AP in each room. So for a 100 room hotel, that's 100 APs dedicated for each room number (Room 101, 102, etc...). I know I can isolate clients at L2 via the AP SSID so they can't talk to one another when connected to the same AP. That would prevent in-room clients from talking to one another. But what about clients on different APs? Would a client from Room 101 still be able to talk to Room 102 because they are on different APs even with L2 isolation on?

If they could, then wouldn't you also have to have a different VLAN for each AP and setup rules in the core router to prevent inter-vlan access? That seems complicated. Having to set the switch ports for all 100 APs to a different VLAN just to keep them segregated and then setup all the same corresponding VLANS in the router.

What am I missing here? Is providing this much client isolation really this complicated?

I use RevelPOS our retail business. Had it for about 7 years now. It’s ok. Uses iPads.

I’d probably do Clover if I had to do it over again but it’s too much of a PITA to switch now.

An Isilon for surveillance cold storage?! I need to work for a company like this that wastes cash like its toilet paper.

@scottalanmiller Yeah I just wonder if this is only surveillance related, do they even have an IT dept that can do it?

That autoloader that was linked above is only double the price of a single deck. Unreal how much decks cost.

Who is going to be tasked with changing the tapes if using a single drive? Is that something they are going to keep up with in house??

Ha! Well it will be that and a mixture of Wireguard for me.

Anyone else get an email today about how they are forcing people with fixed key licenses to the new subscription key license plan? I pay $180/yearly for 10 fixed keys. To get that same functionality it will cost $720/yearly or 4x the price of what I pay now.

They can't be serious. I'm betting they didn't get enough subscriptions and decided to just move everyone over to those price plans. I can guarantee I won't be renewing for $720/year for 10 keys.

Another vote for Blue Iris. I run it in Proxmox VM. Have about half a dozen Dahua cameras feeding it.

@Danp @manxam Yeah upon login, there is nothing chewing disks or using CPU. Very strange...

I wonder if there is something I can install that would log services running in the background and then I could look at it at a later time to determine what the service was that was using CPU, disk, etc...

@dbeato Gold is reads and teal is writes. Writes were higher (slightly) than reads so you can't make out the gold reads very well.

They use shading for those graphs. It would make more sense to make them transparent so you can see the line colors better.

I came home this afternoon after lunch and noticed the server was back to whisper quiet. Checked the Proxmox I/O graphs and it back to its regular 3MB/s write and barely any reads. So I don't know what the hell Windows was doing for the last 24 hours but it seems to be done.

I'm going to research this further because I have a feeling I'll see it again one day.

At home I have a Promox host that I have a Win10 VM running Blue Iris (IP camera VMS). I've had it running for some time now (~year) with no issues. It's a simple setup. All my Proxmox VMs are hosted on a SSD. However, I do pass through two large spinning disks to the Blue Iris VM so that I can record video to the mechanical drives and not to the actually SSD that the VM is hosted on. Those two mechanical drives are only used by the Blue Iris VM. No other VM touches them.

So yesterday I'm in the room where the host is located and I hear disk thrashing. You know, the sound of a hard drive being defragged? That kind of disk thrashing. Lots of reads and lots of writes. This is quite unusual as I've never heard those drives make noise ever. I open up my Proxmox GUI to see what is going on and I see that VM is showing a lot of of reads and writes. Proxmox is showing 50MB/s writes and 50MB/s reads all going at the same time. This is highly irregular. At any given time, Blue Iris is writing no more than 4MB/s (from my cameras to the drives) and reading virtually nothing so 50MB/s both ways is waaay of the charts. So I decide to quickly RDP into the VM and see what the hell is accessing the disk and as soon as I RDP in, the drives stop thrashing and disk access returns to normal levels.

So I look around in task manager and everything looks fine and I chalk it up to nothing and log out of the RDP session. Well as soon as I log out, the drive thrashing fires right back up again. I finally figure out its tied to an RDP sessions after a couple times of logging in and out. Here is what Promox is showing for drive I/O for that VM with my annotations:

You can see from the chart that whenever I'm logged out of RDP, disk I/O is real high. But as soon as I login, it dissapears and resumes normal I/O levels that I'm used to seeing which is about 3 - 4 MB/s write and little to no reads.

How can I pin this down since whenever I log in, the task that is causing the issues pauses and nothing shows in task manager?

But what about the server case itself? What models are you putting these components in? I'd probably do a tower for the initial build.

@PhlipElder What cases/heatsinks are you using when building these custom systems?