 need it. I don't know. There's always people waiting. We don't need to countdown. That's the last waiting audience. If they like to countdown. So we're live. Yeah, it's a so I don't actually do the countdown for the audience to show up. I do the countdown because it says you're alive, but you're not actually live. There's a there's a pause. Yeah, it's like 10 seconds. So it can be up to 10 seconds. So yeah, you just sit there like stare silently and welcome to vlog. There's a number 378 where we just kind of, you know, hit live in mid-sentence. We were debating whether or not we hit the countdown timer. Oh, I never hit it. I mean, you never hit the countdown. I never hit it. On business technicalities. I always hit it. Yeah. Until I don't. It's the thing. It happens. Um me and Jason are noodling something around. So we'll put at the beginning of here for those of you that don't always watch the entire live stream. Also, we have a hard stop at three, right? Yes. I mean, you keep going. I have a hard stop. Well, if I don't stop at three, I gotta hit traffic later and I don't I'd rather leave at three when I don't have to hit traffic because there's free way issues. Anyways, we're going to set up probably a form on the site. We want to do free tech supports like on we'll do a Friday. Yeah. If it's every other Friday, we'll figure it out on the cadence. But we want to be able to have a form for people who want to get our opinion on the solutions that we talk about or things like that, whether it's shunas, network engineering question, a storage question, hypervisor questions, setups. So we want to like, you know, intake these forms. You can decide what that you want your name used in there. You will have all filled out like that and then we'll read through it and walk through our idea for a solution based on a scenario given to us. Now, of note, we will, what are the investment people say? Not investment advice? Yeah, not legal advice. Not legal advice. Yeah, not legal advice, not investment advice. I two people with some experience here going through our ideas for things, but this is not a guarantee that this is the perfect solutions for you. But we want to walk people through the process and get exposed to some of those ideas. So what else? I see everyone afternoon of Jamaica. Awesome. So Norway. All right. See, I haven't gotten glasses yet, so I pulled my phone up so I can see the comments. Do I need to make them bigger? No, it's fine. But something else and where that photo that was in the thumbnails from is the Wi-Fi assessment which you did yesterday in terms of shipping it. I think I gave it to Travis yesterday. I don't know if he actually shipped it. Okay. He's here to ask him. Yeah, we have a video I recorded of us doing a Wi-Fi assessment. We came in, we saw, we found overlapping channels. We found overlapping channels. We found overzealous power tuning. We found, what did I say? We could hear 360 semi-access points standing in that main area. Yeah. What happens when you're in downtown New York? It was in New York. Yeah, over 300 other access points driving the Wi-Fi crazy. And loops in the network. That's maybe we think. I'm pretty confident. I'm fairly confident too. Yeah. Mystery devices. Mystery devices. But actually that's what we've got is, well this is a DevOps handbook. Over there's all the other ones. We've just been talking about that because we're building out the lab here. Today was our all hands meeting. We talked more about the business side of things here at CNWR on the business technicalities channel, which you'll find linked in the description. But I want to, I think it'd be some good video content and certainly some good troubleshooting content of putting mystery switches in and letting the team find them. No, I got way better than mystery switches. We can find some mystery hubs. Mystery hubs. Oh man. Mystery hubs are way more fun. Oh yeah. Because that was one of the challenges we had at the client was some of the problems they were having had nothing to do with Wi-Fi and everything to do with probably network problems with the, I mean there was like two terabytes of receive only but no transmit. Yeah, transmit. Yeah, we're like that was interesting. Yes. And then I think the one interface had 14 million broadcast packets received on it. Yeah. That's a lot of broadcast. There's a lot of broadcasts for not many people here. We could also just latency bridge over a random T1 we insert in the network. Oh yeah. Do you really mean? We are not using Ikua. What is the software using? It's YukaHow. I'm using Tamagraph. Tamagraph. I'd like to use YukaHow. So if YukaHow happens to see this and wants to sponsor, it's very expensive. It's awesome but it's very expensive. Yeah. We would like to use a few different things and I know they're reaching out to people who do YouTube videos. So I figure after I do the YouTube video, it'll be my impetus to go, here's the video we did. Yeah. We'll do another one with your product if you send me your product. Yeah, I mean we do a couple of these a year, right? So it's not then enough of them to justify the bundle that we're going to buy if I buy YukaHow is like 13 grand. So it's probably not enough to justify 13,000. Yeah. It's just, it's kind of expensive. Yeah. It's a thing. But I will do a whole video on the Wi-Fi survey thing and it's going to be kind of a fun video. We're going to walk through, I filmed some of the stuff we had permission from the client to talk about everything. So we can highlight that. I just fought through my first foray into Harvester. So what do you guys think Susie won't automatically see and boot? I don't know. Harvester seems overly complicated and the only people who have ever asked me about using Harvester as a hypervisor are people who use it to HomeLab. Maybe it's good for the Homeland Environment. I have seen zero. I've never even heard of it so it's very moment. Yeah, it's by open Susie. It's kind of like, I don't think it has near the features. It looks very barren. You said the magic words there. Yeah, I tried to like Susie. I tried. Yeah, I've never got in. I've never got into it. I couldn't get there. So I mean it probably works. It looks like it's just Kubernetes on top of. Yeah. Cody, thank you. Yeah. Semi, well, you know how to get a hold of me. I mean, Cody's got my phone number. Yes. Sidekick too is what I want. Oh, perfect. They shipped him one, so they'll ship us one. Perfect. Problem solved. All we had to do is there. Proxmox versus VMware? Proxmox is better than VMware. Maybe. I don't know. It spends on the use case. Yeah. We've kind of doubled down on XCPNG overall for some of these large installs. I just did another consulting call. We just put a bid together for almost $600,000 for a migration. So we definitely are doubling down on XCPNG for the large scale deployments. But we have a Proxmox in the lab here. We have two of them. I have one in my lab and there's one at the lab here in this office. I still don't have, yeah, and I have a Proxmox. I have a Proxmox of VMware and two XCPNGs at home right now. The problem is I still don't have a good solution for vSAN. I know, I think XCPNG is getting close. It works, not in a hyper-converged. I noodled around a really hacky solution that we could potentially use to do it on the board. Tom cried a little inside. Basically. It will work, but that's 100% it'll work. And basically, run your base OS, hardware, expose the controller to, for the drives to the VM that runs SEF on that VM. An FS mount back to the host to actually run your VMs. So, yeah. But they're close. I am probably going to spend some time talking to the team at Vates and set up a lab demoing with their 8.0, because I think they've got it all set up so it works in 8.3 now. They're hyper-conversion. I want to test it out. I want to start poking at it. And I want to build it to scale where I've got like five or six machines, not just three and see how well it works. So it is on my to-do list because I know they're getting close. They said it should be production ready this year for sure. They just didn't. Developers are developers. They don't want to tell you. It'll be done when it's done. It'll be done when it's done. Yeah. We all love hearing that, right? Oh, seems like a Susie issue. I couldn't get into it either. Yeah. Until you hack the grub config so your HBs are still using them. Yeah. Once I seen people kind of talk about it, it doesn't feel like this. When you compare Proxmox or XCPNG are very smooth solutions that even an amateur home labber can get them set up pretty easily. Like, both of them are easy. Arguably, Proxmox with some exceptions of it just not liking some hardware, which is weird because Debian usually likes all the hardware. I've had Proxmox problems where the installer runs but gets hung up and doesn't like the drives. Yeah. It's, I mean, that's exactly what he's facing there. Yeah. They're just not shipping. They're shipping some subset of basically HCL storage drivers. Right. Right. They sell the ones they've tested and they know work. They're shipping and they're not shipping other things. So, for home lab users, you tend to run into problems because the stuff they've tested is expensive. Right. A question for Tom. Installed EVNG inside of XCPNG. I imported the Mikrotik QCOW 2. But whenever I start Mikrotik in EVNG, the VM restarts, you know it could be enabled. So, you do have nested virtualization able. I've never run EVNG. Did you ever use that or? Yeah. You got me googling a lot on this. I'm going to. It's, EVNGs are pretty popular like network labs set up. Oh, okay. Yeah. It's like, like I said, GNS3. GNS3. Very similar. Or viral. Yeah. I use viral usually. Because I haven't used it, I've always like Mikrotik. When I started learning about Mikrotik, I went and bought one of their $100 switches. I know not everyone has a budget that they can just go buy a $100 switch, but it's kind of like doing things with the physical. I would say that's harder with some of the expensive Cisco gear that's really high end because you're. Yeah. So, when that's happened to me in the past, it's usually the some sort of CPU feature at once that isn't being exposed. Right. So, like if they, so apparently x86 has version levels now, I that's yeah, I've been reading about that somehow that Linux. News article place that starts with P is stalking me on Google news, like all of my Google news is like that. I figured with the name of the thing is I've been reading a lot about the various vendors targeting various levels of x86. And so if they're compiled with like x86 v3, which assumes you have, I think, AVX 512 and you don't have AVX 512, then it just explodes and dies in a ball of flames. And it's possible that XC PNG isn't exposing all the CPU flags to maintain compatibility. And I would check something along those lines, honestly. Yeah. That AVX extension also hangs up a few people because mango, the newer versions of mango and this broke a bunch of people's unified, which was had nothing to do with it. In terms of like they thought it was unified, promised that mango needs the AVX extension or it won't work. It will. You just probably have to compile it from source. Oh, yeah. RPMs or shipping are accepting the AVX extension. Yeah. It's not that there's no way around it, but it's not the apt-get install way around it. We need this to be fast. But again, friends don't let friends run mango. Yeah. Unless it's unified, in case it's just an appliance that you don't actually have to maintain ish. How do you best migrate from VMware site 1 to XCV at site 2? Cry. Yeah. Don't. Yeah. Migrate from VMware at site 1 to XCPNG at site 1 and then ship machine to site 2. Yeah. Well, we've been testing the migration tool and we've had, what, 80%? It's going to get success. Yeah. It seems to not like snapshots. Okay. So there's no, there's snapshots attached. They should. It blows up with their snapshots and we have run into issues. It doesn't seem to like certain OBAs. So like the audit collector, we haven't been able to successfully do that. I mean, it's installed being OBA or an OVF. Okay. So it doesn't seem to like appliances, but as far as like stuff you just install, it's worked very well. Yeah. The, but the good news is, I mean, the one, like the smoothness of it, when it works, it just works and you're like, this is nice. I mean, there's, I cannot give you, I mean, need more info. Do you have 10 gig between site 1 and site 2? Because if so, then yeah, this is easy. If you don't have 10 gig or even gig, then there is probably not a zero downtime way to do this. XTP has some kernel issues. They are using an older kernel, but one of the nice things about XTP and G, it's their own repositories. So they're highly controlled. That's, and it's not as simple as just bring in the latest six kernel and things like that, because it's, things break. I mean, Proxmox is the same way. We, what is the IT226? Yeah. The Intel 226, like nothing, none of those virtualization things have support for that. Right. And this is sure too. Proxmox doesn't like EMMC storage. That is what the problem you run into, and there's a, there's a workaround for it. You have to modify the installer because it actually doesn't want to install, not just not install on EMMC. One, one of the, those, I don't know what that thing is, the one with the 210 gig, the little tiny computer I got, the weird one I reviewed. Yeah. Because it has EMMC, it gives you an error that it can't install, it was a bug in version 8.1, and now it's fixed in 8.2, or maybe it was 8.0, and it's fixed in 8.1, but when I first installed it then, I thought I had to do a workaround to get it to install, because it just says, we can't install, but I don't want you to install on EMMC, I want you to install on the other one, and they're like, yeah, we don't do EMMC. It doesn't want you to install on a removable storage, what do you think it actually works down to? Probably. I think most EMMC presents itself like it's like USB storage, or some crazy, yeah. Yeah. Any recommendation for a Chunas backup server that will use all NAS SSD? I mean, just throw SSD, I mean, Are you backing up to SSD or from SSD? Right. Any bits for any slog? I mean, a slog helps if you need synchronous writes. Only, I did a whole video where it's a long video of people like, that's a lot of video. I'm like, this because there's so much explaining to what a slog is. This is not exactly a write cache. There's a lot of complexities in there. If you're just using it for a backup target, it does not need slog. So how does it get used in replication? I would also question why you're doing a backup target to SSD. Yeah. I mean, unless you need a super fast recovery, generally backups, you save the money and put them on the spinning rest. Yeah. I mean, is this a replication target and not a backup target? Because that changes the calculus a little bit there. But as far as backup goes, I would, backing up to SSD sounds like a lot of money. Like, sounds like enough money you should just give us some. Yeah. Yeah. I don't think you need to back up to SSDs. There might be a better form question because we don't have the form yet for our free tech support thing. These are going to be a lot of questions because like even, like the consulting college today was a lot of going over what would work and what wouldn't work. They have a reasonable budget, but the budget is going to be stretched further because they're willing to get slightly off lease used hardware. They're going to get some, I think they're what, seven Dell 740s who are on the head end of their system. So, you know, it's reason. Yeah. I mean, that stuff gets a bad name and like we use SEI locally here, like, but there's a part place I think is another one. There are so many companies that will warranty that third party hardware and what I really care about is an MSP putting the MSP head on there. I care about vendor support. I care about the fact that I can call somebody and they come out and replace some other war and that thing when it fails or they ship me drives and they're willing, I'll replace drives, but like I'm not, I'll replace things that are field replaceable units that do not require me to direct the server. If it's beyond that, I want the vendor to come do it. Yeah. Well, and the nice thing is it's affordable when you go use because you can put a couple couple in your pool. So you, even if it's just two of them, you've got a complete spare system sitting there. You've joined to the pool and you're like, cool, I could just move the VMs over here if the other one catastrophically fails. Looking to keep power down in my home lab. Yeah. Yeah. So I would not buy older used hardware in that case. That is the exception to the rule is that you tend, the power tends to not be as good. Yeah. I would say I love all these little mini PCs. Serve the home is reviewed a ton of great ones. I've reviewed just a handful of them, but they're awesome because even though we've had a few failures of them, we've had a non-zero number of failures of them for sure. Yeah. But they're so inexpensive. The warranty does kind of suck out of the warranty sucks on the server hardware. But you could make it up in your power bill. If you live, you know, Michigan and I'm in Ohio as well here, we have really inexpensive electricity. So it's not killing us. There's a medium and expensive, yeah. Yeah. 17. I know when you get out west, there's a couple of areas where it's like triple what we pay where the running the server 24-7 could end up costing you. Yeah. I mean, if you're going to go with one of those tiny's of the top tons, do not buy them with memory or storage in them because the failures, the failures we've had are basically in two buckets. The memory and storage that comes from this trash when you buy it from them. It's, there's no other, it's trash. It's not, it's- They use the cheapest stuff it knows many places. The cheapest stuff they possibly can find. The other place we've had a failure on them is they don't bond to the heat sinks. The ones, the fanless ones, they don't bond the heat. They screw up bonding the heat sink to the case sometimes. Yeah. And they just thermally fail then. So. But those are those large. Yeah. The ones with the fans and on the- These are fine. The mini PCs with the fans, those I haven't had fail. No. But back other than bad memory or- Memory or SSD. Yeah. The SSDs don't have a name on them either. They're completely go, go just, and they're usually 512. So just go buy yourself a 2TB and I like a lot of them have three, two and three NVMe slots on them. Yeah. It's basically whatever man flash fell off the back of a truck. There's usually never a DRAM cash in it. It's just not, it's performance and right endurance is not great. Yep. They said Oh, UK. Yeah. Yeah. Yeah. I mean your power is weird over there anyways. I mean ring circuits are like the weirdest thing. I went down to YouTube rabbit hole on ring circuits one day. We'll use a service an older X350 Lenovo server that only supports two and a half disks. So that's the main reason I will use that for replication. I mean you can get if you're go on eBay you can buy like no hours on them. Small two and a half- The 10K two and a half or I mean if I only 7200 to keep the heat down but yeah I'd go buy Sastis for the thing and not not SSD honestly. How can I collaborate with you and be one of your remote IT resources? CNWR.com slash careers I think when we have postings up is up to date. Yeah. Or email your resume to HR at CNWR.com. I believe that address still exists. We'll put you in a pool and if it comes down to it later we may be there. Yeah. Yeah we we hire from time to time. So if you're looking for a job that would be I don't know anything open right now but I expect later this year we will have positions open for sure. Yeah. 26 full time in one half-time employer now. Yeah. So you have about 30 of us now and just about us. We had our all hands meeting today like I said earlier and it's just kind of interesting like there's just more and more faces here. Running a firewall virtually is my new favorite thing. The portability and being able to make snapshots outweighs the kinds of extra software at layer to manage. When it works it's beautiful. I like virtual firewalls. The problem I run into and as I see in my forms repeated. So I'm new to virtualization and I've never loaded pfSense. My first project is loading pfSense and virtualizing it. Yep. And I'm like trial by fire as long as you have the fortitude to go through all the learning steps. I think it's great. The problem is people ask some of the most like they just don't get it type of questions a lot. So and the end of exposing things completely wrong. They plug their cable motor right into their virtualization system and not realize that no VLANs no VLANs and they've now maybe bridge cable companies. Why are there 18 max on your cable mode? Yes. Yeah. You run into that. The other things that I tend to see people don't realize they create themselves chicken and egg problems. So like their virtual firewalls down to another proxmox box but then they set up something like LDAP or some sort of integration or SAML integration or some sort of thing where it requires internet access to log into the VM host and you can't because it's there are chicken and egg problems just avoid those too. Yeah. So it's a auto start. There is there you can set Yes. And both XCPNG and VMware and Proxmox and all of them set the Proxmox VM to auto start. So something clever that Wendell did on level one text. He called it The Forbidden Router. Yeah. We did the PfSense with the pass through but instead of passing it through as an old VM he passed the drive through and he passed one four port network card through but what happens is you can go in the BIOS reboot and it'll boot PfSense natively because it's the same card and he's doing a pass to drive. So that's his plan B. It's complicated but it's fun. I mean to be fair like the you were just down in the basement with one of our newer employees and I have a R710 down there that it's my personal stuff it runs my some web stuff it runs one of my DNS servers and my mail server I still run a mail server with Postfix. Yep. I gave up a couple of years ago with Postfix. I should give up. I don't I mean it's I don't really use that email at this point but and it works like it's a virtual PfSense and it works fine. It requires when it fails fortitude is the right word. Because now it's like how do I talk to this thing? Like how do I get into the VM we're host and then yeah it's a whole thing. Yep. This is a fun one. Can I use Kelly Linux to pen test our corporate systems? We are going through an audit. We have never been pen tested. That really is a you question. Like Kelly Linux in the hands of Tom is not nearly Kelly Linux in the hands of Jason. So. Yeah. I mean yes. It is a good tool to use. It's whether or not you have the skills to use it. Well I mean Kelly Linux is a toolbox. Can you use a toolbox to build a building? Yes. Do you have do you know how to build a building? Maybe. Probably not. Right. Like there is no push button get pen test. It's there's a lot of skill. The pen tester you hire to do that will probably use Kelly Linux from the back end. But they the experience does it. I mean we do that. Especially if it's just a limited scope. I would recommend before you start trying to pen test anything you do a security audit. Because vulnerability scanning and vulnerability management if you on the open source side. You can look at the free version of Nessus. We tend to use the paid version but you can look at the free version in Nessus or open vests or both good solutions. I think they're both president Kelly. And start there. Do not pay for a pen test until you've closed the little hanging fruit because the thing about pen test is their time box. Right. So it's like you're giving that guy a week or whatever to do whatever damage and whatever you can do. And his goal is to get domain admin and do lateral movement. He will 100% exploit all of the stuff you know is wrong to do that. And either scope out the things you know are wrong so they can't use those or fix them because they are they may not they may spend all their time poking that hole and then laterally moving and miss the 30 other things that you have wrong. Yeah. You really want to use them for the advanced skill because you just have a bunch of low hanging unpatched things. Yeah. It's that's why their time box is as much as we can find during this much time. Me and Jay did a video together called Are You Ready for a Pen Test? You'll find it on my channel and we go a little bit more in depth on this as a topic because it's it's an important one. This one's an easy answer. Use Dell Gen 14 or HP. Stay away from HP use servers. I just hate them. They take so long. I don't want HP servers to begin with. They take too long to boot. Jeff from Craft Computing. He has a video to explain all the models and how to figure out which models have their firmware updates behind paywalls and which ones don't. It is a confusing journey that he had to do a video on. This is an explainer to HP's poor decisions like that. Dell at least is nice. You can find Dell parts anywhere. HP Gen 10 is probably newer than maybe they're about the same age. I my preference. So we sell almost exclusively these days. The reason we do that is Dell isn't very channel friendly or at least has a history of not being very channel friendly. I will buy Dell servers every day of the week. 1-800-945-3355. Like that is the Dell gold support number. I still haven't memorized. Right. Like it's in the end all of that hardware is commodity. It's all roughly the equivalent to each other. So it all comes down to supportability and the ability to get parts. I tend to find in the Dell world that seems to be a little easier than the HP world. And you tend to get complete systems and not get shipped to bucket of parts. Yeah. It is so easy to find the like I said any used Dell parts anything you need you can find that part number on there and find it on eBay in no time at all. I have a net gate 2-100 assistant resources are a little low for what would be the best security system to use. Your kind of PIP blocker. You hit the limit resources. I mean here I have videos more recent ones on Snort which you can also use Seracada. PIP blocker doesn't take up too many resources but can be out there that one table size you typically have to increase. You have to increase the table size especially if you have a lot of if you do geoblocking if you do geoblocking you're going to need that. But it's not like someone had asked and this question was up all the time people asking you well I want to firewall it's going to block all viruses the reality is most things are encrypted the firewall is going to have a limited unless it's able to fully do SSL inspection it's going to have a very limited view of things. It may help with some things but it also takes less resources than you think to use something like Snort. My most recent Snort video one of the things I showed was all the different devices I can have simultaneously using the internet and still not have a problem then I show how to break Snort by torrenting. So yeah I mean the big thing there is that the real benefit you get is going to be in your threat feed right so it's like you really want like the value there is like the ET the emerging threats feed and the Talos feed and the other feeds that are coming in from places that are seeing active command and control and active threats right because as you point out a decent thing you'll get SNI headers right so you'll know what you're talking to but everything's going to be encrypted and none of that matters if you're not exposing anything up to the internet and it's all just up on traffic then yeah yeah that wouldn't worry about it NGFW isn't really saving you that much these days no it's like three years ago yeah it's just becoming less and less effective is MD&S traffic a concern where three VLANs in terms of security performance and device discovery no if you use the MD&S and allow cross VLAN discovery that's all you're allowing MDS is just kind of brokering the fact that these things exist but it seems like some's just moving away from it yeah I mean because multi-cash is hard yeah like I don't think Chromecast uses it anymore they do they can it seems to bro I don't know if it breaks all the time yeah so yeah I don't understand it it's like my phone will be on literally the same wireless network as my Chromecast about half the time works and half the time it doesn't and I can't reproduce why it works one time it doesn't work another time I don't understand used to work really smooth before an update I used to have the Chromecast on one VLAN and I could cross VLAN I had a whole video I did on it and people I should take the video down because it works extremely inconsistently now yeah well I will tell you it works even extremely inconsistently even if you're on this all the same one so I don't think it's an end multi-cash DNS problem no nope you so things to keep in mind there is that depending on how your domain resolution is set up and your domain proxies and other things like that you do you could be leaking information between VLANs that you may not want to leak and you just make sure you understand that yeah ubiquities ecosystem worth the premium price I'm not going to call them a premium price but I guess if you're comparing to meekertick meekertick there's a great write-up by someone who works at a Wisp in my forums and he broke down right down to board revisions all the problems with meekertick based on that it was really the guy says he loves meekertick but he goes there's always he has some wording that made me laugh it's like there's always some secret incantation you're going to find in a forum post that you'll just someone will tell you to copy and paste it it'll make no sense but it'll make the thing work the way you expect it to but that's the problem there's always some weird quirk and then you have some joke they say it's just Latvian logic of how they did it this way yeah I mean I don't I don't know what world we're living in where ubiquity is the premium product I mean I guess in terms of support critiques is he worse than ubiquity is which is a pretty low bar yeah I I for like they were talking to the guy consulting all day guys so you know I just want for the back end for the switching and he just needs 10 gig connected between and for servers make your tick it's inexpensive you can buy a pair of them there's enough documentation you can get that going without much headache yeah and if you and if you're if you don't have to do any layer three because that's one of the secret incantation things as soon as you do layer three at CPU switches everything and the performance and the performance on those way underpowered CPU just goes absolutely to the toilet and as long as your things aren't that complicated I would load swos on it and screw it out of us and just use it as a layer two switch yeah yeah if you I want I might do somebody buy one of the newer ones they have a good value proposition but it's like 400 bucks for a 16 port 10 gig switch yes they're one of the basement yeah they're there's good and bad with them though we have an office person because I don't think Jason has a green thumb and I know Tom doesn't no it's actually my mom yeah she's she saw his mom's also the office manager ET on the net bird video they added so many improvements I see it's worth an update to the canady yeah that's actually part of so because I was traveling I was at ubiquity vent in Chicago then we went to New York and then just all the different things that came up I delayed doing the network video but that's off that's worked out to their advantage because they just announced that they integrated with octa and a bunch of other things so I'm excited where net birds going like people keep bringing it up and I've commented because I brought it up in a preview seal I thought it was really cool awesome open source that channel did a video on it that's pretty in depth and so did Christian lempa he did a video on it as well so those are question people they want to sponsor a video network does and they sponsored Christian lempa's video does that mean I already like the product should I take the money yes okay they want to sponsor me for some stuff I like them as an up and coming product is it going to be a CNWR con? probably not you can come see us at MSPG con MSPG con MSPG con MSPG con that's where you can come hang out with us you'll find both of us there you'd be good he's getting better of support they're offering more but you're it's not it certainly has not ever been their strong suit hence the reason we do so much ubiquity consulting and so do so many other people I suck at networking I'm the only IT guy for 300 people four sites across the country I switched all their sites to ubiquity makes it super easy yeah I'll give them that that's easy to do I know this aged and well discussed however do you guys and other MSP style services UB&T gear is it always out of stock on the site how do you even plan out deployment Tom has a secret yeah we use we actually use Chris from crosstalk he's got the UI notified thing so we've used that what's the vendors we buy from though Streetwave has we do have vendors we can buy in bulk on the back end we I mean if it's in stock we usually try to buy from Ingram Ingram right like that's our distributor choice and for the common things it's usually not out of stock you know the weird the things that are tend to be out of stock a lot are some of the UISP like products right like the access points are never out of stock the switches are usually pretty good things like cameras and door access controllers yeah yeah those are I don't think the demand is there for them to do them continuously so they do runs of them and then they sell out yeah I think that's the actual problem where it's like they sell enough the access points are just always making them switches too yeah and I just I've been testing the Wi-Fi 7 one I have one of those now so that's uh yeah you begin they've got at the event they kind of revealed to us and you've probably seen some teasers on red they have some new product lines come out their new switches and things like that and new firewall stuff so yeah they got a lot I I like really going with it and that stuff's cheap enough you just maintain spares yeah we have we have spares of all this stuff we just see anything when that came we got we got like one of each sitting on the shelf um have you used a ubiquity identity any way for people to keep ubiquity with office 365 I don't know that I would man that is an internal discussion for both that and Synology yeah I don't have a solution for that yet honestly that would be a good tech support like we should build the solution I think the in Kyle one of our internal team members he did some testing with the Synology and I think it went really well he said you can so I see willy how in here I think he's tested this as well I know at four square where we just did that wireless assessment they're doing 802.1x but they're using radius right so like I think there's some provision to do NPS and hook it to SAML so you can do that I mean it speaks radius yeah that might be an option as well but yeah I don't know about the the ubiquities identity product is weird I don't know that I would use it I don't know so my I like the switches I like the access points they've been good the gateways are okay the other products I have been we I I'm not going to say we I've been burnt multiple times by them coming out with the products us deploying it and then they just no put out of existence with no notice or 30 days notice and then you're screwed that I'm very afraid of touching some of those especially core things like an identity I would be very afraid that you would put all your eggs in that basket and then that and then a month from now they're like yeah no that didn't work out and they just it's gone and then you're screwed yeah willy I think willy too you you've taught me and you've chatted about this before how do you feel overall about do you have customers using this where you tie the Synology to their Microsoft Entra ID so they can then authenticate their users locally how do you feel about that working and so we've been testing we haven't I don't think we have any we have a couple of clients that want this I don't know that we have any yeah production basically so now you're talking about Sino yeah that's not so the problem is they're like we're pushing people to cloud right and and so you push them to Entra ID we Azure AD join them and we use Intune and autopilot and all the other stuff that goes with it but man SharePoints is not a great solution for some of those things even a little bit and so we want a solution to be able to support that off on Synology and we have a really hacky way of doing it but man it's really hacky so we're looking for a better way yeah okay yeah okay yep so yep yeah it's the same problem same problem and this is just a yes this is this is the thing like SSO I don't have a problem with it yeah I like it especially generally how many employees we have when you start compounding how many services we have you multiply that times employee and you're like oh crap that's a lot to manage it's just easier to manage things with SSO and we honestly most of our SSO these days it's in two buckets we have Duo for some things and we have 365 or SAML for others it's a single centralized source for me to enforce policy right so I have conditional access policies and policies and Duo if you log into our Hulu for instance you get a Duo with the number matching you have to type the little code they send you yeah and you know we can set all of those policies when you don't do SSO you end up it's really hard to enforce policy yeah sounds you really want you to use their C2 identity it's a great product but there's a few moving pieces to get into work exactly that's what we're testing right now the one the hacky way that I'm guessing you're doing it that does SAML we've got it deployed I think two places it's stable in quotation marks it's stable until it's not and then when it's not you're like really scratching your head because it's like Kubernetes it breaks in weird mysterious ways yeah sounds you just need to figure out SSO on the apps yeah probably yeah it's not perfect I love SSO but it sounds like your big identity isn't heavily used going to stick with local accounts yeah I mean that's the problem yeah we're not so are we're not doing SSO on our controllers because it's not yeah yeah I just it yeah you know this is the same thing what we actually joked about this when you went to the bakery event you know they went through all the products right except for one talk yeah not a word not a mention and this is the problem yeah and phone systems have a long tail they're not even a five-year lifecycle they're there for they're there forever we have a client that we are still trying to get them off of the I can't even remember the company that made the phone system got bought three times and then just noped out of existence it's like a box like this in their server room and it's a traditional key system and companies install these phone systems and they're they're there for literally 10, 20 years right so I can't it you can't have a solution where you change all their phones out and then in three years you're like oh yep nope psych we gotta do something completely different now it's too much labor too much training and too much it's like the training's the big part yep like everyone forgets that and we you and I were talking about that maybe on the subway or something on the New York that the biggest cost right now for me implementing a new solution here is training on my people on it right like you know you come in on the MSP side of the house they're maybe a vendor that's 10% cheaper than what I'm paying now for a given service but it's like a three year ROI by the time I I'm born and train on my people on a 10% savings in most cases so that's not savings alone isn't enough to get me to move at our scale nope it just and it gets worse as you get bigger and in the client space the same thing it's you know clients like the solutions they have because training non-technical people on a new workflow can be even harder sometimes how it's raining look at that really really overblown oh yeah clipping our video there behind us clipping our video behind us ah ring central end of life the Cisco SPA 303s yeah how old are those uh yes that those that that is a combination of words I have not heard for many many years but well that's a good point and it's a point they're just around forever they um we have mostly stopped using ATAs as much as we can because it's just generally is a good time yeah I don't think but ring central is the best time either Willie's commenting on that so yeah um how would you use Ansible for a large campus deployment I know it's 100% how you would use the same way you use it for Rista like for I want you to join them all is it so you can join them no it's uh I want I want infrastructure as code for my switches I mean and my access points right so I want to be able to defining code what VLANs are where yeah now that's not going to happen to anybody no it won't that's not that's not their business model that's I mean that you really want that more for configuration drift because again at scale all right like my buddy is the network manager numnuts low level guy will log in and move a VLAN to another port and their documentation is wrong and their process wasn't followed or he's doing his troubleshooting you pushed that video the other day about temporary those things are never temporary right so the reason you use Ansible on that stuff is you know now you have a centralized source of truth you can do configuration reviews and diffs between configs and all the other cool stuff that comes with it yeah yeah and so Unifine does have an API but it's not well documented so I mean people that have spent a lot of time reverse engineering it to get things to work at some point it's not the right product for that if you if you have something you want to define because like for example I do know there's people who run meekertick yeah I was gonna say you could probably do that with meekertick pretty well yeah meekertick speak for that as well as once you get up to the big boy all right tools a Rista and then like this Cisco the Nexus stuff all does it yeah anything sports in that kind of yep well this is a lot of planning here everything's green till SSO stops working you can't get into your office server room with access to fix the problem yeah that's the Facebook problem we need a break glass account we have them yes break glass account that's the term if that's not part of your plan and you have not tabletop this you've done it wrong in it that same you can substitute SSO going down with 18 other things going down right when Office 365 goes down the world stops working you can use as well if you saw open WRT in them yeah that's only possible in the older models there's actually a lot of there's a you can reflash because the ubiquity devices are based on open WRT so there are people who have like updated firmwares that you can send them if you want to take them and make them stand alone WRT devices again so is the this other one also labs they're they're based on a good amount of them a lot of the they all start with that is like their framework they don't need to reinvent the Wi-Fi wheel they they start with open WRT and then they add there's yeah they toss all their sauce on top have you are you still with any issues that entree ID authenticate users and access to on-prem stuff it's kind of what we're talking about with the technology problem I'm talking about so the two problems we have with entree ID right now are you can't join servers although in theory that's supposed to somehow get fixed in the future and well that's that is the problem like there's no real good way to support servers to Azure AD I'm gonna I'm gonna continue to call it as your AD also so if you have on-prem infrastructure it's not a great solution you can use ADS which probably has a new name now it's probably changed names twice since it was called that yeah to try to get around some of that stuff but man it's like you very quickly get down a rabbit hole of you end up just spinning up to make controller and Azure and being done with it I have four firewalls each a different location my main firewall has free radius and so I want to have all three your own firewalls contact the main for authentication yeah that's fine you can you can't do that and if you want to make tunnels go down you have no local survivability but that's fine yeah worth noting too tail scale is an easy way to do it to get all everything talking I've recommended tail scale to a lot of people because it's built in a pf sense considering 90% of Ulta employees come from UI no surprise yeah I know they've just they've got one former neck gate person and they got a bunch of all their other staff on LinkedIn or all people that used to work at Unipi so shocking it's based on the same thing oh what else was there hybrid is limited windows autopilot is amazing change your auto impressor is better well that's only because you haven't used any bot yeah we used any bot I looked at autopilot the problem is the volume you need to be able to get them enrolled from the factory and if you can't get them enrolled from the factory it's a pain in the butt yeah but if you any bot completely not sponsored they just make a cool product they can do things that they go above and beyond what autopilot can do I mean it's it does some things autopilot does plus some things in tune does problem with in tune and all of those solutions autopilot's neat I like it I would definitely use it over WDS but we've switched again to mostly any bot probably the in tune is that check-ins are periodic like there's no yeah like you may not check-in for a half hour right ucg ultra x86 p pc ring pf sense x86 run pf sense I'm not I'm still I still favor pf sense over the unify firewall series they have more features in pf sense more expandability more flexibility so I'm still going to be pf sense over that for a long time Microsoft on your connect sync so yeah yep that's it Microsoft's naming conventions it's like Microsoft just has a grab bag of six names at any point and they name all their products by just grabbing random combinations out of the bag and then you can we can't even speak the kind of language because it's all just same words it's yeah it drives you crazy does xcp support nested virtualization well the wife is not going to like success in the guest you can do nested virtualization does it do it well it seems like when you nest hypervisors and other private providers you you've now run to the edge case of problems it can work but there's always some there always seems to be some tuning I know there's a bug in hyper v or some problem there's some support not available in xcp and g to get nested hyper v working it's something to do with page tables it's uh it depends on how many of those features that your product uses and yeah it it can work it works fine if you're landing right if you're I would not would not do a production yeah no yeah it's completely a lab thing at some point even myself because I just got sick of doing it um I just run I just I have a handful of mini PCs and I have some older PCs you can find old use PCs are easier to test on without the headache we were talking about that when you're down here what last Friday that sometimes it's easier to use a PC than a server even because of how long boot times are yeah and I did say PC not server and it's exactly what Jason said who wants to wait eight minutes for a stupid boot because I knew my like it 100% so all of that almost the entirety that long boot problem comes down to multi socket things and configuring new ma and the fact that the BMC has to boot a bunch of other stuff has to boot before it initializes CPU yep uh how many endpoints do you need to start looking for a product like any bot uh I don't know that answer I don't know what their minimum is we're well above it uh I don't know talk to them come to MSP you can talk to them yeah no excuse you're literally on everything I do yeah if you don't come to MSP Econ I'm going to seek you out what's your opinion network translation products that use BX LAN yeah I mean those things are neat it's like VRFs are great BX LAN is awesome a lot of people fake it by just running GRE tunnels over everything like it those are cool problems or cool products that solve cool problems that is a use case for MTUs above 1500 yep because you you know that virtualization requires things yep uh yeah I'm a fan at least by networks all those yeah I did a video as well on the STU and features of XCPNG which supports both encrypted GRE tunnels or not and or VX LAN it'll do when you build the network adapters it doesn't want you to build them both at the same time you either build one or the other but it creates a network adapter that can go all the hosts or cross pools so you can actually stretch them across data centers you can have a pool in one data center pool in another and have a VX LAN across all of them that's all that's all built in I'll be there signed up right away I'm doing the MEVOT pre-day thing too perfect and someone says or someone looked it up for us just make sure you tell Sarah Tara that I said she sucks yeah maybe even the 5k well you can join Jason on that Tom doesn't run very well wouldn't make Ben run my trainer I have not forgotten he was supposed to run at at our event in Phoenix he did not so now I told him make sure he bring your running shoes to Phoenix or to Orlando what is it MSPgeekCon.com someone you got like four minutes we're gonna wrap yeah we're gonna wrap in four minutes we'll get those last questions in here I got a meeting with Finn he's got a meeting with Finn MSPgeekCon.com it's on the screen here it's in the it's in the chat here where and when Orlando May 19th through 22nd I believe yes 19th 19th to 21st okay 19th to 21st in Orlando all the details are there at the Rosen Center yep they are not sold out yeah the hotel is not sold out either so if it if the booking link show sold out just call the hotel software they used to the booking platform is the worst I've ever come across so yep and you can still buy tickets they're worth it if you ask around if you're in the MSP community and you ask around you may be able to find somebody that can get you a discount code to get the early bird pricing or you if you ask around enough you may be able to find somebody that has extra tickets you just sold a bunch of them you've got subscriptions but no credit for it hey I'll get Dan I'll get Darren a sponsor to channel or actually should reach out to what's your name Tara yeah they may be on a sponsor I'm on my texture say hey we just talked about you but uh yeah no any about any about simply cool product um we have a list and we need to update it it's mostly accurate yeah there's a couple things that have changed but not very much yeah I posted it in my forums it's our client defense matrix it's just all the lists of tools we use we're always open about that um it's not some special secret what is any about it's an automated tool that managers providers use to make it easier to deploy systems um software and software yeah it's it does like basically insert usb key when you're installing windows or at the oob and there's like instructions that just get it to in a roll and then it does all the software installation via packages that remove the bloat oil come on OS that it can even do offline domain join which I think is a super cool feature yeah offline domain join is a really cool feature yeah um are you the ones that get Tara do the LinkedIn challenge thing I am yeah Jason pushed her yeah and then she pushed Jason today or something I see yeah she made me a video stage she's like I can post a video in two weeks yeah we all we all was it it was a cantea we were all talking we were like we just told her go do it Jason's like really and then she's like no no and then I'm like do it now do it today yep and she did yeah I mean do a feature comparison on there yeah I mean depending on what you're doing in tune I mean it's probably already included in the subscription you have in tune works fine the nice thing about me is that it's got a store right so if you use something like chocolatey it's like chocolatey on steroids right yeah so it's like somebody's already written the recipe to install adobe and keep it up to date it's got a bunch of rules and stuff you can do around what gets installed and I mean offline domain joining is just the most amazing thing ever because you know I know you guys were building VPN tunnels back to clients when you're building PCs out and it's like I don't want to have to maintain VPN tunnels to clients so it it basically talks to the domain controller being agent provisions user account shares whatever necessary keys and then like magically the computers just down the domain and when it shows up it's there it works simple as that we don't use an imaging server nope nope it's not needed you just load windows and you kick off the emmy script for that client we used to do it we used to do WDS before that we were using I think way back in the day we were using ghost you guys were using something similar to ghost we used fog okay yeah I used fog too for a while fog is cool I guess the long that goes back a long really hard to do in windows 7 and windows 10 because the the CID and stuff and yeah by way windows 7 was the last imaging system we had after windows 7 we just said this is it isn't worth it all those agents would show up as the same agent and then you're spending troubleshooting after the rest of your life yeah my guy's sitting in the meeting so I have no okay cool give me the no hand me the no you can't have it so you don't join the meeting from afar yes just leave it there it'll be fine yeah okay nope peace later he's got to go I'll go shortly I just got to beat traffic that's my thing there's no traffic here in Toledo well there is there is a little bit north of here so is anybody's any area that works is the APE's no it's not I don't I mean we use Huntress is our primary so Huntress is kind of our go-to for things like that for APE's Huntress is something of one currently so I can look this way while I'm looking at the laptop we do not use 8021 we don't use any extra off here just your standard WPA have you had an uptick in migration request for each exhibit due to the recent changes in our pricing migration request from I'm assuming you mean from VMware and yes we are doing a lot of VMware migrations hey there gents let's see love your content learned a lot much from you thanks for taking a time and effort to produce great content searching for the latest guides on pf blocker and g and pf sense yeah I do have a I think my pf blocker videos just from last year there's not much just changed that I can think of from last year to this year yeah I believe auto elevate is one of them as well I need a list of your software services you guys so we can check it out go on my forums and type in client defense I think that should find it for you I did a video I think it's called the client defense matrix so if we go to let's see what is that all right I may have to pull up from the forums it's in my forums that's where I have all the things there we go I can it is it is called in my forums client defense matrix so easy to find easy for you to google search that or just searching my forums can you move your disks into a new NAS of Synology and update the OS I don't know I think Synology supports that I don't know what version it won't work from though like how old of a Synology NAS before the new Synology NAS that when you do it it doesn't work I don't really have that answer when self hosting you're on Bitward and server do you get the pay for each user yes you still you still have to get the license from them when you do this self hosting the licensing they now have a when I first of the videos they didn't have this but they do now they have a licensing sync server the way you had to sync it was you would buy them through the portal online then you would download the license and upload it to your locally hosted server currently had migrated around 80 vms out of 350 tech cp and gvm where smooth ceiling so far awesome so you're moving right along with their I place that our success rate has been really high it seems like the ones built from OBA don't want to transfer over I think that's the I think that's what we figured out as the common denominator for what does or doesn't work in terms of that all right well I'll do this for five more minutes last five minutes of questions and then it's I see a break in the rain I have to walk from the building yeah I'll I'll give people a quick view for those wondering this is what our beautiful downtown area looks like it's like the rainy day my client earlier was from the from the UK and they're like hey your weather looks like mine fun stuff I actually plan to come down here a little bit more often and we're going to do some more videos from this office essentially I I have a video where I think I had an office tour in here I want to wait to be fitting our office is a little plain it's actually nice it's just we don't have much on it like there's this wall should say like CNWR on the back or something like that so that's one of the goals is to come up with a better branding and like you know tweak the office a little bit so then we'll do then I'll do a walk through I've done a walk through before in one of my live streams well do you recommend Unify Enterprise or Pro Max switches with other firewalls watch card and use with Azure AD on-prem Windows AD you know we have a lot of consulting we do with people who love their access points and switches like we do but don't use your firewalls and that's the the category we're in and we have people that are using your firewalls they're not our go-to right now PF Sense is popular but we've got people we've got some clients that see Fanfom are using 40 gate I don't really care much for watch guard but I know some people like them so if they they'll work fine I mean I I don't have any problems or compatibility issues with insert name of your favorite firewall and Unify switches they seem to work well the only exception for a long time and this was a well-documented problem that I don't know what the problem was there was a bug with the Sonic wall and the Wi-Fi it's really weird it was a DHCP bug that was very repeatable but the workaround was just confusing I remember what we had to do to fix I think it's been resolved but it's exclusively was that people would blame the Unify equipment and granted that wasn't the mix but the weird thing about the Sonic wall problem was it just wouldn't hand out DHCP addresses but you could statically set everything and it worked fine or simply put a DHCP server on the network and it would hand out addresses fine it was only the Sonic wall would have some communication problem with it it was a weird issue one of the other channels of the video instead of OpenSense with transparent firewalls the internet with their Dream Machine Pro seemed cool yeah I seems cool not something I'd ever probably do in production what is the best way to connect a single computer that has a public IP and is on a remote was the best way to connect a single computer that has a public IP I mean I think we should we should ping me on that one I'm not I need a more expanded question there I'm not exactly sure 100% what you're asking for that I know there's a deeper question here somewhere we need to do another video together if you if you don't follow the bearded IT dad he does a lot of IT he's a genuine network engineer and as a fun story check out his channel was just between the enterprise line and a Pro Max I couldn't they have that they have a matrix that describes them better ultimately comes down to features and whether or not you need those other features that come on there those features are all listed out they've got they've been updating their site with a better matrix to kind of describe the different products I couldn't name off the top of my head though tail scale is always a good suggestion just fly out here fly out here and hang out there's there's the solution come on to Detroit or I'm in Toledo right now but this is 40 minutes from Detroit I wouldn't mix both why would you mix the x86 and the uc ultra I would I don't understand mixing both I mean you can't I just don't I don't have a reason to do that think of apple each has a little more harsh part of the previous I mean the one has the cool blinky lights and the other one doesn't I'm still soul searching trying to find an sdn so interesting but choosing a solution to focus is my network specialty like you mentioned sdn seems very fitting but also using nsx yeah I mean not a I don't like the term sdn as a product name because it encompasses too many products sdn is a marketing term you always have to get the more specific so cool sdn you're talking about this category of products it's not telling us what product or what solution that you're actually trying to do so like tail scale net bird and zero tier are all considered sdn but at the same time the more specific name for those type of networks is overlay network so overlay networks are a sub category if you will of sdn but you can also look at bonding solutions where you have multiple wands and you have an sdn solution that merges them together for a more seamless failover that's also a sdn solution but you're now trying to bond connections together so now it's a different sub category of sdn so there's and you can just keep going down these rabbit holes like that have you tested unify hosted controller unless you get unify os but only network app I'm I guess you will get more protect like yeah I've done a video about hosting controllers and I did review it I compared them to hostify so just for a baseline comparison I it works I don't have any problem with the unify hosted controller it's just you know I usually self host so these aren't something I usually use and I like Riley from hostify I like their hosting as well I and I do a comparison of what you get between each of them so hopefully that answers that question all right well I'm going to end this here thank you everyone for joining I will be doing another live stream you'll find I will just I'll share that in my I don't have a social link for it right now I'm doing another live stream on another channel and it's with a friend so that will be today I'd say hacking friend that I have InfoSec Pat let me see if I can pull it up before I leave that's going to be at 7pm EST so I'll but InfoSec Pat's a more recent friend I made and I'll be doing it so let's see I'll throw that in here and I'll throw it up on the screen yes I'm hanging out with Pat so we're going to do we're going to do a stream together as well so that's going to be at 7pm EST it is currently 3 o'clock EST and my goal now is to beat traffic because it from where I'm at at the CNWR Toledo headquarters is about a 45 minute drive to my house so yes and Cody thank you got your message yes that's awesome I will I will reach out to them now what time is it now it is 313 EST so I have my next live stream is four well just a little less than four hours from now so all right well thanks everyone and take care