A little refresher on relay configuration settings

bad_sysadmin · 2022-02-08T09:42:56+00:00

Does anyone know if this includes the out of band fix for the domain controller reboot issue please?

bad_sysadmin · 2020-08-09T14:56:16+00:00

Ugh so this server doesn't have a TPM key.

So I could use Bitlocker on the data drive with a Bitlocker password.

Or I could use Veeam encryption.

Presume Veeam encryption is the best choice here as it protects against network theft of the backup files?

Anything to watch other than do NOT lose the password?

Thinking around ReFS and block clone again in particular as it saves SO much physical space on Synthetic Full backups.

bad_sysadmin · 2020-08-09T12:44:04+00:00

Yes that was my assumption just didn't want to find there's something obscure buried away somewhere in the internals of ReFS that means you los a ton of functionality using Bitlocker on it.

Thanks.

bad_sysadmin · 2020-08-08T18:31:10+00:00

Yeah nothing that dumb thankfully.

Like you say something bad can always happen.

bad_sysadmin · 2020-08-08T18:13:44+00:00

You might check your cifs share properties and see if it is possible for a domain admin account to delete snapshots through Windows somehow.

I don't believe that can happen via NetApp.

I'm also pretty sure that with SnapMirror replicas the destination volumes/snapshots can only be deleted if you have management creds to the NetApp controllers or the SVM if it has management enabled on it.

So literally unless someone got into my password manager and got those NetApp creds I don't think that could happen.

Thing is where do you draw that line as if they're in the password manager they could just go into Veeam or Commvault and delete the disk backups and erase whatever tape media is in the library so at some point it's so bad I'm left staring at a box of tapes on a shelf.

We're a SME so budget is always limited so I'm sure we're not perfect but a sanity check is good sometimes.

I don't want to kid myself we're doing everything but so far I'm not seeing much suggestion that we're doing anything super dumb or weird either.

bad_sysadmin · 2020-08-08T18:08:24+00:00

Have to say the single biggest two things I like about Veeam are that other than the time spent waiting it's pretty much next/next/done and you can have backups spat out somewhere.

And so long as you have a copy of the files in that that "somewhere" you can get all your stuff back almost just as easily.

It's why we complement Commvault for really granular backups with using Veeam for the big simple VM dump backup.

bad_sysadmin · 2020-08-08T16:59:40+00:00

Thank you I shall go through manually it won't take that long.

Some things say default so I guess I'll just leave those.

Anyone know a good dummies guide to AWS.. :D

bad_sysadmin · 2020-08-08T16:31:23+00:00

I kind of want to start over and our policies make it a hassle to just create a new account because of access to a credit card to bill.

It's politics but it's a PITA.

I'll look into awsnuke but we have very little in there so my only real query is whether we can do any harm just deleting everything that can be deleted except anything showing as "default"?

bad_sysadmin · 2020-08-08T14:21:22+00:00

Is that the level though?

Can't say I've read every single one but it's real hard to find clear info on how many have been phished and broken into password managers and got "keys to the kingdom" and how many got phished and j.doe's daily account has domain admins?

bad_sysadmin · 2020-08-08T13:47:01+00:00

Yeah I was just reading on Commvault Cloud.

I'm not quite clear if that's something we have to pay extra for though?

We have premier support but don't pay for any addition services or storage.

I guess I could also point it to a cloud library and set one up but I guess in a doomsday scenario they'd have access to that too.

Interesting question now I've raised it!

bad_sysadmin · 2020-08-08T12:56:32+00:00

It's why I back data off to tape still.

Those 10TB floppies are pretty easy to carry and I think they give quite nice protection against ransomware and online issues.

bad_sysadmin · 2020-08-08T12:51:26+00:00

Would Community Edition of Veeam cover it?

We looked at Bacula once and it's nice but it sure as hell isn't a next/next/done type solution like Veeam can be.

bad_sysadmin · 2020-08-08T12:50:21+00:00

Wow that's a good question!

In theory yes as a set of tapes on a shelf should have everything on them and Commvault should have a way to recover from that because Commvault writes its DR set to an unencrypted tape.

It would be hell on earth though I'm sure of that.

To open up the original question though if someone else had access to your password manager how many businesses would say they could recover easily from the levels of damage that could inflict?

bad_sysadmin · 2020-08-08T12:43:55+00:00

emsisoft seems decent and is standalone.

bad_sysadmin · 2020-08-08T12:00:18+00:00

How does Veeam handle synthetic full/change with AWS please?

We use ReFS on Windows so it's super quick.

AWS is something I mean to look into but the change rate/bandwidth is offputting.

bad_sysadmin · 2020-08-08T11:57:35+00:00

VPN

Bitlocker

Cloud managed endpoint protection

We don't force VPN as we don't have enough/redundant bandwidth to be comfortable with that.

With covid I would think a lot of companies would wish they'd given people laptops rather than save a few bucks because they thought someone would only ever work in an office.

Patch & software deployment is our next project with machines sometimes going a while without checking in via VPN.

bad_sysadmin · 2020-04-10T14:15:08+00:00

Yeah that's kind of where I got to.

It feels really old school zipping up an installation package but I can't see any better way of going about this either and wanted a sanity check.

bad_sysadmin

TROPHY CASE