@pete-s said in SANS SEC401: Security Essentials - alternatives?:

@irj said in SANS SEC401: Security Essentials - alternatives?:

@pete-s said in SANS SEC401: Security Essentials - alternatives?:

@irj said in SANS SEC401: Security Essentials - alternatives?:

I am curious to what SANS training costs?

Around $6000 for the training.

So after travel, etc, it is over budget?

Well, since I'm in Europe it's makes sense to take the training here. With flights, travel costs, hotel, etc the total will be about 8250 EUR, which is $9650. Add to that the loss of billable hours and it adds up.

Most of your standard cert training is like $3000 ,but most of the time it is just a bootcamp which really isnt what you want. I think you are going to be at that $5-6k range for the type of training you are looking at.

I recently attended an O365 workshop that was $4k for 3 days and it was an absolute joke. Alot of time your training, is only as good as your instructor.

@scottalanmiller said in When is colocation the right choice?:

I'm in Europe so doesn't make sense to use US datacenters. But the quotes I have puts three 1U servers at the same price as 1/4 rack.

Wow, the difference here is usually huge. Like $50 - $100 for a 1U or 2U, and several hundred for quarter racks.

Yes, I guess the choice would depend a lot on the pricing.

I also have specific 2U servers in mind which would make it lower cost with a 1/4 rack already at two servers.

Each refurb server will have 128GB RAM on 20 cores, expandable to 256GB RAM on 40 cores. I haven't run benchmarks on it but looking at geekbench, machines with the same cpu have a score of around 3000 for a single core. So performance should be similar to most cloud providers that are not running latest gen servers. Hopefully the balance of physical cores and RAM will turn out fine, 6.4GB/pCPU. Of course I could allocate resources as I want and add another server if need be.

It's just a couple of those servers that everyone forgot about that runs legacy application and sits in their own isolated network and nobody knows what to do with, except that they have to do something...soon. :smiling_face_with_open_mouth_smiling_eyes:

@pete-s Those where taken using chrome but all browsers have the tools.

Here are couple screenshots from firefox webdev tools
0_1536977899506_Screenshot from 2018-09-14 21-15-09.png

Performance Tab
0_1536977990636_Screenshot from 2018-09-14 21-19-22.png

From the google chrome dev tools you can even get an audit using Lighthouse

You get a report like this:
0_1536978363389_Screenshot from 2018-09-14 21-23-46.png

@obsolesce said in Best way to install PHP, SQL Server Express, IIS on Windows Server 2016?:

@scottalanmiller said in Best way to install PHP, SQL Server Express, IIS on Windows Server 2016?:

@pete-s said in Best way to install PHP, SQL Server Express, IIS on Windows Server 2016?:

And how about SQL server express? It's was likely the 2008 version.

Should I anticipate any big changes there or is it likely that the SQL will run the way it is?

BTW, I saw that SQL Server Express 2017 runs on linux as well?!?

Yup, runs on Linux.

You've tried it right?

No, still a bad product that I think you'd be crazy to deploy under normal circumstances. 90% of the cost of SQL Server is SQL Server itself, not running it on Windows. Running it on Linux helps, but retains the core problem of paying an outrageous fortune for a system marginally better than free alternatives - and ones that are easily managed as part of the OS platform. Why do all the maintenance of SQL Server when you can do PostgreSQL essentially maintenance free?

And when you are talking a $50,000 deployment because SQL Server might be slightly faster... take a fraction of that money and put it into better hardware for PostgreSQL. I think PostgreSQL will be faster for cheaper, even if not faster in code.

SQL Server is a great product, but is encumbered by lots of licensing complexity (ergo risk) and incredibly amounts of cost. The Express version is free and that's fine, but why create technical debt rather than avoid it?

So it never really comes up.

@pete-s wow no more than 1 year ago aruba switches (hpe) where served with real lifetime. Did they cut warranty so much?! Also they where replaced within 1 week.
I've seen a lot of netgear go crazy, but it was the unmanaged tier stuff.

PS. I had a look on the guest side of thing just now because that is what Microsoft talked about.

Most OSs are virtualization aware. I had a look at debian running as guest under Xen with a clean install without any Xen guest tools. Debian installation automatically sense it's running on virtualized hardware and sets it's I/O scheduler to "none", thereby letting the host handle whatever I/O scheduling needed. This also makes sense because the guest doesn't know what kind of storage the host is using.

Thanks to you guys I got it sorted out now!

+1 on ScreenConnect being awesome. Here are my top five:

allows support to remote in to a client user's machine in under five seconds can configure users as support agents with limited rights such that they can only log in to their own computer. Handy for those who occasionally need to remote their computer, either from home or elsewhere. Android and iPhone/Pad apps. customizable to your company look/feel including colors & logos ad-hoc remote sessions with emailed invitations for systems that do not have a client installed

The version I use requires a small client (<2 MB) installed on the controlling machine, though all access is through a web browser.

@pete-s said in Nvidia Tesla K40 for lab?:

I know nothing of machine learning or GPU processing in general. But I'd like to learn.

To get started I assume you need a GPU card of some kind and GPUs like Nvidia Tesla K40 are showing up refurbished for reasonable prices. Would that card be sufficient to get started or is it too old?

Also when looking at desktop virtualization would the Tesla K40 also be something you could use for this? Or does that require something else? I've seen Grid K1 & K2 in some applications but I don't know the difference between those cards and something like the K40.

Those special purpose cards are really only for after you have a very specific need. Machine learning and GPU compute can be done on just about any graphics card of reasonable age. The add in cards make more sense for servers where the standard GPU is just enough to run a display, and nothing more.

This client uses the commercial EPM to manage the phones and this is what it created.
0_1535737258808_371577d4-3ae0-4133-b2fd-bba523032bbd-image.png

@pete-s said in What % is normal availability?:

@scottalanmiller said in What % is normal availability?:

When in my massive environment (80K+ servers)

80k+ servers? That has to be something in size like Paypal or LinkedIn.

Way bigger than those. Those would not come close.

Thanks guys.

Unfortunately the link @dbeato provided is how you add a new disk to xenserver when you want it to be Storage Repository - a place to store VM partitions. So if you have a disk already xenserver will wipe it clean and put LVMs or EXT3 with VDI files on it.

When it's passed through as a block device to a VM it will have whatever filesystem the VM formats it with.

The problem with the info in the link @black3dynamite provided is that it's for xenserver 5.x so it doesn't work straight up with Xenserver 7.x (I'm running 7.4).

What I ended up doing was adding a raid 1 array instead of just a disk. The principle is the same though, just another name on the block device.

The array /dev/md0 is passed through to the VM as a block device.

I did it by adding a rule to /etc/udev/rules.d/65-md-incremental.rules almost at the end.

KERNEL=="md*", SUBSYSTEM=="block", ACTION=="change", SYMLINK+="xapi/block/%k", \ RUN+="/bin/sh -c '/opt/xensource/libexec/local-device-change %k 2>&1 >/dev/null&'"

This rule will pass all md arrays to the VMs as Removable Storage in Xenserver (so you can attach it to whatever VM you want).

Note that * in KERNEL=="md*" is a wildcard. So this will match the devices /dev/md0, md1 md2 etc. Just replace md* with whatever block device you want to pass through.

The array is 2TB so I don't know if this works with bigger arrays.
After trying some larger drives I can verify that it works fine with larger than 2TB arrays.
Also the disks were empty so I'm not sure if xenserver will wipe the disk when you set this up the first time.
After some experimenting it looks like Xenserver will not touch the drive.

I'll add the complete file for reference.

KERNEL=="td[a-z]*", GOTO="md_end" # This file causes block devices with Linux RAID (mdadm) signatures to # automatically cause mdadm to be run. # See udev(8) for syntax # Don't process any events if anaconda is running as anaconda brings up # raid devices manually ENV{ANACONDA}=="?*", GOTO="md_end" # Also don't process disks that are slated to be a multipath device ENV{DM_MULTIPATH_DEVICE_PATH}=="?*", GOTO="md_end" # We process add events on block devices (since they are ready as soon as # they are added to the system), but we must process change events as well # on any dm devices (like LUKS partitions or LVM logical volumes) and on # md devices because both of these first get added, then get brought live # and trigger a change event. The reason we don't process change events # on bare hard disks is because if you stop all arrays on a disk, then # run fdisk on the disk to change the partitions, when fdisk exits it # triggers a change event, and we want to wait until all the fdisks on # all member disks are done before we do anything. Unfortunately, we have # no way of knowing that, so we just have to let those arrays be brought # up manually after fdisk has been run on all of the disks. # First, process all add events (md and dm devices will not really do # anything here, just regular disks, and this also won't get any imsm # array members either) SUBSYSTEM=="block", ACTION=="add", ENV{ID_FS_TYPE}=="linux_raid_member", \ RUN+="/sbin/mdadm -I $env{DEVNAME}" # Next, check to make sure the BIOS raid stuff wasn't turned off via cmdline IMPORT{cmdline}="noiswmd" IMPORT{cmdline}="nodmraid" ENV{noiswmd}=="?*", GOTO="md_imsm_inc_end" ENV{nodmraid}=="?*", GOTO="md_imsm_inc_end" SUBSYSTEM=="block", ACTION=="add", ENV{ID_FS_TYPE}=="isw_raid_member", \ RUN+="/sbin/mdadm -I $env{DEVNAME}" LABEL="md_imsm_inc_end" SUBSYSTEM=="block", ACTION=="remove", ENV{ID_PATH}=="?*", \ RUN+="/sbin/mdadm -If $name --path $env{ID_PATH}" SUBSYSTEM=="block", ACTION=="remove", ENV{ID_PATH}!="?*", \ RUN+="/sbin/mdadm -If $name" # Next make sure that this isn't a dm device we should skip for some reason ENV{DM_UDEV_RULES_VSN}!="?*", GOTO="dm_change_end" ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", GOTO="dm_change_end" ENV{DM_SUSPENDED}=="1", GOTO="dm_change_end" KERNEL=="dm-*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="linux_raid_member", \ ACTION=="change", RUN+="/sbin/mdadm -I $env{DEVNAME}" LABEL="dm_change_end" # Finally catch any nested md raid arrays. If we brought up an md raid # array that's part of another md raid array, it won't be ready to be used # until the change event that occurs when it becomes live KERNEL=="md*", SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="linux_raid_member", \ ACTION=="change", RUN+="/sbin/mdadm -I $env{DEVNAME}" # Added line # Pass-through of all /dev/md* arrays. # Will end up as Removable Storage that can be assigned to a VM. KERNEL=="md*", SUBSYSTEM=="block", ACTION=="change", SYMLINK+="xapi/block/%k", \ RUN+="/bin/sh -c '/opt/xensource/libexec/local-device-change %k 2>&1 >/dev/null&'" LABEL="md_end"

@dafyre said in Ethernet link going down and then up after 3 seconds.:

log in to the switch.... and then

sho log -r

That will show you the most recent entries in the log. Look for anything related to STP.

I think it is:

log -r -w

Without the 'show'. The -w switch helps filtering out less relevant stuff.

@emad-r said in Nested hypervisors?:

also as vendor they dont want the complexity advantages of Virtualization

ftfy

We set up our Intel RMM and Dell iDRAC Enterprise KVM/IP setups on the internal LAN with a static IP address. Self-issued SSL is fine for this.

Older RMM/iDRAC units may need a legacy Win7 VM with IE9 around for those moments when they need to be managed (we keep one turned off but around for this exact reason). This is especially true with the certificate structure changes that have come through recently. Modern browsers refuse to connect to legacy web management consoles.

Rules are set up on the edge to allow both inbound and outbound packets for their services to our office IP address. VPN is another method to gain access if the edge supports it.

Username and password are set up with both settings being custom with info kept in KeePass here. Make sure to change the Dell default setting! Intel gets set up in the BIOS before it allows site authentication and access.

Cost wise Dell is $300 to $450 here in Canada to license while the Intel RMM module is sub $150.

A blog post on what we do: http://blog.mpecsinc.ca/2017/06/disaster-preparedness-kvmip-usb-flash.html

We don't do SuperMicro.

@stacksofplates said in Supermicro iKVM/IPMI HTML5 viewer?:

I've used it but only on newer. No idea if it's upgradeable or not. The HTML5 console works pretty well. They misspelled "Macro" in the interface though. It's spelled "Marco".

I only have seen reports of the Firmware been able to be run on X10 only but it is not supported
https://forums.servethehome.com/index.php?threads/supermicro-html5-ikvm-arrived.10320/page-2

https://forums.servethehome.com/index.php?threads/supermicro-html5-ikvm-arrived.10320/

Cavium over Chelsio any day if considering iWARP RDMA. Intel would be a distant second to Cavium.

The RJ45/SFP+ really depends on needs. If there are enough fibre runs to complete the setup then SFP+ would be the direction for top of rack (TOR) and/or aggregation.

For non-RDMA enabled networks we use RJ45 based setups for the NICs (Intel X540/X557 10GbE). For RDMA we use RoCE 10GbE/25GbE/40GbE/50GbE/100GbE via Mellanox NICs and switches which are SFPx based.

Intel 7xx series NICs utilize iWARP and SFPx and may be an option depending on server vendors and switch setup.

Performance wise, depending on network type and whether RDMA is present or not 10GbE should be around the numbers mentioned by @NashBrydges.

@eddiejennings said in VM firewall for the rest of the VMs? (Xenserver host):

@jaredbusch said in VM firewall for the rest of the VMs? (Xenserver host):

@pete-s said in VM firewall for the rest of the VMs? (Xenserver host):

PS. For the firewall VM I'm thinking Pfsense (freebsd) or Vyos (debian)? Are there others I should consider?

VyOS is a solid solution, less known than pfSense in general, but VyOS is forked from the same original source as Ubiquiti's EdgeOS.

VyOS is working fine for my colo server. +1

Ah so, @EddieJennings not @coliver, but i knew we had conversations about this.