Topics created by Markferron

@Pete-S said in 4G Failover questions:

@travisdh1 said in 4G Failover questions:

@Dashrender said in 4G Failover questions:

@travisdh1 said in 4G Failover questions:

@scottalanmiller said in 4G Failover questions:

@Dashrender said in 4G Failover questions:

holy crap - it cost you $250 a month to run it at home - WTH?

How can it not? Ever priced out the power costs on a server? It's not cheap.

Yeah, power alone can make moving a server to a colo make a lot of sense.

Sadly, every place that offers 1u of colo space I've looked at has a max power draw of 120w and my current home lab box normally draws around 130w.

Time for a more efficient server?

Maybe in another couple of years. It's a Dell PowerEdge R620, 2 Xeon E5-2660 8core 16 thread CPU, 24 4GB 1333MHz RAM modules, 4 Cruicial MX500 500GB drives, Broadcom 4port BCM5720 Gigabit ethernet adapter, and a single 750 watt power supply. It's currently only drawing 112 Watts, so who knows, maybe I could "get away" with it.

120W is a very low limit, just 1 Amp. Colocation America has 2 Amps , so 240W, which low but still more reasonable.

BTW, your server config is not the most power efficient so there are things you could change if you wanted to that would drop the power requirement a lot.

In no particular order:

drop from two to one CPU replace CPU with E5-2600 V2 series. They use 22nm tech and have about 25% lower energy consumption in the same socket. Up to 12 cores. use low voltage CPU models, for instance E5-2650L V2 (10 cores) replace memory so you use fewer modules with higher density, for instance 16GB or 32GB use low voltage memory modules DDR3L replace the power supply with the titanium model

@Dashrender said in Printer and UniFi AP:

Does that printer have a bunch of unneeded protocols running on it?

Might. I'll take a look at it again and maybe to a packet capture.

@scottalanmiller said in Blocking spoofed emails O365:

https://support.knowbe4.com/hc/en-us/articles/212679977-Domain-Spoof-Prevention-in-Exchange-2013-2016-Office-365

Actually that might work. If the sender is outside the organization and the sender address includes our domain, just put in junk. I'll test this out tonight and see if it works right. Thanks!

@Markferron said in NGINX config issues:

@EddieJennings said in NGINX config issues:

I want to make sure I understand the problem. When you request http://my.testingtesting.com you receive a 301 redirect https://1.2.3.4 ?

...You know what. I think I have bigger problems. My machine off campus all of a sudden cannot ping the FQDN. When I remote into campus and ping the website I get the public IP address. Ugh, well I guess ignore this, maybe it'll straighten itself out once I fix this issue.

Use DNS to test what the FQDN is pointing to. Pings are always by IP, so if it doesn't work then it is the wrong IP.

@Grey said in Issues uninstalling Windows Server 2012 R2 Key:

You mean sfc /scannow? Or DISM.exe /Online /Cleanup-image /Restorehealth?

@op Check your event logs for more information, and try running the commands above.

Ran both, so far nothing, but I will run chkdsk tonight to see if that fixes anything. So far I can't find anything in the logs but I'll keep looking.

@dbeato Perfect, thanks.

@Markferron said in PoE powered lighting:

@Kelly Just out of curiosity, were those people in IT or electrical/maintenance? It would be interesting to see what department would pay for what when things go wrong.

It was electrical. They actually manage the day to day function of the lights. IT maintains the software and OS running it, but nothing beyond that.

@Markferron said in SAS Drives RPMs:

@scottalanmiller Thanks, figured as much.

Things like fragmentation are real, and will slow the "storage subsystem" in most cases. But that's not the same as the drive slowing. The drive itself works at a predictable speed that only varies when a block cannot be read and the drive has to try again. But even that speed is predictable. So the mechanical speed of the drive never varies (over time), but the throughput of data pulled from the drive can vary based on the rate of magnetic failure. But once that has any real effect, the drive is toast anyway.

@JaredBusch said in Suggested vendor for selling used equipment?:

The local scrappers come and take it all, no charge. Then they spend their time tearing the shit apart for the metals.

I wish I had this. I have to drop it off 20 miles away or they charge to pick it up.

@Dashrender said in UniFi USG and XG:

Because it's a firewall only - other than a VPN termination point it shouldn't be doing any application filtering, etc - I'm guessing there really isn't a real need for more than 1 GB of RAM that many of them have.

The 16 GB of RAM on the XG is likely there mostly for cacheing the 10 GB connections.

Right, the CPU count and RAM are for the packet throughput.

@JaredBusch said in Crashplan vs Backblaze in 2018:

@dafyre said in Crashplan vs Backblaze in 2018:

@JaredBusch said in Crashplan vs Backblaze in 2018:

@dafyre said in Crashplan vs Backblaze in 2018:

@Donahue said in Crashplan vs Backblaze in 2018:

@JaredBusch said in Crashplan vs Backblaze in 2018:

@dafyre said in Crashplan vs Backblaze in 2018:

@black3dynamite said in Crashplan vs Backblaze in 2018:

@dafyre said in Crashplan vs Backblaze in 2018:

@black3dynamite said in Crashplan vs Backblaze in 2018:

@Markferron said in Crashplan vs Backblaze in 2018:

@DustinB3403 said in Crashplan vs Backblaze in 2018:

Can I ask why you are protecting user devices though? Generally these have very little on them and through simple policy can everything be saved on your servers or cloud and thus don't need backup.

I would really like to do this. We have onedrive available for all of our users and I was thinking of coming up with some sort of system that just uses their onedrive as the primary source of their homefolder.

That's how I do it but we are using Nextcloud.

All users root folders under their user profile is linked to the actual folders in C:\Users\john.doe\Nextcloud{Desktop, Documents, etc...}. And the data is synced back to the Nextcloud server and that server is backed up.

How do you go about doing that? Editing the location of Desktop, Documents, etc... ?

Use Junction Points. Its like using symbolic links in Linux.

Oh... Duh, lol. Thanks.

I'm just trying to figure out how that would work if you have to do more than a few client machines at a time.

Something like this. It is not ready for prime time, but was my starting point last week when setting up a new desktop.

$User = Read-Host "Enter UserName" Remove-Item -Path "C:\Users\$User\Desktop" New-Item -ItemType Junction -Path "C:\Users\$User" -Name "Desktop" -Target "C:\Users\$User\Nextcloud\Desktop" -Force Remove-Item -Path "C:\Users\$User\Documents" New-Item -ItemType Junction -Path "C:\Users\$User" -Name "Documents" -Target "C:\Users\$User\Nextcloud\Documents" -Force Remove-Item -Path "C:\Users\$User\Downloads" New-Item -ItemType Junction -Path "C:\Users\$User" -Name "Downloads" -Target "C:\Users\$User\Nextcloud\Downloads" -Force Remove-Item -Path "C:\Users\$User\Favorites" New-Item -ItemType Junction -Path "C:\Users\$User" -Name "Favorites" -Target "C:\Users\$User\Nextcloud\Favorites" -Force Remove-Item -Path "C:\Users\$User\Music" New-Item -ItemType Junction -Path "C:\Users\$User" -Name "Music" -Target "C:\Users\$User\Nextcloud\Music" -Force Remove-Item -Path "C:\Users\$User\Pictures" New-Item -ItemType Junction -Path "C:\Users\$User" -Name "Pictures" -Target "C:\Users\$User\Nextcloud\Pictures" -Force Remove-Item -Path "C:\Users\$User\Videos" New-Item -ItemType Junction -Path "C:\Users\$User" -Name "Videos" -Target "C:\Users\$User\Nextcloud\Videos" -Force

where would this be run from, the DC?

This would have to be run from the End-user's computer from the looks of it.

You are trying to screw with the end user's folders. they have to exist, and you have to have rights to them. neither of which are true of an admin account.

Are you automating this -- then How?

If you're not automating it, then why not just manually add the folders to the NextCloud client?

/sigh FFS...

@JaredBusch said in Crashplan vs Backblaze in 2018:

Something like this. It is not ready for prime time, but was my starting point last week when setting up a new desktop.

lol. I thought you were talking about the code...

Time to research a way to do that.

An inline device might be a bit easier to handle for transparent proxying.

UBNT Router --> Web Proxy Device --> Rest of the network.

I haven't got to muck around with Netplan yet...

@jaredbusch said in Unable to connect to website:

@markferron said in Unable to connect to website:

https://ifap.ed.gov

hahhahahahahaha

Yes. I'm 12.

I cant believe that they used that.

@dafyre said in Suggestions for Unifi bridge:

@JaredBusch -- What about the places where they likely need to be mounted outside?

most are outdoor compatible and work well.

@dafyre said in UniFi Home Lab vs Campus:

@scottalanmiller said in UniFi Home Lab vs Campus:

@markferron said in UniFi Home Lab vs Campus:

You looked at running PA in a VM? It's a lot cheaper.

No I haven't! But I will now. Thanks.

This is essentially what @JaredBusch and I are always recommending. Sure, we might be a little more cautious about whether you need all this layer 7 stuff or not, is it really necessary. But neither of us is saying that it's a bad idea, the thing that we keep harping on as a ridiculous near-"scam" level problem is the UTM model of shoving all these services into the firewall where they do not belong because it is a risk and expensive and violates very basic best practices that have been around for forever. It's the Windows SBS model taken to networking.

Would it be worth taking a look at running a UBNT Router and a separate device for Application Filtering?

There are two scenarios that cover 99% of cases. One is "it's not worth doing anything at layer 7", the other is "layer 7 is needed so we need a separate device for application filtering." The thing that essentially never makes sense is the UTM where you do "security badly". Bad security isn't security.

@markferron said in Licenses for APs and Switches:

@scottalanmiller said in Licenses for APs and Switches:

@storageninja said in Licenses for APs and Switches:

@markferron said in Licenses for APs and Switches:

@scottalanmiller said in Licenses for APs and Switches:

@markferron said in Licenses for APs and Switches:

@scottalanmiller said in Licenses for APs and Switches:

@storageninja said in Licenses for APs and Switches:

@dafyre said in Licenses for APs and Switches:

With that campus the size that it is, I would definitely recommend finding something to handle the Layer7 stuff.

I'm relatively certain you could drop in Ubiquiti APs, and possibly grab a Palo Alto that could work and still come out cheaper than doing the licenses for the Meraki gear.

Palo Alto does far better layer 7. If this is a school you need to meet CIPA compliance.

Private college, should be free to avoid CIPA.

Muhaha... Yes we are free to avoid CIPA, but it would still be nice to comply. It would look great on accreditation.

To the accrediting board, you mean? I suppose that makes sense, with the things out there that they are willing to give accreditation to, clearly education isn't what they are focused on.

Yeah no kidding. I saw a few items on the list of of things they wanted to know about our college and it made me laugh. Wish I could remember what they were...

Do you offer dual credit classes to high school students? Curious if that trips the need for CIPA?

Only likely if they are on campus. My nieces do that but they don't go on campus, so while the classes are for high school students, they aren't on the campus networks (but that is Texas.)

Our school is close to a few high schools in the area so professors actually will go to their school and teach in their classrooms.

Nice! 😄 I didn't realize they had started that.

One more question. I'm going to add multi-threading to make it run fast (/MT) and the machine I'm running this command on (which is the destination machine) is a virtual machine. Is there a correlation with number of threads to CPU core count or RAM?

@scottalanmiller said in How do ISPs get business?:

@bigbear said in How do ISPs get business?:

@scottalanmiller said in How do ISPs get business?:

@bigbear said in How do ISPs get business?:

@markferron said in How do ISPs get business?:

@dashrender said in How do ISPs get business?:

I was reading JB's and other talking about getting 100 Mb/s + for around $30-40/month. Others are talking about getting 1 Gb/s for $70/m.

Here in Nebraska in Cox land, 150/20 Mb/s cost $80/m for residential.
100/20 for business costs $350/m

Here in the town I'm in there is only Windstream. 15 Mb/s for $60 a month, ridiculous. Basically government blessed robbery.
The town over I had TruVista and they charged $10/month for the Wi-Fi feature on their modem/router/AP combos. We obviously opted out, but they still charged us $5/month for the modem rental along with $90/month with the fees for 50 Mb/s. These companies make they're money back on the hardware "rental" fees alone.

Windstream is a great example of a company who constantly buys up competitors, even larger ones like Nuvox. In a grander scheme they were acquired by Mcleoud or Paetec, cant remember anymore.

They aren't good about restructuring their networks afterwards like cable operators are. They just keep everything in place.

Paetec. Paetec changed their name to Windstream to hide because they had built such a bad reputation and burned their own brand to the ground.

I think PAETEC bought McLeod and Allworx then Windstream bought PAETEC.

That's what Paetec wanted people to think. Paetec was the buyer, though. That's why it was a big deal that they took on the name of the company that they bought, rather than keeping the name of the parent.

This happens often enough. Avago did this with Broadcom. There were rumors we were going to do a reverse acquisition of our old parent company a while back.