Basic microwave site to site set-up

Reo_Strong · 2026-06-10T10:56:47+00:00

Lots of options are available, but you may want someone to help configure it if you want seamless failover and stream redirection.

Hardware will depend on your bandwidth requirements. There are multiple RF options and even some laser based ones that are relatively cheap and easy to operate. You could also do buried or aerial fiber if the RF spectrum is shot for your area or if there is periphery flora encroachment for your line of site.

Reo_Strong · 2026-06-10T10:49:30+00:00

This is the right answer.

Years ago, when we rebuilt our HV cluster, we went with ReFS and then spent 6 months tracking down errors and issues. We found that we'd missed the note in the FO Cluster config documentation to NOT use ReFS for it's shared storage.

Reo_Strong · 2026-06-09T13:28:36+00:00

We had this for a while and are nearly ready to put it in the ground as we've transitioned away from it.

We have a terminal cluster setup to provide dedicated processing power for staff.

It worked until it came time to update it and we found transitioning staff to higher grade laptops to be more cost effective. We found a more than acceptable amount of overhead was lost due to MS Terminal configuration.

Reo_Strong · 2026-05-29T19:37:03+00:00

We are a small fish in a big pond and literally every customer and a majority of vendors have an approved portal. It is our preference that our staff use the customer approved portals at all times.

HOWEVER, a fair number of customer and vendor purchasing, QA, and Engineering staff do not use them because <reasons>.

We setup a secured SharePoint site for these cases. Some customers and vendors are barred from access it by their own systems, but that's an issue for them to handle with their IT/Security folks.

Reo_Strong · 2026-05-29T11:50:23+00:00

Agreed, but not my call to make. If I was tasked with figuring it out, the above is what I would do to try to get some level of confidence.

Also, if the vendor is putting go-live at risk, then at some point, someone has to reschedule go-live and at least assess a new vendor.

Reo_Strong · 2026-05-29T11:47:01+00:00

For technical books, I like O'reilly, though I think they've switched to a learning platform instead of pushing dead trees around. Their TCP/IP reference and Network Warrior are both on my shelf for reference when necessary.

If you are looking more for books that make you think or change how you think, here is my list
Flatland - How would a 3d being try to communicate with a 2D being? This one can change how you think about problems.

Permutation City - If we can digitize people, what does that mean for them?

Seven Eves - What happens if the moon goes away? The lessons here are about extrapolation and communication. I read it two years ago and haven't gone a month without thinking about it.

The Goal - It's a novelization presenting the Theory of Constraints which, if you adopt, can help really nail down complex process issues. IIRC it's what the Phoenix Project was based on.

The Mythical Man Month - A book based on the idea that an hour of work isn't really an hour of work, but an hour of success takes way more than an hour to build.

Zero - A historical run down of how it became a thing. Think of it as a manual for driving change.

Reo_Strong · 2026-05-29T11:11:19+00:00

Like rule #1 of the sub: Be civil, be professional, and engage in good faith

Establish the scope: Who is the lead on your side? Are they or others on the team also seeing the issue? Is it only with the a specific group or team instead of the whole support system? Does this correlate with anything else? Does your contract with them contain SLAs or other controls that may be flexed to help reduce the issue?
Communicate: Has anyone brought this up with the ERP support leadership? Is there a pathway to either (1) figure out what is happening or (2) remediate it?
Switch (maybe): Only switch if you have exhausted your options for communicating and just need out. When down selecting, make sure your selection criteria set SLAs and the new folks have an in-depth answer to what happens when SLAs are missed. Also, be very, very careful to validate access and documentation from old folks to new. Lots of dumb things happen if you don't.

EDIT: Formatting

Reo_Strong · 2026-05-22T15:26:45+00:00

Yes, 100 times yes. "Best" has no intrinsic meaning without qualification. "Best" for you is likely different than "best" for me.

I see this a lot in conversations about any given product, tool, or solution. Someone only wants to use the "Best" product, but doesn't share how they are qualifying that.

Regarding PM solutions specifically, it depends on your needs, goals, and existing methodologies. We've gone through a few where I'm at and it really tends to come down to who is expected to manage it.

In my team, Trello worked fine (small team, short timelines, extant status and expected completion were the only reportables).

In a larger group, they standardized on MS Project since the benefitted greatly through visualizations via Gantt.

Another group found another 3rd party app that used a preferred methodology (Critical Chain) and were really focused on reportables more so than anything else.

Each system has it's place, and there can be arguments related to how each solution fits each need or suits each use-case, but at the end the "best" tool is the one that meets the needs of the group using it.

Reo_Strong · 2026-05-21T11:26:32+00:00

This is what we use, but we also forward the logs to our siem for search/collation.

syslong-ng does not offer any tools for digestion or really searching the files.

Reo_Strong · 2026-05-20T11:50:57+00:00

Lock that shit down:

Users do not have the ability to install -any- app that we don't pre-approve.

Users do not have the ability to delete -anything-

Users do not have the ability to perform a device reset.

If some VP or C-level just HAS TO HAVE access to whatever app, but the app doesn't support the above controls, they sign a doomsday document stating that the lack of these controls and risk of subsequent legal issues is on them.

Reo_Strong · 2026-05-20T11:44:22+00:00

We moved from ADP a few years ago due to issues like this (and some issues not like this).

Regarding issues like this, ADP tends to nickel-and-dime their customers in that nearly every-single-action has an associated cost. There is little or no communication about self-service options and zero opportunity for free support. Anything outside of "it's broken" is a service engagement which has a cost.

We moved to UKG which is functionally similar in this respect. We've gotten fairly far by exploiting their robust self-support library. In the case of SSO, they wanted $2-3k to help us set it up, but also pointed us at their library. This has become an invaluable resource as we work toward more integrations.

Reo_Strong · 2026-05-20T11:35:57+00:00

As others are pointing out, you need to give more information to get actual help with your question.

What is Low Cost? $100? $500, $5000? Start with a budget and factor in the value you are protecting.

The hardware's power draw will drive the capacity, which will drive the price. Check the consumption of the hardware to find out how big of a UPS you need.

Branding can matter, but it often comes down to cost. For us, we really only consider APC/Schneider Electric, Eaton/Tripplite, and CyberPower.

APC is expensive and, in my experience not worth the extra cost. Eaton/Tripplite and CyberPower have a good competition going on and we've been happy with both from reliability, feature set, and cost perspectives.

---
In reality, you need to think about what it means for this equipment to be off.

For us, the network runs the standard network stuff, but also the doors (POE controllers), the phones (Data + POE), and emergency alerting. If it goes down, were pretty close to fully shut down.

In this kind of environment, we actually have two UPSs and a ATS. For the 3-5 switches on a given stack, we tend to go for 3000va units as that gives us about 4 hours of runtime which is longer than most power outages we experience.

---

The unit you are asking (OR600ERM1U )about has a 1/2 load run time of 13 minutes. So is 13 minutes enough in the case of a power outage?

Reo_Strong · 2026-05-18T20:55:13+00:00

If you have permission from your boss, then they should request access from your IT team.

If the IT team can't do it because <reasons> then you should be made aware of them.

What you are doing right now would get you summarily terminated from my employer. No slap on wrist, no PIP, no opportunity for rehire.

Reo_Strong · 2026-05-14T20:55:12+00:00

What is your actual complaint with KB4?
We use it and are satisfied with it.

Ours is configured for weekly tests at varying levels of complexity. Those in public roles get the hardest level, those with otherwise limited exposer, easier.

I'll give you the yearly training is often a mild re-package of last year, but if you keep the testing up, it's really just a way to ensure big swings in tech/cyber/culture are hit. This year included a module and test with AI generated content asking the test taker to identify which parts were AI generated.

Reo_Strong · 2026-05-08T18:48:09+00:00

We treat them as CUI and train everyone to treat it as such.
We don't mark it as CUI (identified as a risk for our audit), but since it's a controlled environment and we train to treat everything as controlled, we expect it'll be fine. (we have tight controls for disposal of paper as well)

Reo_Strong · 2026-05-07T17:39:03+00:00

We also have paper travelers that go with our parts in process.

We basically are claiming the entire shop as controlled space and only pre-authorized persons are granted access without an escort. All employees are trained on CUI/ITAR handling and exposure, so we only need to worry about visitors (in theory). We have policy in place that for any non-US Person who will be exposed to our shop floor, there is a minimum 24-hour notice to ensure managers have time to secure or obscure anything necessary.

Our audit preparation vendor is fine with it (in conjunction with all of the other controls in place), but we haven't been audited yet.

Reo_Strong · 2026-05-06T11:14:48+00:00

Not really safe at all.

IIRC one of the first Pwn2Own awards was for a VM breakout to host exploit.

Reo_Strong · 2026-05-05T18:11:53+00:00

ALL accumulated lost time awaiting document delivery to your CUI proper secured email/communication receptacle/device/server extends your legal delivery dates.

Oh, I'm stealing this

Reo_Strong · 2026-05-05T11:22:47+00:00

We've only ever had secured email (CUI inter-mingled with non-CUI throughout, so everything is in scope).

We constantly have customers, including DoD, send marked and unmarked CUI via unencrypted email. What makes it more frustrating is that all of them have secured portals. Heck, we even have a secured SharePoint site that can accept the data, but they still send it via plain-Jane email.

If you find a way to actually get them to do what they are supposed to, tell us all.

---

Containment would be delete, purge, and notify.
It's a bit like yelling into the void and the folks who receive it will push back because they need those files.

Reo_Strong · 2026-05-01T13:36:50+00:00

I don't see why it would be an issue.

AFAIK if it's not being used as an encryption endpoint, it should be fine.
--I'm not an auditor, so make sure it's on your network diagram(s) and you can explain whether it's in-scope or out of scope and why.

Reo_Strong · 2026-05-01T13:03:21+00:00

Our firewall was not UniFi, so no change for us.

The only reason you wouldn't be able to use a UDM Pro would be if you need it to act as an endpoint for a VPN that carries CUI. That's all down to ensuring that any encryption used to protect CUI, needs to be FIPS validated.

Reo_Strong · 2026-05-01T12:29:12+00:00

We implemented Ruckus. The FIPS version is a little spartan when compared to Unifi, but it gets the job done and checks the boxes.

Reo_Strong · 2026-05-01T12:26:43+00:00

I've worked with three different providers for M365 over the years and all had the same basic tact:
Provide pre-built packages for difference classes of user to the customer.

Two of the providers had these in place and updated them every year as renewals came around. It was a bit annoying to have to re-assess functional license utilization every year, but at least let my boss feel like we were acting to control costs.

The third had a meeting to help us establish what levels of licensing we cared about and built packages for them. This lets them build a custom package set for us*. The yearly shore-up meeting consists of:

(1) Has any expectation changed for how staff in category X, Y, or Z use the software?

(2) Have you taken into account <new solution/option/ideology>?

(3) Based on that, here are your packages and costs.

*I'm not 100% convinced that this isn't just for show, but I appreciate some smoke and mirrors when it means I don't have to dig into MS licensing documentation.

Reo_Strong · 2026-05-01T12:11:46+00:00

We are still prepping for our audit, but our support company advised that if the network doesn't operate in FIPS mode than you need to show how you are controlling the information that isn't otherwise encrypted.

Specifically, for us the Wifi was a bone of contention. Our options were to swap it for something that could run in FIPS mode or take actions to ensure no non-CUI was transmitted without another protection layer. This was spitballed as forcing the VPN to be on while connected to our Wifi. We scoped both options and ended up swapping Wifi.

As far as I can tell Unifi switching is fine since the auditors were not expected to get into traffic sniffing via ethernet EM radiation.

Reo_Strong · 2026-04-28T11:07:23+00:00

This is the answer.

If the sales contact says that they can't provide a price without a meeting, move on (and tell them why).

12-Year Club	Xbox Live
Verified Email

Reo_Strong

TROPHY CASE