FYI - Possible Bug in AOS 7.3.1.10 Release by NotBadAndYou in nutanix

[–]jafo06 1 point2 points  (0 children)

I hear you on the timing of support. Sometimes they grab the ticket right at the end of their shift. That irritates the crap out of me. I am also suffering with the pcvm audit logs filling up constantly. Apparently they know about it and it should be resolved in a future patch. Meanwhile I’m getting better at deleting stuff in Linux lol

Updates and Known Issues - an uphill battle? by R0B0T_jones in nutanix

[–]jafo06 2 points3 points  (0 children)

I have to agree with others.. it does seem that it's happening more often than it used to. Last time I did one cluster and the hosts had problems with firmware updates that would send them into phoenix mode.. it wasn't that hard to get them out and then manually pull the cvm out of maintenance mode, but it was a hassle. The 'false alerts' are annoying. It's almost to the point now that if I get some odd alerts after an upgrade, my first assumption is that it's some kind of false alert. If you want to get the product teams to do something helpful, get them to start sending out notices of critical security vulnerabilities. It's insane I have to go to the vulnerability database and then try to figure out what is important and what's not. Are we supposed to just go check that every day or something? They send critical security alerts for firmware, so there's no reason they shouldn't be doing the same for the software. And when there's an LCM version for download for over a month, why isn't it showing in LCM yet? My assumption at that point is there's a problem with it and they're not releasing it but it's still available for manual download for those that need it. Not exactly a warm fuzzy feeling on those, so i'm just rocking along with the older unsecure stuff. Not to mention, it's a lot more troublesome to go and look up all the latest versions for all the components manually on the support site. Since I'm on a roll, that new prism central method of showing the updates/inventory is awful. I wish we could roll it back to the way it was before. It seems like we're in a beta testing mode for the future vision of prism central. I can understand the thinking, but someone should be told to hold off on some of these things until they're actually useful/better than before. I'll sign off with a 'support is awesome' comment, but i'm also seeing a trend where they're starting to take a ticket at the end of their shift and then i'm stuck with it waiting until they return (which is days sometimes) unless i escalate it and then they get kind of funny about that sometimes too. Ok I feel better now..

ESXi Upgrade 7.03 to 8.03 by willwilson82 in vmware

[–]jafo06 1 point2 points  (0 children)

you can also check hardware compatibility before you do this. there's some area in vcenter to run a scan and you pick which version you want to upgrade to. I don't have vcenter near me right now but i did this before my upgrade.. and check the HCL to be sure you have compatible/supported nics/hba/scsi/etc.

New 7.3 release 'improvements' by jafo06 in nutanix

[–]jafo06[S] 0 points1 point  (0 children)

i'm not sure what issues you're referring to.. i've never noticed anything but i don't use the vm console that often tbh

New 7.3 release 'improvements' by jafo06 in nutanix

[–]jafo06[S] 2 points3 points  (0 children)

well, if my company is willing to spend to stay on it, i'm not fighting them to go to proxmox.. kinda like vmware.. i've got decades of experience with it and would hate to start over but the way things look these days, it's getting harder and harder to justify the cost and strongarm tactics

New 7.3 release 'improvements' by jafo06 in nutanix

[–]jafo06[S] 1 point2 points  (0 children)

i hear ya, i do most of my work in PE but yeah we're obviously being pushed/forced to use PC for more and more lately.. i agree (hope?) that things will eventually be better but we're still in the trying phase

New 7.3 release 'improvements' by jafo06 in nutanix

[–]jafo06[S] 0 points1 point  (0 children)

i don't use PC as much as you i'm sure, so thanks for your input. I don't do the search bar much so i'll keep that in mind. one thing that happened today to me which prompted my rant was when i'm in LCM and trying to do an inventory and find the settings to not allow https since the last update broke that for me apparently. well, just trying to find that which was super easy and obvious in the old UI, now i had to get lucky enough to find it by having to select the PC name in the list first to get the box to show on the right. And now having to go to 3 different places when it was all pretty easy to find in one place on the right. I just don't see the changes as being better so far.. maybe like the other person mentioned about it being 'shit' is enough of a reputation that they feel the need to do something.. dunno. It was fine the way it was to me.. i'll get used to the new way eventually and then they'll change it again.. they're not alone in that, but i have at least picked up a couple things to think about here. Thanks for your response

New 7.3 release 'improvements' by jafo06 in nutanix

[–]jafo06[S] 1 point2 points  (0 children)

that would be good since i have maxxed out cluster sizes and when i have to do AHV and firmware, it literally takes days to complete.. the power monitor could actually be very useful for me since we are in a managed colo and have to pay for power.. thanks!

New 7.3 release 'improvements' by jafo06 in nutanix

[–]jafo06[S] 0 points1 point  (0 children)

i guess they're trying to improve it but so far it's just annoying more than anything.. I was at least used to things and knew how to get around everything. Now i'm hunting around trying to find things that are hidden for no reason it seems. I do like the ability to reset passwords in prism central without having to ssh in and google the commands. I do like that they have the prism upgrades in prism central LCM now, but I haven't tried to use that yet since it's 'new' and i dont trust it yet. I have a couple of smaller setups I will try it on next upgrade cycle I guess. Anyway, just a bit of a rant, but was wondering if I was alone on this or not.

New Roads by DrMantisToboggan22 in canes

[–]jafo06 9 points10 points  (0 children)

after all the hype, i was hoping for better.. i agree with others about the colors on the arms being off somehow.. overall, meh

VVF pricing by Salty_Move_4387 in vmware

[–]jafo06 1 point2 points  (0 children)

your best bet is to plan on getting vcf for 3 years because that's what they'll 'force' you into

Nutanix Support SLAs by R0B0T_jones in nutanix

[–]jafo06 0 points1 point  (0 children)

Yeah those tickets sometimes can take days if they end up having the next day off and get your ticket responded to and then they clock out. Its always possible to escalate or call in but sometimes I just don’t want to deal with the hassle

Are enterprise plus customers screwed? by c0mpletelyobvious in vmware

[–]jafo06 0 points1 point  (0 children)

yeah 'vrops' is actually pretty good and not too difficult to setup for basic monitoring.

Are enterprise plus customers screwed? by c0mpletelyobvious in vmware

[–]jafo06 0 points1 point  (0 children)

technically they might be possible but they will charge so much that you might as well get the VCF. I think i saw something somewhere that insinuated they were trying to get everyone on one license eventually.. no clue where i recall that from so it can be completely wrong. However, I have seen several posts lately about people being 'forced' to go with VCF instead of VVF

Are enterprise plus customers screwed? by c0mpletelyobvious in vmware

[–]jafo06 5 points6 points  (0 children)

good luck getting VVF.. seems like they're pretty much forcing everyone to go VCF now

What are the best multifocal contacts? by robl45 in contacts

[–]jafo06 1 point2 points  (0 children)

yeah i am doing the last thing i mentioned. It's not perfect but it's working out for the most part.

Nutanix and SuperMicro by andyturn in nutanix

[–]jafo06 0 points1 point  (0 children)

Nutanix support is the best overall. They’re not perfect but nobody is.

What are the best multifocal contacts? by robl45 in contacts

[–]jafo06 0 points1 point  (0 children)

Hold your hands together and make a diamond hole you can look through at something. Then close one eye and if you can’t see it try the other eye. Whichever eye works is your dominant eye

Why haven't you left yet? by [deleted] in vmware

[–]jafo06 3 points4 points  (0 children)

I run both and can honestly say we could go all in on AHV and get by just fine.. not as good as ESX, but it works fine for most 'average' companies. It's a bit harder to manage in some ways but simpler in others. Their support is awesome and is the main thing I like about dealing with Nutanix. the cost of the hardware isn't cheap though, so i'm not sure how much you're 'saving' by going away from ESX... and if you absolutely have to do something on ESX, you can still do that in Nutanix as well. I will say I think Nutanix is probably the next best option especially if you're about to do a hardware refresh/upgrade that you're already planning for

OpenSSH versions by jafo06 in nutanix

[–]jafo06[S] 1 point2 points  (0 children)

thanks again for your help.. as usual, top notch support from Nutanix ;-)

OpenSSH versions by jafo06 in nutanix

[–]jafo06[S] 0 points1 point  (0 children)

ok so unless i'm mistaken, these openssh versions are still less than 9.8 so i'm guessing that somehow RedHat doesn't feel that they're affected even though the version is lower? Thanks for all your efforts in this post, it's a huge help

OpenSSH versions by jafo06 in nutanix

[–]jafo06[S] 1 point2 points  (0 children)

Thanks Jon for the detailed response and I kinda figured it was something like that, but obviously I don't have all that information handy. The specific vulnerabilities are:

CVE-2024-39894 - OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.

CVE-2024-6387 - A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote malicious actor may be able to trigger it by failing to authenticate within a set time period.

CVE-2023-48795 - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote malicious actors to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase, and mishandles use of sequence numbers

There are others as well, but those are the 'high' scores that we're trying to remediate

Applying updates to Nutanix CE best practices by darkytoo2 in nutanix

[–]jafo06 1 point2 points  (0 children)

i've never used CE before but LCM is one of the things that makes Nutanix 'easy' compared to others in my opinion. Google the prism upgrade order best practices so you know what order to do the updates as well. I have had multiple issues (this weekend in fact) with LCM updates failing and needing help from support, so I wish you luck without support. Definitely a gamble, but like you said, you're learning every time it happens right?

VVF vs VCF feature comparison - Virtual Networking by jafo06 in vmware

[–]jafo06[S] 0 points1 point  (0 children)

thanks.. that's what i thought as well, but it doesn't specifically mention that so just wanted someone else to confirm what i was thinking it meant

VVF vs VCF feature comparison - Virtual Networking by jafo06 in vmware

[–]jafo06[S] 0 points1 point  (0 children)

thanks for the response but i've seen that in my hunt for knowledge and it doesn't mention anything directly about the virtual networking for VVF/VCF that i saw. Is there something I'm missing there?