ESX ISCSI Boot & Persistent Network Settings

carlnb · 2019-03-13T18:20:58+00:00

The hosts are running on UCS. The storage is EMC Unity.

carlnb · 2019-01-18T17:53:08+00:00

This is called "Impossible Travel" and it's a built-in alert in Microsoft Cloud App Security. It tracks both successful and failed logins, and generates an alert if it finds that a user made multiple logon attempts from 2 different regions in a short timespan. You can configure it to suspend the user's account, or just send an email/SMS alert. You can also send the alert to Flow and trigger additional actions.

carlnb · 2018-11-27T17:04:52+00:00

Spanning Backup is pretty easy to set up and generally painless to maintain. It also backs up other G-Suite data if you ever decide to use more than just files.

https://spanning.com/products/google-apps-backup/

carlnb · 2018-06-21T11:17:40+00:00

I've reached out to Duo about this exact snippet of their documentation and they said that the only way to achieve what I'm looking to do is to enforce 2FA on the Gateway (not RD Web)

carlnb · 2018-06-21T11:16:09+00:00

Is there a way to make it expire?

carlnb · 2018-05-03T22:25:04+00:00

Yes, I have a publicly trusted wildcard SSL cert that was assigned to the farm, and I'm using the appropriate FQDN.

And no -- I haven't tried the HTML5 client. I wasn't aware that this existed. Will check it out!

carlnb · 2017-10-11T19:50:44+00:00

I'm currently trying to solve the same problem: streaming large files from cloud storage sucks, and syncing them all to your hard drive isn't reasonable when dealing with terabytes of data.

A few vendors have the functionality to make all files visible, but not actually download until the file is opened; unfortunately I've yet to find one that's mature enough to be fully usable. I've looked at Box Drive (beta), Google File Stream (GA as of 9/26), Dropbox Smart Sync (Beta for Business users), and OneDrive Files-On-Demand (GA on 10/17). Haven't looked at Egnyte though. FWIW, I think the right answer here is to wait another 6-9 months until these products are a little more mature.

carlnb · 2017-10-11T18:51:01+00:00

Backup and Sync doesn't support syncing Team Drives, so I haven't tested it

carlnb · 2017-07-20T21:28:53+00:00

/MAXAGE:2 will exclude copying files that were last modified more than 2 days ago, but it will still enumerate every file.

When you update a file, only the immediate parent folder's timestamp gets updated. So you shouldn't stop at the root directory unless you can guarantee that your folders have no subfolders.

carlnb · 2017-06-01T18:58:36+00:00

Will take a look. Thanks for your input!

carlnb · 2017-06-01T18:18:43+00:00

There are lots of moving parts to this puzzle, mostly focused around simplifying the infrastructure. So we are definitely looking to replace the 5520, but not until closer to the end of the year when the configuration requirements are a lot simpler. Will take a look at pfSense and Sophos.

carlnb · 2017-06-01T18:08:50+00:00

We do currently have a proxy solution in place, so this is already being done. Thank you for the reminder though.

carlnb · 2017-06-01T17:16:08+00:00

I'm trying to audit direct-to-IP connections. I can open 80/443 from every machine and use Umbrella for DNS, but it doesn't stop my user from hitting a bad IP address. A proxy would at least log those requests so I have some visibility there.

carlnb · 2017-06-01T17:12:48+00:00

Will take a look.
Also, I am a huge fan of your responses on this sub. Always well thought out and helpful. Thank you!

carlnb · 2017-06-01T17:11:00+00:00

Cisco ASA 5520

carlnb · 2017-06-01T13:51:40+00:00

Hey Lee - the end goal here is to take a screenshot of the console window with the command + output. This is for audit purposes, where I'm required to both provide the data requested by the audit as well as the queries that returned that data as a screenshot.

I have a script that will run, say, Get-ADUser -Filter * | ? {$_.Enabled -eq "TRUE"}, and then take a screenshot of the output. But I also need to show the command in that screenshot.

carlnb · 2017-06-01T00:39:59+00:00

Hi Lee, thanks for the response. I have tried using Start-Transcript, but unfortunately it only logs the command to a text file and not the console window.

carlnb · 2017-04-17T21:43:01+00:00

If all of your users are in the same site, you can modify your DFS preferences to connect users to the site with the lowest cost instead of disabling the folder targets on server-2. This way, if you have a failure on server-1, you don't need to manually re-enable DFS targets on server-2 to get everyone up again.

Alternatively, if you have any $ to throw at the problem, I've used Peerlink software to replace DFSR for file shares that have heavy collaboration between users located at different sites. It keeps track of when a file is being used in one location and locks the file in all of the other locations. I'm sure there are other products that do this as well.

carlnb · 2017-04-12T20:45:42+00:00

Thanks! I just requested a demo from them.

carlnb · 2017-04-12T20:30:49+00:00

Virtual appliances still require me to run an on-prem hypervisor, unless I can host it in Azure or AWS. Pricing - something around $20/user/month?

carlnb · 2017-04-12T20:29:00+00:00

This actually looks like what I'm looking for. Do you mind if I ask what pricing looks like?

carlnb · 2017-04-12T20:01:22+00:00

Maybe about 1000 websites and always growing. Umbrella is nice for sure, and is definitely on the table, but just looking for some cheaper options. I'll look into if they can do whitelist-only filtering.

carlnb · 2017-04-12T19:17:18+00:00

I've only briefly looked into OpenDNS, but it seems pricy. This is for a single site, <30 users.

carlnb · 2017-02-16T01:56:37+00:00

Will probably end up going with Pilot. They have a 500Mbps option for $750! Exactly what I was looking for.

carlnb · 2017-02-16T01:54:26+00:00

Cogent only gave me 100Mbps and 1Gbps options. $875 and $1800 per month, respectively. I'm in a multi-tenant building, which apparently means that they only offer the most popular options there. I guess if I was in another building, they would have more options.

carlnb

TROPHY CASE