|
Aruba Instant On could be worth a look as well https://www.arubainstanton.com/files/AAG_AIO_SmartMesh.pdf
|
#
?
Jan 7, 2022 09:07
|
|
|
|
| # ? Apr 26, 2024 19:03 |
|
|
dexter6 posted:Thanks for the suggestions! Aruba, seriously do Aruba. IAP-200s or IAP-300s depending on size/user count.
|
|
#
?
Jan 7, 2022 19:29
|
|
|
Meraki if you can afford it, Aruba is good too though. I recently put a Zyxel AP in my home and they have a cheap cloud controller option. I'm happy with the hardware and web GUI, 0 complaints. FS.com has gotten into the hardware game recently, has anyone had a chance to check out their switching or wireless? Their optics have been drat good and drat cheap for years, maybe they'll deliver some winners there
|
|
#
?
Jan 8, 2022 02:01
|
|
|
CloFan posted:Meraki if you can afford it, Aruba is good too though. I have a client with a switch, seems fine, not really doing anything super crazy just some VLANs, POE+ etc, no routing or anything fancy.
|
|
#
?
Jan 8, 2022 03:06
|
|
|
don't buy loving meraki
|
|
#
?
Jan 9, 2022 07:18
|
|
|
why not
|
|
#
?
Jan 10, 2022 01:06
|
|
|
Has anyone had luck moving a print server or other infrastructure related server (badge swipe, etc.) to a colocation over dedicated VPN? Is that a supremely dumb idea? We're trying to minimize our on prem server load since we're moving to a smaller office later this year, so I'm just brainstorming.
|
|
#
?
Jan 10, 2022 01:21
|
|
|
Print server you can do as long as you enable branch office remote printing and the network supports it. Door entry I would check that it’s supported by the vendor and that the door controllers can cache things in case the VPN drops.
|
|
#
?
Jan 10, 2022 02:11
|
|
|
No. 1 Juicy Boi posted:Has anyone had luck moving a print server or other infrastructure related server (badge swipe, etc.) to a colocation over dedicated VPN? Is that a supremely dumb idea? Go with a security\alarm service for your door\badges that is cloud based. They'll usually do landline\4G or dual 4G cell services to keep them highly available. Nothing wrong with deploying a ESXI box with an domain controller, print server, VM on like a R240 wall mount in this , but if you do over vpn always make sure you got a primarty and secondary on lock.
|
|
#
?
Jan 10, 2022 02:23
|
|
|
Thanks Ants posted:Print server you can do as long as you enable branch office remote printing and the network supports it. To echo part of this - a lot of physical security stuff (door entry, cameras, etc) was written last century and relies heavily on broadcast to do anything, so it's not going to play over VPN. I'm in favor for small, cheap on site servers for apps with minimal load, like security and print servers.
|
|
#
?
Jan 10, 2022 03:29
|
|
|
No. 1 Juicy Boi posted:Has anyone had luck moving a print server or other infrastructure related server (badge swipe, etc.) to a colocation over dedicated VPN? Is that a supremely dumb idea? In small enough offices I straight up would have users connect directly to the printers without print server. In some other environments were no-server is the goal, look at printix and printercloud as a printer server alternative. I'd be kind of nervous about moving badge swipe off prem
|
|
#
?
Jan 10, 2022 20:44
|
|
|
incoherent posted:Nothing wrong with deploying a ESXI box Amen. Always good to have something local-local. You can get an hpe proliant microserver properly configured for under 3k that can run DC, print, workstation images, and of course the corporate plex media server.
|
|
#
?
Jan 10, 2022 20:50
|
|
|
The only problem I have with deploying a local server is now you need to have "what do I do when this thing fails" sorted out.
|
|
#
?
Jan 10, 2022 20:52
|
|
|
Silly Newbie posted:I'm in favor for small, cheap on site servers for apps with minimal load, like security and print servers. I'm curious what hardware everyone is using for these kinds of roles, where you don't really need any real horsepower but you need a reliable and supportable server physically on site. We use a lot of Supermicro E200-9Bs because they're basically the smallest and one of the cheapest servers I've been able to find that has a proper BMC with full remote KVM+media support. Two of them can fit in 1U, low power consumption, and all the ports I've ever needed out of an "appliance server". The bang for the buck is a bit rough though, even though I don't need anything more it still does hurt to pay $500 for a system with a CPU that was bottom of the barrel in 2015. I would love to see something like a modern NUC but with a BMC from a major vendor.
|
|
#
?
Jan 10, 2022 21:01
|
|
|
A single local server also puts you into the world of CALs unless it's something that will happily run on a client version of Windows (which most badge swipe stuff will). Add up the TCO and see if it buys you a backup internet connection for that period of time to keep your VPNs up.wolrah posted:The bang for the buck is a bit rough though, even though I don't need anything more it still does hurt to pay $500 for a system with a CPU that was bottom of the barrel in 2015. I would love to see something like a modern NUC but with a BMC from a major vendor. The Dell Precision 3240 Compact can be specced with vPro Thanks Ants fucked around with this message at 21:12 on Jan 10, 2022 |
|
#
?
Jan 10, 2022 21:07
|
|
|
wolrah posted:I'm curious what hardware everyone is using for these kinds of roles, where you don't really need any real horsepower but you need a reliable and supportable server physically on site. We use Dell Optiplex 7070 Micros for this (print servers, etc). Includes Intel AMT for OOB management.
|
|
#
?
Jan 10, 2022 21:20
|
|
|
I've done printing for a 70 person office over a VPN running on a 500Mb connection. It was fine.
|
|
#
?
Jan 10, 2022 23:27
|
|
|
Internet Explorer posted:The only problem I have with deploying a local server is now you need to have "what do I do when this thing fails" sorted out. Well it has to be services that are in the "nice to have" category... Like if your print server fails and you don't have some backup way for the users to print / if printing is super critical to your office then this ain't for you. But if it's like a 20 person office where you can push or give them the instructions to connect directly to the printer as a workaround then it's fine.
|
|
#
?
Jan 11, 2022 02:17
|
|
|
It occurs to me I should be very thankful that most of my clients these days consider printing to not be essentials, after 2 years of WFH.
|
|
#
?
Jan 11, 2022 02:18
|
|
|
Internet Explorer posted:The only problem I have with deploying a local server is now you need to have "what do I do when this thing fails" sorted out. "Suddenly take a week of vacation time you banked" is not always the answer, but sometimes it can be.
|
|
#
?
Jan 11, 2022 02:54
|
|
|
Thanks Ants posted:The Dell Precision 3240 Compact can be specced with vPro Sheep posted:We use Dell Optiplex 7070 Micros for this (print servers, etc). Includes Intel AMT for OOB management. How does AMT/vPro compare with a full server BMC when it comes to hardware failures? I've never actually had a chance to mess with it but it seems like it still depends on the main system CPU, RAM, NIC, and firmware ROM. Something like an iDRAC or the ASpeed in the Supermicros being a truly standalone computer has its appeal because I can run a memtest remotely without having the remote management depend on that same memory. The rest doesn't really worry me as much.
|
|
#
?
Jan 11, 2022 21:19
|
|
|
AMT under the hood is communicating with Intel Management Engine which AFAIK is just Intel running a custom Minix setup on separate hardware inside the chassis, so in theory it should all be remotely manageable even in case of hardware failure, but not something I've ever messed with. It does appear to support VNC access to KVM, BIOS, etc. from 15 minutes of Googling at the documentation. In our case we don't make use of it for a variety of reasons, but it does look like any other BMC you'd run across. Sheep fucked around with this message at 21:53 on Jan 11, 2022 |
|
#
?
Jan 11, 2022 21:40
|
|
|
Sheep posted:AMT under the hood is communicating with Intel Management Engine which AFAIK is just Intel running a custom Minix setup on separate hardware inside the chassis, so in theory it should all be remotely manageable even in case of hardware failure, but not something I've ever messed with. It does appear to support VNC access to KVM, BIOS, etc. from 15 minutes of Googling at the documentation. AMT also doesn't seem to support having a dedicated NIC for management independent of the main system which matters in a few environments. Not the biggest deal for most of my use cases but there would be a couple where that would be a no-go. I still have no idea why no one sells a standalone BMC as an add-in card. Obviously it couldn't be as deeply integrated with the system as one designed in from the beginning but it still should be possible to have a card that looks to a host system like a GPU and has a few internal header connections to connect some virtual USB devices and operate power/reset remotely.
|
|
#
?
Jan 12, 2022 17:16
|
|
|
Getting severely out of my depth but I think an add-in BMC-esque card on the PCIe bus would have at least two issues: obviously it's all bottlenecked by the PCI bridge so a failure there would cut it off from everything else, and for remote power cycling, PS_ON# is part of the 24-pin main power connector so I can't think of a great* way to handle that. The two really easy things though seem like they'd be KVM access and virtual storage devices. Aside from power control most of the functionality seems doable though. * You could tap it with a custom connector but yikes. Sheep fucked around with this message at 18:25 on Jan 12, 2022 |
|
#
?
Jan 12, 2022 18:20
|
|
|
Sheep posted:Getting severely out of my depth but I think an add-in BMC-esque card on the PCIe bus would have at least two issues: obviously it's all bottlenecked by the PCI bridge so a failure there would cut it off from everything else, and for remote power cycling, PS_ON# is part of the 24-pin main power connector so I can't think of a great* way to handle that. A BMC normally connects primarily over the PCIe bus anyways, so there's no change there, and power/reset control could be implemented by simply connecting to the same headers the physical buttons would use. No need to tap any actual power lines, just make the motherboard think someone actually pressed the button. The only thing you'd be missing at that point would be access to temperature sensors, fan speeds, etc. The deeper hardware integration aspects. The core KVM/remote media/remote power functions should be just as easily implemented as an add-in card as they are an onboard solution.
|
|
#
?
Jan 13, 2022 17:08
|
|
|
I'm trying to test Prometheus and Grafana, as a way to A. consolidate OS stats B. replace LibreNMS as our monitor and alerting tool. What I can't really tell from the documentation is how I should construct this environment. Do I install Prometheus on every node in our infrastructure, or just the exporter? Does the "monitor" system use Prometheus to grab from all those exporters, or do I have Grafana add each node's Grafana server as a Data Source? Or is it just one Prometheus server getting all the exporter information and passing that one Prometheus server as a single Data Source?
|
|
#
?
Jan 14, 2022 18:17
|
|
|
You'd have just an exporter on the target nodes. If you have it at all, I mostly have apps that expose their metrics in Prometheus format. Then a central instance of Prometheus to scrape those exporters/endpoints. I do have multiple instances of Prometheus, each with their own areas of responsibility.this gets tricky when I want to correlate metrics on different instances, but I make do.
|
|
#
?
Jan 14, 2022 19:47
|
|
|
IUG posted:I'm trying to test Prometheus and Grafana, as a way to A. consolidate OS stats B. replace LibreNMS as our monitor and alerting tool. Grafana is mainly nicer visualisations of the data; Prometheus can also display time series. Focus on getting Prometheus up and running first, then visualise it with Grafana.
|
|
#
?
Jan 15, 2022 20:40
|
|
|
Late to the party, but yeah for a small office I'd deploy printers without an interstitial print server with respect to physical access controls, if you're thinking about pushing that off site with a vpn, make absolutely God drat sure that configuration is not only technically supported by the vendor, but WELL supported by the vendor. THERE IS A HUGE DIFFERENCE BETWEEN THE TWO. Potato Salad fucked around with this message at 05:57 on Jan 16, 2022 |
|
#
?
Jan 16, 2022 05:53
|
|
|
Anyone else have domains with Enom? They’re doing a “data center migration” and now our domain doesn’t resolve. At all. Even the MX.
|
|
#
?
Jan 16, 2022 15:22
|
|
|
Sounds like you’re about to have a different DNS provider! No seriously that is unacceptable, move it to azure dns or route53, the cost is negligible for what SLA they provide.
|
|
#
?
Jan 17, 2022 03:00
|
|
|
devmd01 posted:Sounds like you’re about to have a different DNS provider! Even free tier cloudflare. I used enom for a couple of years one place and it sucked the couple of times I had to touch it.
|
|
#
?
Jan 17, 2022 04:01
|
|
|
devmd01 posted:Sounds like you’re about to have a different DNS provider! I will, when I can log into my portal and configure things! nvrgrls posted:Even free tier cloudflare. We've used it for a decade without problems, but days of downtime is not acceptable. Thanks for the name drops, both of you, I'll investigate when the dust settles. Edit: The irony. When I set up peoples' VPN, I debated whether to use FQDN or IP for the endpoints. I concluded that us having an IP change was more likely than DNS not working... bolind fucked around with this message at 12:41 on Jan 17, 2022 |
|
#
?
Jan 17, 2022 10:19
|
|
|
Today, our servers lost contact with our main storage node. Because I had been migrating the DHCP server. And said storage node pulled an IP (fixed via MAC) from the DHCP server.
|
|
#
?
Jan 21, 2022 12:04
|
|
|
|
|
#
?
Jan 21, 2022 12:16
|
|
|
The DNS entry was, naturally, fixed. Edit: and our two other storage nodes were configured as one would expect. bolind fucked around with this message at 14:54 on Jan 21, 2022 |
|
#
?
Jan 21, 2022 14:39
|
|
|
|
|
#
?
Jan 21, 2022 15:16
|
|
|
Isn't IP reservations from DHCP the thing to do nowadays and not just manually set static IP's on poo poo?
|
|
#
?
Jan 21, 2022 16:11
|
|
|
Yes, until the gear is more important than the DHCP server (like your SAN/NAS box generally is).
|
|
#
?
Jan 21, 2022 16:15
|
|
|
|
| # ? Apr 26, 2024 19:03 |
|
|
DHCP is for having more clients (that come and go) than IPs, or for ease of setup. We have (MAC reserved) DHCP entries for boilerplate stuff (compute nodes, workstations), but we only use it to establish identity upon install, then fix that IP for the life cycle of the installation.
|
|
#
?
Jan 21, 2022 17:06
|
|