|
meanieface posted:Hopefully when they turn off access to cloud services they also disable external storage so someone doesn't download a client list full of PII onto a flash drive then lose it in a public place. (Also happened.) This is a common practice, yes.
|
#
?
Nov 6, 2014 01:02
|
|
|
|
| # ? Apr 26, 2024 19:34 |
|
|
Inspector_666 posted:Dropbox had one breach 2 years ago and rolled out 2FA after it happened. Also what the hell makes Dropbox "shady" compared to iCloud? http://www.information-age.com/technology/security/2114488/dropbox-confirms-security-breach
|
|
#
?
Nov 6, 2014 01:59
|
|
|
All cloud services are 100% blocked at my office, running a private "cloud" is pretty challenging and expensive though.
|
|
#
?
Nov 6, 2014 02:14
|
|
|
CLAM DOWN posted:All cloud services are 100% blocked at my office, running a private "cloud" is pretty challenging and expensive though. It doesn't have to be. Commodity hardware with openstack can make it work. It's just the man hours required to set it up. So much easier to install esx with san than actually do a full openstack install. As soon as openstack makes it as easy as VMware then we will start to see traction into the private cloud. As it is right now it sucks.
|
|
#
?
Nov 6, 2014 02:25
|
|
|
Man I thought Private IT didn't travel, I love flying all around the country fixing poo poo for this job. Private IT is kinda mindnumblingly boring, but it does have it's perks, which I can understand for people who are in relationships/have kids/actual lives. But man is it fun to be young and travel a bunch. Next two weeks in NC Then week in NY Then week in NC Then week in AZ Then week in DC Then week in TN and it goes on, all comp paid.
|
|
#
?
Nov 6, 2014 02:25
|
|
|
Misogynist posted:There was also that one really neat breach where an employee's Dropbox was hacked using their password and customer information was stolen from it: That's the 2 year old one I was talking about. The latest "breach" was just a bunch of account info that didn't actually come from Dropbox. Dilbert As gently caress posted:Man I thought Private IT didn't travel, I love flying all around the country fixing poo poo for this job. What the hell is "Private IT"?
|
|
#
?
Nov 6, 2014 02:31
|
|
|
jaegerx posted:It doesn't have to be. Commodity hardware with openstack can make it work. It's just the man hours required to set it up. So much easier to install esx with san than actually do a full openstack install. As soon as openstack makes it as easy as VMware then we will start to see traction into the private cloud. As it is right now it sucks.
|
|
#
?
Nov 6, 2014 02:33
|
|
|
Inspector_666 posted:What the hell is "Private IT"? Where you work for a sole company as internal support and are privatized to that company, where as a VAR or MSP would be external or customer facing.
|
|
#
?
Nov 6, 2014 02:34
|
|
|
Dilbert As gently caress posted:Where you work for a sole company as internal support and are privatized to that company, where as a VAR or MSP would be external or customer facing. So internal IT, got it.
|
|
#
?
Nov 6, 2014 02:35
|
|
|
Inspector_666 posted:So internal IT, got it. Helpdesk.
|
|
#
?
Nov 6, 2014 02:36
|
|
|
Dilbert As gently caress posted:Private IT is kinda mindnumblingly boring I think it's awesome actually.
|
|
#
?
Nov 6, 2014 02:37
|
|
|
Dilbert As gently caress posted:Private IT is kinda mindnumblingly boring
|
|
#
?
Nov 6, 2014 02:40
|
|
|
CLAM DOWN posted:I think it's awesome actually. Maybe but it is nice to get to work on; EVO RAILS, AWS+Citrix/PVS/MCS/App, VNX/ExtremIO/NetApp,VNX/EQL, UCS, Nexus, NSX/VXLANS, and teach VCP/VCAP at the same time. adorai posted:Only until you approach the top of the totem pole. It is extremely rare for me to have a boring day. I'm only 1 of 2 admins in my position of this company after ~6 months of working for a 5k corp environment an 20k seat environment that needs to be ready jan 1st. Dilbert As FUCK fucked around with this message at 02:47 on Nov 6, 2014 |
|
#
?
Nov 6, 2014 02:43
|
|
|
Where does one get said job where they travel all the time? Secondly, after going to IBM Enterprise 2014 one of the common things I heard and more than once is that while Openstack is cool, it's a lot of hype. Gucci Loafers fucked around with this message at 02:49 on Nov 6, 2014 |
|
#
?
Nov 6, 2014 02:44
|
|
|
Tab8715 posted:Where does one get said job? You in VA? You're on my FB feel free to Message me. We do hire remote.
|
|
#
?
Nov 6, 2014 02:47
|
|
|
Dilbert As gently caress posted:You in VA? You're on my FB feel free to Message me. We do hire remote. Check ur PMs.
|
|
#
?
Nov 6, 2014 02:50
|
|
|
Tab8715 posted:Where does one get said job where they travel all the time? It's not hype. It's awesome. If you need cloud. But a lot of customers get it installed and say "what now?", because their stuff doesn't scale horizontally and they don't have CI or config management or a build system or anything else to make it work. adorai posted:Obviously, the definition of "Cloud" is nebulous, but a few VMware hosts and a SAN qualify as a private cloud in my book. All you have to do is deploy the applications you want, which can include a private web based storage application, and you are in business. No need for openstack. Cluster != cloud. I don't wanna get into a big thing about what "cloud" means, but a few VMware hosts, a SAN, and internal webapps doesn't really qualify as anything new. It's a buzzword, but it also has an actual meaning as a technical person. Your definition is fine for a management briefing, but not really apt here. jaegerx posted:It doesn't have to be. Commodity hardware with openstack can make it work. It's just the man hours required to set it up. So much easier to install esx with san than actually do a full openstack install. As soon as openstack makes it as easy as VMware then we will start to see traction into the private cloud. As it is right now it sucks. You can just front swift with something. You don't need all of openstack. Dilbert As gently caress posted:I'm only 1 of 2 admins in my position of this company after ~6 months of working for a 5k corp environment an 20k seat environment that needs to be ready jan 1st.
|
|
#
?
Nov 6, 2014 02:58
|
|
|
I worked for Xerox for about 6 months doing EMR software installs and it was a straight travel job where you were in a different city every week. Leave Sunday, start on site Monday and finish up Thursday and fly home Friday. Sucks if you want to, you know, have a life outside of work. Living out of a hotel gets old after a while and you tend to eat like poo poo all the time.
|
|
#
?
Nov 6, 2014 03:00
|
|
|
evol262 posted:What's your position? A 5k corp must have more than 2 admins. How many actual admins are there? We had 4 but then it became apparent it broke down like this. (using alias names) (twilight) Citrix, Assist director, Secondary response for <three letter title> response, Best effort AD/FS (Celestia) Active Directory, power-shell for windows, Secondary L1 support on physical HW and Printers (trixie) Made things seem harder than they were, eventually let go because I handled all his efforts without any hiccups; Now I basically do Net/Stor/Vmware as my primary (me) - VMware/Storage, secondary Network at the datacenter TShoot, Best effort Citrix/Exchange/AD/Lync Now it's Luna and Twilight.... Dilbert As FUCK fucked around with this message at 03:34 on Nov 6, 2014 |
|
#
?
Nov 6, 2014 03:25
|
|
|
evol262 posted:It's not hype. It's awesome. If you need cloud. But a lot of customers get it installed and say "what now?", because their stuff doesn't scale horizontally and they don't have CI or config management or a build system or anything else to make it work. Eh, that's what was I told but there did seem to be common consensus that it'll eventually get there...
|
|
#
?
Nov 6, 2014 03:27
|
|
|
Nvm
|
|
#
?
Nov 6, 2014 03:30
|
|
|
Dilbert As gently caress posted:We had 4 but then it became apparent it broke down like this. (using alias names)
|
|
#
?
Nov 6, 2014 04:47
|
|
|
nvm
Dilbert As FUCK fucked around with this message at 05:17 on Nov 6, 2014 |
|
#
?
Nov 6, 2014 05:07
|
|
|
Tab8715 posted:Eh, that's what was I told but there did seem to be common consensus that it'll eventually get there... OpenStack is getting a lot better. We've been running about 250 VM's in production on the Grizzly release since early last year and when it works, it's awesome. But holy hell was it a full time job to maintain. We're finally upgrading from Grizzly to Icehouse and it is night and day how much more performant, stable and feature-rich it's grown in that time. We'll see if that holds true when we take it out of testing and move hundreds of VM's onto the new version but so far color me impressed. Assuming it shows well in production we'll be transitioning a lot more bare metal hosts to OpenStack over the next year. But yes, you will need some staff with serious Linux chops to properly deploy and configure it from scratch. There are some nifty tools to do point-and-click deployments but if you don't understand what's going on under the hood, god help you when something breaks.
|
|
#
?
Nov 6, 2014 05:23
|
|
|
Che Delilas posted:Sweet! I hope it helps and that my passion isn't interpreted as crazed ranting. I saw one of the reports at a glance and I've just started making my people do it today, so I'll try and post one when I get results.
|
|
#
?
Nov 6, 2014 05:45
|
|
|
Docjowles posted:OpenStack is getting a lot better. We've been running about 250 VM's in production on the Grizzly release since early last year and when it works, it's awesome. But holy hell was it a full time job to maintain. We're finally upgrading from Grizzly to Icehouse and it is night and day how much more performant, stable and feature-rich it's grown in that time. We'll see if that holds true when we take it out of testing and move hundreds of VM's onto the new version but so far color me impressed. It's getting better. And with migration and VM persistence, users can pretend it's like VMware or hyper-v or whatever. I think we shouldn't have done this and left it segmented off in RHEV or vcenter or whatever, but eh. Still, it's gonna be painful to make openstack do "traditional" virt stuff unless you've never touched VMware and you don't know how much openstack sucks at it. Tab8715 posted:Eh, that's what was I told but there did seem to be common consensus that it'll eventually get there... I work on openstack. I hope it never gets "there", if " there" is reinventing other virt solutions. There's room to coexist. And to use hybrid management solutions (I like manageiq, but I'm in the rh bubble, and hybrid's new stuff since last time I was on the market, so I'm not sure what else is out there. Anyone?), which are hopefully the future. Dilbert As gently caress posted:We had 4 but then it became apparent it broke down like this. (using alias names) This actually sounds like a fun hybrid team if you get a couple more people just so you can take PTO. It's nice to be in a place where you get to touch a lot of stuff. Still a tiny team for 5k.
|
|
#
?
Nov 6, 2014 05:46
|
|
|
evol262 posted:Havana was also a huge step up. GRE/vxlans are still a little broken unless you disable gso or change the MTU in neutron/dhcp_agent, I think, but it's way better. Especially heat. And DNSaaS is coming, which will finally make neutron's dnsmasq suck less, with real dynamic DNS, but I'm getting ahead of myself... We definitely abuse it to do traditional virt stuff due to extremely tight capital budgets (startup lyfe~) plus a really bad experience with the Red Hat sales people hawking RHEV. Now that Heat is starting to suck less I'm very interested in exploring using OpenStack in a more "cloudy" way in 2015. Our primary apps are scale-out and the bulk of our VM's are identical hosts stamped out from a template and configured with SaltStack, but capacity is only added or removed manually. We're not doing any sort of autoscaling. And there's a decent number of random one-offs like an internal IRC or FTP server that have no real business being in "the cloud". Interesting to hear about DNSaaS. We've effectively rolled our own on top of PowerDNS with the MySQL backend by processing OpenStack messages as they come across Rabbitmq and then adding/deleteing/modifying DNS records in the DB as appropriate.
|
|
#
?
Nov 6, 2014 05:55
|
|
|
Ugh ignore the DNS for a while. It was written by thawte works. E: I lied. HP started it. Thawte did the legacy DNS. jaegerx fucked around with this message at 06:03 on Nov 6, 2014 |
|
#
?
Nov 6, 2014 05:59
|
|
|
jaegerx posted:Ugh ignore the DNS for a while. It was written by thawte works. Designate is much, much better than nova/neutron dnsmasq Docjowles posted:We definitely abuse it to do traditional virt stuff due to extremely tight capital budgets (startup lyfe~) plus a really bad experience with the Red Hat sales people hawking RHEV. Now that Heat is starting to suck less I'm very interested in exploring using OpenStack in a more "cloudy" way in 2015. Our primary apps are scale-out and the bulk of our VM's are identical hosts stamped out from a template and configured with SaltStack, but capacity is only added or removed manually. We're not doing any sort of autoscaling. And there's a decent number of random one-offs like an internal IRC or FTP server that have no real business being in "the cloud". It'll definitely do traditional stuff. It's just not fun. Especially making a zillion flavors to get just the right amount of memory/disk, swapping volumes, managing mounts yourself, no real HA, etc. But your deployment strategy is better than a lot of shops. Pitching RHEV is always bad. I also work on RHEV. It's good at what it does. And it's getting better rapidly. But they're constantly overselling it. It's a web ui equivalent to vcenter with a decent python/java api. Nothing more. Gluster/ceph/glance/foreman support is all new, and it can finally host its own management engine. But the number of " can RHEV do xyz finicky thing " questions we get are incredible. Best of EU VMworld this year was a RHEV solution. And you should play with oVirt if you have time to see what RHEV is like. But it's an impossible sell when they overhype it.
|
|
#
?
Nov 6, 2014 06:37
|
|
|
evol262 posted:This actually sounds like a fun hybrid team if you get a couple more people just so you can take PTO. It's nice to be in a place where you get to touch a lot of stuff. Still a tiny team for 5k.
|
|
#
?
Nov 6, 2014 07:33
|
|
|
Inspector_666 posted:Dropbox had one breach 2 years ago and rolled out 2FA after it happened. Also what the hell makes Dropbox "shady" compared to iCloud? http://techcrunch.com/2011/06/20/dropbox-security-bug-made-passwords-optional-for-four-hours/ This breach?
|
|
#
?
Nov 6, 2014 09:16
|
|
|
Microsoft once opened a reporters hotmail account, Microsoft Looked Through Reporter's Hotmail And MSN Chat Accounts To Identify Windows 8 Leaker I don't think anyone's arguing that on-prem is will be more secure but that it reduces potential risk.
|
|
#
?
Nov 6, 2014 16:00
|
|
|
Haha, everything at work is broken. Our domain controllers are still broken, one of my new DefenseCenters apparently bricked itself last night, and our lab ESX environment just poo poo the bed. Even the vending machine has stopped working.
|
|
#
?
Nov 6, 2014 16:36
|
|
|
psydude posted:Haha, everything at work is broken. Our domain controllers are still broken and our lab ESX environment just poo poo the bed. Even the vending machine has stopped working. If you feel like punting I'd just go address the vending machine.
|
|
#
?
Nov 6, 2014 16:38
|
|
|
go3 posted:If you feel like punting I'd just go address the vending machine. Have you tried unplugging it and plugging it back in? For science.
|
|
#
?
Nov 6, 2014 16:54
|
|
|
Tab8715 posted:Microsoft once opened a reporters hotmail account, Microsoft Looked Through Reporter's Hotmail And MSN Chat Accounts To Identify Windows 8 Leaker Doesn't every company have a legal clause stating that data may be accessed at X's descretion or is otherwise compelled to by law? Just as a broad CYA thing.
|
|
#
?
Nov 6, 2014 17:09
|
|
|
With all of the openstack discussion, I figured this would be a good time to bring this up. I just got the green light from my company to research any possible training/certifications that I want to complete in the next year or so. Openstack seems like a good candidate for growing my career, although I'm certainly open to other recommendations. Anyone have any experience with or recommend any of the official openstack course offerings? RH appears to offer a certification track for it, but they are also a bit more expensive and my only choice would be online since they have no classroom courses in the bay area. Rackspace and Mirantis look like a pretty decent deal, but I need to do more research on the quality of the training.
|
|
#
?
Nov 6, 2014 17:44
|
|
|
adorai posted:Just because a big boy is doing it doesn't mean it's a good idea. See the below version of your quote (from 2008): Well, big boys are doing it, and there's an audit trail and verified compliance with various industry standard targets. iCloud has never been billed as "super secure file storage" and I don't know anyone who seriously thinks Dropbox is, even if you give them credit for the huge strides they've taken. My career is not at risk because I can demonstrate that good decisions were made and the proper research was performed. And legal will ensure that we're covered in case of a breach, so there's that. I guess that's the important thing, your execs aren't into it, and that's fine. NippleFloss posted:Cloud services were blocked at the last DOD site where I worked. The DOD is a whole different level. A very, very small sliver of business need or use that level of crazy paranoid data security. adorai posted:Beyond that, it's easier to just check "No" next to "Do you store confidential data in the cloud?" when your examiners come on-site. Which is the same reason we don't have wifi connected to our production network. I assure you, auditors do not care as long as the service you're using is audited properly to at least the same level of as your own company. I mean if your cloud storage provider isn't PCI compliant and you have to be to do business, well then there's an issue. Otherwise, it's absolutely not a problem.
|
|
#
?
Nov 6, 2014 18:06
|
|
|
joe944 posted:With all of the openstack discussion, I figured this would be a good time to bring this up. I just got the green light from my company to research any possible training/certifications that I want to complete in the next year or so. Openstack seems like a good candidate for growing my career, although I'm certainly open to other recommendations. Openstack is openstack, basically. Mirantis probably has the best installer. Canonical pushes deployment with Juju. Rackspace pushes Chef. We push Puppet. But it's all openstack. Configuration should be similar across the board.
|
|
#
?
Nov 6, 2014 18:51
|
|
|
|
| # ? Apr 26, 2024 19:34 |
|
|
AlternateAccount posted:The DOD is a whole different level. A very, very small sliver of business need or use that level of crazy paranoid data security. Keep in mind that despite being DOD this was definitely not a secure facility by any stretch. It was simply an easy way to meet STIG requirements. But that aside, pretty much everyone considers their data and it's security and confidentiality to be very important, so saying "well sure, if you REALLY need secure data like the DOD then I guess it makes sense" doesn't address the point that *your* evaluation of the importance of someone's data isn't the same as *their* evaluation of the importance of their data. Which is why high security sectors often drive this sort of thing for executives. They hear that DOD blocks it, or that places that deal in health data block it, and they assume that if it's good enough for them it's good enough for him, and he decides to block it on his corporate network. Whether that's a fully researched and rational decision isn't important, it's simply a CYA. You an make arguments that it's secure (though the question is generally not whether the service and architecture itself is secure, it's whether it creates an easy avenue for employees to inadvertently spill confidential data) but those arguments are going to run up against the question of "why do we need to do this at all?" and "why can't you do this with the tools we already provide?" Corporate security is a big deal and a lot of organizations are very risk averse. There's no right or wrong answer to whether these services are good or bad for corporate IT, it depends on a lot of factors and you can't just say "Um, they're good and secure, don't be a dummy" as if that seals it.
|
|
#
?
Nov 6, 2014 18:57
|
|