I'm more or less just wondering about the multiple CSR aspect of this now.

@scottalanmiller said in question about multiple CSRs on same IIS server:

Not to do one of those "do something else" posts. But... have you considered using LetsEncrypt? No CSR needed, and free.

Thanks but no, I am setting up an application at work and I have to follow the vendor's instructions. I need to purchase certs from a specific cert vendor and do it all a certain way :s

I need to purchase two SSL certs for two different sites on the same server. I know how to create a CSR but I was wondering if I create a second CSR for the second cert if that will over-write the first CSR or how all that works... I'm assuming I can create how ever many CSRs I want and they will all be valid/stored in some internal database in IIS but I can't find anything that confirms this.

So is this correct? Can I create multiple CSRs for different SSL certs on the same server? Is there a way to view them aside from looking at the actual exported CSR text file? Even if its just a log that says request # exists...

Not sure how this aspect of it works so any help is appreciated.

@scottalanmiller looks like I need to install it on something though. I was hoping to not have to purchase any additional hardware. Still an option though.

I was asked in passing (minimal details right now) about web filtering options for my church. Its just a small org with about 15 or so nodes (PC's, printers, wifi) a handful of users, non-domain and no static public IP or anything. There's a lot of people who come in and connect to wifi throughout the week, including kids. Basically they just want to block porn.

The equipment they have now is a Ubuquiti EdgeRouter type thing little Netgear switch. I wasn't given a price range but I'm just seeing what's out there for free/cheap options for now.

I did happen upon this which may be good enough: https://www.youtube.com/watch?v=YYwL6-n0qrU - I'm just not sure how well it works.

Otherwise does anyone have any good suggestions for Church/non-profit type setups? Something that would work with the network equivalent of a home network.

OpenDNS might be the best/easiest option for now: https://www.opendns.com/setupguide/#familyshield

@JaredBusch We use Mimecast and its great. Not sure about base pricing though.

@DustinB3403 said in Looking to create a 20TB RAID5 volume with SSD drives in an R720:

@dave247 said in Looking to create a 20TB RAID5 volume with SSD drives in an R720:

I'm thinking I may just go with 4 of these drives: https://www.newegg.com/micron-5210-ion-7-68tb/p/1Z4-00CB-00035

4 x 7.68TB SSD in RAID10 for 15.36TB of storage

It's SSD, use RAID5 or 6. RAID10 is going to be really expensive per GB.

yeah I just realized that... if I did 4 x 7.68TB SSD drives in a RAID5, that would give me 21TB. This might be my best option!

I'm thinking I may just go with 4 of these drives: https://www.newegg.com/micron-5210-ion-7-68tb/p/1Z4-00CB-00035

4 x 7.68TB SSD in RAID10 for 15.36TB of storage

@DustinB3403 said in Looking to create a 20TB RAID5 volume with SSD drives in an R720:

@dave247 do you already have the chassis or are you looking to buy today for this?

I already have the R720 chassis loaded with desired CPU and RAM so I'm sticking with it. Just need to find the right drive config.

@scottalanmiller said in Looking to create a 20TB RAID5 volume with SSD drives in an R720:

@dave247 said in Looking to create a 20TB RAID5 volume with SSD drives in an R720:

I might end up just going with 6TB SAS spindle drives in a RAID10 to save on cost - provided the RAID controller can handle 8 drives in R10..

R10 has essentially no overhead. R5 has quite a bit, and R6 more than double R5. But R10's power comes from its simplicity.

Right and I would only do RAID10 with HDDs and RAID5 or 6 with SSD

I might end up just going with 6TB SAS spindle drives in a RAID10 to save on cost - provided the RAID controller can handle 8 drives in R10..

@DustinB3403 said in Looking to create a 20TB RAID5 volume with SSD drives in an R720:

@dave247 xByte is a Dell certified reseller/refurbisher etc, so they'll only list equipment which is certified by Dell.

You can add (more often than not) any drive you want to a Dell server, but you might lose things like Indicator light functionality (among other possibilities).

But usually most drives work just fine.

Yeah I have learned that there is Dell firmware loaded onto Dell brand drives so that's probably why only certain drives are listed as "supported" at least on Dell's website - but as you said, likely any drive will work fine. I may just not know it is dying in the iDRAC until its actually dead.

@DustinB3403 said in Looking to create a 20TB RAID5 volume with SSD drives in an R720:

In terms of hardware vendors Xbyte is great and I would absolutely look at them for your chassis and or storage.

If you can't afford the enterprise storage you could look at the business class Samsung SSDs which'll likely come in under the dell branded drives etc.

Yeah I always look at xbyte if I can, I just don't know 100% if it really matters what drive I buy for what server - and what I mean by that is on xbyte if I select my server model (R720) for hard drives, there seems to be a limited selection and not very many high capacity SSDs. However, if I just search xbyte for "4TB or 3.4TB SSD", I come up with a lot of results.

Hey guys,

I figured I'd post my plan here since I usually get good input that improves my decision making with these sorts of projects.

I have a spare Dell R720 with 8 x 2.5 drive bays. I need about 20TB of storage space (a little less is fine) and I'd like to use enterprise SSD drives for this. I plan to get 6 x 4TB drives in a RAID5 for about 20TB - or some other configuration that yields the same amount of space.

The first place I looked was xbyte.com and then newegg. I'm not 100% sure what drives to use or if it really matters so long as they are "Enterprise SSD" drives, right?

In the past, I usually go through Dell or xbyte to purchase the proper supported hardware for servers (CPUs, RAM, Cards, etc).

Drives I'm looking at now: https://www.newegg.com/p/pl?N=100011695 600415791 601114487 601117981 601325569

@pmoncho said in Adding LDAP role to domain controller:

@dbeato said in Adding LDAP role to domain controller:

@Fredtx said in Adding LDAP role to domain controller:

@dbeato So what affect will this new Windows update have in March 2020 if it's in installed on an AD server that is still using the default non secure LDAP? Basically, what will it break? I do know clients who authenticate through their mobile ssl vpn via LDAP (ad user account & pw) so I can see how that will affect them and I'm guessing they will be unable to authenticate and therefore not be able to connect to their vpn?

The LDAP connection between the SSL VPN and your AD Server is the one affected.

In this instance, The SSL-VPN (with AD connection) would need LDAPS setup which, at minimum, would require a internal Windows CA to be setup correct?

Yes, that is correct. We have one set up which was easy enough but there is still some overhead there.. probably easier to just buy a public cert

@Fredtx said in Adding LDAP role to domain controller:

@dbeato So what affect will this new Windows update have in March 2020 if it's in installed on an AD server that is still using the default non secure LDAP? Basically, what will it break? I do know clients who authenticate through their mobile ssl vpn via LDAP (ad user account & pw) so I can see how that will affect them and I'm guessing they will be unable to authenticate and therefore not be able to connect to their vpn?

We have a couple of applications (internal and external) that rely on LDAP for user/group sync so it will break any of those connections that aren't using LDAPS over port 389.

@scottalanmiller said in Adding LDAP role to domain controller:

Remember a few key points...

1. AD is an LDAP server. Without LDAP, you can't have AD. So all AD uses LDAP.
2. LDAP is just a general purpose query protocol. Can be used for many things.
3. AD DS is LDAP but set up in an extremely specific way, with a lot of security, tight organization, features, etc.
4. LDAP is a lot like SQL. Generic, can be used for almost anything.
5. LDS is a another way to use the same underlying LDAP as AD DS uses, but for a totally different purpose.

Thanks for this helpful info. I realize that I really need to dig a bit deeper and make sure I understand the fundamentals of Windows AD and general administration

@dbeato said in Adding LDAP role to domain controller:

What will be the purpose of setting up LDAP here? AD uses the LDAP protocol. Since you have a Microsoft AD then look at this
https://astrix.co.uk/news/2020/1/31/how-to-set-up-secure-ldap-for-active-directory

That looks like a really good guide! I will read through that asap once my house settles down. Thanks!

@scottalanmiller said in Adding LDAP role to domain controller:

AD DS uses LDAP. At its core AD is an LDAP server. LDAP and Kerberos are partners, not competitors. You cant have AD without LDAP.

Yeah see that's what I thought but then when I go into Add Roles and Features, why isn't the LDAP role added?

ok after looking at that screenshot and actually reading it... that is "Active Directory Lightweight Directory Services" which initially sounded like Lightweight Directory Access Protocol to me... but I guess it's not? This guide also had me thinking that was the LDAP role as well: https://docs.microsoft.com/en-us/archive/blogs/microsoftrservertigerteam/step-by-step-guide-to-setup-ldaps-on-windows-server

still reading though...