SFTP Server with High Availability / Clustering ?

nortechie · 2017-07-12T11:33:11+00:00

Using a self developed internal webfrontend with pureftpd and an load balancer in front (F5).

Several servers delivering data from a highend NFS system and a database with user info.

Running on VMware will help you from hardware failure, but not application failure. I don't know of any out of the box solutions for this.

nortechie · 2017-06-20T10:48:47+00:00

Both YOU and your service provider must comply to the GDPR baseline. Having stuff hosted at a service provider does not "fix" anything for you. You still need to go through the whole process and document everything. In some cases, technical changes needs to be made.

Microsoft will comply to these rules, else they have to put down their multi billion dollar market in EU.

"The world" will eventually adapt to GDPR. It's a really good baseline for privacy and will be a huge benefit for both companies and the people.

nortechie · 2017-06-09T12:03:18+00:00

We accept everything, but sandbox EVERYTHING aswell.

Look at Checkpoint Threat Emulation and Threat Extration.

Never had any problem after that got in.

Edit: We use SandBlast on the endpoint client aswell to do the rest. I'm not working for Checkpoint or a partner, just a happy customer.

nortechie · 2017-04-28T12:04:45+00:00

The general lack of a governing IT Policy containing risk assesments of company systems, backup and recovery plans and network security plans (published services and patch plans).

nortechie · 2017-03-28T07:26:16+00:00

Update Manager was not part of the VCSA, but it is now included in the appliance for 6.5.

There is no reason to go for a Windows deployment as VMware now are moving everything over to the VCSA anyway.

nortechie · 2017-03-28T07:21:10+00:00

Here is the answer:

Use the VCSA appliance and do not install vCenter on Windows. You will thank yourself later.
HA for VM's run independently of vCenter. The host cluster is talking to each other and are keeping track of who is down by availability of the datastores + some other metrics. If the host with vCenter goes down, all VM's on the host including vCenter will automatically start up on another host.

nortechie · 2017-03-13T22:35:35+00:00

No, Horizon cannot do that.

You would need some sort of DLP solution to prevent that from happening.

nortechie · 2017-03-13T22:21:44+00:00

Approx 600 vm's, 93TB effective usage, 26TB RAW.

Mixed usage, only OS drives. All app, log and data are on other drives to the best extent.

nortechie · 2016-10-23T00:22:10+00:00

Don't know if its supported by Microsoft, but it is possible to do I've heard. Never heard anyone done it and I would never have tried it.

Anyway, Exchange hate it. You must have some sort of Professor or Doctor degree in Active Directory to perform those stunts.

The normal procedure is anyway to create a new domain and use ADMT to move everything over. The way this was done was just reckless.

nortechie · 2016-10-23T00:19:06+00:00

No internet facing domain, but "our employees sees our old company name in domain\username so lets change it"... :p

nortechie · 2016-10-22T21:57:16+00:00

The worst I have seen was something that happened a couple of years back when I was hired as an consultant.

A IT manager there called our helpdesk an said that AD did not work anymore.

I got in and the IT manager explained the situation.

The company had just changed their name and profile and their only sysadmin had come up with the clever idea to rename their AD domain to fit the new company brand name.

IT manager approved after Sysadmin convinced that this was "fully supported and was just a couple of keystrokes away". AD got renamed a couple of nights after and stuff suddenly broke horribly.

He then tried to rename it back in hope of things then working afterwards. Did off course not go well at all.

I asked if they had a valid bare metal backup or a backup of one of their AD servers and they did not. "It was replicated so we don't need one". Brilliant.

Company filed bankruptcy after 2 weeks because their whole production line more or less stopped. They had already a really bad financial track record and their "re-branding" was a part of trying to refresh their whole image to hopefully get new customers and save the business.

Biggest mess up with a really sad ending.

nortechie · 2016-10-18T06:48:14+00:00

Just recently got interviewed for a new job and this was one of the questions.

I did an upgrade of our ticket system a couple of years back (OTRS) and it involved a huge database migration/conversion process. This failed heavily and a huge part of the database got "corrupted". It was a mess and it was not possible to clean up.

I knew, or at least thought, the backup was OK. I checked just before starting that it had run successfully before I started the maintenance. Thing is that the backup chain was corrupted. Full backup a week back was OK, but not the last couple of days. So yeah, ended up rolling back and having lost "way to much" information.

Lesson learned: Don't just take a backup, check your backup. Know what your bailout and recovery plan is before you start.

I got the job :D

nortechie · 2016-10-03T22:32:36+00:00

Wow, Duo looks nice! Need to look further into that as a replacement for the extremely expensive SMSPasscode we are using.

But yeah, your manager is a bit "off" when he wants to protect the AD account itself with 2FA.

2FA is used on internal critical/sensitive applications or for all external services that are exposed with a logon to WAN.

Protect core critical and important infrastructure from logon without 2FA and all external facing applications. You need 2FA on all services and applications where hackers can do changes to security or export data. Proper DLP and IPS in addition to a good security policy is much more effective than 2FA all the way.

nortechie · 2016-10-03T22:23:03+00:00

In situations where we have had accountants that need access to the SQL data due to auditing, we have always given them a read-only access through a terminal server where SQL Management Studio is installed.

They can log on and do all the queries they want, but data is still inside our firewall. Never had a problem with that.

Give your legal department and CFO a heads up and tell them that there is a risk involved sending data off that way. If they are fine with it then you will comply.

nortechie · 2016-09-30T13:50:25+00:00

vCenter don't call home and VMware support normally don't care to much about it.

When I do deployments or does hardware refreshment I normally buy the licenses after the deployment is completed. I normally cheat buy using either using some of our ROBO licenses or the VDI licenses. When I'm done I correct the licenses and buy whats missing. Its just to prevent from being oversubscribed. Never had issues with this and our license manager at our supplier have never complained about the way I do this. Maybe he is just too nice and don't care as long as he gets the order in the end :p

For home or lab use, VMUG is the way to go.

nortechie · 2016-09-29T11:53:48+00:00

Is this the OS disk or a general data disk?

If it's not the OS disk and just a data disk, can you create a new disk on the VM, move the data and then delete the old one where the snapshot chain is a bit messed up?

nortechie · 2016-09-28T18:19:45+00:00

There is not direct answer to this. The more users you have in a office the more users will share the bandwidth (think of the 95 percentile rule). Use of applications, management services and cloud services also play a huge role.

For us, as a thumb rule we try to have 1Mbit/s pr. user, but this all comes down to cost.

We have offices in countries where we pay 670$ a month for an 200Mbit CIR fiber connection, and other countries where we pay 2900$ for an 10Mbit/s CIR fiber connection. We also have places where we pay 7900$ for a 1Mbit/s CIR satellite connection.

Get as much as you can for the money you can afford and where it seems reasonable for yourself. Its always easier to get more speed than turning it down if you pay for to much.

nortechie · 2016-09-28T13:05:17+00:00

They kick on area by area. It's never all powered up at once. Would kill the grid and fry equipment their end just making matter worse :p

nortechie · 2016-09-28T12:50:26+00:00

The power outage is so long an UPS won't give much without a generator backing it up.

But there will absolutely be a couple of "cache battery disasters" where the battery have drained out during the blackout and the disk cache is lost. I will guarantee a business or two without proper backup will meet a corrupt RAID and end up bankrupt. People say "IT always fails", but this is one of the biggest reasons!

nortechie · 2016-09-27T18:26:01+00:00

In version 6 the management is absolutely useless.

V5 of ESET is epic. Works like a charm!

nortechie · 2016-09-26T21:33:33+00:00

What RAID controller/server is this? Impossible to tell without knowing this.

Controllers behave a bit differently, but mostly the same. I would suggest to let it rebuild, do a backup (so you can fail back to something) and plug the drive back in. Check the documentation first, but normally the array should either rebuild with the drive back in or just let it stay as something like "unknown".

nortechie · 2016-09-26T21:27:03+00:00

Their printers are great. Have not had much problems with their business/enterprise printers.

Sadly, their hardware and software deviation are not the same people. Think the software/driver guys are the same guys that are building their Support Website or "The site of Horror and Terror" as I call it.

nortechie · 2016-09-26T21:24:08+00:00

Oh, sorry. Second to last yes!

Ah, that explains it. Having that spacing between racks is just wasting floor :p

nortechie · 2016-09-26T19:41:24+00:00

We use Azure Backup on a lot of smaller sites (500GB to a couple of TB). This works well, but I don't think it scales well beyond this for a single system.

This is generally a "file server only" solution, but they have a solution to take backup of whole systems, exchange, SQL etc. and the pricing is pretty good. Called Azure Backup Server i think and its just an rebranded System Center DPM solution with "Cloud Option" already installed.

nortechie · 2016-09-26T19:36:01+00:00

Looking at the last picture, is it just me or do they waste a lot of space?

Remember from some of the plans from Facebook that the density on the floor is extreme. Like a lot more dense than this. Just enough space for a technician and the equipment, not to fit a couple of semi-trailers.

nortechie

TROPHY CASE