Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
  • Post
  • Reply
MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Boywhiz88 posted:

OK, so I've got a dumb question/situation.

I have a client that's part of a commercial office building. We upgraded his network w/ an 8-port switch from a 5-port switch. It's at that time that I noticed the building's network is just wide open. I used an unmanaged switch in part because I assumed that wouldn't be the case, and because I didn't know any better. Quickly learned the difference when I got home and researched.

So, I want to swap it for them here so that I can setup a more secure network. I only want the Internet connectivity incoming and to push whatever through that so that their devices wouldn't show up on the building's network at large.

I wouldn't be able to affect anything but this switch, so no other modifications to the network would be available to me.

Would this be possible?

So, what is the upstream device that your client's switch runs to?

What is handling DHCP?

What types of devices are on your client's network? (i.e. PCs/laptops, servers etc)

Adbot
ADBOT LOVES YOU

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

Something that can send emails without needing an open SMTP relay or can only authenticate in plain text to Exchange. It's time that these MFP vendors did their scan-to-email and scan-to-sharepoint via an Azure AD app integration.

The Fool
Oct 16, 2003



Our new kyoceraís have sharepoint integration but it was pretty annoying to get set up.

I mean, there is literally no reason to have to use a server component to send scans to a document library.

Boywhiz88
Sep 11, 2005

floating 26" off da ground. BURR!

MF_James posted:

So, what is the upstream device that your client's switch runs to?

What is handling DHCP?

What types of devices are on your client's network? (i.e. PCs/laptops, servers etc)

1. Not sure, likely another switch but setup w/o restrictions. The office suite has the one ethernet port that runs to the in-office switch. I would expect that the building's switch is handling DHCP due to the range of IPs I saw. (192.168.33.xxx) Also, a printer that appears to have been auto-discovered but not in the office.

2. A few PC's and 2 printers. But the data on the PC's is fairly sensitive, both are setup w/ BitLocker encryption as part of their company's requirement, so I'm trying to be relatively pro-active/secure.

Thanatosian
Apr 16, 2013

Angrier, Bitterer Man


Grimey Drawer

codo27 posted:

The volume is relatively low, so we are talking table top in most cases, we only have a few free standing bigger devices and those are leased.

I literally wouldn't. Make them walk to the big free standing one.

If you absolutely have to, a lot of leasing companies offer leases for the table top ones, too. I would lease that, as well.

Internet Explorer
Jun 1, 2005





Oven Wrangler

Yeah, if you're already using a company for your bigger MFPs, keep using them for a smaller table-top MFP. It's not worth the management headache to split it off.

codo27
Apr 21, 2008

"I dont fully understand football contracts but you can just be outright cut if you're shit right? With no penalties? Hockey needs that."

I Am Marc Bergevin IRL


Its a construction outfit and there are various locations, not one big central one. But its something to consider all the same. We're talking real low staff per machine, like <10

Internet Explorer
Jun 1, 2005





Oven Wrangler

Yeah, it just means, when it breaks - who fixes it? Who order toner? If you can swing it, try to keep it all under a contract. Bonus points for keeping those contracts so they co-terminate when the other leases are up, that way you have one time every X number of years to renegotiate and aren't just perpetually stuck with overlapping contracts.

Thanatosian
Apr 16, 2013

Angrier, Bitterer Man


Grimey Drawer

codo27 posted:

Its a construction outfit and there are various locations, not one big central one. But its something to consider all the same. We're talking real low staff per machine, like <10

If you use exactly the same big MFP printer everywhere, you never need to worry about what needs what toner, what needs what toner waste container, what model you're talking to someone about, what drivers you need installed, what printer should be your default printer, etc. The additional technical debt added by a single printer of a different kind than your other printers is loving huge.

We got rid of our desktop printers when we moved headquarters four years ago, and it was the smartest loving poo poo we ever did. I would guess it cut total ticket volume by close to 20-25%.

GreatGreen
Jul 3, 2007

THIS IS HOW YOU REMIND ME OF WHAT I REALLY AM
*stumbles on reload and dies to a Nightstalker Super during Quick Play*


Boywhiz88 posted:

OK, so I've got a dumb question/situation.

I have a client that's part of a commercial office building. We upgraded his network w/ an 8-port switch from a 5-port switch. It's at that time that I noticed the building's network is just wide open. I used an unmanaged switch in part because I assumed that wouldn't be the case, and because I didn't know any better. Quickly learned the difference when I got home and researched.

So, I want to swap it for them here so that I can setup a more secure network. I only want the Internet connectivity incoming and to push whatever through that so that their devices wouldn't show up on the building's network at large.

I wouldn't be able to affect anything but this switch, so no other modifications to the network would be available to me.

Would this be possible?

Managed switches usually top out at layer 2. You won't really be able to do anything with a managed switch other than turn specific ports on and off, set port speeds if available, and assign ports to VLANs, but none of those things will really help with security in this scenario. What you need is a router, placed between the switch and the outside network. Outside network -> Router WAN port. Then connect Router LAN port -> Switch port 1. Connect everything else in the office to your 7 remaining switch ports and there you go. You'll need something to act as your DHCP server within your new office network, and you'll need to make sure to set the router's LAN port IP address as your default gateway handed out by your DHCP.

At that point your small office network should be isolated from the building's network.

GreatGreen fucked around with this message at 05:24 on Aug 22, 2020

Boywhiz88
Sep 11, 2005

floating 26" off da ground. BURR!

Dumb question: Could you link a model that youíre thinking of? Iím guessing a router is a router is a router, so even a wireless router w wireless disabled would be of benefit. Although if that works, maybe I just swap out the switch and the router, hide the Wifi network, and have his laptop connect that way when he brings it in.

Let me know if Iím wildly off base. I tried poking around for wired routers but they donít exist in the form I remember them in from 2005ish.

Number19
May 14, 2003

HOCKEY OWNS
FUCK YEAH




Look at the Ubiquiti EdgeRouter Lite. Not too expensive and it will do everything you need here

codo27
Apr 21, 2008

"I dont fully understand football contracts but you can just be outright cut if you're shit right? With no penalties? Hockey needs that."

I Am Marc Bergevin IRL


Who's got a suggestion for a free/cheap ticket tracking solution? I think I can get by just fielding emails and calls as they come but at the same time, memory and organization are my weakest points.

The Fool
Oct 16, 2003



codo27 posted:

Who's got a suggestion for a free/cheap ticket tracking solution? I think I can get by just fielding emails and calls as they come but at the same time, memory and organization are my weakest points.

Freshdesk



Just not spiceworks

Thanatosian
Apr 16, 2013

Angrier, Bitterer Man


Grimey Drawer

The Fool posted:

Freshdesk



Just not spiceworks
Holy poo poo, pre-COVID I was going to do some work for a small non-profit with like zero budget, and this looks amazing for it.

Internet Explorer
Jun 1, 2005





Oven Wrangler

Freshdesk is indeed really nice. The cheapest of the cheap may balk at it if you've got to add more than a few agents, but it is really nice and I highly recommend it.

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

I do some side work for a couple of places and I have a Freshdesk instance set up at each of them. The features in the free tier are nothing to shout about, but all these places need is a central place for tickets to go, a way for the directors to see all the cases so they can have an idea of whether people's complaints are worth listening to, and it has SAML support at the free level.

NevergirlsOFFICIAL
Apr 24, 2004



Boywhiz88 posted:

Dumb question: Could you link a model that youíre thinking of? Iím guessing a router is a router is a router, so even a wireless router w wireless disabled would be of benefit. Although if that works, maybe I just swap out the switch and the router, hide the Wifi network, and have his laptop connect that way when he brings it in.

Let me know if Iím wildly off base. I tried poking around for wired routers but they donít exist in the form I remember them in from 2005ish.

I think you should get a cheap firewall. Like the sonic wall tz100 is what Iím familiar with but whatever equivalent to that will handle everything. Put it in front of the switch.

Agrikk
Oct 17, 2003

Take care with that! We have not fully ascertained its function, and the ticking is accelerating.


NevergirlsOFFICIAL posted:

I think you should get a cheap firewall. Like the sonic wall tz100 is what Iím familiar with but whatever equivalent to that will handle everything. Put it in front of the switch.

Seconding this.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


NevergirlsOFFICIAL posted:

I think you should get a cheap firewall. Like the sonic wall tz100 is what Iím familiar with but whatever equivalent to that will handle everything. Put it in front of the switch.

I thought I had responded after the initial questions I asked, but yeah, this is the thing to do.

Twerk from Home
Jan 17, 2009

This avatar brought to you by the 'save our dead gay forums' foundation.


What's the safest tool to reach for non-appliance storage? I'm working with a university research lab who is keeping data on a couple 12x10TB RAID 6 arrays and several 4x12TB RAID 5 arrays with hardware RAID controllers. I believe around 250TB usable right now. They've been hand-managing cross-mounting directories via nfs so all data is accessible from all servers, and don't have dedicated "storage" or "compute" machines.

They want to put a parallel filesystem (lustre or similar) on top of this instead, but I'm kind of terrified for them trying to do a parallel filesystem on hardware RAID on heterogenous hardware, including arrays with only 1 parity drive. The biggest argument in favor of this is that when everything is up, it would be fast as hell for their workloads and the group has previous positive experience with GPFS at a previous university, which was apparently also just running on top of hardware RAID controllers and never broke in ~8 years.

A dream solution would need:
  • Not lose data
  • Expose a POSIX filesystem
  • Large file read speed significantly higher than a single 4x12TB RAID 5
  • Large file write speed at least comparable to a single 4x12TB RAID 5
  • Easy to add more storage in single-machine 4-24 disk increments
  • 1/3 or less disk space parity overhead

Data loss would be a disaster. Hardware failures can cause outages, but should not lose data. Filesystem-level compression would be nice to have, but they can just run stuff through gzip as they've been doing instead. I think that they can get high availability and would appreciate it, even though they say they don't want HA. They've got tons of CPU available (Xeon Platinums), so stuff like erasure coding would have as much CPU as it can use available. Everything is on Ubuntu 18.04 right now.

The migration plan is to get enough additional storage in one batch to comfortably hold everything they have now, set up whatever storage solution they move forward with, put all the data on there, and then wipe and add all of the existing machines to the storage pool.

So: The least bad option that I see is Gluster or their original plan of "just throw lustre on there". Ceph sure has a lot more whiz-bang features, but looks object focused, block second, and filesystem as a 3rd class citizen. Other stuff exists like LizardFS and MooseFS, but I'd feel safer with one of the Red Hat funded big boys.

All in all, beats the hell out of the last time I janitored computers for them, which was trying to figure out why software wouldn't build on their old-rear end SUSE on Opteron machines.... in 2017.

codo27
Apr 21, 2008

"I dont fully understand football contracts but you can just be outright cut if you're shit right? With no penalties? Hockey needs that."

I Am Marc Bergevin IRL


I like our Lenovo fleet but the price of docks is insane. I bought a few USB C mini docks and they have VGA and HDMI, but you can only use one or the other, officially the dumbest thing ever. Is there a good third party dock thats not too expensive that will do dual display and charge our machines over USB C?

Tapedump
Aug 31, 2007


College Slice

Dell D6000? I've got a few for my Lennys as well as Dells. $165 on a good day, good specs (2x 4K, etc)

Potato Salad
Oct 23, 2014

Nobody Cares




Tortured By Flan

codo27 posted:

I like our Lenovo fleet but the price of docks is insane. I bought a few USB C mini docks and they have VGA and HDMI, but you can only use one or the other, officially the dumbest thing ever. Is there a good third party dock thats not too expensive that will do dual display and charge our machines over USB C?

search for any dock that has displaylink hardware. display link provides drivers for video, audio, networking, and USB functionality that work regardless of what OEM stamps its name on the plastic exterior of the dock

Maneki Neko
Oct 27, 2000



codo27 posted:

I like our Lenovo fleet but the price of docks is insane. I bought a few USB C mini docks and they have VGA and HDMI, but you can only use one or the other, officially the dumbest thing ever. Is there a good third party dock thats not too expensive that will do dual display and charge our machines over USB C?

On a side note, the Lenovo thunderbolt 3 docks are hot garbage, so avoid those

Comfortador
Jul 31, 2003

Not even *my* powers can save CoX.

If you have an end of life (Windows 2008) server that you're using as a fileserver whats the best way to go on replacing it? Would upgrading it to 2012, then 2016 even work? Starting from scratch with file permissions would be a nightmare with our people and I would desperately like to avoid that. We have a few 2008 servers I'm just finding out about (don't ask) and so I'm trying to figure out the best way to strategize updating them.

Thanks for any advice or condolences.

GreenNight
Feb 19, 2006
Turning the light on the darkest places, you and I know we got to face this now. We got to face this now.

Comfortador posted:

If you have an end of life (Windows 2008) server that you're using as a fileserver whats the best way to go on replacing it? Would upgrading it to 2012, then 2016 even work? Starting from scratch with file permissions would be a nightmare with our people and I would desperately like to avoid that. We have a few 2008 servers I'm just finding out about (don't ask) and so I'm trying to figure out the best way to strategize updating them.

Thanks for any advice or condolences.

Is it a VM? We had to do this and we built a new 2019 server and then re-attached the drive with the files and permissions and it just worked.

Collateral Damage
Jun 13, 2009



Build a new server, add it to your DFS domain, set it up as a replica target of the old server. Once everything is replicated, set the new server as the primary and nuke the old one.

Edit: ^ Or that. ^

Comfortador
Jul 31, 2003

Not even *my* powers can save CoX.

GreenNight posted:

Is it a VM? We had to do this and we built a new 2019 server and then re-attached the drive with the files and permissions and it just worked.

It is a VM. That's an interesting concept and would be amazing if that worked heh. Thanks.

Internet Explorer
Jun 1, 2005





Oven Wrangler

That would come close to "just working," but you will have to share out folders and if you have any permissions on the share itself instead of NTFS you'll need to do that. DFS-N/DFS-R or DFS-N w/o Robocopy isn't a bad path. Microsoft also makes a tool to help these days - https://docs.microsoft.com/en-us/wi...ce/migrate-data

Now would be a good time to look into using Azure File Sync w/ cloud tiering if you use Azure and/or think you would ever want to go that route.

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

Seconding the suggestion to use DFS to create a namespace and update all your GPOs, then replicate to the new server before standing the old one down.

The Fool
Oct 16, 2003



what happened to the tried and true robocopy + cname?

The Fool
Oct 16, 2003



Internet Explorer posted:

That would come close to "just working," but you will have to share out folders and if you have any permissions on the share itself instead of NTFS you'll need to do that. DFS-N/DFS-R or DFS-N w/o Robocopy isn't a bad path. Microsoft also makes a tool to help these days - https://docs.microsoft.com/en-us/wi...ce/migrate-data

Now would be a good time to look into using Azure File Sync w/ cloud tiering if you use Azure and/or think you would ever want to go that route.

When Azure File Sync added support for NTFS permissions we greatly expanded it's use. We only have a little under 1TB of files synced right now, but it is working well.

More info here: https://azure.microsoft.com/en-gb/b...public-preview/

but lol

The Fool fucked around with this message at 17:52 on Sep 22, 2020

Spring Heeled Jack
Feb 25, 2007


GreenNight posted:

Is it a VM? We had to do this and we built a new 2019 server and then re-attached the drive with the files and permissions and it just worked.

We did this and it worked great. Thereís a registry key you can export/import that has the share info as well.

In our case we went from 2003 to 2016 and had no issues with this method.

Adbot
ADBOT LOVES YOU

incoherent
Apr 24, 2004

01010100011010000111001
00110100101101100011011
000110010101110010


The Fool posted:

what happened to the tried and true robocopy + cname?

Modern windows wig out at cnames. Just add the old servers name as a secondary hostname. And, replace where you can with DFS-N.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply