Honestly, anything higher than the 1080p resolution on a 13-inch laptop is a gimmick. The screen size is simply too small for any practical case of higher resolution. And even with 1080p, I have to scale my 13.3-inch laptop to 150%.

I have to deal with this from time to time. Usually, some crappy legacy client-server LOB apps. The workloads are normally so tiny and simple that suggesting server hardware for them is a waste of money. Some of their vendors don't even add server O/Ses in the technical requirements. Most small shops don't even have enough physical space to run server hardware properly let alone willing to spend a few grand on a server, MS licencing and the labour to set it all up for them.

I remember the advice @Obsolesce gave the other day, just buy the least expensive Server Essentials licence and stick it on a Win 10 box where the app runs. This won't help anyone with more than 25 users or devices, though

On a side note, why on Earth are you using SMB1 protocol? Turn it off everywhere, It's insanely insecure. Ransomware loves SMB1. Also, turn on SMB support on the Synology all the way up to SMB3.

Try iPerf. It definitely puts storage out of the equation. Try using it with parallel threads to get more accurate results what the link can really handle. Also, it would only test TCP throughput by default but you can test UDP on a client side with -u switch. There are tons of guides on it online.

I came across this WTF configuration in one of the local medical centres. Two low-end Sophos boxes are behind a $20 switch that is also connected to the single fibre Internet connection provided by an Ethernet demarc device (not shown on the image). Apparently, each firewall is set up to serve 50% of the available WAN bandwidth to their tenants...

Hi All,

I'm having a rather interesting issue here. There is a Unifi network I recently set up with dual WANs. One is the main one - PPPoE WAN1 (FTTP) and another is WAN2 in a failover mode using a Dovado Tiny AC router in bridge mode with a Huawei E3372 4G USB modem. There is also a couple of SIP phones - Yealink T46S and T48S, all on a single LAN registered with a Cloud Asterisk-based PBX. When WAN1 failovers to WAN2, the Yealink SIP phones easily re-register with a 4G public IP but when Unifi fails back to WAN1 the phones still keep WAN2 IP registration even though every 120 seconds they re-register with the cloud PBX. After a fail-back, traceroute from the USG to the cloud PBX shows that the traffic is, indeed, exiting via WAN 1 but on the Unifi controller dashboard, it still shows the WAN2 public IP as the gateway address.

Has anyone experienced any such behaviour with a similar setup? Is this usual for SIP registered phones to specifically route VoIP traffic out of WAN2, even though all other traffic has failed back to WAN1? Or is SIP registration process separate from the actual route the SIP traffic uses to reach the hosted PBX? Why the default gateway on Unifi controller dashboard still shows WAN2 public IP after it's failed back to WAN1, is this a Unifi bug? Thanks.

I believe you need to define another ESP and IKE group for the site-to-site Tunnel 2. Also, your remote L2TP pool overlaps with one of the existing interface's IP range. It might overlap with the existing DHCP lease or a static address on your 192.168.4.0/24 network. I would make the remote pool totally different.

Do you have static public IPs on both ends? If yes, I'd do route-based site-to-site VPN with VTI interfaces instead. It stays always on as long as there's network connectivity between the peers. No need to define multiple individual policies either.

@JasGot said in GPO question:

@taurex said in GPO question:

From my experience, BYODs make resetting AD passwords for students a time-waster for IT. You should delegate this to non-IT staff like school librarians and teach them how to use a password reset app like Wisesoft's Password Control (with giving them appropriate permissions like only for students OU, of course) or get your software developer to create a web-based password reset kiosk for students and staff with BYODs.

We've learned since the original post, this is not an AD/OU environment. Your point about 3rd party password control is a great option for domain admins though.....

But those students still have accounts in OP's AD, right? It's only their devices are BYOD.

Normally, I start with 2 vCPU and 4 GB RAM for GUI-enabled Windows guests and 2 vCPUs with 2 GB RAM if they're GUI-less. Lots of trivial AD workloads like DC, DHCP, DNS, NPS etc. run fine with 1 vCPU but I found assigning one extra virtual CPU does make updates running somewhat faster. In most cases in my experience where VM CPU usage jumped above 75%, the spinning rust was the culprit, especially if a SAN was in use, it had nothing to do with the actual host's CPU power.

@jim9500 said in New IT update 60TB / 60 mil files / 20 people - HP Equipment:

D3700

I'd add one thing that sometimes gets overlooked with all-flash storage. A lot of software or hardware-based storage solutions offer inline dedupe and compression that helps save even more storage with SSD.

@notverypunny @scottalanmiller @JaredBusch thank you for your replies. We want to monitor databases, network devices, admin-level logins, etc. both on-prem and hosted for some suspicious activities or outages. I just thought that a SIEM would take care of the analytics/response part better than a monitoring solution like Elk, Greylog, OpenSearch, Zabbix, etc. which need a lot of fine-tuning to make them work in a similar fashion as a SIEM. We will check out Wazuh and compare it to SIEMmonster Community Edition, thanks.

Hi All,

We are evaluating a SIEM for an SMB with a lot of client-facing infrastructure on AWS. A colleague of mine suggested giving SIEMonster a go but I am not completely convinced. There was a separate thread here on centralised log management where @stacksofplates and others suggested trying ElasticSearch with some Grafana dashboards on AWS. Ideally, we need to find a solution that is not very time-consuming to deploy, works with endpoints anywhere and is easy to maintain. Our resources are quite stretched out ATM but they might hire a new person or outsource it to a third-party SOC to manage it.

All suggestions are very much welcome.

Thanks.

Scott pretty much nailed it. Although collecting and preserving logs centrally is a good idea, analysing them anything but superficially would normally require a dedicated IT security team. There are (expensive) solutions like SIEM that make this job easier but even those can hardly be managed by a typical SMB/SME IT depts on their own. If the OP's organisation needs to be ISO 27001 certified or compliant with PCI, HIPAA etc. yet small enough, looking at MDR, MSSP or managed SIEM providers might be an alternative.

@hobbit666 Not sure what the situation is like in the UK with the prices on GPUs but here in AUS it's pretty crazy at the moment. I was looking into a gaming PC build for my friend's son and found only Dell had a really good value deal on eBay during one of their promos: https://www.ozbargain.com.au/node/619439 The still available RTX 3070 are now sold for almost 2k here! And this is only an upper mid-range Nvidia GPU AFAIK.

@jim9500 said in New IT update 60TB / 60 mil files / 20 people - HP Equipment:

D3700

I'd add one thing that sometimes gets overlooked with all-flash storage. A lot of software or hardware-based storage solutions offer inline dedupe and compression that helps save even more storage with SSD.

I wouldn't even waste an entire host for an RDS farm, let alone a single VM tbh. I agree with Jared, try to get something modern on a warranty with a better CPU (AMD EPYC are worth taking a look at), more RAM and SSDs instead. Unfortunately, the newer 14th Gen Dell refurbs are hard to come by in the land of Oz but the 10 gen HPE Proliant refurbs can be found at many HPE Renew partners, often half-price from new with full NBD warranties. Also, check out Digicor for their SuperMicro deals.

@JasGot This Cloudflare KB should help: https://support.cloudflare.com/hc/en-us/articles/200169626-Identifying-subdomains-compatible-with-Cloudflare-s-proxy

@JasGot Are these media files images or videos? For images, they can look into something like the Smush Pro plugin (provided they're using WordPress CMS), videos can be easily hosted elsewhere like on YouTube or Vimeo and simply embedded to the website instead. Or they're talking about excess traffic caused by this activity?

Try iPerf. It definitely puts storage out of the equation. Try using it with parallel threads to get more accurate results what the link can really handle. Also, it would only test TCP throughput by default but you can test UDP on a client side with -u switch. There are tons of guides on it online.

@Dashrender said in How much RAM for this VM?:

why does the consumed have those dips?

I'd say this was invoked by the apps running on it. This VM is used for analytics and reporting, it's got Visual Studio, Power Bi and SQL server running on it. The vendor must've been doing some shit on it.