Okay, the CSS has been modified and we now have the post votes again but the reputation system is gone. Commence thread voting!

Only appropriate response...

SpiceCorps Auburn New York is this evening at 6:30. I'll be speaking for the first time in the US in a year. Come out and hang out with @Minion-Queen @art_of_shred @DustinB3403 @Mike-Davis @scottalanmiller and more.

https://community.spiceworks.com/meeting/show/2074

Well, we finally did a massive, manual culling of the users in the hopes of eliminating bots and scam users. We've had no issues with fake posting (yet, knock on wood) but we did have a huge and sudden creation of fake accounts a few months ago that was pretty problematic. Roughly five thousand fake accounts were created which caused us to have no idea as to account creation rates, how many real users that there were and just very little visibility into the entire system.

So tonight we manually attempting to sift through all of the accounts on the system, about 5,800 in total, and cut it down to just the genuine users. This was a lot of effort and we really, really hope that no one with a real account got deleted although, chances are, a few people did. If so, we are really sorry but there was very little that we could do. We worked from user names, email addresses, lack of posting, lack of avatar and other factors to try to determine if an account was real. Dealing with so many to delete it is just too likely that one or two real ones got caught in the culling.

No accounts with any activity were lost. That we are confident of. But it is possible that idle accounts with real people intending to use them might have been deleted. Please just recreate your account, if that is the case. Hopefully with the anti-bot systems we have in place now this will never be an issue like this again in the future.

This is when you know that you have been holding hands too much.

Over the past several years, nearly all recommendations for the SMB (Small and Medium Business) market have been that VMware ESXi / VMware vSphere is the best option for virtualization. The cost, less than $600 for an Essential license covering three typical hosts, was minimal and the product was fast, stable and easy to use. With that cost the product came with nearly everything that a small business could want. Competing products, like HyperV and XenServer, lacked some of the features and the $600 price tag was small enough to make VMware the clear choice.

The tables appear to have turned, however. With recent releases of both HyperV and XenServer both offer the speed and stability along with ease of use that SMBs need most. Both offer their complete feature stacks for free making them not just $600 cheaper than VMware's offering, but far more featureful for free. Both have increased ease of use, as well, to be on par with VMware's offerings.

Free means a lot here, that cannot be overlooked. Often VMware advocates point to the fact that if $600 (which can be discounted too) is a troublesome sum for any company, that company has other issues financially and is not viable. This is a valid bit of reasoning. But free carries far more value than simply eliminating the $600 price tag. Being free means that we are not limited to just three hosts or just the features included in the Essentials pack. Features that costs thousands with VMware vSphere are also available for free. Features we would either pay an arm and a leg for or would just do without. Maybe features we don't need today but find would be good to have tomorrow. And being able to add that fourth host is a big deal - this means greater flexibility to simply do what is best rather than trying to work within unnecessary constraints making us more agile and responsive to business needs.

Then there are soft costs. Acquiring and managing a paid for, licensed product takes more work. We have to acquire and manage licenses, deal with purchasing and procurement and audit for license violations and worry about external audits. We have to do more complicated budgeting. These costs, which are primarily in human effort, add up and are recurring.

There was a time when VMware ESXi's maturity and technological lead meant that the additional constraints, costs and effort to utilize it were worthwhile in nearly all cases. But it would appear that that era is over. Even at equal costs (if vSphere Essentials was to be made free) VMware's offering pales in comparison to HyperV in effectively all cases and to XenServer in all except the availability of a robust backup API leveraged by free or low cost industry products (Unitrends, Veeam, etc.) VMware's currently free ESXi product is overly anemic to the point that XenServer is always superior and HyperV normally is (unless the goal is to test ESXi itself.)

While VMware's vShere is an excellent product with amazing engineering behind it, the pricing and licensing model has left it in a position where only the incredible scale of the largest enterprises would justify it as a consideration and even there its value is rapidly waning as cloud technologies make the VMware advantages largely irrelevant even in that venue.

Is there really a non-niche use case left for VMware ESXi and VMware vSphere in a new deployment in an SMB today? It appears that the era of VMware dominance in this arena has passed.

In an attempt to get some nice graphics for our thumbnails, I've been leveraging some icon sets and wanted to give a shoutout to the artists who have provided them.

Nick Front
Unique Design 10
The Pink Group
Jozef Krajčovič
Jonathan Patterson
Pixel Buddha
Everaldo Coelho
Graphicsfuel
Anna Litviniuk
FreePik

Hard to feel bad for them. Very, very hard. That's just plain laziness, stupidity and not getting the right people to take care of things if they aren't smart enough to do the most basic stuff. Probably comes down to not feeling that paying competent help is worth it.

Assumptions before we begin:

• You have hardware RAID (SmartArray, LSI, Adaptec, PERC, MegaRAID, etc.)
• You have hot swap (every enterprise server is hot swap, but it is possible to configure without in some cases.)

What we have here, while not naturally intrinsic to hardware RAID but as all manufacturers do this exclusively we get to make the connection, is called Blind Hot Swap. This makes our lives very easy. This how to applies to essentially all standard servers configured normally.

Once a drive has failed this is what we do, and this is all that we do:

1. Identify the failed drive, normal from a light indicator on the front of the drive slot
2. Get replacement drive
3. Remove the failed drive
4. Insert the replacement drive into the same slot
5. Wait for the lights to tell you that all is healthy

At no point should we need access to the hypervisor or operating system, we need nothing except the replacement parts and access to the server itself. Often in large enterprises this process is performed by datacenter staff, not by systems administrators as this is purely a hardware task and requires no IT knowledge or interaction. The system identifies what is wrong and handles all of the repair on its own.

Absolutely do not power down a system in a state with a failed drive. This puts undo stress on the RAID array and increases risk.

A server that is repairing (resilvering) its array can be used as normal as it should operate as normal, only more slowly. However while under use the RAID array will not resilver at optimum speed. If you wish to speed the repair process you should reduce the workload of the RAID array as much as possible.

Sorry everyone, but @aaronstuder discovered a vulnerability in the Gravatar plugin for NodeBB (our platform here) and we had to disable it. People had had their private emails exposed via the plugin. So we had to abandon that plugin. We are now using the local avatar functionality. I know that this is a pain but it does have some security benefits.

Please take a moment to upload an avatar to your account and we will get everything back to normal. Sorry for the inconvenience.

But on a positive note, we got emojis back.

Need a central thread to keep birthday wishes.

Virtualization and Paravirtualization (or PV as it is normally called) are two different approaches to virtualizing a system.

Full virtualization is easier to conceptualize as it is truly a software representation of an existing computer. In the PC world this means making an entire PC "in software" so that an OS installed on top of it sees a full CPU, memory, disks, etc. all completely represented in software so that the OS has no way to determine if this is hardware or software as it is all visible exactly as it would be as it if was a physical machine. There is no modification to the OS being installed because there is no need, the virtual PC is identical to a physical one as far as the OS is concerned.

Full virtualization generally uses hardware assisted acceleration where the CPU does some of the work of virtualization for performance reasons. This is not always available and is a recent addition in the PC world only since the move to the AMD64 architecture. Full virtualization can be done completely in software and is how VMware ESX was able to be on the market some time before hardware virtualization acceleration was available.

Paravirtualization is different from this in that it does not make any attempt to hide the fact that a system is not truly physical and it actually presents itself as a slightly different architecture to the OS being installed. This means that the OS has to be PV-aware and has to have full support for the PV architecture built in. That means that any OS that will run paravirtualized must have this support compiled in from the beginning. So this is anything but a casual or transparent process. The only major OS that has PV support baked in today is the Linux family and the only enterprise paravirtualization platform is Xen. Paravirtualization allows for faster speeds and better stability as there is less overhead, fewer lines of code and better communications between the platform and the guest.

Common Virtualization Platforms for PC: ESXi, Xen, KVM, HyperV, VirtualBox, Virtual PC
Common Paravirtualization Platform for PC: Xen

And if my calculations are correct, this is thread 10,000 itself!!

So @art_of_shred just came by my hotel room to show me something that he discovered in his room a few minutes ago. Apparently yesterday @handsofqwerty dropped off his swag bag backpack from the Spiceworld conference in @art_of_shred 's hotel room.

@art_of_shred and @Minion-Queen have been trying to figure out where a bad smell in their hotel room has been coming from since yesterday. Tonight @art_of_shred tracked down the smell to AJ's backpack. He opened it up and discovered Limburger cheese that has been sitting in the backpack, without being refrigerated, for two days!! What a smell. It was like something died in there!

AJ is going to have quite the surprise when he wants to use anything that has been in that backpack!

Today there are four enterprise server virtualization platforms (type 1 / bare metal hypervisors) and each is a little unique and all are available for free, for the PC platform. The four are ESXi, Xen, HyperV and KVM.

ESXi: Made by industry heavyweight VMware, ESXi is the only one of the pack that is not completely free for every feature. This alone makes ESXi an odd choice for most new implementations. ESXi's claim to fame is its age, being the first PC hypervisor available in the enterprise space. It has good performance and an enormous ecosystem, much of which is not applicable to those looking to use free or low cost versions of the software. No enterprise class public cloud provider uses ESXi. ESXi runs completely self contained and has no "host" VM to manage it or to provide hardware compatibility.

Xen: Made by the Linux Foundation (but is in no way Linux or UNIX) Xen is the other old, venerable virtualization technology. Free from top to bottom for every feature and including many features that ESXi lacks, Xen made its mark by being the only option for supporting pure paravirtualization. Xen also became famous for being the technology on which cloud technology was first built and is still the leader in the cloud space with the biggest, most critical platforms like Amazon EC2, Rackspace and IBM / Softlayer being built upon it. Runs a guest VM referred to as the Dom0 (typically containing Linux but not necessarily) that handles hardware compatibility, management and many features. A sensible choice for most small and medium businesses.

HyperV: Made by Microsoft. One of the newcomers to the space and only recently mature enough for enterprise use. Features are all free but access to features either requires third party software and/or expensive Microsoft management tools. Uses the same Dom0 model as Xen, but this host VM always contains a version of Windows only and is confusingly referred to as being physical, even though it is virtual. HyperV is similar in technology to Azure and more or less is used in Microsoft's Azure cloud (but HyperV and Azure are not strictly identical.) HyperV is also a sensible choice for most small and medium businesses.

KVM: Also from the Linux Foundation. A hypervisor literally built inside of Linux and works more like ESXi than like Xen or HyperV. There is no Dom0 host environment. KVM, like Xen, is completely free for the entire stack but is far less mature. Famous for high performance for Windows guests. KVM's only large cloud environment is Digital Ocean. KVM is rarely seen used on its own and would be an odd choice for most businesses to deploy on its own. KVM's main places for use are as a research platform for new virtualization techniques and in fully encapsulated virtualization appliances like Unitrend's recovery devices or the Scale Computing platforms.

MangoLassi just broke a new record, we've never seen a 1K post per day rate before. Here it is! And just days before MangoCon! Woot!

Today is @Dominica and my 12th anniversary!

In the UNIX world, a JumpBox (or whatever term you use to describe it like Jump Station or Jump Server) is essentially nothing more than an authenticating, login-based non-tunneling SSH Proxy used to proxy SSH connections from a number of points to a number of other points. (This separates Jump Boxes from other types of centralized access like SSH Tunnels and VPNs which serve some overlapping purposes but work differently.) Because UNIX is almost always managed via SSH, we assume that a UNIX Jump Box will be SSH-based but this is not a hard and fast rule. Other protocols like VNC, RDP or NX could be used as well, both for incoming and outgoing connections. Incoming and outgoing connections need not be symmetrical either. It is more common, for example, for NX to be used as an external interface and SSH only to be used on the internal side.

The idea behind a Jump Box is to increase security both through hard increases in security through a reduction in attack surface and an improvement in monitoring and hardening as well as through lowering the necessary overhead of accessing the network making soft increases in security by making high security easier for end users reducing their desire to "work around" good security methodologies.

Jump Boxes can come in many different shapes and sizes but the basic approach is to have a server (generally a small VM) running an extremely bare boxes UNIX install that is heavily patched, monitored, hardened, up to date, lean and easily decoupled from the network that is exposed, generally to the Internet but not necessary, into which end users log in, generally via SSH.

Jump Servers may or may not share authentication with the rest of the systems. A UNIX network using NIS or Active Directory or LDAP may extend this to the Jump Server for ease of use or may have a separate login process as an extra "gating" feature to make network access more difficult.

Once users log into the Jump Server, the only UNIX machine to which they need to know access details, they have access to the other UNIX machines on their network. Typically access to other machines is either handled through an integrated authentication mechanism or through SSH keys to make access to other machines fast and transparent making management easier, faster and very secure and allowing for automation from the Jump Box. It is common in large organizations to have a Jump Box for administrative access and possibly one for non-admin access as well as management stations for automation access, but in smaller organizations these roles are typically collapsed into a single system.

It is common for additional security, such as two factor authentication, to be applied to the JumpBox as it is the point of exposure. A single, very secure, very cumbersome login to the JumpBox can easily be offset by nearly effortless systems access once logged in. Some approaches often considered are enforcing the use of SSH Keys (that do not match the internal shared keys of the UNIX systems) with Passphrases for extra security and 2FA such as Google Authenticator.

MangoLassi will be going offline for a little over an hour this evening during a system hardware migration. We are upgrading to faster hardware, and beefier hardware. The move is estimated at 85 minutes. Fingers crossed that it will be less. We will let the datacenter know to pop us into the work queue as soon as we get to our dead Friday evening period. We won't be able to predict really well when we will go down, as there might be a queue. So expect to see some emptiness this evening, but we should be back relatively soon.