@scottalanmiller The reason for having a jump server not connected to AD is to reduce the attack surface if the jump server gets compromised.
Posts made by Kris_K
-
RE: Ms licensing for a windows jump server
-
Ms licensing for a windows jump server
Hey guys,
i'm a little confused with MS licensing for a jump box. As we need more than 2 concurrent RDP sessions, we need RDS role installed and CALs assigned. For obvious reasons the server is not joined to a domain, so according to MS i can only use device (not user) CALs.
https://blogs.technet.microsoft.com/askperf/2015/05/08/multiple-per-device-rds-cals-are-issued-the-same-device-issue/ - a certificate is transferred from the server to a connected client.
But some of the clients use Macs instead of pcs, not sure how this is going to work out.
Is anyone else using a similar setup?
Thanks! -
RE: Concur for Expense Reporting - Experiences and/or Suggested Alternatives?
We use Expensify and everyone is pretty happy with it.
-
RE: Dell Latitude E5530 Can't Power On When Attached to Docking Station
why are you attacking it?... -
RE: macOS High Sierra login flaw - root
Check the app store for new updates. There's an update available to fix this one.
-
RE: Amazon AWS Leaving Xen for KVM
Same OVH that went down today, because they lost power and none of their generators (if they had any) powered on?...
-
RE: Migrating File Shares from Windows Server 2012 to 2012 R2
@wrx7m
No reason. It will work just fine. -
RE: Advice on building "storage servers" with two DL380 G7 servers
@shuey
Don't buy new. Buy Dell refurb from xbyte -
RE: Advice on building "storage servers" with two DL380 G7 servers
Also it's RAID1, not RAID10 if there are only 2 drives involved.
-
RE: Advice on building "storage servers" with two DL380 G7 servers
Is it worth such a hassle?..
Servers and storage are so cheap these days. Why bother with old hardware (and software as in your case...). -
RE: What network monitoring s/w you are using ? Can you suggest one for me ?
Depends on the things you want to monitor and the simplicity. Lots of solutions.
It can be anything as easy to set-up as PRTG (free for up to 100 monitors) or a little bit more (a lot more actually...) involved as nagios. -
RE: Wifi extenders
If it's really because of the signal strength - get a Ubiquiti and forget about it.
-
RE: Wifi extenders
@wrcombs Are you sure its because of the weak signal? It might be because of interference as well. There might be lots of wifi APs nearby (neighbors, etc. Really depends on the location). A simple wifi analyzer app on your phone will give you more info. Maybe all you need is to change the channel.
-
RE: Mirror spinning disk to SSD?
@gjacobse said in Mirror spinning disk to SSD?:
@DustinB3403 said in Mirror spinning disk to SSD?:
You can do so, the only issue is the mirror will only operate as fast as that mechanical drive.
So it'll be slow.
I agree -- It will be as fast as it's slowest part... But as long as it is:
- equal in size
- same interface
It should be perfectly fine.
Replacement drive can be bigger (not that it's going to use that space).
-
RE: Telefonica Hit with Ransomware
It's more than just them. A bunch of hospitals in UK, etc.
https://intel.malwaretech.com/botnet/wcrypt
https://www.engadget.com/2017/05/12/12-countries-hit-in-massive-cyber-heist/ -
RE: Cameyo - Application Virtualization
"Software Teleporation" ?
They can't even property write their main title in the index page.. -
RE: OpenVPN Layer3 site-to-site
The main firewall config and port forwarding works fine. The issue is with the openvpn server (or client) and its iptables not handling the traffic properly.
-
OpenVPN Layer3 site-to-site
Hi all,
i'm having some issues configuring site-to-site vpn using OpenVPN and their guide for that https://docs.openvpn.net/how-to-tutorialsguides/virtual-platforms/site-to-site-layer-3-routin-using-openvpn-access-server/
Everything works from the client subnet - i can access the server subnet without issues. However i can only access the client openvpn and fw ips from the server subnet. Can't ping any other client subnet devices.. Installed wireshark to one of them and it shows icmp requests coming and replies leaving.
So basically that's how things are logically connected:
openvpn server subnet device - fw1 - openvpn server - WAN (tunnel) - openvpn client - fw2 - openvpn client subnet device
Maybe i'm slow because it's Monday, but can't figure this out...
What iptables rules do i need to have on the openvpn client? Anyone has the same/similar setup using openvpn?
Thanks!
-
RE: Two ISP Fail over Internally vs Externally Fail over
isp1 - bgp router1 - fw1 - your switch
isp2 - bgp router2 - fw2 - your switch2
bgp routers have a direct connection as well as your switches.
Not only that saves you when one of the devices (or ISP) fails, it also allows you to use both internet connection. It's up to you how to (if) load balance such traffic.
Check http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13762-40.html for more info.
Use keepalived, etc. for fw fail-over. -
RE: Choosing a colo
@FATeknollogee
Coresite direct, we already are their clients (NY DC).
1 rack for now.