@JaredBusch said in What You Need to Know About XenServer:
My biggest complaint with XS is not having any simple method to attach a local ISO repository. Horribly critical flaw (not really).
Just create a minimal CentOS VM with an ISO disk-repo… five minutes of work, maybe!
@Tim_G I do gym at home, running and cycling in the streets; usually something by JS Bach, or baroque music in general. Sometimes modern stuff like '80s rock, '90s dance.
I usually store all my passwords files (plaintext, of course) in LUKS encrypted partitions, with a VERY long passphrase.
I use different endpoints (laptop, desktop, etc), so it happens that I forget to synchronize the LUKS partition between those devices. Sometimes is just difficult to keep them in sync because of I leave one of them switched remotely and similar things, or it's just boring (for example, in my macbook) to bring up a Linux VM just to read that password.
So, I was thinking about create an AWS Linux instance (or similar public cloud provider) with the only purpose of providing access to that LUKS partition, stored in the cloud. Obviously, I will only access to that VM with ssh keys.
I'm concerned about the security of a cloud instance, that will of course have unencrypted and accessible RAM (by the cloud provider, of course), leaving all my credentials potentially accessible… what do you think about it?
@scottalanmiller I think you wrote something about LUKS security sometimes ago…
My company is trying to redesign our WAN connectivity. What we have today is 4Mbit HDSL (I'm based in Italy) and three x3550 M4 with vSphere.
We want to move at least one of our backup to the cloud, and today we can't respect our backup window with just 4Mbits.
I'm thinking about two alternatives:
I was also thinking about moving almost everything to the cloud, to almost completely skip our connectivity bottleneck (cloud VDI with zero clients); we already have VDI and thin clients in place for almost no reason (too few clients).
But I don't think that this cloud alternatives can be cost-effective today, because we already have a lot of on-permise hardware in a good shape.
What do you think about it? I'm not that experienced in the design of such environments, so any help will be appreciated!
@DustinB3403 this company is based in the southern part of Italy, where the connectivity infrastructure is very poor. You can only get cheap business ADSL (70-100€/month, 7Mbit/256Kbit), costly HDSL (costly like that, and our provider is cheaper) or FTTH that goes from 8Mbit up to 100 or even 1000Mbit at an even higher price. The better and cheaper Fiber-to-the-Cabinet is not yet available in our zone. I've business contact with all the biggest provider reseller in our zone, I can assure you that this are the street price for connectivity in certain zones of Italy. Sadly.
@scottalanmiller said in WAN connection design: big pipe VS ADSL or… embrace the cloud:
We need a lot more info about what the company does and how it works to really say if going to cloud makes any sense. But even in the US or Romania with massive WAN pipes at low cost does VDI normally make any sense. VDI is very expensive. Normally RDS makes way more sense than VDI, and even that remains rare.
I know VDI don't make sense in our, it was a design mistake, but today is already on place.
Its a fruit trading and production company, 20 employee (all on VMware horizon), 3 sites. They have ERP, heavy use of filesharing, mail with Gapps for business. Small db of ERP ( <10 Gb) and just 400Gb of shared files, nothing special. The on-permise part is hosted on three vSphere host with 64Gb of ram each and three Tb of storage. There is one central plant with the rack, air condition etc, the other offices are connected via VPN or via the horizon gateway.
I was thinking about the possibility to move everything to the cloud to throw away the WAN bandwidth issue. It's a suboptimal solution from a design point of view, but maybe cost effective because we will get the cloud provider connectivity for clients also (not just for server) at no additional fee than the hosting. A pair of bonded ADSL is easily capable to sustain the data rate of many PCOIP connections.
This post is very interesting.
The scenary that you are drawing for a small business of 10-30 people is something like that: a file sync layer (like dropbox for business) that replicate everything locally, eventually on big'n'cheap ssd (compared to costly enterprise storage), so remote offices wouldn't be a problem. This way, is possible to leverage all the power of modern hardware (even a core i3 of the latest gen has plenty of power), without the hassle and the big uprofont investment of phisical servers, thin clients, storage etc. Every other service that canno be served in a SaaS way, of course can be hosted in a IaaS (I'm thinking about the typical windows-based ERP) and connected via a router to the local network.
So, the shopping cart to start a full-fledged IT infrastructure in SMB should be composed of just switches, a router with vpn capabilities (edgerouter er8?), desktops with big ssd (AMT - vPro) and a bunch of services like AWS, office 365, dropbox for business etc.
Maybe 1000-1200€ per seats (every 4 years) plus 30-40€/month/user… not bad, considering that one of the SMB in which I work bought upfront 70000€ of servers/storage/vmware/windows server tl… I'm afraid, with less performance and reliability.
I'm about to start the migration of a VDI environment, back to… physical desktops! We aren't getting the performance that we need from a VMware Horizon VDI, that is backed by two servers providing 15 windows 10 virtual desktops, and a FC SAN (I'm about to replace it with local NVMe SSD, replicated).
My choice for desktops will be HP z240 with third party ssd (SATA or cheap NVMe). I will manage those workstations via AMT and I will use Veeam endpoint for the backups. (to our Veeam server, of course).
Do you think I will regret? I like the flexibility of the VDI, but performance aren't on par with even 8 years ago desktop with a baseline local ssd… even on the LAN, everything graphical related is "not as good".
Have any of you had the experience of migrate back from VDI to dekstops?
(Oh, I'm also about to drop our centralized fileserver for something like dropbox for business or onedrive… replicated on the local desktop ssd, of course)
Does anybody know how to push software restriction policies AKA application whitelisting in Windows 10 via Azure AD? We used that policies (and windows defender, also) to mitigate ransomware &co., and this approach has been very effective till now. No capital investment, very light on the machine… but, what about an AAD only scenario (no AD connector)?
@travisdh1 said in What is the best way to backup Dropbox for business to AWS?:
@Francesco-Provino said in What is the best way to backup Dropbox for business to AWS?:
@travisdh1 Oh, download also, we are on a 4Mbit/s symmetric HDSL link
.
I'd give my left leg for a 4mbit symmetric. Our two locations have 10mbit/1mbit and 768k/356k respectively.
Wow, so I think anything cloud-based is ruled out for you… HDSL is not cheap, we are planning for a dedicated 10/10 FTTH link, abou the same price.
I got a new customer, a small office with just three Windows clients that was just hit by a ransomware, so I've the duty to protect their data as well as possible from issues like that.
I think about a Dropbox Pro for file syncing between clients and Backblaze pro for backup… maybe a small Synology also for local backup and desktop image archiving (veeam endpoint or clonezilla image for fast bare-metal recovery in case of a major fault).
They have a standard ADSL connection with ~512Kb of upload, and the files to backup are in the range of 100Gb.
I hope that my plan will serve well for data protection, sharing and DR, but if have any tip about it, please share!
@scottalanmiller said in SMB - Greenfield scenario - Full cloud sync and backup:
@Francesco-Provino have you seen how I have been working hard on my Italian on DuoLingo to prepare for three months there?
No, just watched now! I'm from Palermo, also in Sicily 
. I'll PM you about that, it would be great to meet you!
@scottalanmiller said in SMB - Greenfield scenario - Full cloud sync and backup:
@Francesco-Provino said in SMB - Greenfield scenario - Full cloud sync and backup:
@scottalanmiller said in SMB - Greenfield scenario - Full cloud sync and backup:
@Francesco-Provino have you seen how I have been working hard on my Italian on DuoLingo to prepare for three months there?
No, just watched now! I'm from Palermo, also in Sicily
You live there still, now? We will definitely be there some of the time. My wife's family is from a village right outside of Palermo and we hope to spend some time there looking for some birth and death records at the church.
Yes, I'm Palermo right now. What village? I'm from Bagheria, in truth, ~20km from Palermo…
@JaredBusch said in SMB - Greenfield scenario - Full cloud sync and backup:
@Francesco-Provino said in SMB - Greenfield scenario - Full cloud sync and backup:
@BRRABill said in SMB - Greenfield scenario - Full cloud sync and backup:
@JaredBusch said
This does not get you any kind of off site, but it gets you solid true backups.
It's not ideal, but couldn't they invest in a few USB drives and just dump the data and rotate them offsite?
It would at least save MOST of the data in the case of a local catastrophe.
There's absolutely NO person aware of IT issues in this office, I have to setup something that they don't have to deal with. Absolutely!
Again a sync tool is not a backup. But if you are going to stay with a sync tool, then buy 2 NextCloud Box systems.
Set 1 up in the office and have their systems point to it.
Setup number 2 with a DNS name and use a local DNS override in th eoffice to point to it locally. Let them sync.
Remove DNS override and move number 2 offsite. Sync will resume.
Of course is not, so I will use BOTH Dropbox AND BackBlaze for backup ;).
@JaredBusch said in SMB - Greenfield scenario - Full cloud sync and backup:
@Francesco-Provino said in SMB - Greenfield scenario - Full cloud sync and backup:
so I will use BOTH Dropbox AND BackBlaze for backup ;).
Why? Because using dropbox just emans you then need to deal with restoring 3 computers not 1 because the encrypted files will get sync'd.
Yeah you have them backed up to backblaze, but it still sync'd the useless files around.
I want to completely drop file sharing with fileserver, going serverless. The remote event of a cryptolocker will of course lead to a complete reinstall of the machine and resync of the whole stuff from backups. That's why I want to take also a little NAS with scheduled snapshots… just to be able to quickly recover all the stuff in less than a day.
Losing one or two working day is acceptable (or, better, they will only be slowed down but the recovery of the most important files can be done instantly via BB or Dropbox versioning), losing data is NOT.
I've just ordered a Surface Pro 4 with baseline config (core M3, 128Gb storage), intended to be my travel companion replacing my old MBP late 2011.
I want to follow the philosophy of having a thin endpoint just to surf the web and doing basic stuff with text and cli, leveraging cloud or on permise servers for everything requiring big ram, CPU or GPU.
I also have Dropbox for business (unlimited storage), so local storage is not an issue.
What do you think about a setup like that?
Does anyone of you have already worked with similar configuration?
@scottalanmiller said in The Sysadmin / CTO machine - A Surface + Cloud to rule them all?:
@Francesco-Provino said in The Sysadmin / CTO machine - A Surface + Cloud to rule them all?:
So, after all, seems that the Macbook 12 would be a better fit for my needs… overpriced, but at least it's a unix machine (I prefer it to win if I can choose) with good battery life. Every other ultrabook I've considered has some quirks, and/or is similar in price.
I will give a chance to the Surface, and if I won't be satisfied I will wait for the next iteration of Macbook… I hope with a better keyboard and Kaby Lake.Thanks everybody for the hints!
Why not get something actually good and put Linux on it? Way cheaper, faster and nicer than a MacBook.
Big thumbs up for Linux, it's the environment of choiche for me. But… I haven't found a good Linux ultrabook yet, and I definitely don't have time to dial with the innumerable issue that Linux has with mobile hardware.
I had a dell XPS 15… nvidia drivers were a big issue, the trackapad works nowhere as good as in windows, battery life was awful, the machine always run hot even with every immaginable tweaks of cpufreq and video drivers (I also contribute to the archlinux wiki in this regard). The laptop finally died of overheating, I found the GPU "cooked". Really a mess. My mbp 2011 is still brand new excepting some scratch, and I've used it all throughout the Europe almost every day. Every piece of its hardware works like a charm, and I want this polished experience from my next laptop… I've enough problems dealing with servers and VM, I don't want to waste my time for some stupid kernel upgrade that will broke that ACPI module that in turn will kill some blablabla again and again.
Ok, my Surface 4 m3 is arrived and I've no issue till now, but… I really want a unix-like as the host OS, so I think I will get another laptop after returning it.
I've no use for the tablet mode, I was thinking it was more optimized.
Now I'm considering Asus UX305UA vs Dell XPS13 9360… any experience with them? I've read that the XPS is used by Linux Torvalds for kernel development when he is on travel, so I think it will work :D., The UX305 is also considered a very linux-friendly machine.
@Lakshmana said in Hide folder in linux:
@scottalanmiller to hide personal folders hidden from other people
What? Just chmod go-r it…