 Welcome to vlog Thursday, number 315, if my face is red, it's because I was face pulving for the last hour while I was doing a security review for a potential client. I'm just gonna throw that out there. That was, that was one of those things that, you know, when you're, there's always, how would I put this in the good words? It's, that's how I feel sometimes when you're doing a security assessment. And it's usually indicative of a lot of things. So first, they're unhappy with their IT people. Dig into why. I never take people just complaining about their IT as a reason that the IT people are necessarily bad. They could just be a bad client who thinks everything should be free and computers should just work and it's all magic and no one should pay for anything. Those people exist and they always complain no matter who their IT person is. But when you find out that they've been paying for monitoring and firewall updates and everything else, and the documentation is bad. And when you log in, the firewall hasn't been updated in three years. Yeah, almost four. And then you go further and find all these exposed RDP systems, things without certificates that are exposed and just the list goes on and on. And this is just an external like, Hey, let's look at the system and I wonder how bad it is. Oh, my gosh, it's bad. Now we knew some internal things are bad. But now we know the external things are worse than the internal things. So yeah, that was I was actually working on another video, but it's one of those when you find it's like you can't look away, you're like, Oh, look at this problem. Oh, look at this problem. Oh, look at that problem. And it just kind of keeps rolling downhill. So it's one of those things. Yeah, here's a question. And I'll click this button if the answer, well, I don't know, I'm easily influenced by people on here. Would it be easier? Or would it be helpful if I were to have an email address that was related to my vlog where you could send me some questions ahead of time? So I can answer them, I don't mind answering them. And I know sometimes people one may not be able to watch this in real time live, but probably like to answer them during this time. And also, it's easier to write an email to an email address than it is to leave it in the comments. So should I send an email address up dedicated to vlog Thursday, so people can just send me an email and then I can, you know, calculate all these responses, and I do this every week. So I will go through and have mail time or I read through some Q&A, pick out the questions that I think are interesting and worth discussing and go from there. So if that's something you would like to see, say yes in the comments, and I'll throw up that email address I already created in a little banner on there, or if you're watching this in post. I want, it's not that I don't want the chat, I like the chat as well. I just figured it's a way I can start with a couple topics, sometimes it's an easy way. I like when people join my forums with some people and I get it, they don't want to go join a forum just to send, you know, a me a message or post publicly in a forum. And it's also I'll admit right now would be me reading it, but in the future, if this gets big, I will have to have help reading it and things like that. So it's not necessarily to me, but it will filter up through whatever methods have to be put in place. I'm really daydreaming me here that I'll ever be that big of some type of person who has that many people emailing them. But nonetheless, it might be interesting if you understand, let me know. It's not something that's difficult for me to do I own my own domain. So I can just create it on an email alias. Well, okay, maybe I already created it. So nonetheless, yeah, emails, a good idea. I see at least people see that. So yes, yes. So if you could roll up here to make sure you have all the comments. So cool, cool, cool. I also been starting to stream this live simultaneously on LinkedIn. I don't know if I should do this on Facebook as well. Maybe I don't know, I'll think about that one. But I like being able to put this out in a couple more places to reach different audiences. And I've been using LinkedIn a lot more. I don't know if I should go back to using like the business fate or not. I'm kind of mixed on that one. LinkedIn, I get good engagement, have great conversations with people. So LinkedIn is another place that I'll definitely say I spend at least check it once or twice a day. The spam has really gone down on LinkedIn. I'll say that that's actually been a bit a happy thought that there's less spam on LinkedIn. So definitely good things there. Let's guess what the alias is. So yeah, I'm sure it's going to be so hard to guess what Tom would call it. Make sure I spelled my name right. There we go. Vlog Thursday at lordsystems.com. I'll just leave that as a banner. You know, it says I have an option to turn this into a ticker banner. What happens when I say ticker? Does it just scroll? Oh, cool. Actually, I like it this way. Email. Oh, we got it. If it's going to be a ticker, let me edit it now. And we'll say edit email questions. Do. There we go. Save. I just leave that rolling out there. Email questions to vlog Thursday at lordsystems.com. Well, that makes it easy, easy to find, probably easy for the spammers to find. So there's that as well. Yeah, people know spam filters are a problem. Someone did have a question. How do you securely join two networks together over the internet, the other side of the city? Several different methods. Most common is going to be site to site VPN. There's your easy answer. There's other solutions such as zero tier, tail scale, couple different options. Kind of comes down to the nitty-gritty of how you want that artwork designed and how you want it architected. So short answer is site to site VPN usually like say PSense firewalls popular topic on my channel. Obviously not the only firewalls that can do that, but two firewalls that have VPN service or you can, you know, tail scale a couple of machines together and that may work as well too. Hey Lawrence, always doing the content really educational. Awesome. We guessed the alias probably. Let's see. Put links, articles, an example. Yeah, that's sometimes helpful because you cannot post, you can't post links in here. And I know that's sometimes when people say, hey, have you seen this? And I actually don't mind those type of have you seen this, unless it's something that's like on the front page of every news. And I just send shruggy faces, kind of a few people that message me and I'm kind of like, you know, like, Tom, like two days or three days after I've done a video about the last past breach, I got people messing me. Did you hear about the last past breach? I'm like, did you watch my content? Like just asking, do you see LinkedIn content comments live? Yes, I do Corey. They bring, that's the nice thing. I'm using StreamYard and they bring all of that together in one place for me to least. Oh, yes, you least dark fiber between the sites. Yeah. Well, a PF Sense VM work with VLANs on Proxmox. I have no idea. There's a way to get it working and XC PNG. I don't know if there's a way to get it working in Proxmox because I don't use Proxmox. That's a maybe that's a Google search. But I don't really have an answer for that one. Do you know the default DCP lease time on WAN configuration of PF Sense? I have added secondary WAN to a cable that seems to be least longer than default WAN. DCP lease times are not determined on the WAN side at least they're not determined by PF Sense, they're determined by your upstream provider. So you probably have two different lease times based on two different providers having different parameters. Yeah, one of the things I like about tail scale, it just works and it's easy. That's, they've got a solid product. A good solid product comes with a couple things, good documentation, ease of use. So you don't need to reference deep in documentation. The only thing that's a little bit tricky, I would say is if you happen to create a lot of extra rules, like they have an advanced rule creation. But that's a little bit more technical, but just the connectivity part like, Hey, I want these two things to be able to talk to each other, setting up a tail net and with tail scale is easy. What's the email address? I have it rolling along the bottom here. It is vlog Thursday at laurancesystems.com. Can't VPN bolt networks not save none that that is true. VPN does not work if they both share the same parameters because they won't know which way to route. So if you have two different sites that have the same subnet 192 168 1.0 slash 24 on both sides, how does it know which devices on which side? That's actually an advantage of using something such as zero tier or tail scale, because they create their own secondary network for routing. So you'll use their IPs assigned to it and that would allow routing. So that's actually a nice advantage you get with tail scale and those looking into install a second PF sense that a branch that we're currently have IP sex site to site VPN with the old firewall as well as the client VPN using Windows native VPN client. Cool. Is it true that more severe problems the last test preach have been discovered something about stolen backups? Yeah, we know the backups are stolen. So that's the thing. So PF sense works on XC PNG PF sense doesn't just work on XC PNG. So if you type in XC PNG, I think I have a video on it. But I also know there is I'm sure might get my presentation tabs set up. I didn't have those set up ahead of time. But they have an entire write up on how to do it like step by step. So you can that was a top Google search if you type in XC PNG, PF sense, they also have this here about the advanced features of trunking VMs and things like that. So there is actually I think they move this to the docs. Yeah. But nonetheless, hey, look, it's my videos embedded in their documents. So plenty of documentation on that as a process. Someone says yes it does. Richard here says it works with Proxmox. How do you release a local IP from PF sense local IP as in are you want to release one on the WAN? Because that's there's you just go in there and you can where's that it's under status and you can find it and you can release the local IP. Any pointers or tips for using the Windows VPN client? Not particularly. We rarely we almost always use open VPN. We rarely use IPsec for the Windows clients. Uh, any insight about PF sense 23 on final release? No, I do not. I feel like 2301 01 represents January. So I feel January, but I also feel that January only has a few days left. So my optimism for this being released in January is going down. Hello again. What's your favorite firewall? PF sense. How do you do identity manager on your Linux servers and PF sense? Do you have unique local users or central user management? I don't do identity manage on my Linux servers. The applications we use have identity management, but the Linux servers themselves, other than the admin logins, we don't usually have Linux servers with a lot of different logins. Now there's times you do and there's tools like teleport that can help with managing identity on there. My friend Christian Lampa, that digital life. If you look up, uh, let me pull it up for you and make it easier, tele or secure access. We'll throw this over here, but this is you can get this from go teleport. This is a way you can do some of that management inside of to manage access to different virtual machines or Linux servers. I said virtual machines, but because a lot of Linux servers are virtual machines, but this is a good way to help manage access and who's accessing those Linux servers. Wondering about the purpose of superseded DC least time in relation to WAN DHCP. I mean, you could try reality is you better be listening to whatever your upstream provider provides, or you're going to have a bad time. Uh, Proxmox versus XP and G have a whole video where I dive deeper about it. Proxmox is good. I prefer XP and G. They're both good though. There's not a, if you would like to use either one of them, they're both good platforms. Stream Yard is the platform for streaming. So I have true charts docker that creates files and a dataset, but it doesn't inherit the parent folder. So I have another two charts docker that cannot access it. Do you have an idea why? No, I don't. And I'm aggravated with, um, a lot of the true chart stuff. I've talked about this before, not just true charts. I can't just blame them. Just the whole docker implementation, um, is just been buggy. And one of the problems I've run into is let's look at the apps I have. And like I have this Joplin server app. And if we edit the app, we can see that the app is pointing at, where's it at here? There we go. There's the path, but there's no data in the path. So it's actually not doing the thing it says it's supposed to be doing. Uh, that's been an aggravation with it. There's just a lot of apps that seem buggy. So permissions is a whole nother level. Even getting the apps to work properly is, is its first problem. I, that won't reason I haven't done videos on it because there's not solutions to some of these problems yet. Uh, you could probably though find this work around by like opening it with wide open permissions and do shares. Not the best idea, but I don't have another work around for it. Would you use a Synology, uh, use a Synology over a storage appliance to node system? I think Synology systems with the two nodes set up are good. Actually, I'll comment this. Yes, I like the 23.0.2. Yes. Could you P of sense write up better video that explains on VLANs and how to properly set them up? I have one that explains VLANs. I have a more, my most recent one is VLANs with Unify because Unify is such a popular and easy to use solution. Um, I don't know if I can make it any simpler than that. I've had problems with virtualizing P of sense on Proxmox and protect telly. Um, yeah, I don't, I've not tried it on a protect telly and I don't use Proxmox. Anyone have experience with DDI solutions? D S D I pan might be looking to a scope of the audience using net box. I want to explore other options to net box is probably your most popular one in that category. No, if I'm not mistaken, digital ocean uses net box. That's, I think they're the supporters of that project or main contributor to it. Oh, you know, updating the unified spreadsheet you made soon. I have a video I'm working on for that. Uh, the PCI past your work problems have as dedicated managing port for Proxmox. Yeah, I don't know. Not sure. I don't use Proxmox. I can't answer that question very well. If you're in multiple journey and service for redundancy, that's not exactly supported yet in terms of their build out with Gluster. Uh, but they, they do have it and I have demos on how their dual motherboard systems work. Native VPN clients, more management options via PowerShell split tunnel subnet has more management options. Oh, okay. Yeah, I don't have any idea how to do that in Proxmox. Have you come across any issue with uptime kuma? No, uptime kuma actually works really well. Um, I've been really happy with that as a service. So we'll pull up uptime kuma. Where did that go? Oh, there it is. Our office uptime kuma actually just zoom in a little bit because it says it's red. It's dead and no one's complaining and this isn't complaining or sending me notices. Everything's green. All my servers are up and running at my office. Uh, what's your take on the new office 364.5? Was it DNS or BGP this time? There's my, there's my real question. I don't know. Office Microsoft Office is Microsoft Office. It's always got some issue. You know, they, the mistakes are going to be made. And when you're at that scale, it can be devastating. Uh, native support for containers not yet. I wish uptime kuma showed me more than a week's worth of data. Um, why, uh, I thought it could. I thought you could adjust that. So if we go to the dashboard, so here's what, isn't there some option inside of here where you can control, maybe not, or is that in the main part of it? I don't know. I thought there was somewhere in an option. I haven't done a video on it yet. Um, I mostly like the real time stuff. I actually have an update. I haven't loaded either. So there's that. But, uh, yeah, I feel like there's somewhere that, that there's an option for doing that. A forum thread for vlog Thursday, probably better to filter out some of the riffraff. It seems like you don't use proxmox. Any pick your reason. I've got a video on why I use XCPNG. Biggest reason we do more consulting on XCPNG in the enterprise space than we do on proxmox. We don't even see proxmox hardly ever in the enterprise space, but we see a lot of XCPNG could be the nature of the fact that I have so many videos on it. More people reach out to us about it, but we've actually moved a few people off proxmox and I'm not the expert, but they did not like it. They were having trouble at the scale they were operating at with the number of VMs operating at. They told me the support was inadequate. This has happened a couple of times. I don't really have, I couldn't offer them any support. They'd already made the decision to move to XCPNG. So could there have been a solution to the problem they were having? Possibly. They found it unstable, but I don't know because a lot of people seem to find it stable. I don't have, I wasn't going to take the X, you know, I'm not going to take the time to learn a product that there's less demand for. Now home users way higher demand. Home users, you know, I like helping them out and I refer to Jay from One Linux TV who has an excellent series on all things proxmox. So there is documentation provided by a trusted friend on it, but I don't have any interest in learning it just to, you know, it's just not, I just don't use it. So my experience XCPNG, which we do use regularly, we do consult on, we do install at many companies. We've helped, I've even mentioned some of the clients that we've had to have over 2000 VMs in some of these XCPNG installs across quite a few hosts. So my experience is not only with XCPNG, it's with it at scale. So that's why we use it. Any experience with InterMapper? Nope, never heard of it. I still can't get around my colleagues are still deploying 40 gates despite numerous security issues, having hard to break an IT space. The other problem is the reseller thing is hard to beat. So if you are a reseller and you're making commission on off those license renewals, it's also another reason people will stick with them. Is it necessary to configure, change native VLAN between an Cisco and Unify switch trunk, related to VLAN hopping video you made? I mean, there's no VLAN hopping in Unify, but with the Cisco, I guess it depends on what protocols there are. David Bombal did a video, and he does talk about the prerequisites to be able to VLAN hop on Cisco of what protocols have to be enabled. So it comes down with Cisco, making sure those protocols are not enabled, and that should eliminate the people's need or a potential for jumping to a different VLAN. I don't have any of those for sale. No Raspberry Pi for sale. I don't know who does. You could change the retention time, but the graph only show last week. Got it. XCPAG is going to add run X for native containers. That is correct. Hey, thank you very much for the nation. Thank you for all the videos on PF Sense, much appreciated, and the donation is appreciated as well. Have you used KVM Home? I use KVM over Proxmox. I don't like Proxmox. Work is VMware and XCPNG. Proxmox struggles to scale for larger businesses. That is what I've been told, and maybe that's why we just, I don't run into it in the wild very often. Not, I mean, small instances, yes, but big ones, no. But because Citrix was so big in the enterprise space, there's people who moved from Citrix to the XCPNG, or we have people that just stayed with Citrix. We've converted some people from the Citrix platform because the VMs and everything are pretty much the same. So you can migrate back and forth and you can, I believe, still in the latest version, still do in-place upgrades to go from Citrix to XCPNG. XO, the Zen Orchestra Manager, can actually manage simultaneously Citrix environments and XCPNG environments in one place. I don't know if the pools can join together, though. I don't know if they're, in the early days for sure, I don't know that there's any changes in the later days now when it comes to that. When is they going to do it? I think they're hoping to add Ronex later this year, but I don't think they have an exact, they have not announced a date on it. I think they have probably, it's in tech preview, so you can google it real quick, Ronex is available in the tech preview, so there's ways you can test it out. It's just not natively built into the system. Join their forums and read about it. The XCPNG forums are great. I try to visit there pretty frequently, but I really like their forums. I try to respond to people. I'm listed as an ambassador because I talk in there a lot for reply. I go in waves, I'll go for a week of replying to a lot of people and I kind of slow down. Would you use a desktop SSD for XCPNG? I don't see why not. Yeah, ours is built with, I have that build video I did about our XCPNG Ryzen servers. They're built with standard, just a pair of MVMEs, so they're not a problem. And by the way, if you buy a pair of MVMEs, the OS only takes up a small portion of it. The rest of it goes to running your VMs. So you're not wasting it, so to speak. So if we look at our host here, let's look at the storage. So this should be this local storage. Yeah, there's a bunch of free local storage on some of these because that's the extra storage left over from, actually, let's switch over to the lab. Yeah, Labbert. Make sure I got the right one. Yep. Well, why is there nothing on it? I thought they had something on it. Well, there's nothing on this local storage. I thought I was looking at the wrong one. It's just empty. But these are, this is the extra. So it splits it so you can have both. On Cisco iOS, the port has to be configured for switch mode dynamic and your management VLAN has to be named one to do the VLAN jumping that David talks about. Good. I've certified in both Citrix and VMware enjoy the XCPNG management better. Yes. I trouble getting XCPNG to set it up. So I'm in Proxmox, just watch these videos. Now I wish I had another computer to try to get XCPNG working. One part is learning both of them. I mean, I set up a Proxmox. It wasn't hard to set up. I just didn't take the time to dive into the details of getting things going on it. 25 years. I've never configured a switch port as dynamic. Oh, did I miss the Synology and Pass Manager? No, I should just get started on those. I didn't have them in the list. Everyone started to ask me other questions. Do you have an RCCD on staff to design cabling systems? I don't know what that is. So no. Registered communication, distributed designer. Nope. I'm not certified in it. And well, hold on. I think one of the guys has some search. Search don't matter to me that much. I'm proud of old school. Like I know they matter in the market. People care about them. Some businesses use them as a qualifier. So not just everyone applies, but a lot of the people that have been working with me have been working with me like myself. I started in 1995. I've been in the IT business since before a lot of these certs existed. And I was there in the early days of the certs. When the certs had so little meaning, they were certs, but we used to call like, I remember the early days of the paper MCSEs, people that can regurgitate information onto a document, get your stamp that says you knew stuff, and they were some of the worst technicians. I've deployed a sixth node, self-based proxmox cluster, and it's performance defense. So the hardware was expensive and much easier solution. As a graduate of network technician, what cert, I think you mean what certification should you go for? Yeah, this is not an easy one for me to answer. You kind of got to look for, what is your passion? If you don't know that answer, I don't know. Start there and go, hey, I think I like this. And then go get the search to go do that. If you don't know, if you not waste money on getting the search, but start going through some of the prerequisites for different certs, figure out which one clicks with you best. And that maybe help, maybe you'll help you find your passion. Email will be good, maybe a dedicated forum thread better, gives us opportunity to like other questions and what shows more people are interested in it. Yeah. And I've got the email scrolling along the bottom. It's just vlog Thursday at LawrenceSystems.com. Have you used the command line method XO to migrate EXSI? No, but there's a call for testing on that. None of the states we operate in currently have brought that up at all. Any input on Nutanix? I don't use it. I've seen it. Nothing about it made me go, wow, I should be using this. So yeah, that's no, no real thoughts on it, because like I said, there's nothing about it that wowed me about Nutanix. People like it, use it. It's got its own, I know some people that, you know, manage those systems. I know it has some quirks. So learn the quirks of that system if it's one you want to use, but I can't find any reason that or compelling reason that I should absolutely use it. All right, here we go. People can have certs in zero troubleshooting skills. I work with a couple. If it doesn't work the way they said it lost, I have zero respect for vendor certs. Vendor certs, yeah. That's, yeah, it's a whole topic that I'm not going to rant about right now. But yes, this though, this is fun. But by the way, it was fixed. I like to bring that up first, because this is one of the things I don't like to fear monger at all. I like to be very realistic about security things. And this was done by a security researcher summary, multiple password managers can be tricked into auto filling credentials into untrusted pages. This can lead to a compromise for others in the password manager. Now this is an argument I've had for a long time. Password managers help with not putting credentials in phishing sites, because they're generally doing a good job of checking to make sure that the site you're putting it in is the one registered. This person found a couple clever workarounds. And let me drop a link though, if anyone wants to test this, I tweeted this out earlier. And what I want to point out though, when it comes to the password manager discussion, someone right away said, well, this is a good reason not to use password managers. One, this is a clever trick. And basically, they found a way to get a couple of the password managers, the two of them that they were able to trick were Bitwarden and Dashlane and Safari. Now they reached out to these. So date reported, vulnerability reported to Apple, date fixed and Bitwarden and Dashlane. It's closed. This is a fixed and done issue. But I think it's an interesting one. I love that a security researcher found this. This was not found in the wild with a bunch of people exploiting it. But it's so good that more and more people are coming up with and testing different methodologies on password managers. It's one of those weird things where people, I don't know why some people's reaction was, oh, this is a good reason not to use password managers. I'm like, no, this is the reason to use password managers, especially when they're so responsive and getting this done. This is exactly what I like to see is cool. These places are seeing, well, security researchers are finding problems. They're reaching out to people. They're reaching out to the companies. They're being responsive. They're finding the problems or fixing the problems. We're creating a better ecosystem through community. I'm happy about this. But when I seen other people that had different takes on this, I'm like, how is your take, this is a bad, this is a reason not to use a password manager. I don't understand that. So, oh, that's probably a good point someone has here. If you need more retention from up to Tacoma, you can scrape the data via Prometheus. Yes. I've had Nutanix for some years. It's okay. It's not cheap nor the hyperconverged cluster hardware. Yeah. That's true too. Oh, it is my son greeting son who is upstairs waking up finally probably because it's, I think you probably woke up one an hour ago. No. By the way, it's 4pm. My son just like sleeping in sometimes. Having trouble auto start VMs on XEP and G auto booting XOVM still enabled auto boot sending you ID of VM any tips? Not really. Because it always works for me. I don't, you're gonna have to dig in and look for some error messages because if I go to and like this one here, this one's actually this one's a bad example. This one's it's not turned on. And that's what it is. Alls I do is this right here auto power on and it works. I've tested it many times. When we reboot the system, it powers on. And I'm not doing anything special. Zoom in a little bit. It's just going to the advanced page and checking the little auto power box and it works. You can also turn auto fill and use the two clicks it takes to manually fill. The problem is the manual fill works as well. They fixed the problem with this. So I've been awake for two hours. Thank you very much. He's awake for pizza Thursday. Yes. Yes, for sure. Yeah, but there's one of those things when you look at this unsandboxed problem. And I think give me a look, see if this works. It's probably I think this, well, it's not opening, but I have a feeling the site's getting hammered because this went this went wild this morning on Twitter with lots of people sharing it me included. So I'm clicking on it's not working right now where they took it down to keep glitch faster for everyone. Inactive projects go to sleep and wake up on requests. Waking this up on request is what the error I'm getting. I think it's just overloaded, but I could be wrong. Maybe people don't test these things. I was testing to make sure it was patched. I don't know. The site's just spinning experience, whether it be in a home lab works work test bed or in live network is best way to learn. Unfortunately, if you want to work in the Fed contractor, you have to have some search security plus. Yeah, I mean, basic ones like security plus network plus probably not a bad idea to have just in general. But yes. So let's see. It seems to be spun up and working out. So this is the sign in where I created. Well, that's bad gateway was working. It worked for a moment. It worked. It should not fill this one in. So let me double check. I'm on the right one here. But it should not fill this one. And this is the password manager should not auto fill the credentials. But well, this demo, the demo is not working. It's not actually the pages and finishing loading. But nonetheless, the I tested earlier when it was working early this morning when I tweeted about it. Every situation where D pinger causes issues with cable wind connections and pf cents and D pinger runs and when connection drops due to packet loss every hour, no issues with D pinger off. Yes, for reasons I don't understand, if I could scream at the ISPs who don't like extra pings, I would. But I can't because they don't care. I remember someone ranting once they quit breaking ping. I've seen that rant a couple times in different networking subreddits. There's just companies that decided to turn ping off. We had a problem with Comcast and that part of them turned out to be Comcast telling me some of the bad information. So we were having trouble not getting out of their network. So instead of pinging the gateway, we went another hop further per the Comcast engineers so they could help trace the problem. Then the problem went away for a while and we were happy thinking they fixed it. Then the problem will come back and then the problem started getting persistent. They had rate some rate limiting on a system they told us to ping and they didn't know why. I ended up with these high level engineers talking to them and the guy's like, someone did this wrong and I'm like, why would you rate limit your ping? And he goes, I don't know why someone thought this was a good idea, especially because it's the one we tell people to ping to try to figure out where inside the network the problem is. So companies breaking ping, I ping something else. I don't really have an easy answer. But my guess is they either through filtering, like they don't like too many packets going out that have ping or whatever, that can be an issue. One password was not affected by this, but technically no one was affected by this. A security researcher found it, it was patched. So it was a specific way in methodology, but this was not found out in the wild. This was a security researcher who found it. So even though they found it and it was patched, there's no evidence that this was ever done in the wild to get people to fill in for a phishing site. So the same issues with your NAS scale, VM networking, something about being unable to ping the host, looking at using it for single box home server. Oh yeah, that's still a thing because I don't know. There's an argument about they don't want to fix it. I don't understand that either. There was a claim in one of the forums and there was some wording in there that if I can find the post, I thought about doing a rant about it because I disagree with their assessment of this. But the virtualization is unable, like this Cisco dashboard running here, which I'm going to shut down. Yeah, stop. I don't care. This does not have the ability to ping the system itself. So the IP address it gets assigned cannot ping back to the system. And I don't know why they chose to do it, but well, I do know why they chose to do it. I don't know why they came to the decision. I think it's a security thing that the VM shouldn't be able to talk directly to the NAS. I'm like, in what world is that when it's a NAS, you want the NAS to talk to the system because this gives me my closest and fastest access to the shares on the system. So because it's a NAS, it makes sense to me to be able to ping that. But they think otherwise, they think it's a security problem. And I guess you could make the argument if this was, let's say XEPG, you could put a barrier in there and say, hey, you know, or ESXi or insert name of your favorite hypervisor, you could say those hypervisors don't ever need to talk to the management interface. Okay, that's, you could say that that the VMs probably shouldn't talk to the management interfaces, probably some reasons that makes sense. And you should be configuring your hypervisor in a way that your general VMs aren't touching the management interfaces and keeping things separate. That's definitely something I'd recommend doing. But when you have a NAS that you want to do shares on, now the part, the wording I didn't like that they add in there, someone referenced my video and Wendell's video. And they said something like, you know, they're just YouTube people, content creators trying to get likes. And I'm like, no, I'm not a content creator just trying to get likes or attention. I think attention is the other word they used. And I was like, no, I'm not trying to get attention. I'm talking about a use case that the majority of people I interact with like through forums and posts and also in that forum post say, yes, these are features we would like to have in our NAS with the VM. So it's not a bug, it's a feature. Yeah, I don't know. I don't, I have no idea. It's a bug, not a feature. I just installed open VPN Ubuntu. I have a USG. Do I need to open the port? I can't connect. If you're asking that question, you should probably think clearly about if you got these things configured securely. I'm not sure if you would solve on Ubuntu is Ubuntu the server? Because that would, you'd have to open a port if so to get to it. That's a bigger topic than we can cover here though. Have you heard Synology Failing drives more frequently in version 10.1? Nope. Not at all. I like your live chat setup. What tools are using display? StreamYard. StreamYard has been a great tool. I've been using them for a little while. I'll just throw this in here because this is anyone interested in what I'm using here. It just makes my life easy for doing this. Happy with my Unify 8 switch, security gateway setup, but my Cloud Key keeps having issues. Do you recommend replacing the microSD card? Cloud Key, unless it's a Gen 2, should be retired. The Gen 2s are fine, but the original Cloud Key, they're past end of life. Just dropped by to say thank you a million for your videos. Been a great inspiration for my pro work. Awesome. Love to hear it. I got to dig deeper into it. I don't know there's not to report. It's a big deal, but not the end of the world deal. I could say, hey, we should probably use a few more iterations for this encryption, but it's not like it's incredibly weak encryption and they're working to fix all that. I want to make sure I fully understand the scope of it. It's not a matter of obscurity. I want to make sure that I'm accurate in what I'm saying on it. My understanding through the brief technical I read that they just need a few more iterations, but it by in no way makes it a really weak system. It still comes down to you having a good master password. That's one of the incredibly important parts about it. You should definitely have a good master password for it. I just, I didn't upload this video yet, but I will be talking about the Synology. I got a couple more videos I'm going to do on these, but the Synology flash station, yes. And by the way, I wouldn't call this a flaw. It's just a not as many iterations as recommended, which like I said, they're fixing. So flaw is not exactly the right word. Just try to say, thank you. Did you, did you ever get like an imposter syndrome for not using more big brand names? Not from that. That doesn't, that doesn't give me imposter syndrome. Synology all SSD versus TrueNAS LST. Heard ZFS is currently more designed for HDD. That's not true. TrueNAS even has options for when you're using SSDs. The I got to figure out where it is because this one's running scale. If we look at the storage, is it managed datasets? They have even, where's it at? I figure really moved it in scale. I know right where it is in TrueNAS core. They even have options in here for doing the, no, I don't care about that for telling it it's SSD and how it runs the trim. So ZFS is, works with SSDs perfectly fine. Do you use SRIV at all? Does XFB support it? Offline migrations, SRIV, NICS enabled. We rarely have it deployed by at many places. Have you tested the speed of SSP SFP 28 on SynologyNIC? Yes, it's 25 gig. You can up your bit warden iterations manually. This is true as well. I may talk about it from that topic because if I do the video, I do it how to change your bit warden iterations. I want to set up a home lab and practice using VMs, practice thanks for that. Start learning web app hacking and pen testing. How can I keep my practice safe and completely off my home network? And the answer to that is create a separate network. So you can create, you know, start with a VLAN in the beginning and then you'd be able to make sure things are sectioned off. Now, until you get good at it, you're not going to be good at separation. The first thing you have to learn is how the network separation works. Tom, do you use iSCSI or FiberChannel? I made the share work on Surenish Core using a tutorial. It seems like there's none for scale yet. Or, I don't know how scale works with FiberChannel. I haven't made any scale tutorials on iSCSI either. Jason Sliggles here. ZFS can handle both ARC and Crap might need to be, well, we're far enough in the video. ARC and CIP might need to be tuned for a full SSD to load. How do you do troubleshooting WireGuard connection drop connections? That's a networking question in terms of what's causing the drop connection. WireGuard doesn't drop because of WireGuard reasons. WireGuard links and stays linked unless there's connectivity loss. But one of the advantages WireGuard has is it links up so fast. The negotiation because it doesn't have a lot of different ciphers in it. The negotiation is like instantaneous when WireGuard does its handshake. So it's usually if the handshake works go back a layer. You're not dealing with it at the right level. It's not a WireGuard problem you're having. You're having some type of network drop that's causing the problem. I don't have any current videos or plan to make any soon anytime soon on FiberChannel. I'll assume this is Jason logged into the account there. SFV28 is 25 gigs. Yes. I've got some videos on that as a topic. Well then we'll pull something up here because we have our production aggravation rack and we have the Synology. One of these is Synology. I don't know which one now. It's plugged into one of these at 25 gig. I think it's this one. Anyways, the kind of pink color is 25 gig in the unified system. For an A-based Synology hosting SMB PC backups DVR media server, do you recommend a single large volume of folders for each service or separate volume sheet service? The DVR part is a challenge because it really comes out on how many cameras you have. You may want the DVR dedicated to its own volume because it is write intensive, but when it comes down to DVRs, especially, we usually recommend, especially because of security reasons that people want to publicly expose them, kind of just so you're aware and it's up to you about what your risk tolerance is of putting all your personal data and your videos on there and then offering it any public exposure. But with doing that, you can run into a tug of war, if you will, between writing to it and slow performance of other services you have running on there. For example, let me pull up my surveillance station system, just one of their little 2B models and we'll pull up the usage. Just by running this, and this is the Synology DVA 2B model, you'll see that the CPU just sits here at 50% doing nothing. We're not even watching the videos, but just the background processing of all the cameras keeps this kind of working. You also see not a high, but a pretty persistent writes going on there, so you may want to consider splitting them into separate volumes, but it really comes on how many cameras and how much workload you have. Do you understand? I will do a video where I always, when I do videos like that, when I talk about how the key degradation works and something that technical, I usually script it out so I don't get anything wrong. I'll make sure my wording is precise, which is usually copied from exactly their documentation or however their cipher's done. So yeah, there's a, hey, we found Jason. When I do a video about it, I'll make sure I'm very clear on how they do that. Is there any way to test one gig client performance in conduction with 10 gig bit up place? For example, if you have 21 gig clients talking to a 10 gig base storage, problems usually you buffer. There's ways to test it. You just, like for example, you can run IPerf. The difference is though IPerf is single port at a time, but on the server, you can actually spin up multiple IPerfs listening on different ports if you're just trying to test the network load. Which tool do you man for duplicating Windows VMs with all of its prefs installed and software connected to duplicating Windows VMs? I mean, technically I can just clone them. Like if I wanted to make a clone of this, I would just click clone and I'd have two of these. If that's the question. So yes, you can clone them in XCPNG. Fiber channels, fiber channels, just layer one. Yes. I think what the, what people mean is SD needs extra tuning out of the box. It's built, there's a check box. So you, you check the SSD box. What's the best open VPN client want to use with something Windows 10 connected to my BIOS VPN server? The official open VPN client is the best open VPN client. Oh yes. SFP is one SFP plus is 10 gig QSFP is 40 SFP is 25 and QSFP, SFP 28 is 25 and Q, yes, those are all correct. Yeah, the Q is the quad fiber bundle. I, you know what, me and Jason, let's do a video on that. Cause I think it's a topic that people get mixed up is how the quad bundles work. That's, that's a good topic. Me, me and Jason need to do some more videos together on there. Just want to say thanks for your videos. Awesome. Glad that you've learned a lot. Make sure we start catching up here. Do I have a video for IPERF? I think so. I actually think I have a video on that. Yes, it does come with its own headaches. I have non zero modifier channel experience, but 16 gigs is where I last used it. Yeah. I, I don't see as much of it. We just don't run into it. Oh, we, I see old fiber channel and we're usually replacing it with like SFP 28s and things like that. So don't close windows. We endless sis prep. Yeah. I mean, I need more context for the cloning. Sis prepping it would be the way to do it sis prep. You sis prep it, shut it down and then build all your copies off of that one sis prepped one. What do you recommend for VDI? I need more context for that question. I'll look my sons here. I think you have a couple brocade 300s and some FC cards if you want to play. So the question, so the Q is the reason you can get four by SFP 28 from a Q SFP 28. Right. You see more infoband these days. It's not pizza time yet. It's only 430 Eastern standard time. No VDI. It sucks. Yeah. I realize I got the wrong logo on here. Let me change the logo. There we go. We still had the homelab show logo. If you get a VDI, see a doctor. Just in general, I have decent algebra horizon, but looking at something else to deploy for small business that need VDI or just in my home. I mean, are you looking just for a virtual machine system? Are using any services in Azure Airbus connected to your on-prem services? We are not. We have clients that are. Is there anything worth trying? I'm looking into easy copy to save some time on backups and blob storage. I am not the expert on that. We have clients using it. I have staff members that are way smarter at me at Azure and AWS stuff. That is not my field of expertise. Q SFP plus is a lag of the four 10 gig ports. That's what I think we should probably do a more video on first would be that rather than some of the fiber channel stuff. Have you used breakout cables? What do you mean by breakout cables? Sun is too early for a beer. Marcus should do pizza review during the halftime. Yeah. Oh, you're asking about the VMware horizon, ABD, Windows 365, Citrix DAS? Yeah. Nope. There's not many. I can't think of any open source solutions in that topic. This is where you've got to be very concise. I try to be very concise when I say can XTP NG replace VMware? I should always say exactly what component of VMware because VMware offers a lot of different things. No, it doesn't have the full horizon suite in there. There's always that nuance of it doesn't support everything or the Citrix remote desktop is a popular VDI solution. What was it called? It's not Citrix remote desktop. I forget the name of it, but the Citrix solution for VDI, which is running unpatched somewhere right now publicly exposed on positive. How many people do you hire as many as I need? Do you have any experience with NDI does to network in terms of latency? Nope. Oh, those type of breakouts. Okay, now I know what you're talking about. Yes, we've used some of those. There's a couple of when we did some of the larger high performance churnas installs, they use the breakouts like that. So now I know what you're talking about Citrix web space app. Is that what it's called? I did kind of forget. I guess that's a VDI solution Apache guacamole. You can build one. It's not turnkey. It's you can put together some tools. It's not it's not the same as what you're going to get with some of the commercial solutions. But I always look at anyone running in those remote desktops. It's a it's a patch until they make a web version of whatever it is you need to run more and more things are moving towards web version for a good reason. Because connecting remotely to some desktop just to run some local application. That's just a patch on the past. That's a way to get it working for now. And yes, we know that legacy has a very long tail and we're usually supporting things for way longer than he should ever be supported. But nonetheless, you know, web apps are pretty much where the future is going as I see it right now. What's that? Oh, you bring me more water? No, I only bring beers father. Oh, either Thomas or he could assassinate him. No, I hear the door. It's not that loud. It's got a soft close on it's one of those sliding doors. I like it. You can virtualize apps as well. Yeah, there's app publications. Ah, yes, my son's my hydro homie. Back over to here. This is the thing that I'm going to publish a video on. I think I already I think I haven't recorded. I say I think it have recorded because I did record it. I didn't edit it. And until I edit it, I don't know if it's exactly the video I want. But I want to talk about the Synology system and the drive requirements. This is one of those topics that people always doom and gloom about. But this is the stupid error you get if you replace a knowledge drive with a non Synology drive. And this is stupid to me. Synology says warning issues have occurred. There's a storage pool problem. What could this problem be? And this is the air the storage pool contains one or more unverified drives. And what does an unverified drive mean? It wasn't on their certified list. But that being said, it works. So we look at the itself. It shows red, but it also shows allocation status working. This is the thing I want to make sure is why I might do a dedicated video about what happens when you replace a drive and Synology with a non Synology drive. And this is that answer. The non Synology drive will work. But you're going to get an error message you have to deal with where your radar always says there's an error. And there's always the doom and gloom people that say this is what this is what the future Synology looks like. They're going to start, you know, forcing us to use their drives. But I don't see that this has been around for a little while. And it's really only their high end models. It's only their high end models because they want a very specific performance profile that they do this on. But it's one of those things that, you know, it's it's going to be an issue. But I always put it at the beginning of the video. And I always preach awareness. If you don't want to if you want to buy a Synology flash station, one of the requirements is it needs to use the Synology drives. So knowing those two pieces of information that helps you make a decision whether or not you should buy a Synology system. But at least we'll show people what happens when you don't listen to the Synology. You should have a camera covering your back at all times showing the monitor next to you. Merge QNAP and Synology need to be great. QNAP is just bad at security. Can't you say, Synology, trust me, I verified the drive. No, you cannot. I wish they did. That would be great. I've noticed a drive my 121 making a chirping noise randomly DSN reports all healthy and idea what I should do next. Until the drive dies, there's not a lot you can do. Can you suppress that alert? Not really. 8 to 20 PoE Capris, a Pipee and a Synology NVR just NVR video archival, which Synology recommend? How many drives of what type? Use the Synology NVR selector because that's what we use. They have a tool on their website that does that. How many servers per hour can you build? I've never thought about that. That question never comes up. I would imagine how many servers can your, oh, your son build. None. My son has, my son likes video games. My son does not like networking and other technologies. Only in high-end. Never had that issue. You can use anything in a clutch and later put a Synology in. That is correct. 10G, network, Synology 16.1 plus Windows PC with 10G Marvel. Everything is connected. Unify, Flex6G, Switch only getting 6G. Everything is minimal. Cat6A tips. Hard to say. What's getting 6G? The virtual machines inside of there? There's a lot of factors that may be causing those problems. No different than HPE and NetApp. This is one of the things that people don't realize. They see Synology and they're going, oh, okay, this is a consumer device. But the reality is, when you're in the enterprise space, you're used to companies. Matter of fact, if you buy a dedicated Shurnass server and you want their SLA agreement, they're not going to say throw in any drive you want. They're going to install the drives and sell it to all together. Synology is most likely sick of people calling and crying about not getting speeds. They said when they use the cheap drives, true. Travis with the NVR selector. Any recommendations for a 12 terabyte RAID 6 volume? Don't use RAID 6. I don't know. I guess I need more context for the question. 12 terabyte RAID 6 volume. I guess, are you going Synology? Are you going TrueNAS? Maybe Synology, because you said RAID 6. Older model Synology we ordered HPE was incompatible, but received a newer vision, so it was show unsupported. How do you story is leak? Quincently was working on a Synology in one of my data centers with two failed drives at once. Oh, yes. How you doing, Sean? Sean's a fellow Michigan person here. People putting shucked SMR drives in their Synology and opening support cases for Solonus. Oh, I'm sure. You don't see Synology happening. I mean, we have a few cities we've done some work with that. I mean, do you consider a city enterprise if they have like 50 users inside there? Are they small business? I don't know. But we had a couple cities, roughly 50, 60 users in them that we talked to. They have an internal IT that was managing this and they all use Synology and they loved it, and they weren't having problems with it. So I think it's a solid system. 10G network follow-up. No VMs, bare metal windows that I prefer via command to a Synology IPer server on Docker container. You know, that's the question I was going to ask next. If it's running natively on Synology, I don't know if the Synology networking is able to keep up. That could be a factor. I really, I don't know. That might be part of the problem. The Synology can only with their virtualized networking in Docker only go so fast. There might be a limitation there. I would try a different non-Synology system first and go from there. See, can I mute this site? There, mute. So hopefully there's a solution to it. But now the good news is, and let's go back over to Synology here. Can you replace the Microsoft full stack? I don't know about full stack, but yes, you can use some of the identity management in Synology that would give you some of the features of Active Directory. It's not 100%, but they do have some identity management tools that will allow you to do that. What I do want to show, and I'm going to do some new videos on Active Backup, because there's a lot of questions about it, and we're going to delete this. I understand I'm permanently deleting and making this unrecoverable. That's fine. All right, we've deleted this. And we're going to do this in real time here, because real time is the best time to do it. Delete this. Now I have a backup of, and I can always still delete. I always tell everything deleted and settled down before we do the demo here. Synology or QNAP? My problem with QNAP is their security is terrible. So, definitely use Synology. Synology does have encryption options for their systems. Synology features look great, but I'm super happy with my R730XD for storage. Yes. Does Synology have any 32 gig or 64 gig network interfaces? Well, seen as network interfaces do not come in 32 or 64, they come in SFP28, which is your 25 gig. And I believe they have a faster option is why I think they can do 100 gig on certain Synologies, but they do like this model has a SFP28, 25 gig in it. For which use case is QAT crypto important to compare AS&I, and is it available on anything else other than net gate appliances? The QAT crypto is only available for PFSense plus. So it's a, I believe QAT crypto is only enabled for PFSense plus. As far as the availability of it on processors, it's available on a lot of different hardware. Someone says the, I'm assuming this is back to Synology, it's still at a 2008 R2AD level. You have two SA3200 HA units, each with two expansion units. If they work out of the box, they seem to be pretty solid, but we've had so many failures. Huh, that's interesting. We haven't really had a lot of failures on them. Is there any advantage using iSCSI boot device for Windows VMs? I see how choose for attaching the iSCSI device after the fact non-boot, but I wouldn't use it for a boot device. No, I probably my Dell R720s, eight base SAS SSDs, Trinash RAID Z2 pool, extra drives for replacement, setup. Okay, sure. Should I leave two HE spare use only six of them? It all depends. The nice thing is, depending on your budget, it's nice to keep an extra drive sitting out of the system that's at the ready. So if you have the budget to keep on extra laying around, awesome. If you don't have the budget and you want to just keep the ones you have in there, do that instead. Let's see, on a DS1820 plus RAID 6 is the best option to tolerate two drives failures or your thoughts on SHR. I haven't had any problems with SHR. It seems to work perfectly fine. Sometimes the failures haven't showed up until I stress test the volume, which is unsettling. Yes. If the, then the hard drive fails on one of the HA modules. Interesting. Use all eight of them and buy a spare or two. Yes. It's been a long couple of years with Synology. Yeah. Let's jump over to the demo now that this thing's doing nothing. So we have this backup and I want to show the restore. This was a cool feature of Synology and not everyone knows they can do this. And I didn't cover this in my previous active backup video, but let's look at one of these restores like this one here, that's from yesterday. We'll go here. Next, we're going to do an instant restore. So this will instantly restore that backup that was done of another server. And we're going to do this in real time right here on the channel. All this one doing it live. Next, this is a cool thing, automatically switch the disk controller to vert IO after switching Synology. We wanted to do this and this is going to inject the Synology drivers. So it does vert IO properly. So let's go ahead and next, next, next, oops, back. Give everybody access. Why not? Done. Now, what we're doing here is in real time importing. So someone count the seconds from the time I clicked yes till it's done. And oh, it's done. What was that like four seconds, we just restored that VM. This is a cool feature of Synology for sure. It's just one of those neat features. What did someone say? Oh, yes. May the demo gods be in your favor. We're clear they were because it took all of four seconds, maybe five seconds to do this. Now let's power it on. Because that's the real test. We took a server and now we're going to power it on. Now this takes a little bit longer. So we're going to, it's going to hit repairing. But we're going to do this in real time as well running. So now we'll hit connect. Now we're going to watch it boot. Now the boot process is going to boot twice. Got to boot up once, inject the drivers, boot up the second time, and boom, it'll be online. But that's still a pretty impressive time. So this process is going to take probably another 30, 40 seconds, maybe, but a minute from oops, my server died, when's my last backup to, Hey, let's restore it and let's boot it and let's have this server running inside of a VM on a Synology. That's an impressive feat that I was able, I was just, you know, happy about. Now I know Synology is not the only company that does this. This is something that can be done with other services, but Synology does not charge licensing fees for it. If you buy the hardware, the active backup is included. So you can back up your servers. And if any of those servers or desktops, this is something you can run on an individual desktop machine as well. If they die, you can run this and restore it right to the virtual machine manager. And while I was babbling, it's booted up and now the server's back up and running. That's just an impressive way to get things back up and running for a client without a recurring license fee. I think, like, I know that the technology is available from other vendors, but the other vendors almost always charge subscription fees, not license fees, I should say subscription fees for services that work like that. Oh, let's see. Someone asked the question here. Synology doesn't use ZFS, it uses ButterFS. That is correct. Is Verdeo a big deal? Didn't bother setting up for Windows VM and TrueNAS. I mean, you want the best performance out of the drivers. So yes. I keep missing the part of the demo. What's the source of the backup you're using for the demo? What types of source are supported? We're going to restore other Synology hypervisors. The source is just a, it can be a bare metal machine. This case, it was actually a VM running an XCPNG. It's this particular VM running an XCPNG. So this is, excuse me, this is just a normal VM that I have set up over here and we cloned it over, but it doesn't matter. It can be a bare metal machine. It will work with bare metal. It'll work with other virtual machines. So it doesn't matter about the source. What do you recommend as a web application firewall? That depends. I'm not a web application firewall specialist, so I don't have any particular recommendations. Cloudflare makes nice stuff. I have four same SAS 8Gs of spares, but I saw some videos where they had drives and tell you TrueNAS that they are spares. Yeah, I would lose the capacity that way if you don't do, if you have the spares in the system, yeah, they're not available for the capacity. That is correct. Reminds me of Veeam instant clone Veeam licensing is big bucks. Last time I saw a great product. Yeah, that's an example. Veeam is a popular one. Datto makes stuff that does this. I think storage craft still sells products like this. But that all comes with not licensed, but subscription fees. There are some limitations on the backup in terms of how many you can do simultaneously. Stylegy, I think, has a calculator for how many simultaneous backups, if it's 10 or 20, and that varies by machine. But there's not a license limitation on it at all. Smash the like button for sure. Yeah, I really like this ability to go in there and just be able to instantly restore a server, get it up and running fast, and we can run that demo even again. So let's go ahead and share this tab, shut it down. Matter of fact, once it goes through, I can probably force shut it down. Oh, it's shutting down because then we'll fire the other one up. So let's go ahead and delete this one now. Let's make another one because we're going to go over here and we can boot this one up and do a new backup. So let's boot this up and do a backup here. This is my active backup demo. This is the server I set up. Well, I commandeered it. We were using it for something else, and its new purpose in life is that. Is that an active VM backup? Is it XEP and GVM backup with active backup? Yeah, I just was using XEP and GVM out of complete convenience because I don't feel like setting up a physical server or physical box to do it. Yes, Zora does have good reporting. How do you move the instant restore back to the original box? That's a good question. And you would basically do that. If you wanted to move it back to a box, you would do the restore process, which active backup has like a bootable USB. You would run the backup again and do that again. So you're just kind of like reversing the process. This is a good, yeah, handles VMWare and VMWare cluster. I think Jason is referring to the Synology here. Thank you for asking community, words sometimes are hard. Thank you, Tom and community for these streams are awesome. You get to directly answer questions and you manage to answer almost all of them. I do try. There may be a time where I am less good at answering because there's too many questions, but hey, that's just a challenge I want to get to. Yes, Zora's reporting is very in depth, even with their productivity tracking. Yeah, there might be some videos coming soon on that. So I'll let you know. There's, I've been talking to the Zora's people about that. Can you do XCPNG, IR, SRV tutorial? Maybe low on my priority list, because it's kind of niche. I don't know in right now, I don't think I have any servers. I actually got rid of the servers that I had in my lab that support it. So, so right now, no, maybe futures possibility. All right, back to this beast. So let's find the password to it, which is not, where did I put the password to it? Somewhere. I know where it's at. I don't feel like getting it. We're going to do it without a password. We're just going to run the backups from somewhere else. Well, no, hold on, I should open it up. Open up that and find that password. It's a long, my staff, even for internal things, like lab stuff, they set long passwords that I can only copy and paste because they're so long. So let me log into the system real quick and then we'll, so I can put the password in, which in order to even get to the password, I also had to touch my UB key so I can get to the thing. Then we're going to share this so we can watch Tom type in a password. It's really long. Where did it go? There we go. Now you put the password in. In Bitwarden, yes. Would I like Tom's content? Interesting. That click bait. The best bit, yeah. It's hard because I mean, if I were just chasing views, I kind of get it. Like, if I'm trying to sell to advertisers and that's the, if you already dedicated a YouTuber, you need to get a lot of advertisers to make a living at this and you need views because that's what the advertisers care about. You can tell them, hey, I have a great audience. Instead of going, we want a number. Cool. Telling me you have a great audience. We want to see a large number because that large number of views is what we're going to pay based on. So it can be tricky because you're chasing a lot of views and it kind of forces the content that way because I have a business on the back end of all of this. That's who's paying me for all of this, so to speak, is my own company. So there's a little bit different. Long passwords are good passwords. Yeah. Long passwords are great until you got to type them in. But let's pull up the active backup here. So we'll come on. There we go. So we'll kick off another backup. So we switch over to our Synology here and we'll go to the, we got to get rid of this because it creates a new one. So there's that. That's why there's two of them in there. But good task list. We're going to say, back this guy up. We'll switch back over to here. And you can see it's kicking off a backup now. Tom's honesty is why he doesn't get unified swag. This is true. I was honest about a couple of their products and now they don't want to give me no more swag. That should be a shirt. I was honest about their products. They won't send me free stuff anymore. Fun times. Yeah. All right. So we did a backup. So now we have an even newer version of the backup and we'll go back over to this tab. So if we go back here, we see backup successful versions and I probably zoom this in a little bit just so people see it. So here's our 126 backup. But the process is the same. We go through, well, first, I recommend this because you'll have a conflict if you have two of the same computers on the network. I recommend you take and shut down this system. I know it's probably cutting off part of the screen, but we'll share it over here. But we want to shut down this system. We're going to pretend it died by shutting it down. So this one is going away. Share this tab. And now we're going to restore it over here. This is just fun to play with how well this works in Synology. Instant restore. Doing it live again. Next, next, next, next. Sure. Next. Powered on. Yes, done. Let it run. Let it fly. We're going to watch it as soon as it starts up here. I'll answer questions while we wait. I think it took 20 seconds. Unified slacking on sending Cody gear. What am I bringing back the cat shirt? I still have the cat shirts. What do you mean bringing them back? I was looking to see if I'm wearing one now. Humans are rubbish at random. True that. Honesty doesn't get you unified. True. They don't want to send people 3K cameras they can't sell. Yeah, that's part of the problem. If you do send me a bunch of this stuff, you're doing the boot up thing now, if you do send people all this stuff, a lot of it's out of stock. So cool. I'll do a review on something that no one can get their hands on for who knows. Computers are rubbish at identifying random. Yes. This is the cat and mouse game of threat actors and evading AI systems because, oh yeah, I'll just put some AI in my magical threat protection system and I'll throw it all over my marketing and that'll magic away all the potential threat actors. The reality is threat actors are often and people are often very clever at getting around some of the automated systems. That's actually one of the things I've talked about on my reviews of Huntress is the value of Huntress is they have really smart people that use good tools to filter out the noise. But in the end, Huntress has really smart people managing all that system. That's actually why Huntress has a lower false positive rate by far than the other tools we use such as sent the one. By the way, this is up and running. So let's go ahead and put the long password in. Here we go. Round Robin DNS is not load balancing. This is correct. Because we backed this up live, we end up with the unplanned outage because it took its snapshot of the system while it was on. So you get this error, even though we shut down the other one properly. But like I said, this whole demo worked that fast, we're back up and running. I kind of get a trust certificate error on the host. You just have to tell it to trust the certificate. If you're not using a certificate, you just tell it to trust the untrusted one. AI versus AI soon. I don't know about soon. But it works. Works. We'll put that in quotes. So AI is writing malware with chat GPT. But it is putting coding in the hands of people who may not know how to code. Is it better than someone who's really skilled at coding? No. Is it going to be more accurate than someone who's more skilled at coding? No. Is it better than me at coding? That's a low bar to reach. Computers beat people at chess. Computers beating people at coding, or especially things that are not good at like regex. That seems like a pretty good use case for it. Does that mean it's going to be the future of all things? No, it's just going to put more accessibility into people's hands to do different things. But it's going to be interesting how it plays out in the future because it's going to come down to cost. How much is it going to cost to run these queries? Does the cost of running the query and people being able to brute force their way into talking into creating a nefarious piece of code to do something bad, will that cost be cheaper on chat GPT or through the ransomware companies that lend out their software? There's going to be economies on that and we're going to have to figure out where the market falls on that. So it's not like it's the end of all. It's just a new interesting dynamic that's being tossed into the messy market already. Those Twitter and stock alerts account for unified pies never stay green for long. True. Oh, let's see. Champere, which question Jason's answering. Well, that depends on the client as to the ice, because the VMware, for instance, will handle multiple gig E to multiple gig E and make multiple connections. Windows, I'm sure. Yeah, this is something you can do in XC PNG as well. And I think correct me if I'm wrong. What we're talking about is going to be more along the lines of where's it called? Multipathing. You can do XC PNG support this. I know VMware does as well. You can do multipathing and there's different scenarios where you may want to set this up. It's different than like LACP. It's actually the ice because he protocol handling the multipathing where you have multiple network segments and you can send the data across them which can give you an aggregated performance. We're having a conversation as comments. Join MSP geek. There's a good one. If you're on MSP geek or something, happy to talk. So, yes. There's a Jason's like, it's not a hard person to find it over an MSP Greek. LACP would probably not work with ice because he yeah, I think it would probably break things. There's a reason you should use multipath instead. There's a reason multipath exists. My preference is usually to do NFS with some exceptions. Synology being kind of one of those exemptions on there. Ooh, SMB multipath. Okay. These are, at some point I have to have just Jason come on here and we'll just jump into, we'll just do some videos on some of these topics so we can better talk about them. But this is why I have that email scrolling along the bottom because this might also drive me creating if it won't be covered in a vlog. It might be something I do a video on as a topic because I know people might be asking about it. NFS v4 is better at it. Write that one down. Ooh, NFS v3 v4 or do we want v4.1? Because I believe that's what you need when you're doing these. If you do a new storage, think, what is it? Yeah, you can do four or 4.1. I think I have to double check. I think it's 4.1 where you get all the extra multipath options in NFS. Please advise NFS storage for Proxbox. Use TrueNAS. There's my advice. I don't, maybe I don't have enough context for it. Ooh, SMB multi-channel. There's a lot of challenges with Samba and doing, like even the way Samba does threading is not the equivalent to way Windows does it. See, when Microsoft writes with stuff with their SMB, they're writing it for their platform exclusively. Things like Samba, work on BSD, work on ARM, work on Linux. It's a varied amount of processors and things like that. It's different challenges in getting that to work. It's not necessarily built into all the Samba implementations to get the same equivalent speed you may get out of a Windows server. I've been back and forth on which technologies to choose since the the pace seems incompatible with the pace of certain fields and recommendations. I guess I don't know which technologies to choose as we're choosing between. Maybe that's, I'm not clear on that. Oh, but then people get the exports wrong. Yeah, that's probably true as well. Hi, Tim. Where do you get the emojis for Zen Orchestra? How do you insert them? You can go to Emojipedia? I'm not joking, man. Just head over to emojipedia.org and we'll share this tab. There we go. Pick your favorite things you want out of here, like unicorns. Like here's a unit. Where's, oh, draft, draft, camels, goats, ew. I like ew. So we'll just copy this over here and we'll go back over here. And there, we've thrown some sheep in my system. You can do this all over the place. I kind of like it because it's fun. I mean, who doesn't want your log server to have logs in it? Because that makes sense, right? We call this Project Tunnel Bear, so it has a bear. So we thought it was funny. I like the little Wi-Fi symbol for Unify. I like this Wi-Fi symbol, I should say. But yeah, you just paste them in. Best file manager for large transfers to 5 to 10 gig? I don't know. I don't often have to transfer those. Rarely when I've transferred large files, I've just used Synology Drive because it's convenient and easy. Dropbox, Google Drive probably most frequently. So Google Drive would be a popular answer for me. Yeah, you can do the Windows Plus key as well, but I prefer to copy and paste them. Is there a way of accessing NFS, SMB, and ICE because it shares insurance from within the NAS itself like File Explorer? No, there is not. Well, yes, no. Technically no. And I say technically no because you could, you could load under the apps. If you load like the True Church apps and you went to, you could run like File Browser inside of here. So there is things you can add on to do it. Natively, no, it's not supported, though. Yes, emojis are essentially regular characters. Images are easier to recognize. You know, here's a question. Let's see. I want to try something real quick. I haven't tried this. Does this work? No. Interestingly, maybe I'll ask Oliver Lambert about this. You can't use emojis in the search. I thought you still couldn't. Maybe I'll file a bug report for it. I want to use emojis in the search buttons because I want to search by emoji. I just checked and you can't do it. I'll share the tab in case you're wondering what I was doing. So my Unify, for example, has that emoji in it. But if I paste the emoji in, no results. Click here to reset your filters. Fun stuff. Wait for that support ticket saying, my VMs have gone down after someone put a emoji in the name. Actually, I reached out to Oliver before doing it and he said it's perfectly fine. They use this all the time. I was like, perfect. What are the specs for the Bitwarden VM? Four gigs, eight processors for no reason because the usage on a Bitwarden VM is nothing. It sets idle all the time. It does not take very much to run Bitwarden at all. So yeah, its memory usage is steady. If we went over the last year, let's do a year. Yeah, it just doesn't. It was using 3% of the CPU on our slower machine. But on the newer machine, it only ends up using, well, 1% of the CPU. But yeah, it takes very, very little run Bitwarden. My experience is the hype of E. I don't like it. I don't use it. Awesome. And thank you. Glad you sent me an email with that because then that's probably a fun discussion. We can talk because building resiliency into your enterprise storage with multi-path. There I summarize a video that's not clickbait. That would be a good title for that video. How you set this up, how you configure it, what, you know, why you do it. The other thing I've mentioned before, and I talked about this when we were talking about self clusters is people ask me all the time about building them. But I always like to start with, do you need it? And that's the same thing. Like, I think it's great to build lots of redundancy and have resiliency. Does your budget allow it? Does that extra complexity of having the multiple switches and the extra pass and the configuration time and error, does your budget allow it? That's the question you have to ask as everybody wants the high end stuff, but does your budget allow for the high end stuff? That's the question that you always have to start with from a business standpoint. Can we move one data set? Can you move data from one data set to another from a CLI and Trinidad's core? Yes. Yes, Hyper-V is a path to sadness. I actually would wager, there is a future without Hyper-V where Microsoft doesn't care and Microsoft doesn't even provide it. And it just kind of falls by the wayside. And it's used and unpatched somewhere for some incredible amount of time by a bunch of people that are fanboys of it. But yeah, I don't see a long future for it. Do you prefer SMB or NFS? So here's the thing, I would say I prefer using NFS. And here's why. When you're doing the remotes, and you're doing these, let me zoom out a little bit. For example, so these are NFS. I test both back and forth so I can do things. But for example, this right here, I'm using the, I think I got to click edit. Read this bottom part right here for people. I won't scroll down. Will scroll down that far? There we go. Store backup as multiple data blackups. This is 500 to 1,000 per terabyte. Now, there's a reason for doing that. That gives you a big advantage in terms of how fast you can merge the VDIs. But one of the disadvantages is SMB is slower handling 500 to 1,000 blocks being moved around and shuffled. NFS is actually from very small rights can outperform the way SMB. So because NFS is a little bit faster, I prefer NFS. And whatever I can, I'll use NFS for them because it can edge out for all those small rights. But the SMB works fine. I've run into some weird quirks. I've talked about them in the XCP and G forums. They're really edge cases. It's not something most people would run into. But if you can, set it up NFS. I think it works. It's just it edges out on speed. It's not night and day, by the way. It's not like you're gaining some 20, 30%. It's more like 5% faster. It's a very small. It's a very small increment. Oh, hyper V starting to charge for features. Your budget almost always allows it in the home lab. Yeah. But will your patients allow it in the home lab? That's the home lab question is, do I have the patience? I can usually get some use hardware for a good deal to learn on. But do you have the patience for it? What is a data set? Ah, data sets in true dance. That's data set as a function of ZFS. You have the pool, you have the drives that make up a pool. Well, so do the V devs. I kind of got to explain her on that explaining what V devs are. I've got a good write up in my forums on there. But the data set is a like a folder is where you would treat it. It is a contained data set because I'm trying to find the better word say besides data set within ZFS that has a series of parameters you can apply to it of ZFS functionality, whether it be permissions or whatever else, you you can set them on a per data set basis. I've got a better words I've used when I've done explainer videos on that. Once you start redundancy, it's a rabbit hole for sure. Yes, data sets are not exactly volumes. I see that down there, but we did enterprise little hyper V pilot and it failed miserably. We spent so much time on it. It was a Microsoft office. Yeah. Hey, Max, thank you very much. I have no thoughts on refs. I don't use it. Yeah, data sets not exactly a volume. ZFS would find someone who has better words than me or probably the words I used. Ah, I've actually shared this out. This is a ours technical. This is one of the references I've used before. I think this is a great write up because they have animations. But this this site and I'll drop a link in here. I was technically did a great job on this of explaining ZFS and what each component does and what it is, how they work, how the allocations work, how the copy on right works. So they have all that broke down very well inside of here. But they do the better job of explaining it. The next set of building blocks on your ZFS journey. Yeah, it's it's a lot to learn. If you want it in the short answer is treated as a folder, it'll work fine. You want to understand all the different details of it. It's a complicated topic. But they do have this, I like the copy on rights command, how that works. No, data sets are not the same as data lakes. Data says an independent solder or virtual volume that you can apply properties and policies to independent of the larger pool. There's there's a good wording on there. It can inherit it, it can have its own encryption. There's a lot of different, like we go over here and look at the data sets on my system here. Each one of these can have their own settings, own encryption, whatever, you know, everything you want to do and you can nest them in there. So like here's some work I was doing. Here's a minio test app I had set up. Here's some backups and different data set. Here's my computer backup. Here's backups from the offsite system that synchronizes to this one, which is also nested in another data set. And you see how they're locked or unlocked. Yeah, there's a lot of things you can do on a per data set basis. Some suggest you're nasty cloud, you only need to pay for what you're backing up to the cloud. You don't have to, like, I'm not backing up my entire NAS first because I don't need to. I don't care about 100% of the data on there. Some of the data just gets kind of whatever. If it died, it died. A lot of my lab stuff, I'm not going to waste money backing up. Next is the cloud backups, like Backblaze, who's one of my preferred providers. We only backup those things we chose to backup and we only pay for the equivalent amount in the storage. So you don't need to have a cloud as big as your NAS. You need to consider, though, you know, your costs of how big is your NAS going to get and how much will that cost. So yes, we like UV keys. Good streaming. Hello from Russia. Do I prefer true NAS or Synology? Yes, it depends. It depends on the use case. That's really what all these come down to, because you may notice that Tom has, you know, this right here running, but then we go over here. Hey, look, Tom's running a Synology on the same network. This is my Synology running. And if we move over to here, let me log into one more, because why not? And here's another Synology. I have a couple of Synologies here. And then I have, you know, another Synology here because I like Synology. I also have a few true NASs. I have, I don't know what you have more of yet. I think I have a balance between the number of true NAS and Synologies I have. So it all depends. Thank you very much, William Daugherty. Always appreciated. Back please charge for, yes, they have egress charges as well. Use cases. More people need to hear those words. I know this that's a big part of my job and I do consulting. That means we have a large list of products that I am knowledgeable on. And so is my team. And then our consulting is figuring out which one of those projects are fit for you. So that's, yeah. And Travis knows we have a lot out in the field. We got Synologies. We've got those in production, lab testing. So yes, we have quite a few both. I don't know what they, there's always a catch to any of those. And the catch is usually you can only upload or download so much data. There's limitations on your upload downloads. Linus Tech Tips has actually did, he did a video on, I think Google showing how Google, when they used to, I don't think they offer anymore when Google had some of their unlimited things, you would hit these limitations of just how fast you could ever get data in there. So they'd say unlimited, but you're limited by how fast you're able to get data in there. I have not used Guacamole and I don't know how well audited the security is on it. I think Guacamole is a pretty neat, the Apache Guacamole. So, gee, it's a popular project. So I imagine a lot of people are looking at it. I think it's neat. They do say commercial supported, but I really don't know. I don't know how good it's been vetted. I just don't have an answer for that. As cool as I think it is, how well vetted it is as a product. I don't know. There we go. I'm clicking the wrong button trying to get it to share. So it's neat. I think it's a, I've seen people do videos on it. I don't, I haven't dug into it. Maybe I'm, it's because I haven't searched up on it, whether or not it's gone through any really good code review. I'm always worried about anything that gets publicly exposed because the internet is full of problems and those problems look for open ports and those open ports will lead you down the path of darkness. So my Guacamole behind the VPN, probably fine. Guacamole publicly exposed. I wouldn't do it. I would not want to do that. It's scary running anything publicly exposed. Switch to Hyperbackup from Hyperbackup Volta on the Rackstation S3 NIO. Now it takes a lot longer to migrate when restoring old versions. Any thoughts? Yeah, that's slow. That's my thoughts on it. The Hyperbackup, when you're doing it, I use it myself. My Synology backs up to my TrueNAS and works, but you're right about it being slow. I don't have an answer as to why. I don't know if Synology's working on it, but boy, when you kick off a Hyperbackup project, it's not fast. Let's see how fast this one wants to backup. So next schedule backup. Let's sit back up now and see how long this takes. But I know this is not a particularly fast system, but it definitely is going to put a load on the system because it goes through this processing. It's like a re-indexing to figure out, I guess, what needs to be done. That takes a long time. It's a way to allow clients to send me files. My server is FTP, so the way FTP is a terrible way. I can answer that. So I have dedicated TrueNAS just for FTP. Don't use FTP at all. That's a terrible idea. There's probably services that are better for it. Synology, though, has drive and file sharing services, so we're on the topic of Synology. They do have it, but yeah. It's not something I'm going to recommend using FTP, not here in 2023. I don't do anything with Blue Iris. Blue Iris runs on Windows and I don't need that in my life. Okay, so that didn't take too long to get backed up. It backed up relatively fast. There's not much on here, though. And also, I only back up settings. This particular backup job, we'll edit it real quick. I'm not backing up any of the data because I don't want to. I don't care about it. I'm backing up all the settings because there's a lot of settings in Synology that I have configured. So with all the settings I have configured, I don't want to lose any of those settings. So I have it just doing that. But I know on my larger Synology, the backup takes substantially longer. Hyper backup over tail scale? Yeah, I'm sure it should work. What do you use for local offline backups take a Synology schedule timed outlet? Something else? Here's my offline backup that we collectively refer to as the football. So I have my cloud backups. I have my cross site backups. Then I have my football backups. The football backup is the final offline encrypted at rest backup that requires a password to come back on. Just so I have one more copy of everything needs to backup faster. Yeah. Hyper backup is fast enough when you use Synology to another Synology running hyper backup vault. I read that the target merge, I never really dug into what they're doing, but it's not just the target merge. The indexing it does beforehand takes a long time when a backup process kicks off. Before it sends the first few kilobytes of data, there's a lot of grinding going on before it actually does it. So and you're right, backing up a C2 is probably not an issue. I wouldn't use headscaling production. I don't, I don't know enough about it. I don't trust it enough that I would put my name on it. But we use a thing in production. It means I can't have a fail on me and I've not used that enough to tell you whether or not it would be well supported, secure and not fail on me. I just can't answer that question. And I don't really plan to use it that much. I don't have enough use cases for it. It's just better to buy the tail scale product and have their system do all the updates and do all the security and manage it. So because the problem is if I set one up, someone's got to maintain a server. My cost to maintain a server, you may as well just go buy a tail scale server. They're going to maintain it probably for a cheaper price. How do you force clients to pay for backup? You don't really force them to pay it. You, you let them know and have them sign something that's like a business risk and it's like here, you've declined this coverage. That means you don't have any backups in that we don't really have anyone that we really had to go that far with. I mean, we don't try to talk about it back up every workstation because it's not always practical, but they're aware and you just tell them about the downtime and the risk. You just have a discussion with people. You don't say you need to make backups. You're like, Hey, here's what happens. Here's your risk. Here's how long it would take to restore the systems. Oh, by the way, if you don't have a backup, we can't restore the systems. How important is that data to you? If it's not important, then that's fine. If you can, and I've had years ago, it's been re not anybody recently years ago, someone was fine with having paper backups for lots of things because they said any of this stuff can be re entered. I'll just hire a bunch of temp people to re enter all this data if we lost it. I thought that was an absurd answer, but some people are absurd. But yeah, some people are weird and absurd in its life. I got about so it is 530. I'm going to wind this down here. The Oh, that's it. What's the question here? Right? I'll answer last couple of questions. And the tail skills are supposed to be escaping the net and not exposing ports. Yeah, tail scales handling all that tail scales brokering all the connections to make sure they talk to each other without man without messing with the firewall. People don't consider the man our costs. Oh, we bring up the man. We we bring up the cost of whatever the cost of downtime. What is the cost to have all your employees idle? And I always say it the same way. What is the cost to have all your employees not working? Don't answer the question with a number. Just you make that number up and put it in your head. You pay your people X per hour. So average all that. Look at your payroll. How long is it if they're down for a day, two days? How does that affect the people you service? So clients, you know, your business service is something is either you're selling food, you're selling widgets, you're making widgets, you're selling widgets to another company. What happens when those widgets aren't getting made? So I do pay. I do paper backups. Yeah, paper backup one poof and it's gone. Yep, that's a thing. That's a problem. I'm shutting down all these servers. I'm going to save power and shut down servers. Today was a long session for sure. Yeah, I tried to I've been doing these for about two hours. And two hours seems to be a good time to run with them. After two hours, my voice will start to I can only talk so much because I talk fast. So nonetheless, yeah, if you this is a good point, if you work in an enterprise environment, 2000 people downtime is expensive. That's why as the company scale upward in size, they the smart companies, not every company, the smart companies have lots of redundancy and resiliency in their design to, you know, mitigate the risk of having 2000 people twiddling their thumbs because no one wants to pay for 2000 people twiddling their thumbs. What types of system? A lot of Synology Surveillance Station. That's our preferred system. Yep, Synology with Amcrest cameras is a popular combo. It works really well. Synology works a lot more than Amcrest. We've just had really great luck with Amcrest over the last couple of years. Like, we have a few years of using Amcrest cameras and they work great. Oh yeah. How many tests they are? Not enough. Not enough. Business continuity because, you know, untested backups are just wishful thinking. There's a shirt I need to make. Untested backups are wishful thinking. All right, with that, I'm going to leave you go test your backups. Go do some recovery testing. I highly recommend it. You may surprise yourself. And it's better to be surprised than when a disaster recovery test goes wrong than when a disaster goes wrong. So that's, that's my advice I'll leave you with. Everyone have a wonderful Thursday and hey, Long Thursday at LawrenceSystems.com. It's been scrolling along the bottom for the last almost two hours. So someone I'm sure has emailed me by now. All right, and thanks.