 Welcome to vlog. There's a number 377 and for those of you that go, hey does Tom have wet hair or water on him? Yes I actually I it was so nice outside. Well, cold but breezy I did jump in a hot tub and then almost lost track of time, but here I am I was like, oh wait, I have to get out of the hot tub now. That happens sometimes and Let's see we got people here already Let it go down tell us something good from UWC coming out that we should wait for I did get to hang out with Cody in person. It was it's kind of strange because Me and Cody both got a lot of people coming up to us. It was it made it really interesting and I was so grateful So thankful for everybody You know that was coming up around us that they but it was absolutely great. So the Let me turn off my noises over here. There we go. So I'm not coming through But yeah, it was great meeting all the people in person great meeting Cody in person everything else absolutely a great time but I will cover the UWC Chicago in just a moment I want to mention though and I'm gonna throw a link in here but I'm gonna do this again towards the end of the video as well and we are doing a You another live stream tonight with a few other of my friends that I met there Tab geeks Nolan, but we're doing a net round table and I'm gonna throw the link here. It's in the description. It's now on the screen I've done everything I can to try to get people know. This is the second live stream I'll be doing today. So I'm doing this one and then we're doing another one. That will be at 8 p.m EST today so Basically, I have to end this one a little bit before eight to go over to another one So I actually I'm gonna have a really long live stream It's just gonna start here and move over there where we will talk more about UWC But I'll bring up those topics, but I want to bring up one of them right now because more and more people I don't Maybe don't understand all the time the impetus for this other than people like trying the shiny new thing, but the shiny new thing can be rather hard and One of the shiny new things that seems to be a popular topic again is Messaging apps and their security or in the case of many the large social media companies their lack of security or in the case of signal I think really good security signal has been my go-to for a while and one of the reasons why and we'll bring this up signal messenger and Share my screen They've just added some new features and I might do an updated video because this is the feature I know was a big hang-up and still continues to be a hang-up for people is the Fact that you are still even now required to use a phone number But they have now added the feature So if you want to talk to someone on signal you don't need to use the phone number So I would be able to have a signal chat with one of you But not exchange phone numbers. We could just exchange a ID essentially that would allow us to talk to each other This is a new feature. They're rolling out. So You know keep your phone number private with signal usernames this came out in February and it's not that I've been testing but it's Also the reason I have a lot of faith in signal one They've been transparent since the beginning to and this is the big really big one about signal They run as a foundation that can't be sold that can't be bought They run on donations and they run as a foundation Many of the other companies that are out there doing this are companies There are for-profit corporations that often have like a premium upsell and these premium upsells lead me to Question, you know, will they always be a privacy oriented form or not not to mention when they don't have any up Offering there's not a reason. They don't have a compelling option over signal I don't know why I would switch that was a debate. I was just having with people Well, I haven't frequently but someone was pretty indignant about it today and well, I'm like indignant They just really wanted to understand why I wouldn't try this other app I'm like, well all of my info sec friends all my security friends many of my IT friends are on signal I use signal every day to communicate with a lot of people with a lot of group chats and we all like it We all trust it. We trust that our messages are locked in and secure Why would I switch to another company if there's not a compelling feature that does it not to mention? I know in real life who these people are I can validate by their phone number if need be, you know Who they are and call them and confirm their signal messenger versus pseudo random person who says they're me on the other application, how do you validate identity and if you said, okay, well signal now offers the ability to Separate the phone number and the username you have some of the validation But what you don't have is a mass amount of spammers on signal. Why not? That's because spammers Work on very low margins. They have to send quantities of Spam and get very little return But that works if there's no friction for signup signal actually has a high bar for sign up requires a phone number A working phone number that can receive text not that you can't automate it But that does have a higher cost to it and it's one of the reasons I think I've never had any spam issues or problems with people On signal not to mention. I think it by default it blocks any incoming messages from unknowns I think that's still a default in signal So kind of just wanted to throw that out there and you know, let me know what a message if you want me to see it do an updated Review of signal if you will some I've been using it for years and the newest features they have here, I mean absolutely Like where they're going with it like what they're doing with it. They are at just the proper level of transparency, I think for a company of how everything works and uh, yeah It's been interesting and the fact that they I think they've given reports of how they deal with subpoenas for information What you're like, here's your empty subpoena because we have no information Here's a subpoena that you said I would like, you know the information from these users We don't have it. We the the security is end to end and proper well vetted well documented end to end encryption Which is why I like signal, you know, even I see some people in here that I know I talked to on signal So, uh, that's kind of my little rant I wanted to throw at the beginning of this for You know secure messengers There's seems to be more people trying to do it and they always compare themselves or tell me they're better than signal, but I'm like How what's the compelling feature that makes you better? And yeah, that's usually where the conversation people try. Well, well, I don't have to have a phone number It's almost every time and I'm like that's usually the reason I like signal. Matter of fact I'm I'm still skeptical on this whole uh username part But because all my friends I know my phone number and that's how I validate who they are But hey nonetheless, I get it. This is enough feature requested that people want to use it Now what went on at the ubiquity world conference besides me meeting many many people in person And uh, what did I get? Oh, um, I do have Um a u7 pro they gave me so I got that Oh I didn't install it yet. So I have I didn't install it yet. So I really don't have much to say about it You know, I didn't in I didn't even open the box yet. So is that even available? Let's go to the the ubiquity site Nope, that's not the site I wanted How did I type that? All right Now the good news is with ubiquity they I will respect their wishes to Keep things private if you will, um about Um The new things they're coming out with that are not released yet But what I can in general talk about and hey, look some of this stuff is you know On here, uh, let me see. What was on here that you did talk about? Do they have any of the ones? You know without going into details to violate any of the rules they're they're coming out with updated Better switches more updates to the firewall, which is exactly what I've been asking for they've come a long way Which is awesome in terms of how their firewalls work and their roadmap looks good. I like the features they're offering, but There's there's a double-edged sword here, of course with unify offering those new features. How are they going to? Put them into practice That's the part that even if I were to tell you what they said, which I'm not like said They they teased us with some of the future things But then again, even when they had the ea store all of us were signed up for that ea store And were teased those future things that some didn't make it or the version that made it to production wasn't near what we were hoping And that's kind of why I get it. They don't want people, you know False hoping their way out there But I will say one thing I asked specifically during the ceo q&a That is public information as far as I'm concerned because it's not a future thing But I said, hey, will we be able to keep the self-hosted controller and rob praire Answered directly. Yes. The self-hosted controller is not on the end of life. Romana is something they are going to continue with which I said Awesome I was asking that I know on behalf of many many people who have concerns about that particular topic because The self-hosted controller is really important to many of us who do not use or do not want to use a unified dream machine Or one of the variations of their system may we want to self-host it ourselves to manage lots of infrastructure and that is you know, one of those things like I have Asked that question. Well, so that asked There was a few other questions But they were kind of evasive on a few of them about how the future looked on one in particular For some features that were coming out in the firewall, which also means when you're evasive on a question I'm not the only one who asks this several people ask questions about You know What's it look like for that and it was like no clear answer which of course Means there's no point in talking about it because it may never come out and I hate to be vague But that's how I felt about some of the stuff going I would say what I did like though the the really good highlights are the people the conversations and The conversations with the ubiquity people. I thought they were great One of the things they did talking about their updated wi-fi and the enhancements are working on was density density density That was amazing because we even joked I talked to One of the ubiquity people there that I thought I think them right away. I was like your presentation was great Thank you for understanding the business problem the business use case problem. We run into home users clamor for people to do speed testing They're like speed test speed Speed test speed test speed test. Everyone's a wi-fi speed test. Give me the fastest wi-fi Which is not the business use case Matter of fact the business use case almost always is density density density. How many users and What kind of airtime will those users have what kind of performance will the large quantity of users have And they give it they give a demo at the stadium, which of course as we know It's the I believe Memphis grizzly stadium Is all run by unify equipment and that's a high density environment and it works quite well They talked about how they set it up how they tuned it awesome, and I've done a lot of these large scale installs. I know Properly set up you can scale out And have the unify system work very very well And those are things that they Did during the presentation. They're working on making that even better, which was awesome, and I was like hey that was uh That was the kind of things I wanted to hear from ubiquity So they sold me on a lot of confidence that their wi-fi line is getting better and a lot of enhancements And a lot of it was about density, you know the the firewall stuff. I'm happy about it was all like hey we're coming out with uh, you know newer updated versions of these firewalls so the roadmap is out in there and I will say well, let's talk about what was missing completely from there, you know, we we got updates for the unbr we've seen some of these updates and there's still more tuning for the updates they have like the Facial recognition they have more features coming for that awesome. That's a good roadmap to see but as so I don't use the talk system at all and That is not something they talked about I unless I'm missing something I don't recall them bringing up anything new about talk So I'm not saying that the product isn't getting some love here or there or what the support looks like But it's one of the things that people when the first gen of talk came out And then the second gen came out and they dropped the old one This can be a problem because phones are a long time install and long time support So if you sell one of these systems to a client, you want to know that this product is going to be supported for a number of years out there, so That is a uh a big concern Um I like your question about SSL search didn't even cross my mind. Yeah, that's a big thing is How they're going to handle any of that. So yes, definitely a concern Uh, yeah, there's nothing about that. Uh, this was at there. There's nothing that they mentioned Um, so we can talk about a negative here like things. They didn't tell us I don't see any way to self host those other apps. I don't know that was not mentioned I believe it was brought up. Well, some of the a specific aspect That you get with the self hosted apps was brought up that you don't get or what if you get with uh built into the udm versus that But yeah, essentially I don't think there's any roadmap at all that they declared Where you were going to be able to do anything other than host just the one component, which is the unify Controller I was shocked. They didn't speak about talk at all. Okay. You confirmed it. Yeah, I mean I've even seen um that so yeah, I Didn't hear him talk about it. All Cody was there. So yeah, definitely an issue where that was kind of omitted So I don't know what it was. Uh, obviously and I don't I don't recall I feel like someone asked a question about it, but I don't remember Um, but I don't remember any updates at all. It's certainly not in the slides regarding the edge line So I think we can feel confident in saying that's probably dead Uh, because people ask me about that every now and then like I see it in the comments because I have old videos I did on the edge equipment and I'm like, I don't think it really gets any love anymore. I think it's just kind of You know fading away into the background and kind of yeah, that's where it's at overall though, one of the things I'm really hoping is that ubiquity does a Uh follow-up event like next year and every year after I think it hopefully showed them that You know, they have a strong interested user base that would like to continue engaging at a You know deeper level with the ubiquity people having conversations. Also We liked getting together around a common product. I mean, this is not something that's Too off base that other companies don't do sysco live is coming up sysco has their events There's other there's plenty of other Software and hardware vendors that have their meetup events that bring the community together to talk about the product Engage with the people that make the products and I just think that's a great way to do things um One thing they kept straying away from was support before Uh support versus now. Yeah, I mean that is you know, they're they're still increasing the level of support They're offering so that is kind of something, you know, they're getting better at and they continue They showed a strong commitment to keep enhancing their support Which once again, that's great. That's that's the kind of things we want to hear Is that they're going to keep moving that forward and keep offering better support options Um side note and kind of side joke here. I like when people call me for support and hire me Um, we'll have to see how it plays out. I'm not worried ubiquity does not make up the Um, it makes up a small percentage of the consulting we do But it is you know, it is there is something we consult on Frequently enough, but it's not the larger percentage of what we consult on Yeah, the uh They they have new product releases, but they did ask us not to talk about them So I'll skip talking directly. My understanding is we weren't supposed to take any pictures of new product releases. They had them out there Um, but they're coming out soon enough. They had most of the releases they talked about are supposed to be out later this year. Uh, I I I know a lot more people besides me because I talked to a lot of them and I've been emailing back and forth with many of the people that I met. Um, they're You know I'm just not big yet on these one of the big features that we all know is coming This is not a secret and they talked about it being here soon again But soon is not a time. I didn't have an exact date when this feature will be available But it's when they get their high availability setup. That's the part that it matters quite a bit Uh being able to easily swap Um over from one to a failed book to the other they have their shadow mode now but Shadow mode doesn't exactly solve it. So Uh, those are not easy to implement. So I know there is a lot of engineering going on that But hey, that's just one of those things that hopefully they You know get working sooner than later. Um The camera systems, you know I should I need to take a closer look at their camera system. They do they're finally getting these a lot better But I can talk about a negative again Uh, I still did not hear anything and kody chime in if you're still here If you have information, I don't or can share information or maybe we'll be talking about it on the later Events, which I can't remember if you said you were coming or not kody But I don't remember seeing anything about being able to offload The data like to a nas or something like like point it out of share. I don't that's There's unofficial ways to get the data off of your unify nvr But there's not any official ways and that's still disappointing. That's that's not a feature Because it's not it's a pretty common ask for people to be able to have a lot of storage and you know Point it out of share point it at an nfs or smb share and push all the data that way No, there's not they're not going to offer a virtualized version of I can't imagine ever Them offering a virtualized version of their uh firewall plus y I don't think I would ever Want to virtualize version of them Yeah, only seeing them uh ability to export. Yeah, I mean this is one of those things like when you look at nvrs This is a common request offload because people need extensive amounts of data Synology does a good job of this and so do many other uh nvrs I just happen to work a lot more in the analogy ecosystem But you can buy a Synology and offload all the data to another Synology or you know Keep easily expanding your Synology to a very large system to be able to manage all that data, but I would hope they do some more msp stuff in the dream machines like customers like Sites and stuff host their setup general wi-fi for custom in all sites in one place Yeah, they I don't know um That they said that would be really cool because that was another question I did not get a chance to ask I would like to know their roadmap for their api and could we start integrating with other tooling You know as a manager's provider being able to have more data streamed via api tied into more Things to get data on clients would be kind of cool, but you know, I don't I don't think that's on a roadmap at all Are you using an identity solution? No, I do not use any of the At you know at my company and or myself. I'm not using any of their identity management stuff I once again identity management is one of those things that I find it almost weird. They're getting into it. It seems Like a great idea. I guess like hey, let's do full identity management But until you really smoothly Integrate into everything like with active directory and azure because that's where most of our clients at We have a large amount of clients that are using things that are really to microsoft for identity management We have a lot of them that are using google for identity management. Those are your two biggest ones out there I think we have some people in between I I don't know for absolute certain because they're not people I manage But I think we have some that are using octa and jump cloud Um for identity, but it's not something that you know I I wouldn't sit down like for example and this goes not just this is not just picking on ubiquity People ask me about using identity management with Synology and I'm like, no I I don't know how well integrated it is or if it integrates and it's it's a lot to trust identity management to a company Who needs to identify dedicate if I roll me get windows. Yeah Yes, I definitely was asking the hard questions. I'm not afraid of those at all that's for sure um Because that's one of those things that are important is It's a nerd crowd by the way If you didn't know many of the people there were very technical So I jumped right on very technical questions because that's what matters not the Here's what the product does get excited. No, I want to know how the product does it when the rubber meets the road As they may say when the product gets deployed, how do I actually manage it? How will the packets pass through it? Those are the details that really really matter because that is the deciding factor when I set something up is how that's done I wish they would have had kept their solar products. Yeah, that is kind of like sometimes they go a little bit too wide and when they do that, um Yeah, if you go too wide as a company you kind of lose focus And I think that can be what they did because solar like I get going into other business Small business, especially use cases, but solar is not a small business use case um But technically lighting was a use case, but they also got rid of the lighting system Which I thought was weird. So uh, no new announcements on solar lighting and I believe those products are all dead Have I looked at pf since 2403? Uh, yes Yes That is uh something that I um, I will be I haven't had time to do the video on it, but I want to because I think the 24 I was I I wanted to do a video before it was released, but I'm probably just waiting to release because the release is right around the corner here Um, I feel for it's it's in release candidate right now, but 2403 is awesome It's a really good update, especially for people like myself who manage a bunch of remote pf sensors Yeah, they do integrate into azure and google what creates was still lacking a lot of rules for uh, network access for being Using yeah, it's it's a it's not a thorough integration. I guess you could say Uh, nowadays it's easy to uh, crack wi-fi passwords will be down instead of using ad verification centralized I wouldn't say it's easy to crack wi-fi passwords. Um It's if you have a sufficiently long password. It's expensive to crack a wi-fi password Uh, you know, you can rent a machine at aws to do it But will you know, will you come sniffing up handshakes to gather the data you need? Upload it, you know, or assuming maybe you have one of these hundred thousand dollar servers that can crack it over so many hours You know, do you rent it? Uh Actually, just look that up right now Current cost to Crack wi-fi Password What is the current cost of that? Someone had it listed really good That's not it Um, where is someone had it broke down? I thought it was cool I don't know where the site is anymore. You can do it. You just have to rent a Uh cost to rent aws server for crack wi-fi password These be a site that you could do it. I can't remember if you could upload it or See It was something like I remember being down to like five or six thousand Maybe it was a little higher than that depends on depends on the length of the password if you have a really long password It's not it gets harder. So I'll see Could you do a video on Tuning sericotta pf sense. I'm having trouble. I already have a video on sericotta Well, I have one on snort and I went on sericotta the one on sorts newer But it's the same video the rule sets tune the same way So if you type in snort or sericotta, you can watch those videos. They exist already and how to tune their roles ltt just did a video on how fast is the crack wi-fi passwords Uh way easy to put on your network devices than cracking wi-fi passwords. It's not yeah, guess what we do What we're doing security and things like that Wander around all the differ reports and it's not because everyone has great wi-fi security. Trust me This is not why you will find a lack of A tax that occurred on businesses because someone cracked their wi-fi password That is the reality of it Uh Lately I'm to the point where windows 10 is breaking a lot of ways finally started to tell people windows 11 is more stable It probably is I don't know I haven't run windows in so long Microsoft still beta tests on all the people Yeah, and this is true. You can go, uh, w pp w p a three e a p t l s Uh, I'm sure my math interest is really I can't imagine what Uh, this can do Yeah, they It's not as easy people always start to say it's easy But anytime someone shows a demo they're like here, let's use the smallest password possible Versus, you know a really long password To properly secure things and One of the other things that people may not realize Or are not doing There's the thing here Where's my pull mine up? I know the password for this is my Yeah, let my friends over this is a human readable password where I should say human sayable Uh password I can tell people that want to come over my house the beer network is my You know if friends want to be on a network, but it's not my only network because the other one I have this one has A ridiculously long Randomly generated password that is going to be extremely hard to crack because I forget how long it is but it's It's completely random gibberish super long Uh one this is my secure network and by the way Being on that network would be boring to you because The machines if you work under the the threat model or the the mindset I should say of assume breach then If you're working in assume breach being on my network, even if you went and plugged into it You wouldn't find a bunch of open shares and open services to just start connecting to you then have to once inside my network figure out The next thing that isn't patched that's accessible on that network being on the network Doesn't get you as far as you think provided you set the network up properly Not to mention if you try to DHCP out of my network, I get a notice that a new device has entered the private network, which is Something I will scratch my head about going why did a device suddenly get on a network it shouldn't be on And go from there. So yes that's uh Just yeah, the one of the things that people um Don't always think about is it's generally more challenging, but it's also not where the attacks are occurring Most people doing the attacks are overseas which puts them out of range of your wi-fi. It's not It's not the way that they do things Yeah, if you're just doing phrase passwords like apple one two three and monkey one two three Which are both real monkey one two three. I think for a long time was common Finally subs, you know finally replaced by monkey one two three four so Yeah, if you're using really um basic phrases, uh, you know Winter monkey or summer monkey and all those and that's usually if you want to know why there's so many Seasonal passwords seasonal passwords are because people who set 90 day password explorations Um, people just keep are using the same password, but they put the season spring summer fall winter Uh, two f a for dhcp service sounds interesting whenever you get a device request for an ip you get a ping and a phone to approve mac address I'm I don't think that that sounds too tedious to me Uh, just pick and organize who you want on there Bold to assume my wi-fi does not reach overseas. True Yeah Yeah, this is like I said, this is one of those, uh I worked at a bank where we paid for a pentest. They got in literally because of fall 2020. Yes all that's weak passwords On service accounts and things like that. That's your danger. You know, I've watched people spend way too much time overthinking their wi-fi security and I'm like Someone's sitting in a parking lot hacking you guys and by the way What's on your network that getting in getting in over wi-fi gets me to where I need to be You know, one of the things that like for example, I have a server network that is very locked down where I host the servers That's not routable to any wi-fi so if you're on the wi-fi you don't get to be on it and You know, for example, a lot of things we do you do off of a jump box or what they may call bastion server So you have to connect to the bastion server and the bastion server is there. Well, the bastion server only accepts keyed authentication So unless you know how to bypass SSH keyed authentication and to my knowledge or are no known flaws in that right now Being on my network, you'd have to then find my bastion server Be authorized somehow to figure out what ips are allowed to get on it be one of those ips that lets you get to it Then figure out a way to crack ssh keys. Um Yeah, it's ssh key authentication on that. So You got to be able to get around that uh When we were learning about passers in the class that score or tested I Testing to hear you go in depth about them Uh, the best password security is not to know the password and let a tool generate it Yeah, I use a password manager for all that, you know, I don't really know my passwords I know my password manager's password and then from there it fills in gibberish for all my different sites Yeah, so What else was I going to talk about today I mean, I mean, it's kind of fun just kind of going back to the ubiquity topic It's kind of fun to see all the things they've come out with And stuff they're doing they are substantially better company now and I think it's great because one of the things that I'm impressed with that they've done is Keep to their guns so to speak keep to the ethos that we're not going to start licensing and They could they could do like a pivot right now and say all right You get the basic features, but you got to buy a subscription for advanced features and everything else like they keep They would they're the only company not doing that right now. So I'm am impressed that that is still Something they've held on to since day one and that is that's something to be said because they are They are standing alone in that that is One of those things that I'm impressed with that they have not changed their attitude on It is uh It is definitely one of those things that I'm just like Yeah, how you guys have made it further than most companies without turning into a subscription model for everything And they they said they want to continue being that and I was like that that part makes me really happy that is a That they have not changed from that model Two thumbs up to that that was reiterated That is part of their vision for things and I'm like I'm here for it I'm here for a company not trying to turn every damn thing into a subscription even when it doesn't need to be And then not doing a good job of it. I technically and someone can will probably call me out on this if I don't bring it out aruba with their basic instant on stuff that I covered years ago Which by the way, I haven't logged into the interface I should I should log into the aruba instant on portal Aruba said they weren't going to charge for instant on and to my knowledge and unless they Have and I didn't see this um There they still aren't charging for the aruba instant on dashboard Let me pull that up. What is to remember the site for it? I haven't logged into my aruba account so long Does my aruba account still exist? Let's find out well fun I can't share it's just got my email address on there But I am laughing because It looks exactly the same as it did This the it good news watch my video. I did from like five years ago. It looks the same So aruba still exists. Um, aruba still has a site that looks like it did five years ago It doesn't really like to change much on it So good news. They are still offering their service bad news is it doesn't last time I um See Access point last time was on was three years ago So Want want I still have it. It's in a box. I should turn it on and see if it updates Aruba is reaching out. You know the problem I have with rubas. They told me they were going to have all kinds of updates. Um They didn't it's so they I mean they did add I think a year I I did hold on how old is the last aruba video tom did So when did I review that? Uh Three years ago. I reviewed the aruba And they promised they were like, oh, yeah, we're definitely going to be, um I published it on this Thanks, youtube. Maybe it's what the hell youtube hide that any edit video I think you can only see the date if I hit edit video because it will give me the exact date I'm just looking for the exact date. I made it Or maybe not anyways The um, so I did this a little over. I know it's been a little over three years. I did it but They said, oh, we're gonna have a bunch of updates They had a minor update where they added some vlan support That's it and it still looks the same today as it does three years later It's like, well improve your portal is kind of my answer. Now you really haven't um You wish they would let us add third party ip cameras to the record ability to protect. Yeah, that would be nice Kind of a pipe dream. No Aruba instanton equals power on in 10 minutes. Yeah, that's true too Uh looking at 360 cameras are different brands. Do you have any suggestions for good models that have ir and v? No, I haven't really done a lot of reviews on the 360 cameras. So I'm not sure which ones are the best Uh to use for that right there We've been a password rule such that a password was longer than 24 characters. You no longer have the changes That's actually a clever a clever rule Uh, I put a ruby incident in a car dealership two weeks ago other than updates and changes We never touched them. Uh just swapped out for unify last year I gotta admit the like the switch I took it out of the instant on portal It's been using as a standalone as a switch. I think they're great very workable Well, it's yeah, there's certainly techs who complain if they keep changing things But I'm not asking for change for the sake of change I'm asking for like more features that the switches are actually very the the exact problem with aruba The reason people take them out of the instant on mode where they have only basic features Because if you want to use the advanced features the switches are actually really advanced They have all kinds of features you just can't use them if you tie them to the portal the portal turns off all the features So it's like here's a switch with here's all the features on the switch list Like here's our sales sheet for the switch and you're like that's great I love that all those features are built into your switch Can I use them? Well, not if you tie it to the portal Well, wait a minute here. That's like one of those little caveats You really should tell people because here's here's a car with all the features you want But the moment you actually drive it on a road all those features turn off You're like, well, wait a minute here I I kind of need to drive it on a road because that's where it's most useful But it's what you take it off the road and it'll have all the features That's how I feel about aruba Um, you talk about subscription. I mean you think about broadcom vmware new model What we suggest people move to from vmware to proxmox xv and using beam um I'm big on xcp and g that's been my go-to. I really like xcp and g. I think it's a solid product I don't understand and I'm still waiting I'm having some internal debates because I don't understand With the exception of the exception going to be we'll start with yes Veeam does application aware backups and xcp and g does not do application aware backups Throw the vm agent on those vm's But I Would rather use and to me this is a total cost of ownership saving Why not use the backups and xcp and g to backup client systems? That seems very logical to me because I'm already going to be paying for the zen orchestra Why not include all the backups with it rather than rely on a third party solution that has fees It's not like beams free. So I don't use it I mean we do at cnw are but I'm just saying like that's a solution we sold to a lot of clients Now granted it doesn't have the same multi tenancy management So beam is msp channel partner friendly and that is currently a lacking feature So when you're managing a lot of the backups, but you know, there there's trade-offs still on it Yeah, they're biggest esxi and vcenter and that's because if you're if you do ask I assume when people ask about switching to proxmox and xcp and g They're talking about esxi vcenter if you're talking about vmware horizon. Sorry There's not a drop in replacement from anyone that really not especially not in the open source space That's a drop in replacement for vmware horizon I will say Access cameras are expensive, but the quality is there. I I would trust an access camera to be a good product Uh, total agree on working on a cloud platform and switches have the same complaints It only supports about 50 of the features possible. Yeah The only thing stopping you from ditching beam completely is application aware backups. Yep We did switch out about 60 rubah 2350 switches unified 24 pro switches. Everything's been working very well One of the biggest savings of xcpd is a built-in backup not having to use beam My renew for beam is almost as much as vmware, right? That's the thing beams not free. So using this to save yourself money makes a lot of sense Uh, just knowing beam will signal to commit the sequel exchange to damage transactions log with uh writing and scheduling scripts Here's the thing You shouldn't be running exchange anymore. That is not a defensible product anymore I mean, hopefully you have it firewalled off because microsoft does not care about the security of exchange It is an afterthought Someone will find more flaws in exchange microsoft will shrug their shoulders get around to it when they feel like it And then do a really half-ass job of implementing a security patch for it Uh, because microsoft's answer is what are you going to use another product? Oh, there is another product You can move it to our cloud and move to subscription. That's how microsoft feels about you exchange users They don't care about you anymore. They have they have absolutely made that very clear exchange You know, we'll we'll fix it if we feel like it and we may not even do a good job of it Do I think the unify updates are okay for a small home office? Kind of a loaded question. It depends on your use case You know one of one of the things that's still missing and I do want to do an updated video because with the new um version 24 p of sense uh combined with The oh, I went into the wrong firewall. I was going to pull up the unify firewall. There we go I was like that is not the screen. I want to see Oh, let me log into this firewall What up son? 1050 more minutes, but then I do another live stream. What's up? Okay anyways So here is my unify dream machine. They are definitely getting better They now have and this is completely up to date. So they've got a lot more features They got a better way of doing the vpn. They're still missing some policy routing vpn so now a lot of it comes down to when you're doing these uh vpn setups or anything like that is Does it fit your use case? Do you have a need for high availability? What would you do if this system failed? How quickly could you get another one? You know, do you want to be able to pull something off the shelf and put it on there? Do you want to buy two of them and deal with the way they do? Shadow mode or their version of high availability. I think even um Before they had these updates a lot of small businesses that go everything's in the cloud We don't need to be pn back to the office udm is actually not not a bad choice the downside of course is and they've really improved this Uh is when you go into the site for the hosting So you can get a dashboard with each one of them and use their cloud to do it But of course there's been some security concerns when everyone got to see everyone else's cameras people started realizing Oh, yeah, that's that's kind of scary And uh, so there's still some security reservations I have about the way they tie things to their cloud and they're not unwarranted They're not 10 for a half their ubiquity let other people see other people's cameras That's the kind of problem that did occur and because The way they handle it is because they're handling the keys That's the flaw in my opinion if whoever and uh Let's go and show this So if I go to Um, let's log into my other one real quick I always think about who has the keys that is my um Concern all the time who's got the keys And this is stuff that people really need to be concerned about is who has your keys Also, why does it do this? I can copy and paste a password in but sometimes it doesn't work when I don't do it like that So let me there we go Like they don't they change the way they put in the 2fa Like I have a separate 2fa app, but I can't paste in anymore Why'd they why'd they remove my ability to paste in my uh two-factor code? Oh it worked this time Maybe it was a browser update because this time it let me paste it in If you type it in it works it just wouldn't let you paste it in but Let's go over to Yeah, this is let me see if I can show this one here. I think I can show these here Yeah, I can't get rid of this one. Um Well, anyways, I I I can't show the first one because just got a couple clients in there still Uh, we haven't moved to well, they're in the cnwr site and they're in my site By the way, let me talk about what I just did because now I'm now I'm logged in so I can show it So The System here that I logged into look I can go change all the settings. I'm logged into it I can click the gear icon. I can see the network update. I can uh, you know, do any of the settings or whatever in here and that's a problem because If someone this means ubiquity has a set of keys that allows them access to this device now granted I don't have to allow this device access to their site But the fact that they do Have a set of keys means if someone gets inside ubiquity, they also have access to this That is my big problem with the way their site works their site manager. That's the little security problem in my opinion. So yeah So, yes, um Oh, yes, if I is moving to their cloud Is there a way to back up actor director automatically the only service I don't have an alternative for? um Back up ad automatically. I'm not sure I understand that question Uh, what are your reservations on proxmox kvm versus xcpg kvm is really? uh It's really easy and stable to mod They work fundamentally different Uh, that is something that has been brought before you let me share a link with you folks because I've Absolutely talked about this numerous times I've talked about it so much. There's a In-depth forum post where Oliver Lambert dives into this in all the esoteric details that people care about And it's there's a link there. It's on my forums. It's zen server versus kvm And or zen versus zen server versus kvm versus proxmox it's a whole um breakdown of what the nuance differences between all those things are and One of the things is the fact that zen has better isolation than the way kvm does it So zen's really strong isolation I think is going to be a big piece of how it goes forward in terms of uh security Not that i'm saying there's a known vulnerability in kvm But they run it looser than the way they run things over at zen second. The reason I like more specifically xcpng is they Offer really really big scalability with their system I know because we have clients that have this spread across multiple data centers and Thousands of virtual machines all in one interface. I have never seen myself Or really spoke with one of my technical friends. I have a lot of friends that are using proxmox I don't have any friends with like two or three thousand virtual machines in proxmox. I just haven't seen it I'm not saying it can't i'm just saying I have not really run into it I've not seen people show me demos of it, but I have actually Worked with clients and did large vmware migrations over the proxmox at or from you know from vmware over to xcpng at that large scale So that's one of the reasons I like it You know this comes up every now and then um Let's find out here Do they still have any downloads for it when was the last update people ask about this every now and then Now you go check it looks like they've actually updated something Okay, they actually did release a new version um Someone asked I I've seen this So the zental server and it looks like they actually have a new version. So Um, I have no interest in using it. Do they still have or Actually, maybe it's the community edition Download install directly on your server desktop full feature set I one of these and I think it was their community version That they kind of gave up on it There's the you know, there's the paid version, but where's the community edition? Development edition how old it looks like they're actually updating it finally This project was sitting for a long time completely unupdated. So I I don't know that I'd use it Um, it's cool that it's getting some love. Maybe someone picked it back up for a while there It went kind of felt like it kind of went dormant Uh, this is the question someone asked has anyone tried it Uh, each vacation is before days off looks like I'll reinstall xcpg and demo on my text and boss at work I haven't exported their backup yet might be time. Yeah Uh, do you recommend zentools over xcpng for windows specifically? um They're not I wouldn't worry about them restricting it. I I don't see any reason they would So really not a big deal there I have a recent video called installing windows on Xcpng so follow my guide near and I tell you where to get the drivers They're not behind a paywall or anything like that Uh, do you think your nas is going to be able to deliver vdev expansion that they had scheduled in april this year? Haven't seen any product, uh deliver vdev expansion yet, but I mean You already can do it. You just have to expand the vdev symmetrically. So That it's not that you can't it's the easy to expand like expand one more drive to an existing vdev Not make another symmetrical vdev Um, I don't know. It's going to take a long time to get that to work. There's a lot of challenges in doing it I don't know when it's going to I don't know when it's going to ship I won't even make speculations as to when it's going to ship It's it's it's something I wouldn't mind seeing them do but I absolutely don't want to risk any data We primarily don't have this problem in the business world because usually companies buy it and then they run it until they Reach a life cycle and where they replace it But I get home users that don't have the money to buy all the drives at once want an expandable system I get the use case. Uh, I just know that there's a lot of challenges in there. So Is sure to ask the solution to be center not at all No, not even close They're not stopping updates on core But they are stopping feature updates on core. So if you said, hey core's not getting a bunch of new features Correct. If you said they're stopping updates. No, they plan to keep it for quite a while They've been very clear on they plan to keep it But they're not doing a bunch of feature development. It's kind of the short answer as I understand it Is virtualation stable insurance, I remember it not being but me being correct. No, I wouldn't use it in production If that's what you're asking I have some Uh servers that are non critical to me that have it, but no, I don't I would not use it in the business environment It's one of those like They added it on to the system and it works, but it's not It's not great. Uh, have you heard of uh SNCC a first dev cloud native security tool to find auto fixes vulnerabilities, blah blah blah in your code open source Uh dependencies container. Yeah, it's a uh, they sponsor a bunch of youtubers. I know that I I've never used it But I know they sponsor a bunch of youtubers Because I've I've heard the ads for um I've heard their ads a few times They're not one of my sponsors Uh, thanks for sponsoring my post regarding true nascale art cash I watched your video on how to set it uh waiting for the fix to come out of the beta Yeah, the um, I'm running a few machines that are running the rc and uh Release candidate one I log into one of them. I think it works great. I've had I've had no issues at all I can't I can't even find something to complain about with the uh Latest version here And I'm using one of the I have it on this one. I have it on non true nascale hardware as well I have it on that this is true nascale hardware and then this one is Um non True nasc hardware So, uh, it work. This is it's kind of let me zoom it in Dragon fish 24 rc one, but yeah, it it seems to be working absolutely great No complaints Choose pull look at that setup Uh, thanks for the info on true nascale not being ready for production Hey, thanks Tom. Can you build a true nascale with mirro s drives? Uh, or simpler to run single And a backup no, you can just run mirrors They you can set up um It matter of fact, let's go to this one here These are mirrors. So my boot pool is right here There are two different drives set up as a mirror So if I go to system settings and boot boot pool status there's my um boot pool mirror Yeah, there's no way to add a enclosure for third parties. It'd be too hard to support Uh, that's why their answer is just like you know use uh Use our hardware that's the solution and the true nasc boxes are reasonable Uh true nascale As storage for hyper v having issues to add machine accounting thoughts integration hyper v I mean you can use ice because you with hyper v So you can use it. I've I've got clients that have used it before I i'm not a big hyper v fan, but sure Do you have any thoughts to share on the unascreen? I was really surprised that you didn't release a video like so many others uh youtubers. Yeah, um, you know how many emails they sent me They sent me so many emails asking me to review it. Um, but I I want I'm going to buy one because if you review it One there's an implied bias too. I won't I will say whatever I want So I prefer to buy the hardware and say what I want My hope is is I just want to buy one to see if it runs true nasc. That's actually and I think that's what everyone wants to do And I know that's not what you green wants me to do Um, and they're not loading. I mean, they're basing it on open source, but they're not really open sourcing the underlying os So can you trust them for long term or to make a quality product? I don't know Hi, tom being an msp. Have you concerned with your biggest choice to manage your switches via the controller? It just seems odd coming from a background of managed l system uh Why would I be concerned I can I can manage the switches with My self-hosted controller. So I don't have any concerns because the controller that I manage my switches I'm hosting this so I don't know why that's a concern to me Just seems odd coming from a background managing dell. Yeah, I'm fine with me managing it I'm less fine as I mentioned a little bit earlier. Maybe that's what you're referring to when you tie I I don't have this our business controller is not tied to the site dot UI dot com That's the part I'm not comfortable with Because I have to rely on their security. Oh, yeah, you always forget you can reskin scale. Yes The power supply is horribly loud on the Mini x what's a rack mount one? So I don't think I don't think companies that build rack mounts go for quiet That's my thought Yeah, I'm now I'm kind of curious just how many you green emails I have now I'm gonna count U g re e and how many times did they email me? One two three four five six seven eight nine 10 11 No, that's weird Okay, I'm wrong about this they email me one two three four five six seven Eight nine nine emails from you green Trying to get me to review it. I didn't reply to any any of the nine emails There I didn't know this the reason I thought there were more but I realized those are older emails apparently I have an old email that there was a you green made headphones that I had bought so there's a you green headphone in this list here Someone bought it. It's in my amazon history Uh one list question on hosts with no shared storage as local storage. Is there any merit to installing xctpg on separate? Separate arrays as the vm storage is on the same host like esx i and sd card No, I mean you could just install it all on the one. I If you're gonna set it all up. I just install it on the one. I don't put it on an sd card Well, my interest in the u green is if I can do exactly that Can I pull how hard is it to pull it apart? I you can do that with with uh A lot of q naps. I think I feel wendell might have a video on this about how to load true nas on q nap You got five emails before you said no, I didn't reply to them anymore. So Are the u green still in Kickstarter? I think so Give them credit for determination. Yeah Uh, if you had to start a new mc could and you could only keep using this three same solutions What are the three technologies you would least want to give up? I don't know I don't think about that anymore I can't I think we have like 30 products we use and we aren't arbitrarily choosing 30 products. We have um 30 products we need for what we do Eugene I I mean even if it isn't ollie express there is value in having an inexpensive Purpose built nas box that I can load my own software on because I don't trust some third party vendor software Not to be garbage. I already know to my knowledge based on what's on their site. They don't use zfs under the hood I want the data integrity of zfs. So if they have a box that supports You know loading my own os. I am very interested in it and if the box doesn't Doesn't claim on their site supports it, but I can buy one and test it. I would also Really be happy to learn that Turns of batteries ugreen or anchor. I've always loved all the anchor stuff I've most of all the charging adapters I have are anchor and they work great. So I have anchor thumbs up I've not had a problem with them. I don't know anything about the ugreen stuff But I do know all the anchor stuff just works and that is a That is the bar of happiness for me Hey, good to meet you at uwc if I'm sure obs workflow is insightful any non-nass for you cases You'd like I'm looking to get a custom product case, I mean I don't No, I think you'd ask this before and I'm not good at that answer if you look up my ryzen xcp ng build There is a parts list in there. I don't hate that case But I'm not an expert on it window from level one text reviews more cases than me I don't think a lot about cases because the only custom builds we do our stuff internally All the client stuff we have is like Dell, Lenovo, etc So we're not building custom cases for clients. So I don't spend a lot of time researching to tell you which ones are the best ones You have like four old data devices that you pulled for that. Yes, you know old data devices would be a good one too Uh, your videos the next cp ng have been a lifesaver me figuring out our migration So I for so many questions in the stream. Hey, no problem. I like this is what I'm here to do is answer questions That's why it says, you know live tech q&a Decommissioned dato is true. Nash, you know now you guys got me curious Um Is how many is there some? Dato boxes out there There's probably yeah, there's a couple not many um Interesting So the answer is kind of uh, yes, you can find old dato boxes on ebay but better than that if Um, sir, there's what is that company called? I'll find it real quick for the ebay search unix surplus They have you can get a lot of good deals from unix surplus on ebay Uh If you type in like free nas as a search term they have servers that are uh, you know just decommissioned super micros They have lots of them Get some drives get a server and you can have a decommissioned server that you can Load true nas on with a bunch of drive base So yeah, and I bought these before for uh certain situations. We've picked them up and they work great I I actually have no complaint. Uh unix surplus seems like a good group of people. They um I don't they still do they used to have a youtube channel where they talked about some of the server stuff I thought they did a good job on a youtube channel Oh, let's see Uh trance mini x is not a rack mount solution Oh, you have the mini x plus not the ios thinking the true nas mini plus Got it, uh, will xcb report a real tech dick i was thinking about switching to product mox um Yeah, I don't recommend it real tech sucks. I mean will it work? Yes. Will it work good? I don't know Uh, could be a cool video deep about security detections on unify There's not any really good their security stuff is very basic in unify Have just started my homelabbing and made the mistake of from the very beginning. I bought 10 inch network cabinet um Yeah already full after one month. Yes. Yes, you Even I made a mistake and I should have known better. I put a rack in I didn't put a full height rack I'm like i'll never fill up a full height rack at my studio and then I did Now I got too much stuff again Yeah, this is one thing for sure and this is why I think the u-grain product if it's easy to set up true nason will be popular Because those servers devour energy is a great way to put it All my own enterprise gear idols at 150 watts and yeah, and if you're somewhere that has a higher cost of electricity That's going to mean that server has a high total cost of ownership over time And the smaller nases without a lighter weight power supply are going to be better I feel like town repeats all his answers in every live stream not all of them not all of them Many of my live streams these some people do come and ask new questions There's always questions about xcp and g oh man fun stuff. Well, I Do in just a few minutes have to go because i'm going to do another live stream and I said I would bring it up here So let me um pull this up for all of you So i'm gonna share it again here This is the next live stream i'll be at and this live stream is focused on unify stuff so that is uh All going to be i'm sharing it here I think it should be a clickable link so you guys can find it. I put it in the description. I made this as findable I believe as possible Yeah in 16 minutes that one starts Which means I have to be off this one within that time Oh, let's see Any rest interaction with unify just got the pdu pro looking for ways to control the switches Um, I wish they would open up their api mars. I think that'd be great um Yeah, that would be Um better like I I would like a better integration for api stuff But once again, I don't think that was much as much on our roadmap But i'm gonna drop this here so I can uh connect with my friends because we got to get started on the Next live stream. So that link I just posted it's in the description If you want to ask all the unified questions, it is focused on unify So that is our focus we're going to have on it We're going to have a few of us on that on that live stream Talking about unified products. I'm excited about it because you know, these are people I got to interact with on a face-to-face and many of you some of you posting here I was really cool meeting all of you. I love meeting people in person I stayed at the lobby bar both days Well, the second one was later as I stayed all the way till midnight in the lobby bar talking to people So I just didn't that the they brought the the bar closed at 11 I wasn't really drinking but they raised the lights and they're like Bye people the lobby is you go let's just sit in the hotel lobby for an indefinite amount of time But they're kind of like the lights you're on you should go up to your rooms But uh, yeah join join me at that next live stream where we're going to talk more unified stuff I'm definitely excited. Maybe maybe I'll adopt this in between I'll cut the box open and uh, then I have more stuff to talk about. Ooh exciting. All right. Thanks everyone