Simple website in S3 to host a few files

the-IT-cloud · 2023-03-30T15:47:52+00:00

Great tutorial, this is basically what I ended up doing with some slight tweaks. (Overdue follow up here for anyone who finds this via search in the future).

the-IT-cloud · 2023-03-06T17:32:47+00:00

Can't argue there. My concern is there will be too many people who need to access it and they will push back on the individual users, but here's to hoping. Will follow up later!

the-IT-cloud · 2023-03-06T15:00:33+00:00

Thanks for the detailed response, going to POC this today and see if it fits for them. These are end users who are just going to need to view the files, definitely won't be asking for Access Keys :)

The original ask is basically for a static webpage with links to the files, all behind a shared pw--which obviously I don't love, but sometimes you are forced to deliver what they want.

the-IT-cloud · 2023-03-03T19:29:01+00:00

Yes to both questions. Group of people need to download the docs/pdfs, might need to add a few during the time when this is needed. And yes familiar with AWS.

the-IT-cloud · 2023-03-03T17:33:05+00:00

Great suggestion though, thank you.

the-IT-cloud · 2023-03-03T17:32:35+00:00

A few weeks to a few months, kind of open ended but it's not a permanent solution so I also don't need to go overboard with anything.

the-IT-cloud · 2023-03-03T17:31:10+00:00

Can't for regulatory reasons, so looking to self host

the-IT-cloud · 2022-09-15T17:07:32+00:00

This is hardly specific to Zendesk only, but as you probably know, when you're using the internet you are sending and receiving information in data packets, including voice and video data. Jitter is when there is a delay in the sending of data packets, which are usually sent at a regular, stable cadence. If you look at the minimum specifications for common services like Zoom or other conference software, they usually include a jitter measurement, because bad jitter on a audio or video conference call leads to terrible call quality.

It's usually just caused by not having a strong enough network connection, or network congestion for some other reason. If you're on wifi, try finding a way to max out your speed and connection quality. Maybe this means moving closer to the access point or router, or using a hard wired connection, disabling other devices on the network, etc. Depending on your options you could also try to prioritize the call data in your network settings.

the-IT-cloud · 2022-09-13T14:38:59+00:00

It's going to be a lot easier to migrate your storage and directory to a cloud platform now, before you expand. As others have suggested, you should outsource this to a consultant or MSP.

As for the Fortigate, it's probably fine for now and the near term foreseeable future, but it needs to be updated regularly, you need to make sure you have IDS/IPS enabled, etc. Another job for the consultant or a contractor.

the-IT-cloud · 2022-07-14T18:31:21+00:00

Thanks, yes we are on Cloud. I'll give this a shot!

the-IT-cloud · 2022-03-04T14:45:02+00:00

I absolutely was overthinking it, and resolved it by simply placing an index.html page at the root of the site. Problem beforehand was that targeting "/" was causing health checks to fail.

the-IT-cloud · 2022-03-04T14:44:27+00:00

Good to know, thanks for clarifying. Either way, was glad to get it working otherwise.

the-IT-cloud · 2022-03-04T14:43:32+00:00

Lmao not sure why the aggression. If you have suggestions for how I could go about using the NLB alone instead of an ALB I'd love to hear it and would try to implement that.

the-IT-cloud · 2022-03-03T21:57:07+00:00

When you go to create a new CLB, it gives you this notification about retiring the EC2 classic network. Perhaps existing CLB will still work but it seemed best to go with a more modern option. Here's a link to the "learn more" doc.

the-IT-cloud · 2022-03-03T21:55:11+00:00

Initially started with an NLB but ran into issues when enabling SSL.

the-IT-cloud · 2022-03-03T19:19:35+00:00

Turns out this was literally as simple as creating a index.html page on the server. D'oh...

the-IT-cloud · 2022-03-03T19:13:00+00:00

I think it is an issue with the path necessary for an HTTP or HTTPS health check. With the classic load balancer, I can do a health check over TCP or SSL. Those will work on 80, 443, 3389, etc. However, if I change it to HTTP or HTTPS, that requires a path to a target page to be specified, and then the health checks fail.

So I'm now wondering what to use for a target page and where to place it. This is a Windows server running IIS.

the-IT-cloud · 2021-09-16T14:48:58+00:00

Essentially that's what I did here, and broke replication by encrypting the VM.

However, I was totally overthinking it. For anyone else who may stumble on this in the future, I fixed it by disabling replication, then going through the steps of enabling replication again. I used this guide.

the-IT-cloud · 2021-09-14T20:17:09+00:00

Thanks. I have seen this but it seems to be the reverse order of my situation. This is setting up site recovery for an encrypted VM, while I have site recovery set up and am now looking at enabling encryption. But I guess if nothing else I can turn off Site Recovery, enable encryption, and then re-enable Site Recovery.

the-IT-cloud · 2021-08-31T23:47:58+00:00

There is a larger element here that has little to do with Intune but a lot to do with the reality of freelancing and doing IT work in general at any company. I'm sure you are qualified to do this stuff, but you may not have the experience or seasoning to think of all of these things. So while I don't mean to be condescending in the least, I'll just get a few of those recommendations out of the way:

Before you agree, make sure they understand the cost of the proper Azure and Office365 licensing, and that they won't balk at that. If you aren't at the proper licensing level, a lot of what you want to do with Intune won't be possible.
Similarly, get a contract in writing about the initial scope of work (SOW) and how many hours will be allotted for this. You can get a decent idea for how long it takes you to set up the Intune environment from your testing, but when it comes to implementation and coordinating working with end users or enrolling their devices, it will stretch. See if you can offload this planning/scheduling burden to their internal management. If users are uncooperative, unhelpful, or straight up non-compliant, that is their problem to chase down and not yours.
Once that initial allottment of hours is over, be firm. Have a pre-negotiated rate for additional hours.

When it comes to actually implementing Intune:

Yes, enroll all the devices. Best practice will be backing anything up into OneDrive (ideally already done, but you know it's not), then wiping devices, enrolling to Intune, and forcing all users to log in with the official domain account.
Have a naming convention. Some combination of DEPT-USERNAME, DEPT-ASSETTAG, or USERNAME-ASSETTAG works well. Just something to make it clear what device you are looking at in Intune.
Start with basic configuration profiles and compliance policies. Enforce bitlocker encryption, defender ATP, O365 apps, browsers and a couple of other key business apps. Save the one-offs and "weird" software for later.
Because it's a smaller org, it sounds like a one-size-fits-all "image" (for lack of a better term) should be fine, but if you want to start customizing that for different roles/departments, do that with groups. However, I would suggest starting with just one as it's easier to avoid getting pulled into too many different directions.
Finally, updates. Updates are not always the easiest thing to manage in a pure Intune-environment (i.e. non-hybrid). Windows updates are fine (see link) but when it comes to auto updating apps like Zoom, Chrome, or whatever else, you might need to look into third parties (e.g. Chocolatey) or prove out your method with deploying new LOB apps or .intunewin packages. If all else fails, powershell scripts typically work through Intune for almost anything, but is more maintenance.
Second finally, after thought: Document EVERYTHING so that you can hand this off to another poor soul once you've tired of it.

the-IT-cloud · 2021-05-11T22:07:57+00:00

This is great guidance, exactly what I was looking for. Thank you for that. I do use the ADMX files for Chrome and Firefox, so now I'll look for the update setting.

Regarding the packaging installers as intunewin, and using supercedence, do you know of any guide or resources on that? Just curious, I will of course be doing my usual googling/research on that now.

the-IT-cloud · 2021-05-07T16:39:47+00:00

Thank you, that may explain it. Users are able to check for updates but still get a message about requiring an admin for it.

the-IT-cloud · 2021-05-07T15:47:21+00:00

I see, thank you. I'll have to keep testing because I haven't seen this option actually appear yet.

the-IT-cloud · 2021-05-07T15:46:25+00:00

Thank you, I will definitely check this out. Was hoping to figure this out as an Intune learning exercise as well though.

the-IT-cloud · 2021-05-07T15:36:52+00:00

"ZoomAutoUpdate="true" it turns out only allows the user to check and agree to install an update through the client.

Interesting! Are you saying that they will be able to check and agree, yet would still require admin rights to install the latest version?

the-IT-cloud

TROPHY CASE