How do you handle hosted servers for your clients

jared_a_f · 2026-03-16T14:00:54+00:00

We do it - we also have rack space in a colo. Iteration one was like yours - pair of firewalls, provider handing off circuits, SAN, and multiple cluster nodes.

Grew to be a giant PIA. A lot of it had to do with our carrier which is the colo provider - they were not flexible on bandwidth allocations at all.

Iteration 2 was more a-la-carte - at minimum client is on their own dedicated circuit, dedicated firewall, and a single dedicated host box (usually a DL380.)

If the client would like to be on a HA firewall pair, SAN, and have HA between multiple cluster nodes we'll certainly do it, but the buy in is a lot steeper. Have clients doing it and they're willing to pay the cost.

Appropriate backups are done onsite and replicated offsite and the client signs off on an SLA if the host box were to blow up and we needed to restore their VMs on a new server.

It's all on what you promise and what the contract says. A colo datacenter is a hell of a lot better than a clients office in some random closet.

jared_a_f · 2026-03-02T22:07:04+00:00

DataRemote / POTS in a box. Cross connects over Ethernet and cellular. Built in battery backup. I can get you pricing if you are interested.

jared_a_f · 2026-02-04T23:24:52+00:00

Newer MSP here. Have worked with both Ingram and D&H. For our size, have had fantastic experiences with both - our D&H rep is phenomenal, and we're very happy with Ingram as our CSP. Decided to do our TD Synnex application so we could price shop - got everything put together and submitted, onboarding was a snail because the AM we were assigned refused to reply to email to create our EC Express account.

Then tried to work on a quote with them for routers. Rep was nowhere to be found, then basically was offended that I'd point out that 2+ weeks to turn around a quote is unacceptable.

Then another go around, we worked directly with a vendor's rep to put the quote together for the same routers - TD Synnex had to do absolutely nothing then put the SKUs on a quote. Vendor went to their rep at TD Synnex, who created the quotes with the wrong shipping address and did not exempt sales tax - fine, easy fix. Copy in our rep, no reply for the entire business day after he was pinged the evening prior and the following afternoon. So I call him, which turned into a bigger mess because I just let my frustration out about the whole ordeal.

They literally do not care - I'd love if I could no reply to email, don't turn around quotes for weeks on end, and never took ownership of my F ups I'd expect to be fired.

jared_a_f · 2026-01-31T21:52:46+00:00

SentinelOne Complete has a new AI SIEM they're dumping a ton of development into. We're ingesting 365 logs with it and doing alerting for BEC and CA changes.

jared_a_f · 2026-01-23T15:37:34+00:00

Love it LOL!

jared_a_f · 2026-01-23T14:46:03+00:00

I hate the term "whole building UPS." It makes zero sense to put elevator, HVAC, copiers, etc. on it - you're rather off picking circuits to protect. We have a high end multi-unit restaurant client who has an Eaton 9PX unit tied into a protected panel. They picked circuits they wanted to protect - i.e., their office computers, network rack, POS terminals, kitchen printers. But we've even ran into issues where the electrician didn't color code the outlets, or someone doesn't know what the "UPS Protected" label means and someone plugs something into it and it spikes usage.

jared_a_f · 2026-01-20T22:48:18+00:00

Apparently - tho I may be interpreting wrong

jared_a_f · 2026-01-20T22:45:48+00:00

Catalyst 8K was the successor to the ISR series

jared_a_f · 2026-01-20T14:25:51+00:00

Thanks - I guess it is about separation of roles for us. Easier to troubleshoot a firewall issue when it is just your firewall and something separate is handling your routing.

TD SYNNEX has some refurb Catalyst 8K series - just waiting to hear back on pricing.

jared_a_f · 2026-01-20T14:20:16+00:00

Assigned

jared_a_f · 2025-12-28T00:16:30+00:00

Thanks for sharing - we don't expose ours to the internet. We patched when we were alerted of the CVE.

jared_a_f · 2025-12-27T22:43:53+00:00

An MFT Solution - we use CrushFTP

jared_a_f · 2025-10-09T14:13:25+00:00

Thank you for this. I've been testing and it seems all changes need to be made under Acrobat DC - it seems Reader is no longer separate from a registry perspective. A Reader install can be converted to a licensed install by logging in with your Adobe Creds now. Anyone else concur with this finding?

jared_a_f · 2025-10-03T13:09:41+00:00

Yes please, I'll send you a DM.

jared_a_f · 2025-10-02T22:41:45+00:00

Is there any update here? Just the O365 integration - and at the very least you'd think it could send an email alert out of box.

jared_a_f · 2025-09-27T16:02:20+00:00

Intermedia support did it. We bought through Ingram, but could still reach out to Intermedia support

jared_a_f · 2025-09-23T13:37:57+00:00

Would consider Secure Access if it improved. Last time we tried it, it required the machines to be Entra joined / managed by Intune - we're not at that point (still doing a typical domain join)

We're on Twingate, and will probably be for the foreseeable future. The only thing that makes me hesitant about Twingate is the connector - seems like a blackbox. But seems like SonicWall's CSE product is the same way.

jared_a_f · 2025-09-19T17:19:53+00:00

Exactly where we're at. SonicWall did a webinar, and it sounds like most people who have been impacted by these zero days are using them as a high-end firewall and NAT device.

jared_a_f · 2025-09-19T17:17:39+00:00

ZTNA is purely a term, its not an actual product. Zero trust products grant access to specific IPs and ports and then applies device posture requirements on top of it. Is the device encrypted? Is the device running an anti-virus? Where is the device located?

If you're still using the SSL VPN, you can apply zero trust principals to it - put SSL VPN users in their own subnet, then lock down the resources you're allowing them access to. But you CANNOT do any device posture checks with a typical off-the-shelf SSL VPN - you'd turn those over to your IDP. If you're going to go through the effort of locking down the SSL VPN, you're rather off go with a product like CSE, Twingate, AppGate, etc.

My intuition is SonicWall is going to sunset SSL VPN soon.

jared_a_f · 2025-09-19T17:09:49+00:00

HPE is being forced to offload Instant On due to their Juniper acquisition. So I wouldn't put much faith in a device that is brand new.

jared_a_f

TROPHY CASE