Posts made by Francesco Provino

@scottalanmiller , why not use something like 10.X.Y.0/23 (or 22, for what matter) where X identify the company (I use the road number of the headquarter, as example) and Y identify the subnet inside the company? I use this subnetting principle so I never get identical subnet (no subnet superposition using VPN). Apart from DNS, I can usually guess a VM or device role just looking at the IP address.

@FATeknollogee if you can understand italian, mine it's already out: http://www.francescoprovino.com/2016/08/22/xenserver-7-software-raid-con-mail-alert/ .

Maybe I will translate into english, if someone in ML is interested…

@scottalanmiller I agree. I'm curious, why do you think that the connectivity in Italy is going backwards? And what about ADSL vs pricey FTTH?

@scottalanmiller said in WAN connection design: big pipe VS ADSL or… embrace the cloud:

@Francesco-Provino said in WAN connection design: big pipe VS ADSL or… embrace the cloud:

@scottalanmiller said in WAN connection design: big pipe VS ADSL or… embrace the cloud:

We need a lot more info about what the company does and how it works to really say if going to cloud makes any sense. But even in the US or Romania with massive WAN pipes at low cost does VDI normally make any sense. VDI is very expensive. Normally RDS makes way more sense than VDI, and even that remains rare.

I know VDI don't make sense in our, it was a design mistake, but today is already on place.
Its a fruit trading and production company, 20 employee (all on VMware horizon), 3 sites. They have ERP, heavy use of filesharing, mail with Gapps for business. Small db of ERP ( <10 Gb) and just 400Gb of shared files, nothing special. The on-permise part is hosted on three vSphere host with 64Gb of ram each and three Tb of storage. There is one central plant with the rack, air condition etc, the other offices are connected via VPN or via the horizon gateway.

I was thinking about the possibility to move everything to the cloud to throw away the WAN bandwidth issue. It's a suboptimal solution from a design point of view, but maybe cost effective because we will get the cloud provider connectivity for clients also (not just for server) at no additional fee than the hosting. A pair of bonded ADSL is easily capable to sustain the data rate of many PCOIP connections.

Oh okay, I think that I am getting a clearer picture. So the VDI is hosted at one office, but most users are remote from that office? Then yes, going to colocation, even colocation outside of Italy, would likely solve a lot of issues.

Yes, VDI is hosted at one office, but is mainly accessed locally, and remotely by 4-5 user nowadays. So, going colocation will surely introduce some latency in their daily workflow…

@scottalanmiller said in WAN connection design: big pipe VS ADSL or… embrace the cloud:

We need a lot more info about what the company does and how it works to really say if going to cloud makes any sense. But even in the US or Romania with massive WAN pipes at low cost does VDI normally make any sense. VDI is very expensive. Normally RDS makes way more sense than VDI, and even that remains rare.

I know VDI don't make sense in our, it was a design mistake, but today is already on place.
Its a fruit trading and production company, 20 employee (all on VMware horizon), 3 sites. They have ERP, heavy use of filesharing, mail with Gapps for business. Small db of ERP ( <10 Gb) and just 400Gb of shared files, nothing special. The on-permise part is hosted on three vSphere host with 64Gb of ram each and three Tb of storage. There is one central plant with the rack, air condition etc, the other offices are connected via VPN or via the horizon gateway.

I was thinking about the possibility to move everything to the cloud to throw away the WAN bandwidth issue. It's a suboptimal solution from a design point of view, but maybe cost effective because we will get the cloud provider connectivity for clients also (not just for server) at no additional fee than the hosting. A pair of bonded ADSL is easily capable to sustain the data rate of many PCOIP connections.

@DustinB3403 this company is based in the southern part of Italy, where the connectivity infrastructure is very poor. You can only get cheap business ADSL (70-100€/month, 7Mbit/256Kbit), costly HDSL (costly like that, and our provider is cheaper) or FTTH that goes from 8Mbit up to 100 or even 1000Mbit at an even higher price. The better and cheaper Fiber-to-the-Cabinet is not yet available in our zone. I've business contact with all the biggest provider reseller in our zone, I can assure you that this are the street price for connectivity in certain zones of Italy. Sadly.

My company is trying to redesign our WAN connectivity. What we have today is 4Mbit HDSL (I'm based in Italy) and three x3550 M4 with vSphere.
We want to move at least one of our backup to the cloud, and today we can't respect our backup window with just 4Mbits.
I'm thinking about two alternatives:

• go with a bigger network pipe, like 20Mbit Fiber-to-the-Home (reserved symmetric bandwidth) ~1200€/month;
• drop the HDSL and go with just 2-4 aggregated ADSL (very poor upload, circa 256Kbit/each) and go with something like amazon snowball for the backups.

I was also thinking about moving almost everything to the cloud, to almost completely skip our connectivity bottleneck (cloud VDI with zero clients); we already have VDI and thin clients in place for almost no reason (too few clients).
But I don't think that this cloud alternatives can be cost-effective today, because we already have a lot of on-permise hardware in a good shape.

What do you think about it? I'm not that experienced in the design of such environments, so any help will be appreciated!

@scottalanmiller of course is part of the kernel, but is useless without the management tools.

• XenServer with DRBD. DRBD is fully baked into the platform itself, and completely free and used in many other scenarios such as HA Linux servers and NAS devices. It's a very standard and battle tested component. It runs on XenServer's Dom0 and is included, not an add on. This approach is 100% free top to bottom.

DRBD is NOT included with XS, you have to manually add it via some external repo like elrepo or build it from source.

So, you already use LUKS… where do you store it, locally or on in a cloud-something? I'm very curious about that, I believe LUKS is not so widespread, but very good at solving problems like password storage.

Yes, that's exactly what I want to do, leave the partition unencrypted (in ram) just the time to read the credentials and log out, thanks for your feedback.

I just feel that LUKS is the only technology that I trust today for credential vaulting. What do you use for password management?

@scottalanmiller said in Simplivity - anyone use them?:

@virtualrick said in Simplivity - anyone use them?:

Frankly, I haven't seen anyone say they don't want the product after seeing whet we do and understanding the architecture.

This is a major, and common, sales mistake. You don't see them. Right, of course you don't. Most of us have talked about this at length before... you don't see them because the moment that you don't have pricing info many of them are already gone and you never get their contact info or ever realize that they might have been customers.

I've seen HR do this with new hires - tell people things so bad about a company via anonymous "pre-contact" information that the company never gets metrics on how many people they've turned away that never moved past the anonymous phase because the candidate turns them down for the job before they even have an interview.

Think about the presentation in Chicago. Every single person had the same concern. Only ONE of them put something online to complain, the others... walked away. You just got lucky that someone cared enough to inform you... and only because another vendor asked a question about you. If Nic hadn't wondered if anyone was using Simplivity, this would never have come up in a public channel (we'd already heard complaints in private ones days before this, and live during the presentation there were messages going around about how pricing was being refused) you would never have had this conversation.

So sure, you don't see the people you are turning away. That's how bad the situation is, you aren't even aware that it is happening.

And it's FAR more than you think. Before this thread, at least a dozen market influencers had a private conversation, none of whom had been at the Chicago event, about what a waste of time talking to Simplivity would be because pricing was being held back. You didn't just risk turning away a room full of people that you talked to directly - but that those people were then actively telling other people that there was no pricing info so to avoid you. You have no idea the degree to which you got the word out that you didn't have pricing.

You never see the people who turn your product down immediately. Never use that as a metric.

I completely agree with you, and I'm a CTO based in Italy (so, I suppose, no cultural background involved). I wouldn't even CONSIDER a company that isn't clear in THAT way, in a time where the cloud providers offer bill-explorer tools.

I usually store all my passwords files (plaintext, of course) in LUKS encrypted partitions, with a VERY long passphrase.
I use different endpoints (laptop, desktop, etc), so it happens that I forget to synchronize the LUKS partition between those devices. Sometimes is just difficult to keep them in sync because of I leave one of them switched remotely and similar things, or it's just boring (for example, in my macbook) to bring up a Linux VM just to read that password.
So, I was thinking about create an AWS Linux instance (or similar public cloud provider) with the only purpose of providing access to that LUKS partition, stored in the cloud. Obviously, I will only access to that VM with ssh keys.
I'm concerned about the security of a cloud instance, that will of course have unencrypted and accessible RAM (by the cloud provider, of course), leaving all my credentials potentially accessible… what do you think about it?

@scottalanmiller I think you wrote something about LUKS security sometimes ago…

@olivier or via cloudinit, exactly, I just forgot to add it.

@olivier I think that the right way to provide a "templatized" VM is to customize a cloud OS image via libguestfs or similar tools, going through the whole installation process is just nonsense for VMs. Poor windows users…

@wirestyle22 in truth, you can just create an LVM volume with a filesystem upon it, store the ISOs there and mount it as a SR. The real issue is that at the reboot XS7 will stop doing consistency check of LVM. That's totally repeatable.

@scottalanmiller I think that the only "advanced step" is to put your hands into XAPI… what a powerful toolstack! Its logic is different than libvirt, but is just as capable, if not more! Create cronjobs and non-trivial scripts is very easy.

Maybe, something that is lacking is some form of integration with libguestfs, a KVM-centric set of tool that can do anything with disk images… for example, you can pull the cloud image of your favourite distro and inject ssh keys or passwords, completely skipping the installaton process. Maybe we will see something like that for windows, some day…

@JaredBusch said in What You Need to Know About XenServer:

My biggest complaint with XS is not having any simple method to attach a local ISO repository. Horribly critical flaw (not really).

Just create a minimal CentOS VM with an ISO disk-repo… five minutes of work, maybe!

@JaredBusch Thank you, very helpful tips!

@scottalanmiller @JaredBusch I think you're both right.
I think I will go with an additional static vmkernel interface in case of a disaster (so no DC and no DHCP-DNS of course).