 All right Trying to get myself arranged in have my water within reach Gagey when you talk a lot you get a little parched. So Yeah, so as you go through I should probably just bring a big jug of water down here Welcome to a streaming Sunday of randomness. I Got all my true nasty stuff set up and going from the other live stream And I was doing a little more of it somewhere between I made another video about Zen server So that that went well. That was a fun video to record the Zen server videos I enjoy a lot they are interesting to me and I Here let's roll From the beginning of Tom's thoughts. So instead of me starting in the middle of the thought There's a little bit more to this and I literally yeah dev random. That's definitely what's going on over here Dakota, how's it going? You know, I'm only gonna be on here till about eight o'clock if you want to join Dakota. I Can send you a link to join if you're interested. I don't know what you got going on But hey, I should have posted it and we have a discord group chat that I Probably could have asked some other people to join and see if they want to go live with me But obviously if you notice from the time I set the live till the time I did it not a long period of time in there because I was like, I wonder if I should go live and I decided Yes, all right. Well, we'll do it another time Dakota if you aren't familiar with the bearded it dad he gives a lot of good it career advice and Definitely another one of my friends that are in the YouTube sphere back to what I was talking about he kind of in the YouTube sphere is David bombal did an interview with network Chuck and it was just it was a good interview I just tweeted it out you if you know who David bombal is it's not hard to find the interview He did with network Chuck. It was post I think today or yesterday and I just happened to watch it I went actually I listened to it because I didn't need the visuals. So I went for a walk And I was like, I'm gonna go get a little fresh air a fresh 30 degree years But you know, it's interesting because I have a little bit of a different goal than some of the other people And I see people who say me they may not like Chuck's content because he doesn't go as deep into some topics But Chuck was very clear that his goal is to Build things up to get some of that I say me and I think he does a great job of that And my content is not the same as that it is a different part of the ecosystem And I think that's what I try to win really instill in people is that one first as I tell people a time I can't create all the things so it takes an entire village of people so to speak of content creators to Kind of get people going on this, you know, your journey in it starts all over the place all in different places Also on top of that, you know, there's different styles of learning Some people learn because of the way it was explained here or the way it was explained there And each of us that have done a video for example where I talk about VLANs I think there's all of us who have a different person who's commented You know Chris from crosstalk solution network trucks talked about subnetting and VLANs lots of people have talked about it We each have talked to each other and we're like we always have those users that go finally I get it You know and they may have watched the other ways it was presented and not understand it So I I love that how YouTube has become such a place for that But one of the other differences in some of the videos that I do is also Kind of related to someone had just commented here I enjoyed the video you posted today, which was on XC PNG and there's not a lot of other content creators doing XC PNG and I Consciously make a decision to do it because we are actively working on this out in the field doing consulting on projects with XC PNG etc etc and I Am just sharing my knowledge on this the reality of it is if I were to and I've run the polls And I've run the numbers if I do more videos on unify I'll get more views if I do more videos on Proxmox. It's popular in the homelab I will get more views and I choose though instead to do the videos I want but that's because I have a different monetization model on the back end because views equals monetization if you want to do the YouTube thing full-time and you don't have a business like I do which is an IT consulting business it makes it just for an interesting angle that you know, I still have certain amounts of Money I have to bring in for to keep the channel going because I do this all myself for the channel And I do get an income from the IT services business, but I'm not the hundred percent owner of that anymore So I have to split the difference and you know, I'm gonna probably have a few more sponsored spots that are coming up You know that'll be on the channel I try to keep it to a minimum But I understand the people who can't because it is very different because I've had 20 years of building a business behind it So it's also yeah This would be a good episode to come on a talk. Yeah, and I'm it's a it's just an interesting discussion around The whole topic on there. So yeah, it's it's really I think a lot about the economy and how that works The economics of it and trying to figure out, you know, the best methodology that works for me I'm actually working with a friend. We're trying to work out some ideas so he could take over Solve it. I just don't like dealing with the advertisers I actually have more people asking me to do sponsored spots that I really got time for at the moment But I want someone else to kind of deal with it So I've been working with another friend and we're working to see if we can get a partnership going where he just On the back end takes care of certain sponsors and some of that So it's definitely one of those, you know, there's some things in the background and working on it But those are that was me completing a loop of that thought now. I'm back to Tech mode in my head. So let's start asking going back to technical questions and things like that because that is why I love the live stream so much as people who come out they reach out to me they Email me vlog Thursday at Lawrence systems calm Which many of you who have email me realize I do reply and does the same thing with a newsletter there I people have emailed the address the newsletter comes from and sometimes it goes do you really monitor this email? And I was like, yes, I do I reply to them. I I'm a little obsessive about that. I try to make sure I don't reply to every comment on YouTube Some of them don't warrant a reply Some of them are just silly But I try to make sure I engage with people That are asking relevant questions Related to tech because there's all kinds of weird off topic if it's amusing. Maybe I'll reply but many times I get mostly spam offers or police or people who just send me screenshots of What's wrong and ask for I don't know why this doesn't work and they'll send me 20 screenshots So I'm like, I'm not reading 20 screenshots. I have forums for that. Sorry, you know those are not the emails or comments they always respond to because they're They come and go people who want to engage or have a conversation about something thumbs up Love it, you know, I like reaching out and engaging with people on that topic. Oh Let's see. I did see this. What's better proxmox or true nas? Well, one is an ass one is focused Well, one's focused more on being an ass that happens to have a hypervisor. One's a hypervisor That you technically could turn into a storage server, but it's certainly once again not its Purpose so it's like I don't know what's better This microphone or this glass of water right now the glass of water They're very different things so it's hard to make a comparison about those two products. So the if you're More in need of a storage server go a true nas if you're more in need of a Virtualization platform with lots of features proxmox is definitely going to be the Virtualization platform with more features than the nas system that also can run a virtual machine is Is the transition away from pbc storage major deal for true nas I don't like pbc storage the way it was implemented because This is the problem. I had with it not that I don't understand it But for the people who are going to try to manage things using pbc storage inside of true nas They don't know exactly where their data is until it's gone And then they realize where it's not and it's in their possession anymore So my problem with when you Store things within the apps themselves is I need to set the apps back up hold on Choose a pool All right, I'll set the apps back up But if you store them within the apps and you're not clear where your data is Then you kind of have the problem of how do I back it up? Is it backed up? What if the pool crashes now? It's stored within the pool, but it's all given unique IDs So you don't know where that particular file is so if you take the time to understand it great But from an extraction layer just setting it up This is the problem some people when they don't set up their docker containers properly and realize They don't know where they're storing your data and then they end up with that system crashing They don't know how to they may have the scripts that set up the docker container Hey docker run this and pull this great, but where's all my data? Yeah That's why I'm not the biggest fan of the way the PVC storage works versus when you do host path You implicitly list where that storage is and I think that's a better method That's one of the reasons my tutorials always cover that method because it's just easier to understand for the average person Proxmox is purposeful hyperrider true NASA's a NASA solution with virtualization capabilities. That is another way to put it My friend and I are trying to use a connect extra email on switches with proxmox And we're finding it to be a little out of date. Do you have a suggestion for hardware combos going forward? I mean you got a couple options. I I really like for ease of use and Relatively inexpensive are some of the unify stuff also out there that you can find it just comes down to your comfort level I think maker tick makes a decent switch. I don't think their documentation is amazing but if you're familiar with it you can hammer it out and figure out how that works so the Meager tick might be an option for you obviously if you go on eBay, you can find some of the Cisco stuff I am getting more confused in because I'm not an expert in it with the way the licensing works for some of the other switches Whether or not features expire based on the license. I'm not clear Unfortunately, I know there's going to be a point in the future It's gonna suck where all switches have some type of subscription license attached to them Or at least many of them will where you won't want to buy use enterprise switches because you won't be able to Have a license that works. That's that's a future I fear will eventually come to pass because every company thinks everything should be some type of subscription model That's at least something to my knowledge maker tick doesn't do and unify certainly doesn't do so. Those are a couple options out there Is there a thing in Linux like previous versions Windows restoring files from snapshots not the entire snapshot just a file well Linux not Exactly you don't really have volume shadow copies directly in Linux There's not there's not a director's LVM snapshots, which are something different again But if you're using and maybe you're asking about true nas If you set up true nas and you set up a window share with true nas I have a video on this topic and it's still relevant today Even with the new version of true nas when you set up window shares and you set up snapshots these snapshots To the window share present as volume shadow copies that you can find the previous versions of files Based on the snapshot policy so yes, if you're using true nas with a window share with snapshots if you type in like VSS true nas or SMB true nas I've got videos on this and it will do that exact thing. So that is a way to do it There's there's not anything like I'm running popo s which is a flavor forked off of Ubuntu and That doesn't have anything natively. I have backups for my file system But it doesn't have any native system in it that will allow me to restore a file PVC shouldn't even exist. It's a disaster waiting to happen. I don't know. I don't know about not exist Because I think there's a need for it. I just think there needs to be like guardrails and warning signs about where your data is That's the part. I think is Important is that we have those for example, I don't have to specify any storage and I'm also not worried about losing any storage that Might be used by this install. I'm going to do of net data There are options. I think you can yeah, I can choose some storage options in here Yeah, I can do host path for certain config, but I'm not worried about there's not much config changing I'm doing to it. So we're just gonna go ahead and click install This is to me a good use of the PVC storage in the back end, which I assume that's using for that There we go. Now that's deploying but yeah snapshots are the way and shurn asks for Having the shadow copies. I think let me look at how it presents it in here. Let's go ahead and Create another one. So let's add a data set Test test of SMB share. We'll make it a SMB Save Let's see what it does by default. I just want to create a default share. I know I can turn it on All right. Now it says that share exists Manage SMB shares edit advanced options Browseable enabled See uses home time machine Recycled in Huh, I don't see it in the list. Oh, there it is derp. It's right here. It's checked. So by default Yes, enables shadow copies is enable ZFS shadows copies for VSS clients. So it's enabled by default now Enabled by default, but you also have to go here To your data set that specific data set we created and we have to have a snapshot plan for it So manage snapshot tasks and we'd have to set up a task For that particular data set. So there's our test of me share We'd have to set up the snapshot lifetime the frequency. Maybe we want an hourly snapshot Maybe you want a daily snapshot and then those snapshots will present as volume shadow copies Any automatic backup software for Windows snapshots? automatic back window what are Windows snapshots? Windows doesn't have a snapshot feature Or at least I don't know that Windows has a snapshot feature. I'm not I'm not the absolute Windows expert, but to my knowledge normal Windows like Windows Server doesn't have that so Maybe there's the Windows data. What is it? What is that software called that Microsoft has for data storage tonight? I've heard only people tell me terrible things that have to admit it Storage spaces Windows storage spaces. Maybe that has snapshots. I don't think anyone should use that I just started building a true nas and couldn't find my SSD changes saying from RAID to HCI and the BIOS and shows us in a true NAS OS detected it, but I don't understand why well, this is simple. You always want ZFS to Have direct control of the drives that means you do not want a Raid setting because now the raid is extracting away the drive and not giving direct access to it ZFS and true nas Which controls the ZFS system wants each drive to be fully controlled by the True nas OS and the ZFS itself the reason for that It's because EFS isn't just a file system. It's also a file system that can control the drives and That's what's important. So once you put something in the way like a raid controller You have it says, I don't know what that is. You're not giving me the drive So it won't work properly. It's not how it's designed to work You mentioned subs on Switches, I think this is where you'll see open switching be more adopted unless they're trying to do layer three and your switch Do you need QoS? Switching needs Switching needs are rather simple ReFS I t-mode to the rescue. Yeah, we can go with that Any nvr solutions I always we've been selling a whole lot of the Synology but we do sell some Ones from Unify as well. I forgot to turn my phone off. Sorry. I'm muting that so you guys have to hear that go ding friends are messaging me The I lost my train a lot thought for a second, but the Unify one I don't think is bad It's just very locked into their ecosystem Unify very much Went the route of kind of I feel like Apple with that one where it's our nvr and our camas and our Ecosystem and you decide to live in it or you do not you get the features we give you and that's it You don't get a lot of customization now I know there's third parties that have come up with ways to back up the Unify nvr's for example And I think that's kind of cool But that's it. There's their third party and Obviously third party is not something I will sell commercially to clients We have a lot of clients that do like the Unify ecosystem. So Unify nvr is not bad But you just have to make sure you're Understanding and if you go in with eyes open going hey, I'm gonna buy this and I expect this system to be a closed Ecosystem within Unify awesome. I like Synology myself because I like the flexibility of Synology. So yeah, they Um Absolutely the Synology one is one of my favorites because it supports a much much much broader range of cameras That you can hook up to your Synology and there's a lot of customization that you can put in it as well Which I really like that You love my video today, but have I tried site magic? You know, I think I did I mentioned it One of it when it came out to my problem I don't like things that depend on a third party cloud and if I'm not mistaken That's how the site magic works is it talks to their system to make my VPN work and that is that's a feature I've rallied against with VPNs because how can I sell this to a client like hey this VPN requires a dependency on Unify But if Unify's system has a problem, so do you your VPN is going to work Until it doesn't and that can be I don't know It's not like unifies a company that's dedicated to VPN support or even any support I know they're offering some more support options and I know I'll be at the Unify event in Chicago on Tuesday So I'm someone who's going to be there firsthand I definitely like a lot of their products, but I'm critical of certain features Not that I think is a bad feature not that I think you shouldn't use it You should just understand when you're using it what the dependencies are on it If you go in the dataset setting is there an option to make snapshot folder visible that will make Dot ZFS folder visible for folks. They can view shadow copies then in Linux. Yes. Yes That is something you can do. We'll pull that up real quick. You can go in and make them visible For Linux people that want them as shadow copies go to edit dataset details go to advanced Somewhere in here Yep snapshot directory me zoom in a bit here You just say snapshot visible and that will make it visible to people Have you looked at lin store to find a better solution to small clusters does it work with xcp and g? Lin store is what the xo store works with on the back end. So lin store and xo and xcp and g Yes, they're working together. That's what the future will be for the hyperconverged storage I can use the windows computer right-click and property select previous versions on the dataset and see all the snapshots That were taken recover the file snapshot can't find for Linux. Okay. Yeah, that's what it was actually Right here is what's on my screen right now make it visible in Linux because that I know of you can't do the VSS in Linux, but you can I've never tried Tom, do you remember read Duxio? I got all those hx 550 bucks kind of Frankenstein a trunas Install on it. I do not remember read Duxio read Redu xio What was reduxio? Or maybe their company it's gone. I don't know what they do. I'm looking because I found some Okay, they were data management company But they appear to be gone. So I that's why you said remember them I did I never heard of them, but they do appear to be no longer Some should write a nomic extension corporate viewing snapshots from ZFS that would be cool Maybe I think the demand is really low for it. Maybe we could probably Google how To view SMB VSS in Linux So someone already did this The question has been asked So, yeah, there's a way to do it But is there a way to see it in Linux? It's weird. I mean, it's all built-in the Samba here Which runs on Linux, but yeah, this is just the Samba documentation for the VSS shadow copy Yeah, maybe someone I don't know. I'm not exactly a I've never needed it. So I guess that's probably why I in all the clients that we have running TrueNAS I don't think I have any of them running TrueNAS and attaching Linux clients to it. Like it's all Windows It's Windows all the way down everywhere. So much of our support thousands of Windows computers very few Linux computers Have you had clients transition from VMware to XCPNG how the migration go asking for a friend We've had many many people. We've been doing this for a couple years So because some people wanted to transfer before the merger like when it was announced Some people were early adopters of XCPNG. Those people are much happier than the people doing it under duress right now So, yeah, definitely very there's different different people on different life cycles We've had people that migrated a long time ago Those were the early adopter folks And I don't blame them Doing the early adoption made sense The problem, you know any of these cycles it kind of depends on licensing and things like that if you have an Existing contract that's paid up till you know a certain day. Well, you're not gonna move any sooner because you still have that license Linus did a video on Weka I don't know. I'm not big on a lot of these closed-sourced systems because I don't Let me pull it up Linus just posted a video about their new storage server This is the company that Sells it. I don't know. I don't these come with heavy licensing fees and my faith in closed-sourced storage Roll back just a couple comments about a storage company that went out of business that this person. What was it called? Yes, that went out of business a lot of these storage companies do not last because of how hard it is to build a storage server But the open-source ones do true NASA stood the test of time Seth stuff is standing the test of time watching others fall. Matter of fact, most storage companies aren't even profitable This has been a problem for a lot of them. So I my faith in that stuff not so much Hey Linus wanted to test it. I I mean he's got a lot more money than me to Spend on things like that, but I would not have chose Weka But here's the here's it. You know, this is a really confusing point and I want to call Linus out on this Maybe I'll I'll figure out. I'll talk to my friends at 45 drives Linus has done videos of 45 drives before why didn't Linus reach out to 45 drives because as big as Linus is We have and I say we because me and 45 drives share a common client we do some of the network engineering 45 drives as a storage and They are producing movies. You've heard of very very big movies very very big production houses By the way, it all runs on 45 drives So why would Linus and they're they're storing more data than Linus Why why would Linus not try to work with 45 drives on that like 45 drives build this builds this stuff open source Seth self healing can do all the things that Linus is paying a fortune for Weka, but he could have went open source with it I don't know why he didn't I thought you know, I don't know I'm gonna talk to my friends at 45 drives, but I'd like to kind of do a comparison. Could we build what what that Weka system does? What are your best questions to ask a company during an MSP interview? I think those are excellent questions You should ask on business technicalities Brett and Jason been doing a good job of talking about that The top link Lawrence stop video slash biz is where we have all the business technicality stuff I wonder if stuff can perform just as because wekka like to see how wekka can do tasks per How wekka can do tasks per core. I have a feeling Wekka is built on top of something like stuff if I had to guess this is one of the things that drives me nuts Wekka's already been sued for Violating licenses of min IO, but I but min IO can be goofy So I don't really know who's right in that particular case But there's a lot of these companies that just use open-source software on the back end But they try to tell you we built magic. No, you didn't you you know, look at it Nutanix comes up when we talk about virtualization Nutanix has paid KVM So it's like you didn't reinvent it. You suck a UI on top of KVM So I don't know there I don't know what runs Wekka But these companies like are opaque because they're closed source But I a lot of times you'll find a bunch of open-source center to hood So I'm willing to bet they sprinkled a pretty interface on top of something like Seth Because there's some ways that I was looking at how it does things. I'm like that actually sounds like The same type of setup that you have in Seth Seth has a really interesting setup. It's a lot different than other file systems That's it's pretty brilliant, but it also has a lot of complexities with it So Seth is not for the faint of heart. It's a project you undergo But if you have someone like 45 drives willing to pay to engineer it once it's well engineered and stood up It works well our MSc tech favorites to Hyper-V for local ESI replacements been trying to introduce an approximate solely little success I mean if you don't have the Linux shops, that's part of it, too If you don't proxmox It's all Linux underneath so there's some knowledge you kind of need of Linux if there's any troubleshooting with it That is a big scary spot for people who are long-time Windows system ins We will turn Nutanix turn to Nutanix as neither proxmox has vendor support for Veeam or server manufacturers We turn to HPE for VMware support. I don't get people's love for Veeam I've even argued with my business partner Jason Slagle who does love Veeam on this I Mean I get application aware backup run an agent on those ones and that makes sense But you the backups in XC PNG works so well I don't know why I'd want to spend the extra money on Veeam. That's my problem like The backups are so smooth and so well integrated in XC PNG That actually reduces your total cost of ownership because suddenly I'm not giving Veeam a bunch of money for licenses That's my argument other people are going but I like Veeam. It's what I use. It's what I know It's what my people know and I gotta admit the Feature to be able to do that quick restore. I forget what it's called in Veeam But it's the way it can do the partial restore and attach with the integration of VMware. That's cool But you can restore things relatively fast with XC PNG Especially if you happen to have a fast local copy of it. Well, you can restore it relatively fast But that's that's me. That's my opinion other people have other opinions and yeah, there's no doubt You can Absolutely do things many different ways and some of those different ways require retraining people Which is the argument some people have about XC PNG because they already know Veeam and they're like I don't want to have to retrain a bunch of people because that has a cost Oh, they're on a trial for Weka. Well, there's still an opportunity Yeah, network Chuck has a big 45 jives cluster. He's setting up There's I know for a fact that big names are uncritical data on TrueNAS NFL Lucas films to name a couple Yes, there there are many big big companies many There's not since he many but there's a handful that we've worked with and probably movies you've seen Instant recovery. That's the best thing people like it's called instant recovery in Veeam From I can see Nutanix use of the base system. Yeah, there's a bunch of open source underneath Nutanix They're just not an open-source company there They grab a bunch of open source sauce and put their layer on top of it and sell it Specific is it best to keep TrueNAS backup server not knowing the keys from the main server to unlock the data sets? If so, how do you delete the keys select the dries or does it not matter? The reality is and if you replicate data if we don't have the keys on TrueNAS a so If we're logged into our TrueNAS here and we will log in and we replicate data to the other TrueNAS Let's actually create an encrypted data set and walk through the whole process So let's add a data set and we'll encrypt it E N See our rypt Encrypt we're doing it encrypt irked because I want to misspell it now Encryptir did it did it? Day does there we go. This is our encrypted irkers data set and we're actually going to check the encryption box We're just gonna do a key encryption on it Where did it roll right by it check some sensitive ZF able where am I where did they move it to? ACL no, why why did I not see it? Exec snap copies. I know someone's probably screaming because I'm rolling right by it Sync comments. Oh, so it's right here Encryption we're gonna let it do a key. We can do a pass raise. We'll just let do a key So it's simple so the key saved in here So now right now we're gonna create an encrypted data set and encrypted dur dur dur dur data set There we go. There's that data set and it's encrypted now If we send this data set so let's go over here to data protection. We'll just run through it real quick here source the system We want to choose that encrypted data set Different system. We'll send it over here to our friend apoc and we'll send it to YouTube demo seems like a great place to put that slash ENCR Ypt we'll spell it right on the destination So then we'll go ahead and say test next Save Let's go ahead and run that finished Goes really fast when there's no data log into the other system data sets YouTube demo and it's locked so the only way you can unlock this is I need to copy that key I Can provide the key manually from the other system, but it doesn't stop me from deleting it It doesn't stop me from it only says me from viewing the data So is there a risk of someone viewing the data on the other side? Well, you can leave it encrypted, you know Maybe you want to back it up to your friends plot friends place and maybe you don't want to completely trust that friend Or maybe where you're sitting to back up You don't trust that someone may physically take that box and try to extract data out of it Then don't send the key if you trust it and you're not worried about it You can send the key as well as long as you keep the key people have certainly lost their keys And I let them know there is no way to get their data back So comes on though if you want to do it What if your VM is encrypted with something like Lux for BitLocker a hypervisor level backup requires you restore the whole VM or disk Mount it unlock it then grab the file you need. Yeah, that's an issue That's true I gotta get me an HL 15 just pinching some pennies Having run and sold MSP over eight and a half years and acquiring a dozen odd MSP through that process Beam is by far the best standalone backup product we've ever used that being said XC PNG is nice. Yeah Hey, Tom the new new firewall changes you thinking about switching UDM for a router instead of PF for home Nope, not at all. It's pure storage built on top open source. I don't know. I'm I don't run into too many pure storage I'm not sure copyrighted in kept her 24. It needs to be a shirt, right? Doesn't you ask need downtime to do upgrades most such companies don't want storage interruptions for upgrades So most storage companies have multiple controllers to pass on the upgrade Yeah, you can buy an IX systems and you can do the staggered upgrades the IX system hardware supports The active failover so there's no downtime for doing upgrades. There is there is a way to do this True nas has an ht model that solves a problem. Yep, that is correct What is your preferred way of? Storing secret data set keys Bitwarden works really well for that you matter of fact if you go in bitwarden I don't think I can display this here. No, it won't display on the screen you can actually just take the keys and pull them out matter of fact we go back over to this data set and Let's see I think I had it too zoomed in. Where's this at? There we go zoom it out a little bit ZFS encryption export key and There's the key you can download or you can just copy this key and put it into Bitwarden so you know where it's at good to hear your true nas is coming along well How to delete the key to lock the drives again? Once you import the key to the other system. I don't I've never tried to delete it once you import it That's a that's a good question. I don't know if there is an option to delete it once you import the key You can put it in there's an option Let's try this real quick Let's I can show you where I store it Gotta I have to do it as a web So if you type in HL 15, there we go I Can't show the willis share this screen. This is how it stores in bit warden You can put the keys here. You can just copy them, but you can just do hidden new custom field some key Then you just paste in the value and Put the value right here, and that's it. It's all you got to do To put it in there and then it shows up in the bit warden You can just copy these keys copy the value and paste it into wherever you want past phrases are the way to go if you Want it to be and I use past if it's critical I don't use keys I use past phrases and the reason why is because if anyone ever takes the true dance Either one of them if it's my most critical data is always has a past phrase As a matter of fact, you may notice on here certain things do have a key But data set pass this is the important password that I have set that allows me to unlock critical data sets So that is the my preferred way of doing it is with that Yes, you can it completely seamlessly fails over with the ag systems Time and we're watching a video about a system's dual controller ha model. What was a switch over time? To other node it was pretty much instantly Yeah, it fails in like Seconds like you can it doesn't shut down your virtual machines that are like the attach to it for storage So I had it set up as a storage target and the storage target can continue on I actually pulled the entire controller out So you can do a less than seamless failover where you tell it to switch controllers But you can do a force failover where I didn't just unplug it I ripped the motherboard out because I exist as I could do that once but it's not good for the connections But I pulled out a live running motherboard and showed that it completely kept working If someone physically steals the server they can get they can still get the data I wish there was some solution of the keys are pulled on boot from some there is a way to do that You can have it query a device on the network. I figure what it's called. That is a function that Comes with the enterprise version of true nas so that's There is a way to do it where it queries a network server I don't even like that because I don't want them to be able to get the data because what if they if they have physical access To steal the server. What if they steal this thing that's providing the key file on that? I don't want to deal with that. I just put a key in. It's just not that big of a deal It's like any time I reboot the server I put a key in shrug shoulders like I don't read but you know how infrequently I reboot the server only when there's updates Business wise we use who do for our documentation Personally, I use a spreadsheet and log seek for all my documentation. I like log seek a lot It's not it's not made for documentation. It's just where I keep all my notes Because they're all marked down so everything I just put all my notes and mark down for everything Yeah, you could put the hardware You could also put it like put a raspberry pi Inside of a safe that works as a key server that has a network cable drilled through the safe So someone can't pull it out and then you hope they can't sniff the network to do it I don't know. I don't see this as the big brisk If someone does there's methodologies to build it out But I it's it's one of those thought process things like you can go through and do that but I Think from a threat model standpoint It's not where it's not where you should spend too much of your time because it from a threat model with limited exceptions of people that are you know Holding on to government secrets or something that is in high high demand some type of incredibly valuable intellectual property These are things you might be thinking about But for the most part putting a passphrase on it solves all the problems with the one exception of rebooting it But how often do you reboot your storage server for me? It's not really a thing. I have rebooted my storage servers But it's pretty rare Right that they steal it. They won't be able to boot since you didn't input the password Well, they can actually boot it. I might sure ask boots without a password. That isn't where the challenge comes in When you're setting up the encryption in there if you do the encryption is Passphrase This is some Probably so I think it's what password wrong. I didn't this is some password confirm the passphrase now This every time the system boots this data set will be inaccessible until someone puts in that password. That's it it's pretty simple and That's the easy solution. So it boots but things are locked That are critical and I have critical things on my system that I don't want people to have if they physically took it So I just have a passphrase on those if you boot it up if you don't have the passphrase You're not gonna get the data Should I upgrade from core to scale? Is it easy to in place upgrade? Yeah, it's generally pretty straightforward I gotta build another we're gonna lab this out because we actually have a core system We're probably gonna replace at CNW are so with that we're going to Do some more testing on that exact topic Let's see I can show Let's see here If you want to see like what my notes look like I can pull that up in a second here, too Encrypted at rest checks the box for compliance and insurance. Yes, it does I haven't looked at tactics or an amendment a long time. I don't know I don't have any opinion It's been like a couple years since I looked at it. I I don't keep up with the project. I need to your name's version will files Access under the protected data storage be visible in SMB audit logs Is there a way to exclude folders from the datasets from SMB? I don't know any way to exclude things from the SMB audit logging It's a new feature. They just added into my knowledge. There's not any We go here to the data sets Actually, that's gonna be under shares. This is where they added the new audit log feature and I Don't know how to exclude things from here I also don't know why you would usually audit logs are exactly that things you don't want excluded you want them all audited and logged But as DBM with DFS the stable is free BSD. I would say yes. It's quite quite stable the Linux implementation From day one, you know years ago may have been new but day. I remember how many years ago this was it's been enough years That I I think it's pretty well vetted on Linux distributions now, so I Don't want my cat videos audited. Well, yeah nonetheless, um, let me Present this share screen Where did this Window Here we go. If you want to know what like a bit my video notes Or here here's some doc here's here's like how I did the tips video You share this and from log seek. This is what my log seek looks like and In here, this is how I write a script. This is like the entire script for that video And here's even the timestamps that go with it. I just do this all in log seek It's easier for me. I keep just notes for things I'm working on in here You know, like here's probably like I know I got passwords in the unified express one because the unified express has some passwords So I sometimes put passwords in there to lab equipment But yeah, I'm I got different agenda things I put in here Stuff like that. This is all markdown, but it's all pulled through This tool called log seek. I have a ton of things in here I Think it'll show the graph view or it won't. Oh, yeah, I broke something on this. That's me. I forgot what I broke I Did that I was playing with something and now it quit working Let's reset the graph There we go If you're wondering how many notes Tom has in here It maps my mind Here's all the The notes I have that are all date related because I journal thing Sometimes I got like VM or alternative stuff in here. There's all kinds of random things But this is I may do a video on log seek at some point in time But it's this is how I'm I keep and organize lots and lots of data For things even stuff like what's gonna go in my newsletter all ends up right here So if I click on newsletter it organizes all the different things that have already well not a hundred percent Let's make some a newsletter. This is what I'm going through my day Putting this together for things like hey, this is This this or this or these are things I think might be interesting and later I go on an autumn. I also have like some series of XEP and G notes like if I wanted to know how to reorder a Network card there's some of the commands in it. So these are the commands This is in bash. It less it also lets me quickly copy things that are in here. How to reset power state links to different things It's really easy to work in inside of here as well I said, I really like log seek. It's just kind of a cool tool to be able to do all this It's by the way completely open source. That's one of the reasons I like it The back end is all markdown which I like because I prefer doing things than just simple markdown I like the fact that I'm not locked into some proprietary ecosystem by a company that will change their mind about how they do things and Yeah, it's just it's a simplicity thing for me. I use sync thing sync thing is my go-to for all the things I'm doing the I've been using sync thing for years and I automatically sync it to two different Systems so right now it syncs to the My true Nassimini are and it syncs to this another system called APOC So it's always connected to two systems those systems also are creating snapshots of everything in sync thing and there's revisions for everything in there matter of fact Even when I take photos on my phone It automatically synchronizes because I got syncing on my phone So the moment I take a photo if syncing I don't always have it on but if I turn it on on my phone It synchronizes right away All of the data that's on my phone As well, and it's also if you notice there's the there's one specifically called Tom's notes Here's any of the notes that I have inside of log seek that are synced and they're also synced because this Log seek works on your phone. So sync thing is how I glue log seek together. They actually have More recently log seek has a Document synchronization tool that they're building in there to make it easier for people who don't want to set up sync thing But yeah sync thing works amazing. I have a true nascale device for my media storage My Plex Docker container in the VLAN isn't showing on the media devices or Other on other VLAN guessing it's a rule issue. Yeah, I don't think they give you any fine-grained control in true Nass that lets you Select I have to look in 24, but I think that's still a weak point if you're running apps on sure Nass I don't think it lets you select the VLANs that you want to attach them to How do you copy that section part? What is that called? I'm not sure I understand. Is it just the way I do the code blocks. Is that what you're asking? What hardware do you recommend for a small form factor for internal SSD a custom build that seems The most expensive option if you look up Brian Moses, I've referred to him quite a few times He's got some good write-ups on sure Nass builds and they're What do you call that Will it true Nass? I think it might still be called will it free Nass, but the forums there's a ton of people would build write-ups on there Sync think always gets out of sync for you. I have no idea why I've been using syncing for like eight years. Have I Seen it get out of sync because I've done something to cause it. Yes Usually what I've done to cause it is I for some reason I may not have it running and I'll edit the same file and it has a conflict And it says which one of these is right because you put some data in this file And then you open the file over here and put some data in it and then you turn syncing on When these were out of sync we charge it's very rare that happens But it has and it just has a sync conflict. So I've been syncing terribly today to four years never an issue a syncing Open source RMM for small MSP. I don't think I would recommend any of them That can't pass a security audit and security audits are hard and expensive So I this is one of the challenges with all the tooling even the big expensive tooling We keep finding flaws in and causing problems for people. So I don't think it's worth trusting some of these other Small open-source ones. I don't think the risk is worth it to save the money Because you could put you out of business you you could be facing like that someone finds a flaw and starts exploiting it and now You're on the hook for that you became the source of the hack So that's why I stay away from certain tools that haven't gone through vetting I'd love it if there was a wonderful open-source tool that did all the things I'd be singing praises of it, but it's not easy and I haven't seen it I've got a true Nasa fight that has NFS stairs to two ESI hose for a couple virtual machines But it seems when I've needed to power down the ESI hose I lose them out. What have I done wrong? I don't know It should work And it probably need a little bit more information or posts in the forums should I Move a data set by setting up a local replication or test Encrypted syncing restore I don't understand the question Do I move a data set by setting up a local replication or test a? Encrypted syncing restore I'm not sure why and I'm not sure why those are two different Maybe yeah, some things may be better as a forum post if if you're if you don't have enough spot to leave the words here So I use both I have data sets and I have folders underneath my data sets You set a data set and I have a video that explains how does yet? How does the FS data sets work? But essentially they present as a folder, but they're a folder with extra features those extra features They have are the ability to set encryption and other things like the block size or snapshot those But everything nested under that data set all the folders underneath of it Those are just going to inherit Generally speaking all of the features of that particular data set, but you don't get to if I have a data set called Tom and I have a Data folder underneath it called notes I can't snapshot the notes folders separately than a data set I snapshot the Tom and everything subsequently under that one it lets you know what It just tells you there's a conflict it says these two files and it'll give them the it'll take the file name and Give it a date it'll say like you know We have notes dot text and then we have a Number after it which represents the date because we have a conflict we have another version. It's here and it tells you when there's a conflict Another weird issue is your dance might initially set up a data set share and providing access to local users. Everything works fine I then join to the AD and then share with a domain user, but I can't seem to access Share with a local user. Yeah, once you join into AD you either use AD or local users You're not supposed to mix and match them together Maybe you can I don't think it's a great idea generally when you join into AD you're letting AD handle it Hardware question. Do you have any ideas something similar to AC box caddy for MVMEs? I Do not Wendell may have covered that the Wendell He covers a lot of little ones little one-off things that are related to storage hardware So if there's a channel that may have covered it that also I believe will have a good review of it It would be Wendell from level one text a level one text check their channel for something like that It's not something I have at all. I have zero experience with those type of devices I want to move a data set to a different pool. My question is use TrueNAS tools or test my same thing backup Which is encrypted. Um, I Like moving data sets with the ZFS replication because it's fast. So when I was shuffling around all my servers It was the fastest way to do it was I just ZFS replication move this data over here Even though the system somewhere on one system somewhere on another system. I consolidated I had to split the data. We had two inch data in one spot I had to rebuild that server, but I didn't have another server for it So I had to split some of the data across a couple more servers and then I reassembled it all back on the main server So yeah ZFS replication is your friend for that. It's one of the fastest ways. You're gonna get it done Do you have any tutorial for setting up a TrueNAS server for off-site backup? Yes, I do and I specifically did it with tail scale because I think tail scale is a cool way to do it Without having to deal with setting up a VPN. Well, Tell scale is a VPN. You just didn't have to deal with setting up a VPN on the different firewalls. So yes And I have some videos coming out Soon they're gonna be how to do ZFS replication as well No, it does not have a get merge system in it. I don't know because I don't use QNAP I'm not sure why they're slow to reboot. I generally avoid QNAP systems. They're kind of a security nightmare But maybe they're getting better. I don't know they seem to be in the news a lot I did a video because so many people asked me about it Can I it's not that there's flaws in QNAP and that's the end of the story It's how those flaws came to be what those flaws are and how the team at QNAP responded or as I pointed out in my video didn't respond to the flaws and Did a poor job of it. So That's one of the reasons I avoid QNAP True nas scale vlan for apps app settings advanced settings So the so or so the true nas forum says yeah, I haven't done any testing with it to see how they're handling that So a way to connect a shared folder from one true nas server to another no true nas that I know of I mean, you could do it from the command line, but natively in the UI There's not any way I'm aware of to tell true nas to mount another folder on another true nas Any third-party patching tool you suggest for a mid-sized company of any good ones you suggest The problem is Microsoft They they're terrible about it So people try to come up with third-party patching which is still just wrestling the beast in a different way We use a combination of Emmy bot and Ninja one for things. So ninja one is primarily what's handling our patching. I I Nothing is amazing not because the companies don't want that to be but because Microsoft, you know Like I tweeted the other day the multi trillion dollar company Finally admitted that while they were beta testing updates on your servers That they have a memory leak in them Microsoft's terrible about updates because they know it's a monopoly Microsoft lost zero customers while screwing up server updates That we're causing domain controllers to crash. How many people you think switched away from Microsoft? So why would they do it right? They'll do it They put in much effort as they feel like and just enough to keep them out of the news for a minute, but not completely Approximax or XC PNG. I'm XC. I'm team XC PNG if you can't tell by all the videos. I have on the topic What do you do to create the code section so you can just hit that copy button in law? It's like, oh, you just slash code. It's Pretty easy. Let's share that again and we'll Share we'll say slash code and we'll pick a bash There we go, and now I have a code block where I can type things where I can I should probably type something in bash 8.16 We're actually at 69.4. There we go. And then we can just Copy that command and then we can just paste it somewhere. So yeah, that that will that's what gives it the code blocks And then when we don't need this code block, we can just Delete it. There we go. Now the code block is gone. Finally getting a separate machine for VMs Would it be silly put everything? Instead of a hybrid network on TrueNAS, I mean the entire VM OS does not just the data. I Mean you can nest everything inside there It's just how complicated do you want your life to be when it if something goes wrong? Have you tested upgrading for TrueNAS core to scale? Yes, I have I am on core looking to scale only really path up in place upgrade Yeah, I got I'm gonna do more testing since 24 is out the previous versions like the 23 series Yes 24 is in release candidate one right now So I do plan to do more testing to validate that it moves things fine matter of fact one of the things specifically I want to test is how it does I scuzzy and some custom network settings because we have a production well, we have a few production systems that we're gonna be moving off of core and I'm going to basically emulate their config and then see how it doesn't in place upgrade I'll do a video on it when I get that done Do you think XCBG will get into VDI? No, I don't think so We have multiple branch offices each connects to a main office remote users connect there as well But tell scale be a better solution all servers are at the main office. Yeah, I mean tell scale works quite well I like its integration in a PF sense. It makes it an easy one I like net bird someone may go Tom and aren't you gonna do a net bird video? And yes, I do plan to but I Tell scales integration a PF sense kind of gives it an edge ease of use So if I'm also one of those people it ain't broke don't fix it So if you want to change for the sake of change, that's not necessarily what you should do But if you're facing a challenge, then yeah, maybe tell scale would solve that challenge for you You know, I should just I should get that done. I agree the 4200 video should come out Hopefully soon. I'm still using it. It's become my router for the studio So this video is running through a 4200 to get to you and I've had zero problems with it Was building an encrypted true dance pool and true dance and lost power mid job now. We asked for password from HD BIOS USB is detecting all bad sectors Trying to convert to GPT fix. Yeah, I don't huh Do you have xcp and g tutorials from basic to events? Yes I have a getting started video for 2024 so my getting started video is the one if you've never touched it that will walk you through from start to finish on xcp and g My thoughts on using 802 1x if you need it use it I don't know. I don't have enough context to give you a more in-depth answer on that. Sorry the uh, I Always need a lot. I need more context because I watch people set overly complicated things up in her home lab So that sometimes is like people say should I use this? I don't know. Do you need it? Like I get some large companies may need these overly complicated things, but do you need these complicated things? Does it fit your use case? Is it a security measure and does that fit? Where does it land in your risk tolerance? Do you use xcp and g in production environments for your customers? The answer is yes A loss of power the great equalizer of technology. Yes that too Um Even at work overly complex causes problems. Yes, this is you know, there's a book about what it what it I've never was called they Anyways, it's it's one of those things that highlights a human problem People never think to subtract from a problem whenever they have something they always want to add to it it's one of those human psychology things where The question comes up sometimes where you're you're saying how could you make this better? and that's like Just a simplest question and they did this with recipes they did this with uh, there's an example um in that book about legos and There's Clearly this lego bridge setup. That's a little wonky Because and they got a pile of legos under it or like can you fix this to make it better? Well people start adding more legos The solution to the problem the right answer the shortest path to success is removing a single block But like 90 of people see the giant pile of blocks and they start rebuilding the bridge to make it less wonky And instead of just removing a few of them that would make I think you only have to move like one or two blocks and it fixes the problem And this is a fundamental thing I think about all the time when I'm building You build things only as complicated as they need to be and no more So when we're doing consulting I always come at this approach Do you need all these things the answer may still be yes? But I like to ask the question all the time. Do you need all these things? Do you need this level of complexity in your setup because I've done architecture of systems for a long time and what I've learned is Despite me knowing or many people knowing how to do complicated things. It doesn't mean that's the right solution the Too many people learn how to do something really advanced They think that's always the solution to the problem is this really complicated way Trust me It's not because what happens is unless you're going to be the one who babysits it And you're the one who has to update it all the time. It's like when people throw Oh, we should be Tom Why didn't you sep for this particular solution? Because the client wants to manage it and they don't want to learn sep That's why it wouldn't benefit them any for what their task is would it work? Yes, would it cause more management headache for them down the road? Yes, anytime there was an update they like simply running a true nas for their data storage needs And it works quite well for them. They don't need the high availability features of sep So while sep would work for this large file server It simply isn't a solution that makes sense to put in Although we could have sold it to him that way I have a gig in my motherboard that reports ecc errors on the ipmi had to had it Replaced But seller says the same thing happened. Do I need New ram? Are there's correctly if your ram is giving you Um errors, I mean you may have bad memory if you've changed out the motherboard and the same ram Gives errors in another motherboard just process of elimination there Thanks waiting in your review. I mean I the 4200 I got no we've already bought more of them I think at the office too. So I don't There's nothing wrong with it. It works great Subtract. Yes DPC technology knows. Yes That I think that's just the name of the book. Isn't it like something like that? It's spent I'm I'm gonna reread that Move a data center and you realize simple as best. Yes By the same token oversimplification can remove flexibility. Well, like I said, it's not a solution for everything Let's uh There we go This should yeah, there should be this book right here Subtract the untapped the untapped science of less that That's what the book is called Subtract the untapped science of less. Oh, perfect. Yes. Thank you very much. So, um If you haven't checked out DPC technology channel, they've definitely dove way deeper than me into many of the Unify camera videos. So, uh, Definitely check them out Oh and Travis just joined us. He's a Account manager over at CNWR and we've just put out three more 4200s into production. So yes, absolutely Ready to watch the show? All right, but Uh, yeah, we definitely recommend the uh, 4200s Any advice on saying reverse proxy trying to get subdomains talking outside the world? I'm struggling to set reverse proxy internal dns works, but subs point to a win IP. I have my video on ha proxy That is my go-to for that topic. But this is where I said I'd ended eight. It is seven 59 Um, so I think it's about time to end it. My son has wandered in here because me and him are going to continue watching three body problem if you're wondering What we're going to be doing right Three body problem So it seems pretty good I love to talk to friends all the times of tech You some german and some old stuff for my work colleagues Uh, but I love to see how different people work on things and make up their own image. Yeah So nonetheless wow All right, well, I'm gonna end this here though. Thanks everyone for joining as I mentioned earlier uh Vlog Thursday at larn systems.com or you can reach me. I'm gonna go wander off and uh, it's time to go watch some tv so So someone's oh wow, it's a bit odd. Okay So you're talking about the um, I might read the books after I watched the show some I even decided What do you think? Are you gonna read the books marcus? Depends how good the show is the answer is no, you're not gonna read the books are you Audio book maybe right? So all right everyone take care and thank you