Well, we actually found out what was doing most of the CPU hammering on one of our terminal servers. Adobe reader was running in the background. User could't see that it was running. We found it by using a big comb. https://www.youtube.com/watch?v=g4OBUupicWg

John from Portland, OR. VP of IT and CIO of CashCo Financial Services. My IT team consists of me and my Sys. Admin. Don't let the title fool you, I have a ton of room to grow in my IT knowledge and probably will be receiving more help than I can give. In any case, I'm glad to be here and hope I can contribute as well as just enjoy the community.

I just found out yesterday from Unitrends that they are coming out with a new way to deploy UEB in the next few days. Apparently they have been working on a UEB that you can install on your own hardware. So we have a new server that we use for our backups, it has a LTO 4 tape drive and about 10TB of storage. Perfect for this new UEB solution.

We do have a few questions about it and we are waiting on a response. We are wondering if this UEB will allow you to use the ssd cashing feature that their appliance uses to help improve performance. Also, we are wondering if Unitrends will work with AIX running on a Risc. I should find out the answers by the end of the week.

@RojoLoco said in USG Pro 4 and our Company Security:

@jevans I hope you let your CEO read all of this thread, and I sincerely think that a call with Scott is the best plan of action at this point. And if you like to provide the sleazy sales dick's email, I'd love to sign him up for the nambla mailing list. Or mail him a glitter bomb

I haven't shared the entire thread, but I have summarized it a bit. In about 30 minutes I'll be elaborating on all of this in our meeting.

@thanksajdotcom said:

@thecreativeone91 said:

@MattSpeller said:

@thecreativeone91 Bloody hell man, if we can do it you can too. It takes ~2 generations. My dad can't metric if his life depended on it. I still measure my height in feet. Still worth doing.

You don't realize that most people can't even count. Go to a cashier if they mess up the amount they pull out their phone. Try to make it easier but making it an even number and they still need to do it on the phone.

The advancement of technology has made many people stupid...

“Never memorize something that you can look up.”
― Albert Einstein

@JaredBusch said:

@MattSpeller said:

It's a bit morbid but I want to the see carnage

SpaceX released the video last time, so I would expect it to come at some point later today or tomorrow.

http://www.space.com/29118-spacex-rocket-first-stage-crashes-during-landing-attempt-video.html

@Minion-Queen just look in your bushes outside, I'm sure you will find the person sending you these things...

Looking at a bear in the face and not sure what to do. We have 3 older Dell R610 servers that need to be replaced. We also need to do quite a few updates/upgrades, I think. I'm trying to make it as cost effective as possible without hampering future growth and/or making us do things all over again in a few months or a year. The main thing that is driving this is, we have ran into sluggishness with our current setup. We are running 3 RDS servers with a session broker doing the load balancing. 12 branches with 60+ users total are accessing them on a daily basis. Here are what I think we may need to upgrade at the moment:

• Dell R610 -> R430 or ?
• vSphere 4 -> 5.5
• Workstation 8 -> Workstation 11
• Equalogic firmware
• Win2k8 server -> Win2012 or Win 10

My initial thought was to just buy new servers and replace the old ones, but that would leave us with an old version of ESXi. Thanks to @scottalanmiller that idea was quickly removed from the options. Any helpful tips or suggestion on this? We are also looking for a consultant that maybe able to help us, but I wanted to see if any of you may have a experience in this area and could point me in a good direction.

I'm sure this isn't enough info, but please ask for more clarification or details.

Thanks

Drinking my second cup of coffee and moving files off of an old decrepit tower to a new Synology NAS. My Sys. Admin is also talking to me, on speaker phone, about some potential consultants for a project we are working on.

@MattSpeller said:

@thecreativeone91 said:

Dell has been getting much better with their reps since it went back to a private company rather than publicly traded.

Agreed from what I've seen elsewhere, but we're on our Nth rep this year alone

At my old job, about 1 1/2 ago, we started to have a new rep every quarter it seemed. Of course, it isn't just Dell. I currently have had about 3-4 Reps from our phone provider within a year. I think people move around a lot more in companies, now a days. They get promoted to manager, they don't hack it in Sales and move to a different department, or find a better company/job. Of course, that is just my opinion, I could be way off.

@RojoLoco said in USG Pro 4 and our Company Security:

@jevans I hope you let your CEO read all of this thread, and I sincerely think that a call with Scott is the best plan of action at this point. And if you like to provide the sleazy sales dick's email, I'd love to sign him up for the nambla mailing list. Or mail him a glitter bomb

I haven't shared the entire thread, but I have summarized it a bit. In about 30 minutes I'll be elaborating on all of this in our meeting.

The "Customer Success Manager"(Rep) just emailed our CEO and President before I could have our IT meeting with them today. Here is what he sent:

"I see you are looking at using Ubiquiti hardware. That gives me pause on multiple levels.
• First Ubiquiti is not an enterprise grade system provider. While they have been making improvements on the last few years they are still pretty immature in their offerings and they are targeting the lower end of the market. I don’t have anything against them personally in fact I use some of their AP’s in my house. But for the environment you are looking to use them in where downtime is a big deal I would not look at using their equipment.
• Second is the lack of Functionality. The USG does not have the advanced security and management functionality that you will find in Fortinet and SonicWALL’s offerings.
o USG does not have any UTM options. If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk. With using the UGS at the Atmosera Hub you will still be at risk only using a USG appliance there. I understand there has been attacks on your systems in the past (server encrypted) and the UTM protection, while not the end all be all, it is the front line defense to try and stop those types of attacks.
o DPI-SSL on the gateways is also becoming an important defensive measure. This is not something the USG can do.
• My third concern is support. Having supported a number of customers in the past that used Ubiquiti hardware for their WiFi and internal network hardware, their support model has not been impressive.
• Ubiquiti is fine for internal WiFi or network switching but I would not recommend them for gateway front line security."

@travisdh1 said in USG Pro 4 and our Company Security:

We'd need to know your ISP bandwidth to be able to answer this.

We currently are using 50/10 on Comcast Cable, but we will be moving over to a private Fiber network within the next 6 months. With the dedicated Fiber line, we will have 20 Mbps for 13 branches, 50 Mbps for Corporate and 100 Mbps for the DC(Atmosera).

Thank you Scott, and everyone. This was exactly what I needed. I felt something was not right and I was starting to question myself. Now I have what I need to formulate a plan and present it to our CEO so that we can stay the course with the initial plan using the USGs.

One other question I had about the USG. I see the specs for the USG Pro 4 should be able to handle all of our branches traffic but will it slow things down? Should I think about placing an XG at the DC to handle all 60-70 users or will the Pro 4 handle it just fine?

This is from the Rep:

"UTM (Unified Threat Management) This is where you have multiple layers of security at the gateway to protect against threats. These typically come with a subscription for regular update usually daily or even multiple times a day for their threat updates. Also DPI SSL inspection. "

This is why he was saying the USG will not be a viable option for us.

@scottalanmiller said in USG Pro 4 and our Company Security:

If you don't mind us digging in... what "services" do they provide that couldn't be taken over by someone else, more or less, overnight?

They house the server that holds our Financial Software. We already have plans to move to a new Company for that, within the year. We are also working to get a consultant to help us migrate our files to Sharepoint, AD fully to Azure, and find a solution for our branch employees (Thin clients, Desktop, Remote Desktop in the Cloud). We still have some work to do to get a good plan. We have already started, just because the price for the DC is way too much for us. Now we have another reason.

@RojoLoco said in USG Pro 4 and our Company Security:

what is the name of this terrible company?

Atmosera. Use to be EasyStreet. They merged with Infinity...something and became Atmosera.

@scottalanmiller said in USG Pro 4 and our Company Security:

I'd be calling the head of the company

You know after hearing all of you talk about this really sheds some light on what has been going on with the DC. When we first signed with them we were taken care of. We liked the people we worked with. Then over the last year, almost all of the people we worked with at the start left or got fired. Our current rep said that they didn't like the way the company was going. Now I know why because it was going the wrong way.

He said that I should get Juniper or Fortigate. Then he told me that they could put together a package for Fortigate because that is what the DC uses. So I do feel like he is promoting their equipment and management services. Thankfully, we plan on dropping the DC in a few years because we won't need the services they provide by then. So I really started to feel the pressure when I was told the USGs would not work. With that said, this Rep did mention two things I was not familiar with, I"m still learning. He said the IPS would block one set of attacks but that it couldn't block others and those "others" are a big threat right now. When I remember I'll post.

My company is working on dropping our "MPLS" provider, and I use the"MPLS" loosely, and manage our own equipment and establish VPN connections to our data center using a USG Pro 4 at all 14 of our branches. We have on average 4-6 employees at each branch. They use thin clients to remote into a server in our DC to do all of their daily work. I have had a USG connected at two of our locations and at my home office for over a year. I was planning to install a USG at the data center and then use the built-in VPN connection between USGs to set up all of our branches. I thought this was a great idea until the Rep from our DC called and said that it is not secure enough and that we need a UTM. This just about sank my entire plan but I'm a bit skeptical about his answer. Is this guy right, that they won't work and cause a huge security risk to our company or does he not know what he is talking about. Also, if he does know what he is talking about is there an inexpensive way to mitigate that weakness and still use the USGs? For a bit more info, we would be sending out all internet traffic locally from the branch and all other traffic would go through the VPN Tunnel to the DC.

Thank you in advance,
Jevans