|
thebigcow posted:If, for SOME REASON, you find yourself supporting Outlook 2010 on XP, and it fell over this week, uninstall KB4011273. I pray for your soul.
|
# ? Jan 12, 2018 03:13 |
|
|
# ? Jun 8, 2024 09:38 |
|
Rick posted:I've definitely made use of those but people were really resistant to the web apps (for good reason I suppose). It was five dollars a license for users with installed apps which was still pretty good but not as good as when we were getting 100 station licenses for 5 dollars total. I use the free licenses for things like MFPs (I know you can do without it but why not if it's free) and for contractors, board members.
|
# ? Jan 12, 2018 14:52 |
|
thebigcow posted:If, for SOME REASON, you find yourself supporting Outlook 2010 on XP, and it fell over this week, uninstall KB4011273. McDeth posted:I would punch my own face
|
# ? Jan 12, 2018 14:53 |
|
Moey posted:Previous dude started a Meraki rollout before I took over. Only good thing about paying out the rear end is when a switch starts acting funny, it's replaced with a new model. Is Meraki really that expensive? It looks kinda great for small branch office situations. I was working with one guy who had to regularly provision 10-15-staff field offices remotely in AMEA regions. He'd ship out a Meraki firewall+WAP+switch combo and a laptop running RODC+WSUS in a vm. User on site would plug it in and as soon as it phoned home he could just manage everything easily, at a low price point. Granted that's not the type of environment we typically need to operate in but in this case sounds like a good fit to me.
|
# ? Jan 12, 2018 15:07 |
|
NevergirlsOFFICIAL posted:Is Meraki really that expensive? It looks kinda great for small branch office situations. I was working with one guy who had to regularly provision 10-15-staff field offices remotely in AMEA regions. He'd ship out a Meraki firewall+WAP+switch combo and a laptop running RODC+WSUS in a vm. User on site would plug it in and as soon as it phoned home he could just manage everything easily, at a low price point. Granted that's not the type of environment we typically need to operate in but in this case sounds like a good fit to me. I'll have check out invoice stuff, but I figure we are paying like 100/year for our access switches.
|
# ? Jan 12, 2018 15:53 |
|
NevergirlsOFFICIAL posted:Is Meraki really that expensive? It looks kinda great for small branch office situations. I was working with one guy who had to regularly provision 10-15-staff field offices remotely in AMEA regions. He'd ship out a Meraki firewall+WAP+switch combo and a laptop running RODC+WSUS in a vm. User on site would plug it in and as soon as it phoned home he could just manage everything easily, at a low price point. Granted that's not the type of environment we typically need to operate in but in this case sounds like a good fit to me. I'd rather go full stack Unifi. You can achieve the same thing with a preconfigured CloudKey. No bullshit licensing either. I love Meraki's MDM but that's about it.
|
# ? Jan 12, 2018 16:48 |
|
Last time I asked about unifi (which was a few years ago) everyone said support is basically community forums based
|
# ? Jan 12, 2018 17:32 |
|
That's odd, I have gotten quick responses to email requests to support from Ubiquiti over the years, for business or personal. I've only used them for WAPs in the business world, where I don't really need to call someone, but if they don't have phone support I wouldn't use them in business [edit: for other things]. But it looks like they have an "ELITE SUPPORT!" that you probably get access to with their higher-end stuff - https://help.ubnt.com/hc/en-us/articles/115006774647-UniFi-Elite-Support-Contact-Information Internet Explorer fucked around with this message at 18:50 on Jan 12, 2018 |
# ? Jan 12, 2018 18:03 |
|
UniFi still don't have decent voice VLAN support. I would also complain about the layer 3 stuff being poo poo but Meraki barely bother either so that's not a mark against them.
|
# ? Jan 12, 2018 18:15 |
|
My biggest issue with Meraki is the total lack of site-to-site vpn support. If you're not using their AutoVPN, you are a third world country.
|
# ? Jan 12, 2018 18:22 |
|
The Fool posted:My biggest issue with Meraki is the total lack of site-to-site vpn support. Really? I have over a dozen sites connected with site to site VPN via Merkai.
|
# ? Jan 12, 2018 22:05 |
|
Apparently some people in another team are dealing with the site to site VPN issue with meraki . I don’t know all the details but something about he couldn’t connect to more than one site at once (one of the sites being azure)
|
# ? Jan 12, 2018 22:10 |
|
NevergirlsOFFICIAL posted:Apparently some people in another team are dealing with the site to site VPN issue with meraki . I dont know all the details but something about he couldnt connect to more than one site at once (one of the sites being azure) Moey posted:Really? I have over a dozen sites connected with site to site VPN via Merkai. The issues that I've personally ran into: 1. Doesn't support IKEv2 2. Doesn't support data lifetimes 3. Can't route non-meraki subnets across auto-vpn networks 4. All networks in a tag try to connect to a non-meraki vpn automatically and constantly. 3 and 4 combine to make the situation where if you want multiple sites to be able to connect to an off-site data center (or azure) you need to have a unique configuration for each site at both ends of the vpn.
|
# ? Jan 12, 2018 22:48 |
|
What, you don't like having tons of firewall rules for no good reason?
|
# ? Jan 12, 2018 23:32 |
|
Is it still painful to write firewall rules for Meraki stuff? Like home-router levels of awful UI?
|
# ? Jan 12, 2018 23:49 |
|
Yes, but at least the rest API has endpoints for the firewall rules. No such luck for the VPNs.
|
# ? Jan 12, 2018 23:53 |
|
The Fool posted:The issues that I've personally ran into: Wow yikes
|
# ? Jan 13, 2018 04:24 |
|
Ubiquiti APs are good for how cheap they are. Good bang for buck, but the analytics platform is crap (on the Unifi controller) compared to Meraki and I would never roll out a large mission critical site with Ubiquiti APs if wifi is the primary means of connectivity. Also no RBAC on the Unifi controller either, so you have to give your whole team full admin which sucks from a security perspective. Unifi SG firewalls are garbage, UI sucks, ACL management is bizarre, you can't hardcode speed/duplex without custom configs on the controller (this is problematic where carriers handoff hardcoded ports on CTE stuff with 100/full). The Unifi switches don't support CDP/LLDP or DHCP options. I think the Edgeswitches are completely separate software base though and seem to support more standards. Meraki is good for branch office but lack of flexibility on their firewalls is a real downer - once you want to start getting into the guts of tweaking knobs to make the devices work better in your environment, you find that you can't. I would never use Meraki for datacenter firewalls based on that fact alone. Their switches are good but way overpriced for the hardware. UI is nice for managing them, and 802.1x seems to work well on them with minimal config, so that's a big plus. Meraki's broadcast storm control seems lacking on their lower end switches - I've had a network crawling for weeks because one port was blasting out broadcasts from a VOIP phone loop for weeks and I only noticed it when I had to dive in and look at traffic counters on the dashboard and saw poo poo way out of whack there - so lack of good storm control gives me pause in deploying the switches at scale too, though I think this feature gets more robust on the higher end switches. For a good laugh at Meraki's phone solution - read this Amazon review: https://www.amazon.com/gp/customer-reviews/R2DFP2J4OIZTDM/ref=cm_cr_dp_d_rvw_ttl?ie=UTF8&ASIN=B01FV0OHQ6 I showed that to my VOIP team and they were having a good chuckle. Cisco ASA 5506-X is the "easy" solution at a small site but FirePOWER is hot garbage - Fortinet's UTM has the best bang for the buck IMO and a 60E is a really good goto branch firewall. I find that the Ubiquiti APs complement the Fortinet firewall gear well and neither break the bank. Morganus_Starr fucked around with this message at 06:51 on Jan 14, 2018 |
# ? Jan 14, 2018 06:48 |
|
Lmao $400
|
# ? Jan 14, 2018 12:57 |
|
lmao fortinet
|
# ? Jan 14, 2018 16:54 |
|
pfSense jk
|
# ? Jan 15, 2018 01:10 |
|
I actually deployed pfSense firewalls at ${job-1} because our Sonicwall POSes wouldn't handle VLANs properly, but my boss wouldn't spend the few hundreds for commercial support, which still cost less than Sonicwall.
|
# ? Jan 15, 2018 01:23 |
|
Hidden benefit to o365: when friends ask me to hook them up with open license mak I can say I don't have any anymore
|
# ? Jan 16, 2018 22:47 |
|
SamDabbers posted:I actually deployed pfSense firewalls at ${job-1} because our Sonicwall POSes wouldn't handle VLANs properly, but my boss wouldn't spend the few hundreds for commercial support, which still cost less than Sonicwall. WAY back in the day, maybe 12 years ago, I built an IPCop box as the edge router for each of our offices. The boss liked that it had near-zero hardware cost (since any junky old PC we had lying around would work fine; just throw in another NIC), and I liked that it did site-to-site VPN and even OpenVPN for roaming users, with really minimal setup required. Yeah, I was a little leery of the whole company depending on cobbled-together frankenhardware and some obscure Linux distro, but it all worked great, for years on end.
|
# ? Jan 16, 2018 23:36 |
|
Powered Descent posted:WAY back in the day, maybe 12 years ago, I built an IPCop box as the edge router for each of our offices. The boss liked that it had near-zero hardware cost (since any junky old PC we had lying around would work fine; just throw in another NIC), and I liked that it did site-to-site VPN and even OpenVPN for roaming users, with really minimal setup required. Yeah, I was a little leery of the whole company depending on cobbled-together frankenhardware and some obscure Linux distro, but it all worked great, for years on end. Truth is, random old PCs are 100x more reliable than modern tiny surface mount stuff. They were built to last. China does not build to last.
|
# ? Jan 18, 2018 00:55 |
|
The drop in reliability is caused by an increase of complexity, not a lack of manufacturing standards. Manufacturing standards have always been lovely. If anything, the manufacturing process is better now due to improved tooling being available for cheaper.
|
# ? Jan 18, 2018 01:25 |
|
The Fool posted:. If anything, the manufacturing process is better now My bespoke artisanal motherboard/photo frame begs to disagree. You don't see craftsmanship like this nowadays.
|
# ? Jan 19, 2018 18:20 |
|
Things on my install list this month: Unity300 w/ 10TB of flash, 20TB of 15k, and 100TB of NL-SAS C7000 Chassis w/ 6 Blades 40Gb QSFP+ line cards for my 5412R switching. Feelsgoodman.
|
# ? Jan 29, 2018 13:31 |
|
Digital_Jesus posted:Things on my install list this month: What's that 15k tier for? It's so close in capacity to the SSD tier that I'm really curious about how you specced out your storage tiers
|
# ? Jan 29, 2018 13:44 |
|
redeyes posted:Truth is, random old PCs are 100x more reliable than modern tiny surface mount stuff. They were built to last. China does not build to last. PCs 12 years ago were built in China with surface mount stuff too, though. Everything being DIPs is like early 90s technology.
|
# ? Jan 29, 2018 14:06 |
|
Potato Salad posted:What's that 15k tier for? It's so close in capacity to the SSD tier that I'm really curious about how you specced out your storage tiers Flash tier is for sql / VDI. 15k is for VMs OS/Apps. NL-SAS is file/image storage and local backups. The raw flash capacity is actually around 25TB but itll be around 10 usable when its set up for pools.
|
# ? Jan 29, 2018 14:41 |
|
Hey guys, I started a personal blog that's basically a series of posts about, "things you should have been doing this whole time but you haven't yet so start now" type of things. I want some ideas for blog posts from you. Topics I have already covered: - "basics of byod security" (settings you should use out of the box with exchange) - the importance of cybersecurity training for end users - why not to reuse passwords future topics will include: - common things IT guys don't automate and how to fix that (software deployment, gpo) - how desktop imaging can save you a ton of time - how to determine rpo/rto for your services would love any other ideas.
|
# ? Feb 5, 2018 01:35 |
|
NevergirlsOFFICIAL posted:Hey guys, I started a personal blog that's basically a series of posts about, "things you should have been doing this whole time but you haven't yet so start now" type of things. I want some ideas for blog posts from you. The economics of Just Use Office 365 / Google apps v Thanks Ants posted:"No, dipshit. Your SBS server in the corner of your office isn't more secure than the public cloud" This, but verbatim Methanar fucked around with this message at 09:05 on Feb 5, 2018 |
# ? Feb 5, 2018 03:20 |
|
"No, dipshit. Your SBS server in the corner of your office isn't more secure than the public cloud"
|
# ? Feb 5, 2018 09:00 |
|
why untested backups are a complete waste of time.
|
# ? Feb 5, 2018 13:46 |
|
Can’t be a waste of time if you don’t spend any time on it :rollsafe:
|
# ? Feb 5, 2018 17:56 |
|
So the thread was talking about managed switches earlier, what about smart or even un-managed switches? Normally just grabbing the cheapest one possible is fine for me but I'm in a situation where I actually need this one to be reliable even if I don't really need it to do a ton.
|
# ? Feb 6, 2018 08:36 |
|
IMO the requirement of reliability means you need to be able to see what's going on, unmanaged switches are a black box so you're going to be constantly second-guessing what the causes of any issues are as you have no way to see port statistics, STP topology changes etc.
|
# ? Feb 6, 2018 08:56 |
|
My Dell T630 VM host died over the Christmas break, some kind of device/bus error caused it to boot loop. Pulling the power and letting it sit for a bit made it come good but I didn't work for a whole month and it happened literally the next day after I left, so the server boot looped for a whole month. Tried to get logs off iDRAC to send to the support guy but any detail beyond which slot the device was in is missing. It was apparently the PERC controller but my raid is fine and works. We did a bunch of firmware updates (I think the support guy thought it might let us get more info out of the logs but the firmware updates aren't going to travel back in time and change what was logged so I never expected it to work). Since the firmware updates my tape drive doesn't recognise my back up tapes from last year, can't read write or erase from Veeam, it's all just gone. I'm doing a full erase from some tapedrive tool the support guy got me to download because previously erasing a tape and starting again has helped. Tape erase took so long that I had to go home so I don't even know if it worked. Definitely feeling like punching my own face right now. I pulled a bulldog clip and a paper clip out of the guts of a printer though and the printer worked perfectly afterwards, which is some small consolation I guess.
|
# ? Feb 6, 2018 17:41 |
|
|
# ? Jun 8, 2024 09:38 |
|
Don't celebrate too early - it's probably hosed the drum up and now your prints will have a line down them.
|
# ? Feb 6, 2018 17:55 |