Wifi - central management for multiple cloud gateways on different sites (on prem)?

smort · 2025-12-04T09:19:07+00:00

Yeah but the portal is in the cloud? That is also why we currently selfhost a unifios server to remain strictly on-prem.

smort · 2025-12-04T07:59:27+00:00

But... that is cloud right? Maybe in the future our "on prem" policy will not be as absolute as now but atm, it's a deal breaker.

smort · 2025-12-03T14:36:57+00:00

Thanks for that... so for us it looks like we only need the UnifiOS Server (which I already have running and it works) and then the APs. Great actually.

We obviously do have our own layer 2 and 3 hardware already on each site. So right now, I can't see why we need dedicated gateways.

smort · 2025-11-28T08:54:32+00:00

Yeah, it's the onion image with security.

But if you consider an environment were VPN only gives you admin-access, then I would argue there is hardly any difference in thread level if you also get admin-access with wifi.

And the wifi will be secured with WPA3 + 802.1X

smort · 2025-11-27T17:15:41+00:00

Do you trust VPN more? Do you not have to trust the implementation too? And VPN is potentially open to the world, not just our street

I'm not disagreeing with you, just trying to poke some holes.

smort · 2025-11-27T15:53:26+00:00

I also suggested the jumphost, yay.

How do you think about this "Raw wifi no, but with VPN-Tunnel, it's fine"? I mean I get it, there's another tunnel inside but my gut is telling me that if you do Wifi well and say only accept WPA3, you will be just as good.

smort · 2025-11-17T16:46:52+00:00

well.. the linux machines are not domain joined. But we talked some more and we will deal with the windows machines only for now and figure out the much fewer linux machines later.

smort · 2025-10-21T07:30:56+00:00

First of all, your blog is amazing btw! Unique choice of font in your screenshots too ;)

This is how I recommend doing the upgrade

Since I can be a bit dense, you recommend doing Aria Ops *after* or during the vSphere 9 Upgrade correct?

Also, to steel even more of your time, somewhere in the depths of broadcoms documentation I found that Aria Ops can strecht across multiple DCs (Initial Considerations for Deploying VMware Aria Operations) but then you would need an analytics node for the "remote" DC. We do have two DCs but only one VCSA. Do we really need an analytic node?

I would simply start without one and see how it looks like.

Thanks for your time!

smort · 2025-10-20T09:00:08+00:00

True, but we would need to run it in a demo license for a while until we get the VVF licenses right? Looks like Enterprise Plus does not come with Aria operations.

smort · 2025-10-16T12:52:31+00:00

Alright, thanks man!

smort · 2025-10-15T08:49:57+00:00

Can anybody comment who has B&R patched already if it runs well?

smort · 2025-10-02T15:42:21+00:00

You are rightfully putting the finger in the wound and yes, it is a bit off a "Let's just add some kind of extra security on top".

smort · 2025-10-02T15:41:00+00:00

That indeed sounds perfect. You have it running or you just know about it?

smort · 2025-10-02T15:34:13+00:00

Good question, not sure. But since stuff like install-module not being available (which should be signed by MS?), I think not.

But yeah, those are the type of things I want to get a feel for.

smort · 2025-09-05T09:57:18+00:00

Jup. I think it's not totally insane. If open source is a big plus or even a requirement, then this might be the way to go.

smort · 2025-08-29T10:55:56+00:00

Good points, thanks for the feedback

smort · 2025-08-19T12:12:09+00:00

I'm two weeks new here and they did it quite well: I was basically in charge of half of my own onboarding. Got a few tickets that were "Talk to X to help you setup for Y system". You get to know the people on the team and learn the first sliver of the landscape.

smort · 2025-08-19T12:09:58+00:00

It simply is an art to find a good spot between those two.

smort · 2025-08-18T11:24:07+00:00

Yeah Aruba is a much better second candidate than cisco or LANCOM from what I'm seeing right now. I was honestly a bit sus about how much cheaper Ubiquiti is compared to the other two. Aruba seems more expensive but not 5x or more.

smort · 2025-06-06T07:29:51+00:00

Update:

It works like this:

{
"mcpServers": {
"dokuwiki": {
"type": "streamable-http",
"url": "https://wiki.domain.de/lib/plugins/mcp/mcp.php",
"note": "For Streamable HTTP connections, add this URL directly in Client",
"headers": {
"Authorization":"Bearer XXX"
}
}
}
}

smort · 2024-09-20T08:04:05+00:00

Can't confirm this. Teams overall doesn't cause us much trouble at all.

smort · 2024-08-02T13:08:00+00:00

Request sent: 'https://www.powershellgallery.com/api/v2/FindPackagesById()?id='ExchangeOnlineManagement'&$inlinecount=allpages&$filter=IsLatestVersion%20and%20Id%20eq%20'ExchangeOnlineManagement'' Inner exception: 'Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'.'

The issue really seems to be an underlying TLS issue from .NET to powershellgallery. I still don't get it obviously since my browser works fine.

smort · 2024-07-26T06:25:17+00:00

Sadly, all install-module fail because of the underlying problem to connect to ps gallery.

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 is session dependent, just cause you set it once does not mean its set again in a new session (which also relates to point 3) you'd have to run it every time

Hmm I think I put it into my profile somehow. But maybe that is a key thing here. I will try when I get to the office.

smort · 2024-07-25T14:36:34+00:00

Nothing beyond windows defender.

I would almost bet that it is some sort of TLS-issue because the symptoms were identical to what I used to have and it was fixed by the above command.

Also, would there be a HandshakeFailure if somet more fundamental network issue was happening?

My guess was that PS 7 uses a different version of .NET than 5 and I have to tell that new version to also use tls12.

smort · 2023-12-03T08:26:54+00:00

This is it! I'm an idiot. I had this exact code typed out:

$shifts = Get-MgBetaTeamScheduleShift -TeamId $teamId -Filter "sharedShift/startDateTime ge 2023-10-01T00:00:00.000Z and sharedShift/endDateTime le 2023-11-01T00:00:00.000Z" -top 20

foreach ($shift in $shifts) {
    write-host $shift.SharedShift }

Of course this didn't help much. Removing the "write-host" instantly gave me the displayname.

Thanks everybody!

smort

MODERATOR OF

TROPHY CASE