@scottalanmiller said in Why Are UTMs Not Recommended Generally:

@dave247 said in Why Are UTMs Not Recommended Generally:

Yeah, I understand what you are saying about having each role of the UTM broken out into separate products and that makes sense and I can see how having the option of a system that "does it all" would be appealing to companies. Let's say I wanted to do that. What would I have to do?

The first decision point is.... do you really get value from security features beyond those of a good firewall?

If yes, then which ones specifically?

Then you'd find ways to get those specific features.

BTW, what would be a good firewall anyway? Like every time I look up firewall, all I find is UTM

And I wasn't a massive douche-bag about it.

@CCWTech said in External drive letters changing:

I have a server with only 2 USB ports. OS is Windows Server 2016 STD.

Since I need more than that to plug in external usb drives I purchased a USB powered hub.

It's been working fine for a long time, however just recently after a reboot the drive letters are changing from what they are manually assigned in Disk Management and even the name of the volume is changing.

I have read about clearing the drive attributes in diskpart and also the possibility of the server now detecting the USB hub as a new device each time.

Has anyone worked on this issue before and what did you do to resolve it?

Are you properly ejecting the USB drives before taking them out? I think sometimes they don't fully clear and then you have a letter conflict. I'm not 100% sure on this though..

Say I have one Windows domain with some DC's serving up AD and DNS, and all of my servers, computers and other devices are all on one flat network. If I wanted to move things to different networks like servers on a management network, computers and phones on another, etc, does this impact the Microsoft licensing I choose? Would I need to purchase additional licenses for the multiple networks under one domain -or something to that effect? I know server licensing is core based but is there something with server CALs or anything?

I plan to do some more research on my own but I'm currently on the road. I just wanted to ask here to see if I could get some quick input/food for thought on this, if it's even a potential concern.

Say I purchase 20 Windows 10 Pro Open Business Licenses from a VAR. I then get an MS license agreement added in my MSVLC and I am able to view the MAK licenses and download the software, etc.

Now, say I want to purchase 5 more Windows 10 Pro Open Business Licenses and I go through the same VAR again. Is it typical to receive a new MS license agreement along with new MAK license keys? Or should they just be increasing the number of existing Windows 10 MAKs?

I ask this because I am in that situation where I would like to simply bump up the number of Windows 10 licenses for the sake of having only the one Windows 10 MAK.

Maybe I am just being anal, but if I have 25 computers that I'm imaging with the same single key, yet in reality I am using a key meant for 20 systems across 25, and not actually using the 5 new additional keys.... ah you all get what I'm saying...

What is the "right way" to handle this?

This happened last week but I'm still fuming about it. I came into work and all but 6 or so of our Windows 10 Pro 1803 systems had upgraded to 1809. I had been planing to wait a while before upgrading so this was completely unexpected.

I have a WSUS server properly set up and the Feature update to 1809 was not approved at all. Googling around, I discovered that there's something called "Dual Scan" and running this check has shown me that I in fact have Dual Scan enabled. I can not disable it apparently since we are not on Windows 10 Enterprise. The registry settings may or may not technically work, so I'm holding off on that solution unless there is no other way.

Has anyone else dealt with this? Any suggestions?

@DustinB3403 said in Hyper-V Server 2016 - How should someone add 18.5 TB of storage:

The system I am using is old. BIOS has no usable options for RAID and I don't know what a RAID controller is.

You don't know what a RAID controller is? Time to do some reading. Basically it's a logic card that manages the placement of data across multiple drives, depending on how you configure the RAID levels. Then it presents that to the OS as a single logical volume - the OS doesn't see the individual drives.

• https://en.wikipedia.org/wiki/Disk_array_controller
• https://en.wikipedia.org/wiki/Standard_RAID_levels

What server do you have? Do you have a service tag?

For example, if I have an application with a web front-end and an SQL database back-end - in the past, it used to be best practice to separate those two roles and have one server for the webserver and another server for the SQL database server. Is this still common practice?

@scottalanmiller said in Are we still separating application roles out on different servers?:

Youtube Video

Wow you made a video for/because of me! Nice!

And yeah, I see your points. That all makes sense. I guess I shouldn't have used to words "best practice". I just meant like, the thing that a lot of people commonly do because it's the current trend or whatever.. but yeah its good to question everything and use your brain. I just wanted good input/insight, which I got.

@scottalanmiller said in Are we still separating application roles out on different servers?:

@dave247 that's how I roll.

Thanks Scott. You the MVP!

@PhlipElder said in Any good DRaaS suggestions?:

@scottalanmiller said in Any good DRaaS suggestions?:

@PhlipElder said in Any good DRaaS suggestions?:

A quick "hack" way to do it would be to sync a copy of the SP files to a repository and have that repository hooked into BackBlaze. They would then be sync'd up to BB. Cost wise, it would be cheap, cheap, cheap.

That's good for the backup portion. But for full DR you have to handle the recovery, hosting, networking failover and those parts. That's where "putting it all together" comes in.

SPX supports instant-on via file convert to VHDX/VMDK. Having those files sent to a DR site that is set up to fire the VMs up on short order would work well.

And on the StorageCraft side of things, we've been a partner since the v3.x days. Their product was second to none for the longest time. We pulled off some spectacular recoveries because the product was just that good. It still is to some degree, it is just that managing in-guest backups for more than six or eight VMs gets to be a bear after a while. Dedupe and Compression in Veeam has saved us gobs of storage.

As far as StorageCraft goes, it became noticeable that things were going awry when their Partner mailers were promoting third party webinars and "grow your MSP" type stuff. In the v3.x, v4.x, and v5.x days the product was king with in-person training being awesome and costly but worth it.

The fact that Veeam secured $500M in investments recently points to where all the action is today. All backup vendors whose products don't work well, and believe me there are a lot of them which is really sad, are put on notice and I, IMNSHO, am very happy about that.

Thanks for the input. I am still strongly considering Veeam as an option.

Does anyone else have a SAN and use snapshots? We have a 24TB SAN with a single 10TB volume which is simply storage space for our virtual servers in our VMware environment. I have snapshots enabled on that one volume and they run once a night at 12AM. I understand that snapshots are not backups and I get that they are a form of data protection at the SAN level. However, I can't see any reason for them, at least not in our situation.

Reasons:

1. If I restored a volume from snapshots, ALL virtual machines would be reverted to a 12 hour-previous state and that would cause so many problems. I would rather restore machines from backup as needed as our backups run incrementally every 4 hours.

2. If I increase the frequency of snapshots, that would create much more storage overhead.

3. Storage snapshots of the volume are stored on that volume (I think?) or at least the SAN unit itself. This eats up space and snapshots would be no good if the volume were somehow deleted.

4. I would rather take snapshots at the VM level

I can't think of anything else right now, but the point is, I don't really see the use case for snapshots at the storage controller level, unless it's a situation where I've lost all backups and some or all VM's have been corrupted and my only option is to restore the volume from a snapshot - such as in a ransomware situation.

@DustinB3403 said in I don't really get the point of SAN snapshots:

An IPOD means you have 2 or more hypervisors with 1-2 switches with a SAN providing storage to your hypervisors.

yes I fully get the IPOD thing. I used to be a SpiceSquirts user and endured the many tedious posts of SAM.

@scottalanmiller said in I don't really get the point of SAN snapshots:

@dave247 said in I don't really get the point of SAN snapshots:

ok so lets say I didn't have a SAN and I didn't want to use vSAN or whatever. Is there another good method, such as maybe having two physical Windows servers basically serving up mirrored storage via iSCSI or FCoE?

So now that we know you meant VMware's vSAN product...

The big alternative (and assumed starting point for most of the SMB) is Starwind vSAN. It's available for free and in paid versions with support.

Well it's not even that I "meant VMware's vSAN product". I just assumed that's what we were talking about when "VSAN was mentioned", which clearly it is not.

@scottalanmiller said in I don't really get the point of SAN snapshots:

@dave247 said in I don't really get the point of SAN snapshots:

ok so lets say I didn't have a SAN and I didn't want to use vSAN or whatever.

There are basically four possible choices. This isn't about what is good or bad, just what is theoretically possible....

1. Local storage (storage that connects without going over the network.)
2. SAN (storage that connects over the network).

Then of each of those, they can be replicated or not replicated.

So you end up with...

1. Plain SAN
2. Replicated SAN
3. Plain Local Storage
4. Replicated Local Storage

ok thanks for clearing that up.

I was recently talking to another IT guy at a kid's birthday party and he was telling me something weird/interesting about some stuff that's apparently going on with foreign workers coming to the US on B1 Visas. The guy works in IT for a retail chain and he said he interviews candidates over Skype who are over in places like India. He said a lot of times while he is interviewing them, the video is intentionally low quality and a lot of people on screen move their mouths but someone else is talking behind the camera to answer IT questions or whatever. Then, if/when they are hired and they make it over to the US to start the job, it ends up being someone completely different than in the video interview. He also said a lot of times they end up not having the skills/knowledge they claimed to have. I only got to talk to him for a few minutes so I didn't get any more details than this.

Has anyone else heard of this?

I'm just trying to figure out the "right way" to do this. I have looked this up before but now that I'm upgrading my DC's from 2008 R2 to 2019, I figured I would double check. I see a lot of people adamantly saying that the DC should look to another DC first, then to itself/the loopback, but then I see others adamantly claiming the exact opposite.

Here is how I have set mine up in the past and how I am currently setting the new DC's up:

IP Addresses:
DC1: 192.168.0.10
DC2: 192.168.0.11

TCP/IP DNS Settings:
DC1:
192.168.0.11
127.0.0.1
DC2:
192.168.0.10
127.0.0.1

Or should we be using the DC's own IP address instead of the loopback address?

I finally found this https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff807362(v=ws.10) which pretty much answers it.

I've been having trouble actually finding a decent multi-department help desk solution. Google just results in the same old dead-ends. We are a small-ish company with about 60 employees yet we have something like 12 departments or so (always changing) and so our technician quantity is always high (like 40 technicians) and that is what always kills us in price.

Currently, I am trialing ManageEngine ServiceDesk Plus which seems to be the best option in terms of functionality and price, but it seems pretty problematic with bugs and weird functional issues. And support doesn't seem that great so far and the community feels kind of dead.

The only other product I found that might work is something called Jitbit help desk but I haven't had a chance to really look into them yet.

Does anyone have any good suggestions?

Here are my requirements:

• Internal, multi-department help desk (not just for I/T)
• 40 technicians / users who can complete requests
• Active Directory integration for SSO
• Price under $8,000/annually
• on-premises deployment
• Microsoft Windows Server based
• dead simple/basic - just need everyone to be able to submit HD requests for different departments and have other people be able to handle and close them. No freaking bells and whistles.

@scottalanmiller said in Trying to find a good, on-premises, multi-department help desk application:

@dave247 said in Trying to find a good, on-premises, multi-department help desk application:

@Obsolesce said in Trying to find a good, on-premises, multi-department help desk application:

Curious about the on-prem requirement? Seems lime an odd requirement?

On-prem because we have a lot of PII information that gets put into our help desks, plus we just like having some control over things. Not everything has to be cloud hosted.

No, but not everything needs to be internally hosted, either. ALL decisions should be based on logic and needs evaluation.

PII doesn't make hosted not an option, it actually makes it more important. Because a self hosted tool won't have the security resources of a hosted one. "Like having some control" is the same as saying "we don't think like a business". Nothing wrong with having control, but that's an emotional description. How does "having control", and what does that mean in this case, help the business?

"Liking" approaches is something no business should act on. The moment you feel that you "like" hosted, or on premises, virtual or physical, it should set off a red flag that something is wrong. It's a term people use to express when they are knowingly making a bad decision, but haven't stopped themselves from doing so yet. It's trying to justify a business decision (that must be logical) in terms of consumerism (buying what we like regardless of value.)

None of this is to berate you or to say you can't do it this way. It's the same kind of problem that @WrCombs had and it's best explained this way....

We all have to deal with the emotional whims and non-business illogic of people above us in an organization. What we are required to do is often out of our control. What we do control is repeating false logic as reasons. In this case, stating that you have PII, security, or control concerns aren't valid reasons to chose on premises - they are excuses to cover for someone being emotional. Instead of repeating them, identify that they are false and just say "someone who isn't concerned with business needs above me in the organization demands it be done in this way".

If you say it is a requirement that is out of your control, someone might still point out that it is likely a bad idea, but that's it. If you repeat the false logic, it essentially requires that we point out that the logic is wrong because otherwise we must either act as though we have accepted something false and/or ignore that giving bad advice is not in your interest. We can't honestly try to help while not pointing out when a decision is made on false logic.

yeah I mean its one of the reasons. We have a lot of hosted services but we want to keep the help desk in house and manage it ourselves, among other things we have going on.