@francesco-provino said in Application clustering VS RAID with modern SSD:

There is also the possibility of create TWO drbd replica set, one active on the first node and the other active on the second; that way, I can easily double the total cpu count and ram available for the VMs… sort of hyperconvergency on the cheap!

It's hyperconverged whether you do that or not. HC is free, even with far more robust systems like Starwind. HC doesn't imply that you have HA or can move workloads around. Most people do that, but it's HC from the moment you go with the design here. But DRBD isn't saving you anything over normal baseline. So while this is cheap, it's not special or cheaper, and it's a well known model that under normal circumstances you would never do without local RAID because it's been analyzed heavily for decades and it just doesn't provide a logical protection versus simpler, cheaper approaches.

OVS is awesome.

@francesco-provino said in Fiber VS Copper: racks interconnection in a pre-existing environment:

@coliver said in Fiber VS Copper: racks interconnection in a pre-existing environment:

@francesco-provino said in Fiber VS Copper: racks interconnection in a pre-existing environment:

@scottalanmiller said in Fiber VS Copper: racks interconnection in a pre-existing environment:

@brandon220 said in Fiber VS Copper: racks interconnection in a pre-existing environment:

I do this both ways but usually lean towards fiber when I can't stay far enough away from electrical conduits. A major factor with fiber is that it is immune to noise from electrical circuits and can be run very close to them. I think fiber is cheap and I don't mind working with it. Yes, you can run 10G over CAT6 and it will also work well but you are limited on distance.

Fiber is really nice, any idea what the real cost difference is going to be?

Yes, 40 euro for 4 strands of 65m preterminated, tested, labeled and joined togeter in a single jacket of 6mm.

That's pretty inexpensive! Modules might be a bit pricier. Just make sure you clean the ends.

Modules are 5.80€ each.

Not bad at all. Go for it then 🙂

@francesco-provino said in Wireless AC vs Ethernet recabling for small office:

We have very little space in the tubes. I’m thinking about going with MPO/MPT or multiple fiber cables for recabling, because they will take much less space.

EDIT: now I see that today a single SMF can do what an MPO did for a lot of bandwidth, uhm.

You may be surprised at how inexpensive SMF is to run these days as well. But if you have the space in your conduit look into Fiber Microducting. It can make adding new cables (if needed) later much easier.

@francesco-provino said in SAN vs vSAN in a brownfield environment:

@scottalanmiller said in SAN vs vSAN in a brownfield environment:

@francesco-provino said in SAN vs vSAN in a brownfield environment:

I've already pointed out that. The reply was that vSAN is a new/untested stuff, and they prefer to stick with a trusted route.

How are they defining this? vSAN is old and very trusted. SAN is older and has demonstrated that it is not to be trusted.

vSAN isn't actually old, it's the same age as SAN. The two are one and the same. Point that out, that vSAN and SAN aren't different things so all testing of one is of the other. Ask them point blank "You seem to be confused, I think you are recommending SAN only because you don't understand what vSAN is or means or you'd understand that you couldn't make that statement. I hope this means you are unknowledgeable of this subject matter and not just trying to scam us while thinking we are fools."

I think that the management never heard about vSAN, that's all.

It's all in how you present it. Simply present it as SAN, but done in an enterprise, well thought out way.

@stacksofplates said in Back to Active Directory, Route 53 DNS:

However I do see a big plus. If you’re using something like ZeroTier now all of your mobile devices can resolve DNS names, since you can’t control the phones DNS on cellular.

That’s exactly what we do now.

@francesco-provino said in Building a Veeam backup target:

@tim_g said in Building a Veeam backup target:

@francesco-provino said in Building a Veeam backup target:

So, you are pointing towards the external jbod solution? The Dell chassis seems a bit dated to me...

It can't be any more dated than the MD1000. (though I didn't look up your server)

Do you want the possibility to expand (MD1000) versus having to replace 8 drives later?

I found some posts talking about MD1000 being picky with drives, don’t accept >4Tb… what do you think about that?

Well, considering I have 8x 8TB drives in mine, I'd say those posts are full of shit. I've had HGST and Seagate Ironwolf's in it.

It depends on the HBA you use, not the MD1000. The MD1000 is nothing more than a long cable attached to your server's internal RAID card.

Maybe there's a firmware or something for the MD1000, that may have been done when I did a system-wide firmware/drive update on the server via Dell Server Update Utility.

@jaredbusch said in Bonus: when SAM was against KVM:

@reid-cooper said in Bonus: when SAM was against KVM:

@dbeato said in Bonus: when SAM was against KVM:

Things change very often, probably at the time it was not something a lot experienced and worked with.

Five years is certainly a long time in the lives of KVM or Xen.

Or Hyper-V

Maybe even longer there.

@kyle said in Any reason to avoid /16 in 2017?:

@scottalanmiller said in Any reason to avoid /16 in 2017?:

@kyle said in Any reason to avoid /16 in 2017?:

The employer I just went to work for was convinced to go from a /24 to a /16 because they were told this was necessary to fix the issues with the VLAN's. The turn up of this was on my 3rd day on the job so I had no idea when I signed on as to why they were making the change. The company has 14 locations on an MPLS but the IP addressing schema is all over the board.

LMAO.

I'm telling you. The "MSP" is like dealing with psychopathic monkey with alzheimer's.

lol damn.

@francesco-provino said in Digital Ocean NetBox inventory tool, anyone?:

It looks nice on first sight. Any other open source competitor? I mean, oss with HTML5 interface.

If you're just looking for IPAM then there is one called NIPAP. But I've never used it. phpIPAM is another.

I've never used NetBox in production, I just spun up a Vagrant box to look at it. Working in an air gapped environment brings challenges when you have to get stuff from Github.

@dustinb3403 said in OS cloud images, anyone?:

@marcinozga said in OS cloud images, anyone?:

I had a look at UNMS and the installer is just pulling Docker image. That's a lot of moving parts and getting Docker to run in LXD is a challenge already, just too many variables. There's a feature request to have standard .deb installer.

I thought @JaredBusch posted a guide to installing UNMS in a Debian 9.1 VM on the forums just the other day. . .

Edit: Yeah he did, here is the guide.

Installing Docker in VM is quite different than installing it in LXD container. Think of it as installing Docker inside Docker.

@travisdh1 said in Enterprise wireless access control system:

@coliver said in Enterprise wireless access control system:

@francesco-provino said in Enterprise wireless access control system:

@travisdh1 what do you reccommend for Radius? On Linux, of course… any quality tutorial out there?

The biggest name (and one of the oldest projects) is FreeRadius (http://freeradius.org/).

@coliver beat me to it. Also one of the most documented around.

I've seen some tutorials on how to enable this in Windows, and it's adding a role on a Domain Controller if I remember correctly.

You don't have to it can be added via a second server.

Take a look below:
https://docs.microsoft.com/en-us/windows/client-management/connect-to-remote-aadj-pc

@fateknollogee said in Should backup and virtualization infrastructure be decoupled?:

I like the idea!
What are you proposing, can you give a little more detail?

Use bacula/borgbackup/veeam endpoint or just plain remote rsnpshot, plus database-specific tools… and, of course, take a full backup if the VM once in a while for quick disaster recovery, but without all of the fancy incremental-dedupe stuff.

@Dashrender said in Modern iPad security: the most secure endpoint ever?:

@Francesco-Provino said in Modern iPad security: the most secure endpoint ever?:

@scottalanmiller said in Modern iPad security: the most secure endpoint ever?:

@Francesco-Provino said in Modern iPad security: the most secure endpoint ever?:

Why don't go instead with a stateless endpoint that has a completely reproducible configuration in 2-3 taps?

In that scenario, as a stateless endpoint, is iOS buying you that much over ChromeOS?

I think android is less secure because it's a patchwork; also less stable, less integrated with the hardware and based on older design and technologies.
Other than that, I prefer apple hardware.

I haven't looked into it - what make Android a patchwork? I'll agree it's less stable than iOS - but I blame that on the small integration times between versions, so vendors never have/take the time to make things as good as they can be.

People/trade rags are complaining that Apple is boring now, not innovative with the iPhone anymore (and no, removing the headphone jack wasn't innovative 😉 ) but then, does it really need to be? There hardware/software integration is second to none. There's probably always polish that can be added, hence some of the recent revisions, but in general it seems to be gleaming the cube.

The kernel is Linux, that wasn't born at all for mobility (big effort of google for making it usable for that purpose), and every vendor has its own customized UI and other parts of the system. So every vendor-related piece is developed as a snowflake by relatively small teams and is at risk of becaming abandonware. Low code quality strict deadlines…

I tried one of the earlier firmware iteration of the S7 edge… just a horrible mess of non-integrated software put together. The cam wasn't working at all. Ok, they fix it in the end, but… light years from what I've seen on my iOS devices.

I would like to point out againthat I'm not a fanboy in any way, I went through the iPhone just because it was my business-supplied phone. It just works for what I need, it's insanely stable and polished.
Maybe the only thing that iOS really lacks at the moment is burning an ISO to a pendrive in a dd-fashion… but I could carry with me a raspberry or some similar micro-pc for that. I don't NEED to virtualize anything on my machine. For any emergency I can fire a VM in one of my server or in a public cloud and reach a machine via ZeroTier or similar stuff. The iPad can act as an internet hotspot if the connection is missing in place.

I'm planning on deploying 24 SFF machines for a school computer lab. The limited space they have is a big factor. Plan on mounting them on the back of the monitors. Plenty of horsepower for their workload.

I just write an article about that here: http://www.francescoprovino.com/2017/04/16/full-disk-encryption-unlocking-from-virtual-serial-tty-paranoia-xenserver-and-libvirt/ .

I've restrict my choice to XZ vs LZIP.
XZ is adopted by GNU, the kernel distribution and the majority of linux flavours…
But it looks like LZIP is better designed, more simple, with better docs, but not that widespread.

Any advice on that?

Thanks everybody for the answers! I'll start to test your suggestions starting from tomorrow :).