|
pixaal posted:Is Amazon AWS really $0.03 per gig used and $0.09 per gig of bandwidth? I'm pretty sure this is going to cost in the $2-3 range which is great. Their cost calculator might help http://calculator.s3.amazonaws.com/index.html wyoak fucked around with this message at 21:02 on Oct 5, 2015 |
# ? Oct 5, 2015 20:59 |
|
|
# ? May 30, 2024 13:47 |
|
wyoak posted:You'll also have to factor in CPU time for the VM running the FTP server (unless you're going to do all your transfers via S3 API), but you could probably run it on their micro instance, which is free for a year and like $10 / mo after that if you run 24/7 and don't prepay for reserved hours (gets cheaper if you do that). I knew there was a catch, I just couldn't figure out what I was missing. I don't think using the API would fly at all with 3rd parties.
|
# ? Oct 5, 2015 21:57 |
|
Surely there must be an ftp server that can use S3 as a file store?
|
# ? Oct 5, 2015 23:15 |
|
Swink posted:Surely there must be an ftp server that can use S3 as a file store? A lot of FTP clients natively support S3 though so it's probably pointless
|
# ? Oct 6, 2015 04:10 |
|
What is everyone's thoughts on N-Able/N-Central? I've been playing with the trial and its really nice. Seems to do a lot of stuff for you. Plus that automation engine is pretty nice.
|
# ? Oct 7, 2015 13:49 |
|
Beefstorm posted:What is everyone's thoughts on N-Able/N-Central? I've been playing with the trial and its really nice. Seems to do a lot of stuff for you. Are you an MSP? We looked at them right around the time they got bought by Solarwinds, but their sales guys were so bad they basically turned us off of the product and we went with a different RMM instead. Maneki Neko fucked around with this message at 18:08 on Oct 7, 2015 |
# ? Oct 7, 2015 18:01 |
|
Maneki Neko posted:Are you an MSP? We looked at them right around the time they got bought by Solarwinds, but their sales guys were so bad they basically turned us off of the product and we went with a different RMM instead. Any recommendations for a different one? My boss effectively said "Anything but N-Able."
|
# ? Oct 7, 2015 19:29 |
|
LabTech, Kaseya are two other popular ones.
|
# ? Oct 7, 2015 19:34 |
|
So what is everybody's email and spam appliance/software of choice? Currently we're using Kerio Connect for email since we're an all Mac shop (no dirty MS Exchange here, lolz) and utilizing the built-in spam blocker. We're also using the built-in anti-spam and anti-malware capabilities of our Watchguard XTM505 to block incoming spam & deal with threats. Recently the amount of spam that has been making it past the mail server & firewall have reached epic proportions, especially to a couple of our c-level users who have had their email accounts for more than 15 years. I was looking at a Watchguard spam blocker appliance but apparently they are going EOL with no intention of selling a replacement product, so that leaves me up poop creek without a paddle. Bonus points of it does PGP Email encryption.
|
# ? Oct 7, 2015 19:42 |
|
Beefstorm posted:What is everyone's thoughts on N-Able/N-Central? I've been playing with the trial and its really nice. Seems to do a lot of stuff for you. Highly dislike, their remote desktop tool is awful, everything you want to do feels like a surcharge, want to run scripts on your Computers surcharge, want decent inventory reports, also surcharge. It is super easy to setup and install at the very least and their automation tool is kinda innovative I will give them that but we did a year contract and are certainly not renewing it. Actual monitoring isn't too bad it's the same SNMP/ up/down stuff every RMM does, it does have issues with our ESX servers it can't read the drives right I suspect that is a config issue on our end.
|
# ? Oct 7, 2015 19:52 |
|
We're also looking for a decent RMM. I've got a demo with Ninja scheduled next week and we're looking at N-Able, Kaseya, LabTech and Max RemoteManagement as well.
|
# ? Oct 7, 2015 20:10 |
|
we use continuum RMM it's pretty great. http://www.continuum.net/ antispam: everyone says mimecast is ftw. I'm using mxlogic right now and it's disgusting.
|
# ? Oct 7, 2015 20:53 |
|
Mimecast. Not worth having a device on site. Has other neat features like archiving and email continuity as well.
|
# ? Oct 7, 2015 21:08 |
|
Kaseya is kind of like Sonicwall. Everything usually works until it doesnt, for no good reason. New (R8?) Remote Control is often a crapshoot if it will connect or not. There's a known issue with multiple users unable to connect simultaneously to Server 2008 and earlier Storagecraft module occasionally eats licenses and requires a bunch of manual intervention AV module can't restore quarantined files - they claimed it was fixed in R8 and it is not as of R9 MBAM module can't automatically clean PUP entries. You have to scan manually. This is by design. Edit: We just looked at the Autotask RMM and the workflow looks neat but it's definitely immature.
|
# ? Oct 7, 2015 21:13 |
|
We're pretty happy with Appriver for spam filtering, set it and forget it. Maintenance is basically handling any whitelist requests users put in, and their support is pretty good.
|
# ? Oct 9, 2015 15:57 |
|
NevergirlsOFFICIAL posted:we use continuum RMM it's pretty great. http://www.continuum.net/ We use that at the MSP I work at also, and yeah it seems pretty good.
|
# ? Oct 11, 2015 23:45 |
|
I'm currently using N-Central. So far I haven't had any major issues. I don't pay the bill so I have no idea of what costs what. The Bitdefender AV isn't as good as Trend in my opinion, especially with respect to the exchange antispam/virus product. Also I know the licensing for exchange protection is kind of lame, my understanding is it is licensed per mailbox, but that includes discovery mailboxes and equipment mailboxes. So if an organisation uses equipment mailboxes heavily the cost goes right up. The latest version on N-Central (10) is much better then their last version. You'll want to get good with powershell too to really get automation under control. They have a built in automation manager that lets you do automation scripts with a GUI, it's pretty lacking at the moment and needs a bit of work with the user interface. For example you can't move program code blocks around, so if you get something set up all nice and realise it should be in a nested If function you have to re-create it, you can't just drag it down. Basically the only thing I use the Automation manager for is to encapsulate my powershell scripts into an AMP file when I want to make a custom service that returns values into N-Central. Patch management takes a while to get your head around too. I've found support to be pretty good. I mostly talk to techs in the Philippines due to my timezone however I've called their US number and got through to a US tech too. Their support portal is a bit of a mess but you get the hang of it. They have daily Q&A sessions with a support tech so you can just decide to drop in and ask a question without logging a ticket which I find really useful. They have an initial training program when you first get the product that takes you through the software, it's pretty important for everyone to attend it because there are concepts in the software (Filters, Rules and Service Templates) that you need to get your head around to correctly use the software. If you have any questions I'm happy to give you my opinion.
|
# ? Oct 12, 2015 04:55 |
|
Have we done SMB UTM talk yet? I'm talking 50-100 users, 50-500Mbit type of connection speeds, VPN apps for the major platforms, and not poo poo. Currently looking to move away from Sonicwall due to the products being filled with bugs and the support more or less not existing. Who's good? Current list is Sophos, Fortigate, Watchguard.
|
# ? Oct 12, 2015 19:01 |
|
I use Watchguard (XTM505, XTM503, and XTM25) and manage 3 remote site's with interconnected with BOVPNs as well as remote users using SSL VPN's and utilizing 2-factor authentication. Their SSL VPN product has all the major OS's covered and is a breeze to manage. If you're managing a single site, then the web-based configuration is probably your best best. It's pretty easy to set up and manage a Watchguard device and all of the additional services that they offer with UTM. If you're managing multiple sites, then their Watchguard System Manager product (centralized server management) is free and extremely powerful. It can be kind of a pain to get configured correctly but once everything is set up, managing remote tunnels is a breeze and making configuration changes is SUPER easy. I will say that their product has seen many improvements since we started using them about 5 years ago, and it was honestly sometimes a struggle to get where we are now. They had a LOT of undocumented bugs that did all kinds of weird poo poo, but with their latest release they've come a long way in squashing those bugs & add badly needed features (DHCP server with no options? What is this, amateur hour? They only just recently added this...). One aspect of WatchGuard I don't often hear mentioned is their Dimensions server. Again, I believe that this is a free download (I could be wrong, I know we're below the user count required to have a license for WSM) but this is their user-management and centralized logging service. You can set up an SSO agent on all of your clients and have full web-based reporting on a user-by-user basis, full access controls for web content filtering, etc. It's really powerful if you configure it correctly. Their website is chalk full of tech docs and How-To's that are pretty well written. As far as WatchGuard support, my biggest complaint is that you're stuck behind Tier 0 ticket takers if you call in and the web portal is a little cumbersome to fill out all of the details that are required. All in all it's not a bad service, and generally I'm on the phone with an honest to god tech within a few hours for non-critical emergencies and within an hour for 'poo poo has hit the fan' emergencies. They do offer a higher level of support than what we subscribe to if you're really worried about that sort of thing. Having come from a Cisco IOS device and a SonicWall before that, I'd choose WatchGuard any day of the week. Edit: loving hell Network Solutions website is poo poo. Why I have to hit commit 20 times to get DNS changes to actually stick is beyond me. McDeth fucked around with this message at 21:37 on Oct 12, 2015 |
# ? Oct 12, 2015 19:15 |
|
I wanna get my windows domain, special snowflake macs (which are picking up a deeper user share with every hiring cycle), and my e-mailboxes all under the same account directory. One username for it all, and just one password, with a mandated change every X months. Right now it's bedlam, I have to keep a local admin account on half these machines, and show up in person with a tablet running SSH or a Ctr/Alt/Del session so that the user can manually change their passwords for email or the file servers. Where do I start with this? Is it more advisable to have one server running the whole directory, or am I gonna end up with both an OSX and a Windows server, each sharing their clients' Kerberos information with the other? And how the flying gently caress did they expect us to manage Apple IDs?
|
# ? Oct 13, 2015 22:30 |
|
Eikre posted:I wanna get my windows domain, special snowflake macs (which are picking up a deeper user share with every hiring cycle), and my e-mailboxes all under the same account directory. One username for it all, and just one password, with a mandated change every X months. Right now it's bedlam, I have to keep a local admin account on half these machines, and show up in person with a tablet running SSH or a Ctr/Alt/Del session so that the user can manually change their passwords for email or the file servers. If you are in fact getting more Macs in the building, the best option (besides of course) is one directory. Apple used to espouse the golden triangle, where you had OS X server sitting there syncing with AD, but OS X server has become a bit of a joke and you have to run it on Apple hardware because Apple, and these days that means a Mac Mini. Don't know about you, but a small machine with a line-lump power cord full of consumer hardware is not my idea of a server. (It has redundant hard drives - whoop de do). Macs are pretty decent at joining AD these days, so I would just start there. The roaming user thing isn't very good as I recall (I forget the exact option in the binding wizard, but there's a setting to create a local profile for the AD user, and I believe that's the thing to do as there's issues otherwise), but everything else should be fine. Unless you use DFS - even 7 point versions of OS X after introducing DFS support, OS X still doesn't like DFS and will have random issues, especially coming out of sleep and so on. We've had to create fileserver CNAMEs in some occasions to map the shares directly, which basically completely contradicts the point of DFS namespacing. On the other hand, at this point I make changes to fileserver infrastructure with abandon and if the Mac users are inconvenienced, gently caress 'em, they've had ages to switch and have been a pain in my rear end for way too long. Before evol262 gets all up in my poo poo I should also clarify that this assumes you're a traditional company with local infrastructure and run Windows line of business applications. If you're cloud-based, it may make more sense to look into Okta/OneLogin type solutions that will give you SSO to not just your client machines but the SaaS apps as well. Edit: McDeth posted:Edit: loving hell Network Solutions website is poo poo. Why I have to hit commit 20 times to get DNS changes to actually stick is beyond me. DynDNS my friend. gently caress NetSol in the rear end. Switch to DYN and your DNS editing will be smooth as butter. Or at least, not frustrating. (And they're REALLY quick to propagate changes too). SyNack Sassimov fucked around with this message at 01:35 on Oct 14, 2015 |
# ? Oct 14, 2015 01:33 |
|
I would totally trade my current 'next in line for CIO' job at an 800 person company for CIO at a 200 person company, but only if executive management agreed to let me ban non-standard poo poo, including macs, immediately upon hire. Even though CIO at a 200 person company probably is more like network admin with 1-2 direct reports, gently caress macs in the enterprise.
|
# ? Oct 14, 2015 02:11 |
|
McDeth posted:Edit: loving hell Network Solutions website is poo poo. Why I have to hit commit 20 times to get DNS changes to actually stick is beyond me. You only need to do it once, it's just not displayed because of the way their DNS page queries your records. I think the changes are saved to some sort of staging server, so if you reload the DNS setup page right after making a change, it will query the actual servers and not show the changes. Just have to give it a couple minutes and it should show up then. Yeah, it's annoying and confused the hell out of me the first few times I used it.
|
# ? Oct 14, 2015 06:34 |
|
Guys I need to rename my users from POOP\firstname to POOP\flast. I'm going to try and find a powershell script to do this, but from the end user perspective what will happen with their profile folder C:\Users\Firstname? When they log in the next day will their profile be completely new or will windows know to point them to the existing profile? I feel like I went through this before when people get married and change their name but I don't remember. Also if I do the rename during business hours (lol) what will happen once I change the name - will users get a notice to reauthenticate or will their session remain until they log off? Any other gotchas?
|
# ? Oct 14, 2015 16:27 |
|
NevergirlsOFFICIAL posted:Guys I need to rename my users from POOP\firstname to POOP\flast. I'm going to try and find a powershell script to do this, but from the end user perspective what will happen with their profile folder C:\Users\Firstname? When they log in the next day will their profile be completely new or will windows know to point them to the existing profile?
|
# ? Oct 14, 2015 16:39 |
|
Eikre posted:I wanna get my windows domain, special snowflake macs (which are picking up a deeper user share with every hiring cycle), and my e-mailboxes all under the same account directory. One username for it all, and just one password, with a mandated change every X months. Right now it's bedlam, I have to keep a local admin account on half these machines, and show up in person with a tablet running SSH or a Ctr/Alt/Del session so that the user can manually change their passwords for email or the file servers. We run entirely windows server backend and all Macs for users. Active Directory + Centrify Suite for user management is a god send if you need to have GPO's to control what users do and don't have access to on their laptops/desktops. That being said, it still doesn't really offer 'true' MDM in the sense that you can entirely segregate a users profile to their own little special snowflake island, but it's a good compromise between flexibility and allowing Mac OS X users to have admin access without granting them FULL access to every aspect of hardware. If you're stuck in a BYOD environment I pity you because I have yet to run across a SaaS that's tolerable. It's worth noting I haven't really looked for one for a few years, so YMMV. Also, it doesn't do much to solve the horrendous keychain issues and password sync problems that Apple refuses to fix (at this point I find it hard to believe it's not a capability issue). Basically when a user changes their login password in Mac OS X, your best best is to just entirely reset the keychain back to defaults. If you're using custom SSL certs or anything like that JBark posted:You only need to do it once, it's just not displayed because of the way their DNS page queries your records. I think the changes are saved to some sort of staging server, so if you reload the DNS setup page right after making a change, it will query the actual servers and not show the changes. Just have to give it a couple minutes and it should show up then. Originally I thought that, but completely logging out and logging back into the DNS page still shows no changes. I think it's just their poo poo software. So going back to the whole SaaS Spam blocking post I made a while back. I'm currently 3 days into a trial with AppRiver and holy jesus, the amount of spam we're getting now has to be easily reduced by 95%. Unfortunately it appears that the 5% of spammers are actually bypassing our MX Records and delivering spam directly to the mailserver. AppRiver says that the only way to counter this is to completely block all traffic to the mailserver and put specific exceptions into our firewall to allow only AppRiver mail delivery services to connect. Unfortunately they must never have heard of mobile users. :/ McDeth fucked around with this message at 19:01 on Oct 14, 2015 |
# ? Oct 14, 2015 18:56 |
|
wyoak posted:Profiles are tied to SID, not username, so you'll be fine from that perspective. I've never actually renamed someone while they're logged in, I'd like to know too. My bet is like 90% of things would work fine but something would screw up. I'd suggest doing a quick test on your local machine. Punch %userprofile% into a run prompt, observe the behavior, then make your change against whatever account is logged in. After the change punch %userprofile% in again. If it works without any issues there's a good change you'll be perfectly fine. Like Wyoak said, most everything is tied to SID.
|
# ? Oct 14, 2015 19:51 |
|
Thanks guys. We're testing tomorrow. Next question: CEO going to China. Is it "safe" for him to check email from there using hotel wifi on the iPad? My thought is yes, it's an encrypted connection, no big deal. But the question made me nervous bc I never had to deal with China stuff.
|
# ? Oct 15, 2015 01:44 |
|
HTTPS ok, VPN very random as many local routers are really poorly implemented devices or the great firewall will just block it.
|
# ? Oct 15, 2015 02:07 |
|
MrMoo posted:HTTPS ok, VPN very random as many local routers are really poorly implemented devices or the great firewall will just block it. I ended up telling him get a LTE hotspot and use that instead of free wifi and just log in to HTTPS stuff only.
|
# ? Oct 27, 2015 17:47 |
|
Why is my GPO to push o365 click to run not working but gpresult says it's applying the policy and the script works great when running manually :'(
|
# ? Oct 27, 2015 17:48 |
|
NevergirlsOFFICIAL posted:I ended up telling him get a LTE hotspot and use that instead of free wifi
|
# ? Oct 27, 2015 23:09 |
|
NevergirlsOFFICIAL posted:Why is my GPO to push o365 click to run not working but gpresult says it's applying the policy and the script works great when running manually :'( It may be that the local system account that the script is running as isn't able to access a network resource that the script relies on. Or the script is relying on an environment variable or path that is different for that account.
|
# ? Oct 28, 2015 00:26 |
|
frogbert posted:It may be that the local system account that the script is running as isn't able to access a network resource that the script relies on. oh yeah
|
# ? Oct 28, 2015 02:50 |
|
nexxai posted:This is literally the same thing delivered in two different ways. You're still within the country of China meaning your device can and will be targeted. There are numerous reports on sites like Cryptome of guys having completely blank phones and laptops being infected (or attempted to be infected) within minutes of landing and connecting to a network there. I see. well I'm an idiot.
|
# ? Oct 28, 2015 02:51 |
|
So apparently the newest version of Mac OS X El Crapitan completely breaks Cord, the only decent VNC/RDC app that I've seen for Mac OS X. (If you think that Remote Desktop that comes with Office 2011 or whatever is decent then plz kill yourself immediately.) I have been looking at alternatives to Cord but unfortunately I cannot find any decent free alternatives, so I have started to entertain using Remote Desktop Connection Manager on a VM running Windows 8. I'm completely unfamiliar with RDCM, so I'm hoping that somebody here can point me in the right direction. I can set up servers and connect to them if I manually specify the IP address and username of an admin account with access to RDC, but I assume that there is a way to auto-discover computers allowing connections to RDC? How would I do that?
|
# ? Oct 28, 2015 18:49 |
|
Is this an issue you can handle server-side? Because I just put VNC on everything. Edit: I guess I should be asking "What features of RDP do you require?" and "What features of CoRD did you find desirable?" 'Cause if the answer to the first question is "it's non-negotiable" and the answer to the second question is just "that it works," then you might consider virtualizing an itty bitty linux thin-client with Remmina and literally nothing else, instead of an entire copy of Win7. Comedy option: build freerdp for unix. Claim your birthright. Live in the command line. Eikre fucked around with this message at 20:36 on Oct 28, 2015 |
# ? Oct 28, 2015 20:04 |
|
McDeth posted:So apparently the newest version of Mac OS X El Crapitan completely breaks Cord, the only decent VNC/RDC app that I've seen for Mac OS X. (If you think that Remote Desktop that comes with Office 2011 or whatever is decent then plz kill yourself immediately.) Why not use the Microsoft Remote Desktop app for Mac (not the one that comes with 2011 but the one with the red box)? Works fine. For VNC I just use the built-in VNC in Finder but I never use VNC so.
|
# ? Oct 28, 2015 20:34 |
|
NevergirlsOFFICIAL posted:Why not use the Microsoft Remote Desktop app for Mac (not the one that comes with 2011 but the one with the red box)? Works fine. For VNC I just use the built-in VNC in Finder but I never use VNC so. Actually, I take it back. I guess I haven't used Remote Desktop Connection for a while and so far the only thing I dislike about it is that there's no 'dashboard' view to let you see all of the remote desktops you've connected to.
|
# ? Oct 28, 2015 22:28 |
|
|
# ? May 30, 2024 13:47 |
|
Devolution's RemoteDesktopManager has treated me pretty well.
|
# ? Nov 1, 2015 10:12 |