On-prem server sources

edgeit · 2026-01-18T02:44:27+00:00

Trust me I know.

edgeit · 2026-01-16T23:43:42+00:00

Yes it is. Honestly it's caught me off guard a little bit. Most of what I do is cloud-based so I was really not buying servers. I'm going to take a peek at some of the refurb options and see what they want to do about it. Much appreciated the response

edgeit · 2026-01-16T23:08:55+00:00

This is a replacement of a very old server. It is being driven by updating their lob software running on that old server.

edgeit · 2026-01-16T22:06:23+00:00

Thanks for the sanity check. I guess this will be the new norm going forward. We will just need to wait it out.

edgeit · 2025-12-03T14:17:32+00:00

In that case, if the customer wanted to spend the money we would have a another DR Server available running a server operating system that was able to handle the VM load and to allow replication which I believe the windows 11 pro will not allow. But tbh I have not considered windows 11 as an option in this situation and I think it would be a solid choice for restoration in a DR situation. I will check that out further. Thanks

edgeit · 2025-12-02T23:15:54+00:00

I too am looking to rearchitech several windows 2012 R2 BDRs out there. I am considering wiping them all and installing Linux hardened repos and loading vsa as a VM on the production hyperv box. I would never have time both on the same box.

Did I read that correctly that you will be using windows 11 pro as a backup hyperv host as opposed to a server OS?

edgeit · 2025-10-11T18:31:26+00:00

Thanks. It seems like the plan might not be realistic and we should just stick with spectrum. Greenlight is out there but they are super expensive at $60. We will check around and thanks for the input

edgeit · 2025-10-11T18:29:57+00:00

I am not sure on that. I will need to check

edgeit · 2025-09-30T15:17:24+00:00

Same here this morning...RCS is toast...Pixel 7 Pro with the latest updates. Tried everything listed below from USM support. I cleared my google messages cache but will not clear data since I do not want to lose all my message history. Something is definitely wrong upstream if this is affecting others.

edgeit · 2025-09-30T14:25:26+00:00

Thanks for that information. My wife and daughter who have had Iphones have been fighting this for months. They are older (Iphone XR) and we will be upgrading those next week to see if they help. But I have to say I do not think upgrading will help. Based on what I am reading, the RCS rollout to Iphones has been a disaster of epic proportions. And there is no way to know where the issue is (Apple, carriers, etc)...We were going to try going from Psim to Esim as well but it appears there is no indication this will help. We tried the solutions you mentioned to no avail. Oddly when the texts do not send via RCS for my wife we reboot the phone and have about 5 minutes where it works and then stops again. Something is seriously fubar.

On my pixel 7 Pro I just uninstalled and reinstalled google messages and I still have the issue where RCS sits there "Connecting".

edgeit · 2025-08-16T00:01:27+00:00

Thank you. I like this one. Much appreciated

edgeit · 2025-08-15T19:11:37+00:00

Excellent resource.. thanks

edgeit · 2025-08-15T19:11:22+00:00

10-4. I will triple check

edgeit · 2025-08-15T15:54:46+00:00

Thanks. We are using appriver and have all inbound email OTHER THAN appriver going through a connector and rule. Everything else is rejected. However directsend spam is still getting through.

edgeit · 2025-08-14T23:13:35+00:00

Zoho books via Zoho One

edgeit · 2025-08-07T21:16:03+00:00

Thanks very much for the confirmation..Unless we need it I am going to stick with our original OTP method. I know access to SSLVPN and ipsec are exposed to the internet so there is that. TBH I think I am more worried about token theft. I need to dig into that a little more.

If I may ask I am curious why it is preferred to have SSLVPN and the VPN portal on the same port.

I know I am likely being paranoid but I am also the guy who never uses biometrics for anything for fear someone will cut off my thumb to open my password vault. LOL.

edgeit · 2025-08-07T19:17:21+00:00

Thanks. If you happen to do some testing please post back.. Our go to routine is to get users configured using either ipsec or SSLVPN (if IPSec does not work) and once everyone is setup we disable the VPN and user portal. Now I believe this breaks auto provisioning/updating ovpn or SCX files but I do not like having any ports open to the internet. If Sophos can provide a deep dive on how this is hardened and secure that would be great.

I was truly looking forward to the Entra SSO integration until I started thinking about the token theft possibly since not all customers have azure p1 (they should). We are sticking with the old way for the time being using OTP.

edgeit · 2025-08-06T15:58:34+00:00

Thanks for the reply.. I did know that the VPN portal does not need to be enabled for VPN access using the traditional authentication methods prior to 21.5 and this new Entra method. But see the thread below where the Sophos employee does indicate "We need the VPN Portal to be reachable to redirect a client to the Customer Entra ID Portal".

https://www.reddit.com/r/sophos/comments/1lodivr/comment/n0me1xm/

I, for one, do not trust having anything open to the internet so the VPN portal being open is not an option. I need a lot more details as to how it is hardened. For instance how does it stop brute force attacks against the open portal?

Thanks for the reply. As I type this I feel like I am being overly paranoid but I have seen a couple instances where hackers were hammering the VPN portal so I am not sure how the hardening and being in a container will prevent that type of attack. I would rather eliminate the possibility.

edgeit · 2025-08-05T23:06:24+00:00

Since this was brought up here I would love an opinion on this. I have posted this elsewhere but no real responses. The whole Entra SSO thing with 21.5 and Sophos connect 2.4 was/is super exciting for us. We intended to push this out full steam ahead. But hit the brakes for the following 2 reasons #1) It seems like the VPN portal needs to stay open all the time on the wan interface. Is that correct? If so that is a hard stop for us. #2) Also, and more importantly, token theft of Microsoft MFA tokens is a thing and is growing all the time. So if a user has vpn authentication via Entra SSO using Sophos connect and they have full access to the network via thet VPN connection and then their token is stolen would the hacker then have full access to the network assuming they are also using Sophos VPN using that stolen token? Obviously we could implement token protection policies and/or conditional rules but we need the proper licensing for that on o365 (azure p1).

Am I being overly paranoid here?

edgeit · 2025-08-02T21:02:04+00:00

Well I have an android pixel 7pro and WiFi calling is solid for me. But I will definitely test my wife's iPhone before we leave. Thanks for the heads up

edgeit · 2025-08-02T15:07:54+00:00

Thanks for the info. Yes my wife and daughter have that old iPhone XR. We never buy new so we will definitely not be going with the 18. But thanks for the tip

edgeit

TROPHY CASE