Posts made by dave247

@JaredBusch We use Mimecast and its great. Not sure about base pricing though.

@DustinB3403 said in Looking to create a 20TB RAID5 volume with SSD drives in an R720:

@dave247 said in Looking to create a 20TB RAID5 volume with SSD drives in an R720:

I'm thinking I may just go with 4 of these drives: https://www.newegg.com/micron-5210-ion-7-68tb/p/1Z4-00CB-00035

4 x 7.68TB SSD in RAID10 for 15.36TB of storage

It's SSD, use RAID5 or 6. RAID10 is going to be really expensive per GB.

yeah I just realized that... if I did 4 x 7.68TB SSD drives in a RAID5, that would give me 21TB. This might be my best option!

I'm thinking I may just go with 4 of these drives: https://www.newegg.com/micron-5210-ion-7-68tb/p/1Z4-00CB-00035

4 x 7.68TB SSD in RAID10 for 15.36TB of storage

@DustinB3403 said in Looking to create a 20TB RAID5 volume with SSD drives in an R720:

@dave247 do you already have the chassis or are you looking to buy today for this?

I already have the R720 chassis loaded with desired CPU and RAM so I'm sticking with it. Just need to find the right drive config.

@scottalanmiller said in Looking to create a 20TB RAID5 volume with SSD drives in an R720:

@dave247 said in Looking to create a 20TB RAID5 volume with SSD drives in an R720:

I might end up just going with 6TB SAS spindle drives in a RAID10 to save on cost - provided the RAID controller can handle 8 drives in R10..

R10 has essentially no overhead. R5 has quite a bit, and R6 more than double R5. But R10's power comes from its simplicity.

Right and I would only do RAID10 with HDDs and RAID5 or 6 with SSD

I might end up just going with 6TB SAS spindle drives in a RAID10 to save on cost - provided the RAID controller can handle 8 drives in R10..

@DustinB3403 said in Looking to create a 20TB RAID5 volume with SSD drives in an R720:

@dave247 xByte is a Dell certified reseller/refurbisher etc, so they'll only list equipment which is certified by Dell.

You can add (more often than not) any drive you want to a Dell server, but you might lose things like Indicator light functionality (among other possibilities).

But usually most drives work just fine.

Yeah I have learned that there is Dell firmware loaded onto Dell brand drives so that's probably why only certain drives are listed as "supported" at least on Dell's website - but as you said, likely any drive will work fine. I may just not know it is dying in the iDRAC until its actually dead.

@DustinB3403 said in Looking to create a 20TB RAID5 volume with SSD drives in an R720:

In terms of hardware vendors Xbyte is great and I would absolutely look at them for your chassis and or storage.

If you can't afford the enterprise storage you could look at the business class Samsung SSDs which'll likely come in under the dell branded drives etc.

Yeah I always look at xbyte if I can, I just don't know 100% if it really matters what drive I buy for what server - and what I mean by that is on xbyte if I select my server model (R720) for hard drives, there seems to be a limited selection and not very many high capacity SSDs. However, if I just search xbyte for "4TB or 3.4TB SSD", I come up with a lot of results.

Hey guys,

I figured I'd post my plan here since I usually get good input that improves my decision making with these sorts of projects.

I have a spare Dell R720 with 8 x 2.5 drive bays. I need about 20TB of storage space (a little less is fine) and I'd like to use enterprise SSD drives for this. I plan to get 6 x 4TB drives in a RAID5 for about 20TB - or some other configuration that yields the same amount of space.

The first place I looked was xbyte.com and then newegg. I'm not 100% sure what drives to use or if it really matters so long as they are "Enterprise SSD" drives, right?

In the past, I usually go through Dell or xbyte to purchase the proper supported hardware for servers (CPUs, RAM, Cards, etc).

Drives I'm looking at now: https://www.newegg.com/p/pl?N=100011695 600415791 601114487 601117981 601325569

@pmoncho said in Adding LDAP role to domain controller:

@dbeato said in Adding LDAP role to domain controller:

@Fredtx said in Adding LDAP role to domain controller:

@dbeato So what affect will this new Windows update have in March 2020 if it's in installed on an AD server that is still using the default non secure LDAP? Basically, what will it break? I do know clients who authenticate through their mobile ssl vpn via LDAP (ad user account & pw) so I can see how that will affect them and I'm guessing they will be unable to authenticate and therefore not be able to connect to their vpn?

The LDAP connection between the SSL VPN and your AD Server is the one affected.

In this instance, The SSL-VPN (with AD connection) would need LDAPS setup which, at minimum, would require a internal Windows CA to be setup correct?

Yes, that is correct. We have one set up which was easy enough but there is still some overhead there.. probably easier to just buy a public cert

@Fredtx said in Adding LDAP role to domain controller:

@dbeato So what affect will this new Windows update have in March 2020 if it's in installed on an AD server that is still using the default non secure LDAP? Basically, what will it break? I do know clients who authenticate through their mobile ssl vpn via LDAP (ad user account & pw) so I can see how that will affect them and I'm guessing they will be unable to authenticate and therefore not be able to connect to their vpn?

We have a couple of applications (internal and external) that rely on LDAP for user/group sync so it will break any of those connections that aren't using LDAPS over port 389.

@scottalanmiller said in Adding LDAP role to domain controller:

Remember a few key points...

1. AD is an LDAP server. Without LDAP, you can't have AD. So all AD uses LDAP.
2. LDAP is just a general purpose query protocol. Can be used for many things.
3. AD DS is LDAP but set up in an extremely specific way, with a lot of security, tight organization, features, etc.
4. LDAP is a lot like SQL. Generic, can be used for almost anything.
5. LDS is a another way to use the same underlying LDAP as AD DS uses, but for a totally different purpose.

Thanks for this helpful info. I realize that I really need to dig a bit deeper and make sure I understand the fundamentals of Windows AD and general administration

@dbeato said in Adding LDAP role to domain controller:

What will be the purpose of setting up LDAP here? AD uses the LDAP protocol. Since you have a Microsoft AD then look at this
https://astrix.co.uk/news/2020/1/31/how-to-set-up-secure-ldap-for-active-directory

That looks like a really good guide! I will read through that asap once my house settles down. Thanks!

@scottalanmiller said in Adding LDAP role to domain controller:

AD DS uses LDAP. At its core AD is an LDAP server. LDAP and Kerberos are partners, not competitors. You cant have AD without LDAP.

Yeah see that's what I thought but then when I go into Add Roles and Features, why isn't the LDAP role added?

ok after looking at that screenshot and actually reading it... that is "Active Directory Lightweight Directory Services" which initially sounded like Lightweight Directory Access Protocol to me... but I guess it's not? This guide also had me thinking that was the LDAP role as well: https://docs.microsoft.com/en-us/archive/blogs/microsoftrservertigerteam/step-by-step-guide-to-setup-ldaps-on-windows-server

still reading though...

I know this is probably a noob question and I am starting to read MS documentation about LDAP and stuff, but I figured I would also ask here just because my brain always requires some level of sideways prep before learning something new... whatever...

So I have my company's DC (two of them) set up with basic roles: ADDS, DNS, DHCP and a few other services. Nothing fancy. I had assumed LDAP kinda came by default because we have various apps that actually use LDAP to sync users and things. Well turns out it was actually lsass.exe that was handling the LDAP requests and I don't actually have the LDAP or LDAPS roles installed at all. So while LDAP works, I don't actually have LDAP installed.

Now I'm looking into re-educating myself about what LDAP is, how it works and how to install and configure, etc - mainly because of that LDAPS bulletin from MS.

What I am trying to figure out (for those of you who are familiar with this) is if I can install the LDAP/LDAPS roles without interrupting anything like Kerberos or any other services. I just want to avoid breaking something. Again, I am still reading up to educate myself before I make any changes, but a lot of times there is so much reading and I get a bit overwhelmed and miss stuff, etc.

@IRJ said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

@dave247 said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

@scottalanmiller said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

@dave247 said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

I found the info I needed in the Windows Server 2016 Licensing Guide and if I understand it correctly, we would need Software Assurance coverage with our licensing, which we do not have. We purchased licenses only (with necessary CALs).

SA is the standard way to do it. You can do it without SA by double purchasing all the licenses (but not the CALs, no need to double up there. The humans aren't being duplicated.) Obviously, SA is cheaper than that, and that's why everyone goes with SA.

So, in the case with replicating virtual machines through Veeam Backup & Replication and storing those powered off servers on a spare VMware ESXi server would require me to purchase additional MS licensing?

Yes and you will have both running simultaneously to do fail over testing

Anyone know off-hand if I can purchase Software Assurance after already having purchased my licenses? If not, guess we'll bite the bullet and purchase licensing for the warm site + get SA on all future purchases.

@scottalanmiller said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

@dave247 said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

I found the info I needed in the Windows Server 2016 Licensing Guide and if I understand it correctly, we would need Software Assurance coverage with our licensing, which we do not have. We purchased licenses only (with necessary CALs).

SA is the standard way to do it. You can do it without SA by double purchasing all the licenses (but not the CALs, no need to double up there. The humans aren't being duplicated.) Obviously, SA is cheaper than that, and that's why everyone goes with SA.

So, in the case with replicating virtual machines through Veeam Backup & Replication and storing those powered off servers on a spare VMware ESXi server would require me to purchase additional MS licensing?

@scottalanmiller said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

@dave247 said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

@wrx7m said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

What type of Windows licensing do you have? Replication can be affected by that.

We have Microsoft Volume Licensing and I haven't looked into weather or not we'd have to purchase "double" or not.. I'm not sure but I thought a backup environment doesn't quite count as production.

You need the second site licensed if it is hot, meaning turned on. You do not need anything if it is cold, meaning powered off. Powered off, it's just a backup that's extremely "ready to go".

I found the info I needed in the Windows Server 2016 Licensing Guide and if I understand it correctly, we would need Software Assurance coverage with our licensing, which we do not have. We purchased licenses only (with necessary CALs).

@IRJ said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

@Dashrender said in Looking for some insight/input for setting up a "hot site"/fail-over environment:

How are you planning on handling the IP change - I'm assuming each building is in a different IP range, so routing will become an issue - just another piece of the puzzle.

Stop building environments with static IPs period. That is an old way of thinking

Nobody said anything about static IPs at all. I assume he just meant in terms of having a secondary environment (especially a hot one) there would be an additional network involved to support the DR site - but the servers and appliances being replicated/sitting on stand-by would be on the same subnet/have the same IP addresses as the primary environment - which could lead to conflicts/be an obstacle.