 Welcome to vlog. There's a number of three hundred and seventy-three server shuffle That's what I've been doing today hmm Let's whoops hit the wrong button, so I'm still here Man it I forget there's a back button on my mouse So when I go just if I grab the mouse and I hit the back button that happens So I gotta be careful not to do that Anyways, the We'll start by sharing a picture. I don't have anything Outside of what I was doing that I plan on sharing so we'll share that here. Yeah, I hate the back button But yeah, this little drive died on me today. I posted this on Twitter. That's why that's the I think this is part of the image little bit of an issue though the the obsessiveness that I have about Doing all my disaster recovery testing I go through and like to really audit everything and it's not just three two one backup It is like a three two two backup, I guess I Make sure that there's And any given moment generally there are gonna be two copies well three technically one original and two backups on site Just for all the data It goes off-site as well the problem with the data off-site is how long it takes to get the data back on site Therefore, I just like to have extra copy. So this is my spare parts server and the spare parts server By coincidence, I wasn't working on it at all that isn't the server I was working on I wasn't touching it and Next you know, it just wouldn't boot and I was like this is weird And it was a strange coincidence because the server I was doing all my testing on You know, I Was just doing my thing and Testing and making sure all the snapshots worked in synchronizing TrueNAS servers and Verifying that I could restore from another server with all the keys and all the keys were working and in doing so I knew I stopped it from receiving snapshots That was part of my testing and then this server just went out and I was like what I Why did it stop working and it just turned out that the hard drive decided it was it was then it was at that moment It was going to die in this is kind of a nursing thing The solid state drives. It's not that they don't die It's that they die abruptly without warning without even any status updates to make you wonder what they're doing They just go from working to not detected and that's how this one this one doesn't show up You can plug it in the controller does not see it. There's no like read problem with it There's not like it only reads so far and gives errors. It says it's not installed It is It's not like the spinning drives. They they sing the song of their people They make some clickiness sounds and you know, you can usually not always they can die abruptly, but yeah the spinning drives definitely have like a hey We're gonna keep giving errors until we quit working and so you should replace it But man these just snap boom. It's working and then it's not so that Really caused some delays and everything I wanted to get done today Let's see here Hey Tom wondering if you address the possibility of future videos about lint store and DRDB both for context of ExoStore But also scale out enterprise storage clusters. I might test it. It's on my to-do list. It's not high. Am I to-do list though? It's not a It's not a priority to set up lin bit. It's pretty cool. The whole lint store lin bit I think they have a really cool product and matter of fact Lin This is something I'm gonna drop in the link here. We'll share this tab So I think this is the Comparing lint store and Seth storage clusters. It's not that there's like One solution for all things or lint stores better than Seth or Seth better than the lint store Lint store solves the problem differently and therefore sometimes may be a better use case depending on how things work now the The challenge comes into how you want to do your replication so It's it's a more simplistic replication system and it's the back end for XC PNG XC PNG their ExoStore is based on the lint store system underneath the hood. So I might I actually Reached out to and became friends with on LinkedIn some people at lint store. So I've been digging into it It's actually might be sooner than later that I do it But it I don't know. I'm I'm definitely gonna do a video when the full ExoStore comes out That's that's definitely high on my list, but the lint store one not so much We need a speaker and mvme drives We needed to make beeping sounds Uh, yeah, there's definitely advantages to spinning rust generally with the spinning rust I mean It comes down to I can store a lot more data for less money. That's the biggest reason for using spinning rust Um, I don't use proxmox So I don't plan to do any videos on the sdn features of proxmox I think there's people who have done videos on it I'm not among them Uh, because I'm just not a proxmox user and I don't plan on being a proxmox user. It's not I don't have time It like I don't have anything against proxmox I just don't have time to tinker and become proficient at proxmox Because so much of the work we're doing is xcp and g and you know In matter of fact, I see travis in here and travis is one of our sales People I I mention a lot like we do a lot of xcp and g for business The quote that we're working on now to help companies migrate their servers and Buy the hardware and move it all to xcp and g. I mean he just call it enterprise. I mean it's a $600,000 quote So you're talking over half a million dollars for some of these projects and It is definitely used in these large scale environments. I just don't see that with proxmox. I don't know I haven't I I see a few people talking about using proxmox at scale I've not really run into it much at the wild. I really think xcp and g scales really good To these large scale environments. This is an environment that's going to have over 500 well 600 virtual machines and You know managing 600 virtual machines. I'm confident with xcp and g I can't make that same bet on proxmox. I just don't have the same comfort level with it Um, so that's why I don't use it kind of in a nutshell Just don't have time You need to try restoring backups for some of the services. Yeah, it's always so The what are the problems people learn and I'm working on a video for this. There's a content idea behind all of this When I format one of the other servers, which will probably be tomorrow or tonight probably tomorrow I don't think I'm going to be inspired enough to do it tonight Um But one of the challenges you run into is making sure you actually know how to restore it I I get a lot of people Especially with shurnass. I'm doing some new videos on all the new shurnass stuff because There's a lot of things people miss one of those things that I don't have good answers for and it's very unfortunate I don't like this answer because there's no way for me to uh fix this problem for people They're going. Hey my shurnass crashed I don't have a backup of the of the key I'm like, then I don't have a way to get your data back. Well, surely you can let me if you can't do it Who should I call to recover my data? I'm like when you don't when you set encrypted pools and you do not have the key You are not restoring those Encrypted pools. It's not like the the encryption is this arbitrary Like yeah, if you just punch enough keys you can get around it type of thing The encryption is well done encryption and as any well done encryption system, you know in place is Really really hard to crack and uh, this is one of the reasons that it's so critical with all of these different like shurnass servers And things like that that you have all the keys and everything backed up so that when you are Doing anything with the data and actually let me pull up one of my shurnass systems here But you have to understand and walk through the process of where's those keys at can you restore them? In it was really like the server that died on me pretty minor problem because server died Oh, no, it's a backup server that just holds backups. So I go and reloaded shurnass Upload the file all the settings are in there and i'm back up and running in Yeah, uh pretty much no time at all. It did not take me long It took me long the the hard part of the job is I brought my mac book up to the office And I had to ask one of the employees to to flash. I didn't bring a shurnass. I didn't know the server died But I was like I didn't bring a hookup to or a flash drive with me So I had to have one of the staff members, uh one of my fellow staff members to uh copy shurnass onto, uh usb so I could reload it Let's see here Hey, Tom on the topic of data recovery my dad had a wd my cloud got wiped in 2021 from an exploit Yep, from the sounds of it just a partition table wipe. Do you have any recommendations there? I mean, there's it's been a while since I've looked at what modern tools are out there. There's probably better ones. Um If you look I've got tools that I named in an old data recovery video, I've not had to do any data recovery lately Uh, but there are tools out there. I'm not up to date with what the best tools are in 2020 40 years though. Um, I haven't done much of that work Uh, not not from like that standpoint, but yeah, I mean if if it's just a part if it's just like a partition table wipe There's a chance you may be able to get the data back Um, hope I wish you the best of luck because that's that's always a gamble of getting the data back on there Uh, would it be better to run proxmox on a raid pair of ssds and then back up the machine to shurnass? I don't think there's a bad idea. Let's see Any tutorials on uh, how to add ipv6 nope, I don't plan on uh Doing any ipv6 tutorials anytime soon. So not not on my to-do list Uh photo rec, you know, this is a tool. I know that's one of them. I had mentioned. Is this still a relevant tool? It's still around But uh, yeah, this is one of the tools. This is an interesting tool. I've used this many times years ago Uh, so i'm i'm actually happy to see this project still around but yeah photo rec is a good one So good good on a retro tech with a name like retro tech restoration I'm gonna go with you have recovered a few things Just just winging it and suggesting maybe that so Untested backups are almost no backup I always say untested backups are wishful thinking. So we'll go go close enough Untested backups are just wishful thinking. Yep my solution for failing Failing hardwares. They have multiple shurnass servers and built and update them monthly. Yeah having lots of copies of your data is always great Are you the same town from tom's hardware? I am not Trying to access uh modem through pf sense. What does it mean? It's a set available network ports Um, I Am not an expert on ppoe. I don't really have Uh It's not used as much here in the united states. So I don't run into ppoe as often It's not it's not that it's not used at all. It's just not used a lot Thoughts on connectwise ps a also who do wishes I to definitely not it glue avoid it glue We're we're all in on connectwise at c and w are alec But who do is good? We use who do we use connectwise? Uh, I I don't recommend it glue Yeah, vm is We do a lot of vm commercially. Um You know vm is the answer depending on depending on who i'm talking to You know, am I talking to the homelab people not vm? You know, there's other ways if you're talking to the um A lot of the business market, you know, we're we are a vm host, you know vm provider ourselves So yes, vm is not a bad product at all. Are there any comparable open source solutions? Um, kind of i'm not gonna lie the Let's pull it up over here the Do I have a lab one I can show Yeah, here we go I'll need all let me switch to the different lab environment Nope, I gotta start the lab environment. Hold on. I think that's off right now But yes, um As far as open source solutions to do the validation standalone Not really but integrated. Yes xcp ng one of the reasons I like it so much is the integrated backups are stupidly amazing in it So the the ability to do backups and xcp ng makes it a great choice In the boot. Yep. There we go This makes it a great choice. This has those integrations in it for backup and restore. There we go So now that's booted up We'll switch over to that one Go ahead and update this one and we'll uh, we can play with the backup sign here, but there's The backup sign here can do all kinds of fun things that do include so actually we go to the backup and restore You can go right here and even do the health check So you can boot this vm And run through I've got a whole video on how the health check works on there But it'll validate that the backup doesn't just work that it can actually restore the full virtual machine pretty pretty cool feature Uh, since your morning's night was going on with the industry. I'm going to say that xcp ng is definitely um A more popular vmware replacement right now that i'm you know, maybe i'm biased because I do a lot of videos on it But i'm going to say it's a very popular replacement for the enterprise space Um, I have not used c file Did we try connector wise sidekick? Uh, no, I think we I think jason looked at it. Uh, jason slagle president of the cnwr I don't think he was impressed by it. We'll just say that Uh, vmware horizon client me seems to work x11 idea would work with wheel in the future. I have no idea I don't use vmware horizon Uh, yes, you can back up xcp ng to synology You can uh, yeah synology to nfs. Um works fine Uh, if you replace one terabyte drive and synology nfs a two terabyte ray 10 after it reveals what recognizes a new two But I think so I think synology supports that expansion. I gotta test that but i'm pretty sure it's supported Uh xcp g will a two terabyte limit uh on drives push people away any workarounds Yes, there's workarounds, but first you shouldn't be doing workarounds You should be properly designing storage and properly design storage isn't shoving huge virtual machines into The virtual disk that's not good storage design That's not an architecture that performs well Because one of the this is a challenge with virtualization You're virtualizing the i o of the drive This causes a performance bottleneck. You're you're getting an abstraction layer away from the actual hardware And that bottleneck means if you have a database and I've seen people do this They just start creating bigger and bigger vm Uh storage for the databases that's not going to be the best performing There I I did that video on storage design I'm getting a ton of mileage out of it because I keep sending it to people going These are the proper ways to architect your storage. Look at these ways to architect your storage Before you start stuffing everything into a vm and all the challenges that come with it the workaround is you can just pass the drive through Xtp and g supports raw pass through so you can pass through really any size drive that you wanted through it, but That doesn't like then it binds it to that host because you're passing that host through so yes, there's workarounds No, I don't think they should be done Generally when you start running into those issues just start looking at architecture and go how should we design this properly I mean p2v the solution is It's hopefully your boot drive isn't that big But split the data apart if you're doing a p2v If you look at my storage video one of the things I point out is you can just do an ice guzzie mount So you take the data part of your p2v you Put that over to an ice guzzie mount. Then you just have an os boot drive This actually makes it really easy. I talked about this actually when I did my gray log video Gray log is one of those things that I've seen people stuff and get performance issues And They stuff all the data into the vm don't stuff the data in the vm set up a mount matter of fact if you looked at my gray log Um, I pull up the backups on it Add this here go back up restore Yeah, my gray log is only So 87 gigs is all of them. So three deltas and two foals is still only does I think it gives me the individual sizes Yeah, my my full backup of gray log is only 29 gigs That's it because I don't store the logs inside of here when gray log boots it mounts an nfs share on my Uh trunet server. So all my logs They just go there and if I want the logs bigger or something done with them This allows me to do backups of gray log Very easy Uh in restores as well. So I can restore it and then it just mounts the same Uh mount point again in a way you go and you can do the same thing if whatever your your application is Uh, take all the data move it to a nice cozy mount or especially when people are just doing file shares Move all their files to a nas. It's just better to have all the files on a nas It's just a better experience for everyone involved Uh, what's the best replacement for vsan? I First I asked the question. Do you need vsan? Uh, vsan was really pushed and oversold to sell licenses not because people needed it um The magic of hyperconverged storage comes at the expense of hyperconverged rights that have to go to all places at once this has a performance impact Do you need that? You know, this is one of those things now you can use there is a xo store which is part of xcp ng that is a uh feature that they have so you can This is their vsan version. So it exists But you know, I asked the people first do you need that or did you just have a license for it with the vmware? And you want a license for it now for uh, the other side Hey, it's for ronica explains How are we doing today Veronica? Uh, so does recognize larger drives that's a replacement from what I remember all the storage It won't be available until the array and the drives have been replaced. Yeah, I think that's how it works It like does an expansion like you have to get all the drives replaced. I think that's how it works in stenology um One of these times I I got to set it up. It's just a tediousness of putting drives in and expanding them later Uh, when I get p2v I usually require that we shrink files because it'd be more performant with scaling redundancy and backups That's exactly it If you're once you're migrating servers take the opportunity to optimize everything in between You're you're gonna have a little bit of downtime. You're gonna have to do some migration here It's also while you're at it. Let's optimize things To make things more efficient and like Veronica says here more performant Uh chat gpt for writing bash scripts is fantastic Never tried writing gray log configs with it. Yeah, it actually does a pretty good job. Um it's It's uh really gotten better. It's not perfect I think chat gpt is a good assistive technology. It's not a people replacer But it can be a muse if you will uh staring at a blank sheet is really sometimes a very daunting task Uh, I I need to get something started If chat if chat gpt can barf out a framework for me And then I can customize it and it does take some skill to understand a read code And if you have at least some of those skills and it gives you that boiler print framework which at gpt I think that's always a good start. I think that's something I do like about it myself Sometimes storage needs to exist in the vm server. NFS share is on my strategy was spinning disc Well, Zen server has mvme gray log performance is better on my mvme. Well, yeah, of course It's always better where it's faster Have you ever rebalanced your zfs data sets? I don't really need to but I did a video on this And maybe I'll do a new one an imbalanced Zfs v devs if you type in imbalanced on my channel, you'll find the video on there I explain how that works. It's it's one of those things that if you expand a zfs data set Then yes, you you will have that One of the reasons I'm shuffling all the data while also doing all my dr testing is I'm taking my 45 drives q 30 and I'm going to Uh use it for a series of demos. It's before I put it back into service. I've got a bunch of data Demo's if you will of different things and scenarios and walk people through it That doesn't include me taking drives out. I have a new zfs torture test video I want to do so I've got a lot of things I've been working on because I want to make this kind of fun video Of here's all the things that you were wondering. What would happen if what would happen if I pulled these drives out What happens if I pull this drive out? What happens if I you know these little scenarios or yank this or yank the power What happens to the zfs? How does it recover? How can we corrupt zfs? How can we recover a corrupted zfs under what circumstances can you and other what circumstances is it just best to restore? So yeah, it's kind of all a fun upcoming video True nas are good for ha at the moment um No, yes depends So what kind of ha if you buy the ix systems hardware? They have a high availability system So if that's the question if you're using ix systems hardware, you can have high availability Exactly. That's how I use chat g g t chat gpt I always make sure to double check what it spits out Yes, because sometimes it just does something different than what you expect It you don't know if it's going to give you the right answer or a fun answer Hi tom, don't route you say don't route your storage point. This has been a hot topic um This comes up a lot. This was a debate in the forums This was the debate on twitter Is it because of uh protocols like ice cozy smb become unstable and routed or is it because the router Becomes a bottleneck for that type of traffic usually the ladder the Router becomes the bottleneck. That's one of them But the other problems is when People are modifying firewall rules and especially ice cozy when in for whatever reason people route ice cozy through their Router, maybe it's a because they can thing But yeah, I I've seen people break it like they change a firewall rule and break the states and ice cozy becomes broken So there's that too if you do things to disrupt an ice cozy connection You may end up with problems or corruption issues by disrupting that connection and then of course If you're someone who's running snort or seracada some type of IDS IPS system Now you have a new problem and it may Especially because that type of data it may go wow I just seen something that i'm going to suddenly block and break whatever's going on for the traffic So it's a little bit of column a and a little bit of column b on on the problems a lot of my Practices when I say this it's the headaches. I go through with The consulting that we do where we're solving and unraveling these weird house of cards these unusually Like it'll tip over if we touch any spot over here and we're like who put this together like this Let's let's break this all down. Let's create some separate networks for storage and not have any of these problems Um, that's definitely a It's it's mostly advice from our experience of running into these problems Uh, Lawrence you or someone here has Changed the operational system qts or qnap nas by adm or other. I don't use any qnap. I generally avoid a qnap qnap's got a really bad track record when it comes to security I Just the only thing I kind of want to try if I if one floated it into my hands um, maybe I'll load true nas on a qnap but I wouldn't want to run the qnap os they I did a video is one of those things people said you're dogged on qnap You know, everyone has some vulnerabilities and it's not about the vulnerabilities It's how security researchers interact with your company and qnap has not done a wonderful job And I highlighted a series of bungalowings from the folks over at qnap of the way they handle security So I just kind of avoid their products um, so I don't know a lot about them like the hardware is okay. I guess but The um, I guess that's why people like them the hardware seems somewhat affordable. There we go Uh, I have an interesting one pf sensplus plieff blocker ng Uh, can't reach the broad com site saving pf blocker Reloading still no access has me scratch-managed. I mean if those That means there's a rule in there somewhere I don't know where it's it's kind of tedious to go through. I don't really use pf blocker that much except for geoblocking um I generally just use the browser um tools the uh, what is that called? ublock Yeah, that uh, serve the home did a video on that new qnap Uh, m2 that thing's cool. I mean, I think it's a neat it's a neat box. Patrick's video on that was great um, if they're on two different Subnets and you're routing it through your firewall is the routing of smb. It's not that it won't work That's the thing people think i'm saying is that it will not work Everyone's like the first comment is always but i'm doing it right now and i'm not having a problem Well, good for you Are you trying to do a high performance system? Maybe not you're just happy that it works. Okay. I mean I Yeah, I used because it was convenient I copied some files across a vpn With my smb share And I did a video on this showing Vpn is not ideal for smb share. Will it work? Yes. Will it work good? No These and here's a common question. This is coming for consulting many times. Hey, I have a really fast connection at point a and a really fast connection at point b And we ran iperf over a vpn and we're getting x we're getting this much speed But our smb doesn't work as fast as our iperf connection I'm like, correct. And here's the video on why SMB is a protocol that doesn't like the extra latency added to it So as you start adding the latency because of the way it does the file confirmation like hey Here's a block firm get got the block that back and forth causes a lot of SMB slowdown So any of the times that you run it through and route it through a firewall Now routing through a firewall is specifically what i'm saying if you're mega company and you have Layer three routers In or just layer three routing in your switches. That's different That is that is not usually firewall or any rules That's just a way of segmenting out the network. So you don't end up with too big of a segment or too much broadcast That's not exactly the same thing because there's not any rules or parsing Being applied to it at that point Uh, which is better for homelab pf sensor open sense You know the problem i've had and we'll we'll just go ahead and drop this in here I made this as a response Because people keep asking this question And I prefer pf sense one of the reasons why is really simple And I have it outlined here, uh open sense is in um They're just slow on security updates. That's been my commentary on them and therefore I stay with Excuse me. I stay with pf sense. I always tell people do it makes you happy But if you want to know why I prefer pf sense over open sense it comes down to Open sense is slower at security than pf sense and I listed out a series of examples that all occurred in just 2023 There's actually more examples probably but I don't have time to research all of them So I just left it at that and go from there Uh, we don't use pf blocker at clients. We use zoros. That's correct pf blocker is not a scalable manageable system for our clients Any tips for summary emails of beam been trying to set it up Uh, we have beam integrated into our ticketing system. That's not my field of expertise beyond that. So, uh, I don't have that answer Uh, since the merger was zavik stitch was uh Yeah, I just don't need zavix to monitor my system. So I just dropped it I just need uptime kuma. I just didn't anything as complicated as zavix for what i'm doing Uh zavix monitored my infrastructure not my client infrastructure. So since then I have abandoned zavix out of lack of need Um, I just need to know if my sites are up That was in Uptime kuma I adequately does that for me. Uh, I have uptime kuma sending me notices if things are down That's it. I I just don't have a deeper need zavix. I think is a great tool But I don't have time for the complexity or need for the complexity Uh, the other thing I still use is net data So if something's down if something goes down because of heavy load, for example Well, then I will you know pull up my handy dandy net data and go through the data to figure out What is under load net data is actually a really good tool for that. So between net data and uptime kuma I've fulfilled the need that uh zavix was doing with less complexity In my home lab, I have sold true nas on a single drive is easy to make a single boot drive into a mirror Or I better off reinstall true nas onto easy fs mirror and then load the backup file. Um I believe and it's been a while. There's a write-up I think you can actually find the write-up inside of the true nas documentation on how to add a boot drive to it Um that there's some there was a process. I remember it was kind of cool And I remember testing it a while ago. I don't think I ever did a video on it But I'm like, huh, that's clever. There was a clever way that if you like how to add from single to dual drive but Option b of just reloading it on a mirror and restoring from backup pretty easy to uh The I I'm gonna do that's part of the dr testing I was doing And accidentally because of the as I mentioned at the very beginning of this video One of the servers just died. It was not a big deal that the the longest part of that server death was Finding a usb with your nas on it Loading it and then I just uploaded the config file and everything was exactly where I left it So it's it's relatively fast to restore I think they finally got uh open ssl patched in uh open sense Is there a general list of some of the add-ons or apps you use in pfSense? Um I don't have that many And it's driven by need like for me. I I need a j proxy I don't know if you need a j proxy, but I need a j proxy um, so here's all the apps on mine, which is arp watch a j proxy Um, I purpose nice and top ng You know, I I could probably get rid of open vpn, uh, except for the fact that open vpn for a privacy vpn. I use that So yeah, these are these are all the apps I run will just run down there or make it bigger but a j proxy arp watch open vpn this is Not doing anything really If you notice, I don't even have this turned on. Uh, this is the pf blocker for geo blocking Uh, tail scale. I like tail scale a lot just because it's integrated in pfSense Uh wire guard for my site to site. I don't know if you need that or not but Yeah, I think that's it Not much else Not everybody needs to run snort. I run it. It's not in blocking mode Have you seen the mod case mass? Sounds interesting That's cool looking 3d print a case It's uh, that's pretty that's novel Metro is that is a metro cluster also called a stretch cluster? um the If I'm not mistaken, let me look up metro cluster. I think you actually are meaning stretch cluster Or like I said, okay, it is called metro cluster View there. So we're all looking at the same thing Oh, yeah, okay stretch. I call it a stretch cluster So yes, uh, you actually don't need um to do that and One of the things I pointed out in my in my getting started video my architecture video You don't even have to have a common pool of resources to Migrate or synchronize vm's so you you don't need it Because there's not that concept I can have a pool here at my studio And a completely unrelated pool at my office and then I can tell a vm To migrate over there without them being the same as long as xo can talk to them Then there's going to be a path provided xo can talk to them and they have ability to talk to each other Like over a vpn. You can do that. So yeah, there's actually already it's they just don't need anything special to do it like vmware Like the metro storage cluster. It's something you can do Already natively because you can transfer vm's between different resource pools. I don't can someone tell me um I don't know if this is I don't know if you can do this Can you transfer vm's and migrate them between proxmox systems? Can I have a proxmox system? Maybe I'll have to load proxmox to try this myself Can I have a proxmox system a And a separate non-clustered proxmox system b. They're two separate individual systems Can you move vm's between them like fluidly? Can you live migrate them? Provide the processors are the same. I don't know that answer But if someone here's more proxmox expert than me, that would be a great thing to know I have pf since running on four gigs of ram working flawlessly. I want to add a vpn. How much ram should I have? You probably still get away with four gigs. It doesn't take a lot to run a vpn Um, you dropped off a vpn a favor of wargaard. No, I dropped up a vpn in favor of tail scale more so than wire guard I I like tail scale. It just is very seamless. So I've been using tail scale a lot Uh, what do you look for? What do you use to look for hardware failures and service specifically? I have an application with iDRAC interface um I mean, I I don't know what I'm looking for what failed Did we have a failure of a power supply? Do we have a failure of a Network card? Do you have a cpu go bad? Um, I don't I I guess I don't understand or have kind of context for this question but yes the iDRAC generally gives you some diagnostics information Cool. Yes, they're talking about the same thing Uh stretch is calf. I don't know Do you have any clients using wire guard for enterprise vpn yet? Um, yes site to site uh, we've encouraged is we have a lot of clients using pf sense and wire guard makes an easy site to site vpn For two pf sent systems the problem, of course, like, you know, one of the requests that came in today For a job was you know pf sense and another firewall So we have to use ipsec We've actually done a lot of ipsec with pf sense plus insert name of other firewall because it's compatible There's not a lot of other companies out there in the enterprise space Not many at I should say using wire guard So if it's a pf sense the pf sent system wire guard is an easy choice If it's not a pf sense the pf sense or are you usually falling back to our friend ipsec You can back them up and restore them, but I don't think you can uh, live in a single Transaction, okay But can you just point it at another one? See and I this is the way it's easier to describe so let's search over here Share this tab This is how it works in the zen orchestra world so right now This db in 12 is in this pool called rise in labbert we we named our lab system labbert, but I can also migrate this To a completely different pool that's not related. These are if you go here So here are separate separate pools So here's pool of zen and rise in labbert and so I can actually take that vm that Debian vm and I can just say hey Without shutting down because the processor seems to have to stop it I can just migrate it over to a server that's in a completely unrelated pool Um, I don't have to do a backup restore. I can just say Send it over there and it'll send it now This goes back to that metro or stretch cluster option the same thing. These can be in separate areas. As a matter of fact, uh We go over here to my lab There we go This If you if you notice the ip addresses are in different completely different ranges. This is at a 172 This one's at my studio. This one's at my office and so I can go find things running and migrate them to Over the vpn. I can migrate this whole vdi probably not a great idea. The connection is not that fast It'll it'll work. It's just gonna take a long time. Um, but yeah, you can do that. You can uh migrate these Well, that's weird. It's got a strange ip address Oh, I know why I was like, why does this have such a strange ip address? Um, we have a simulation of WAN ip addresses. We can simulate WAN systems in our network uh Do you have a list or vates have a list of which tasks being done by xon versus which so It's just displaying in a GUI Guess I don't understand the question Like what what what do you what's the question? These are where the tasks are listed But I don't know what I don't know what the question you're asking is So without understanding the question I won't I don't know how to answer Um, we do this all the time. I just haven't done a video on it. So um I Setting up active directory with open vpn common request. There's a write-up in pfsense's documentation how to do it. I low on my priority list for uh, making a video about I think ipsec will be with us for a long while Absolutely, Veronica's not wrong there cobalt is still with us. See we don't replace technologies when we don't have to We just keep using those and then we also use new technologies. We stack technology It's it's all things stacked on each other Uh, regarding a super tube pool migration both pools have to have similar or exact vlands. So the vm Uh, no they do not Um, it's better if they do but if they do not then it so works They can be they can be completely different. As a matter of fact in my example here if we go back and Take the uh Debbie in 12 here if we try to migrate this Do you notice how it doesn't know The names of the networks it you have to line them up um If if they're the same if I call the network names the same it'll match them automatically But these are two completely different network names not ranges of ip addresses, but the names of the adapters So if the adapter names don't match it doesn't know it doesn't auto align them So you just have to uh hit the pull down and choose where you want them to be So it's easy to do but if you name them the same, uh, it'll pick them automatically for you So in proxmox you do have to have them in a cluster. Okay Uh, what is the best way to block a device any vlan from accessing another vice in the vlan? Is there something like wi-fi isolation available? Rule you can't do any rules for it because it's not routed when things are on the same subnet Or if you're saying this vlan is a this subnet is a vlan um You can't stop things from talking to each other Via the firewall not some switches actually have that ability if they're on a switch, but if they're wi-fi devices um, there is frequently a host isolation Some devices you can do this. I believe unify with the guest network option will automatically do host isolation So all the wi-fi devices on there will host isolate Based on that Yes, I love that xkcd There there's 10 standards. We're going to make up a new standard to so there's going to be one Sometime later. There's not 11 standards Uh How do you simulate vlan ip address uh, you just assign them Is odd as that sounds you can actually just assign uh the ip addresses Inside a pf sense you can you can set up blocks of ip's on the vlan So we do that to uh We have a cgnat So i've got a cgnat range so now you can see i'm in the cgnat range or we can go here I I love the way the um Networking works in in zen we can just click these There we go. And now we're in the this range for the lab. You can dynamically choose all of your uh networks and do it on the fly Yeah, definitely, um It's very handy because when you're doing those kind of kind of the question bronocast, um I think I have a photo of it. Let me do I have this Somewhere Maybe not. Oh There's one here So this is in our office and This is how we use our lab to set up four firewalls site to site for all of them and will this program our pf sense in the lab to have all the customers public ip's so before we ship these out to the customer for them to plug in It's already set. It has the public ip's address ranges on it um This was a dual pair of I think this is all done in ha like each the two on the top and the two on the bottom We're paired up in an ha setup And then vpn's in between them uh for the sites So yeah, that it's a it's a config that we can do and we call it We call it network in a box because We build out your network and then we put it in a box with some labels on it like plug This in here and plug this in here and enjoy your internet Do you have a list of features that you can only perform an xo and a list of the only features you can Blow an xo and just read out of xcp and g I mean What feature are you asking about because everything in zen Is done with the zen api and with the If you look up like the command line for zen, let me pull it up Maybe that'll help us. I I'm having a hard time understanding what you're asking Are you asking can you manage it without xo technically? Yes, if that's the question I'll just pull up a link. I have because I had this handy. Um Let me drop it in there for you. Maybe this will help you sort out what you're trying to ask But you can go through and Start stop vm's you can Change settings you can change the network interfaces on them. So if you want to do xcp and g from the command line you can If that's the question you're asking like can you do everything from the command line? Sure Knock yourself out. This is completely doable xo appliance shutdown and um Start the appliance all all the different features are listed here setting up all the networking It's something you can run from the uh command line. Maybe that's the question you're asking Oh, there's yeah travis, uh He he's over at cnwr with us. So the 15 37s were ha and the 240 100s were not ha But all were tunneled in between cool. Now we have the answer There's a ton you can do with the api as well um You can work you can operate most all the function. I mean with the exception of backups the backups are Really an xo feature the zen orchestra Manages the backups that's not a feature of but you can export import out of xcp and g So you if you're running everything the command line If you want to back up the data you don't need xo you can say hey Export this and you can use whatever tool you want pipe it over an ssh connection Uh r sync it. I don't know however you want to get the data off there. You can matter of fact there's a uh There's a series of like I I did this before I've had to do this actually because some weird issues I was running into with old versions Um years ago. I don't know. There's probably easier ways to do it now. You know, I've even Uh just used ssh to get vm's Pipe them over ssh because we it was an old zen six. So years ago. This is like a 2017 2018 project I had I just used piping with ssh to get things where I wanted him to go um out of convenience is actually not hard to do you can uh ssh and send a file over and then import the uh You can set up a receiver at one end listening for it. There's there's fun scripting you can do I've done some scripting with it. I don't do a lot of videos on it I I was thinking about doing a video on how to do some things from the command line But I don't think it'd be very popular I mean the documentation's out there and I find that people who want to learn the zen command line are someone who are More likely to read the documentation than watch a video on it Add on to my question now. Hope you find a container into different things easy install Things easy install on the shell of proxmox Uh, what was your other question? Maybe I missed the first question I don't use proxmox. I'm not sure the answer to yours But yeah, it's it's fun playing. I mean, there's just there's a lot you can do with the command line stuff you don't wonder You could probably show some of it somewhere Oh, uh, what was I playing with I got distracted See closes down closes too many things open Let's run a backup here Stop this vm Oh, you know, I should probably start it because I wanted a Actually, I wanted updated before you backed it up When in doubt run your updates Now that I know it's on the right network Okay, a couple updates cool Stop run the backup. So I have a fresh copy of it kind of backup is this Okay, this is a delta See how quick it'll run this backup for me Oh, something's broke because it's it's doing a full backup now. I wonder why it's doing a full backup Yeah, it shouldn't take long 23 seconds remaining Something must have got goofed right to run a full again. There's a lot of integrity checking It goes on in the back end It's kind of a cool feature because normally it only takes a few seconds to do the delta Someone's going to go. Hey, wait, is that a pale world server? I see there. Yes, it is There we go Now we have a backup so now we can go to the restore and Do a health check if we want this is that health check I mentioned though If we wanted to just see if this vm was restoreable That should work. See how long it takes to do that About a minute To do the restore Vm health check and then we should be able to have a log of this once it's done 41 seconds remaining Uh, do you have a videos on where you cover recovering from a true nasty failure where the data was encrypted on? Um back plays or not a cloud storage. I mean all you have to do is have the same encryption key I have unfortunately have people and you'll see these in forums of people who didn't back up their encryption key Or don't recall which one they use. There's not much to restoring if you have the same key It's the fact that you have to back up the key The whatever the password was if you if you chose to encrypt it on its way up, you know to the uh Back plays it's it's no big deal to restore it. I've done some back plays video a while ago The interface has changed enough that probably should probably do a new video But the most important thing is if you choose keys make sure you have a copy of those keys So you can actually do the restore Uh, what kind of server are you running for your server? Uh, this is a It's a ryzen. I got a video on the build this is a Do do do do Ryzen 9 5900 x 12 amazing cores These are fast. These these are not like high-end Server builds. I did the video on it. It does have like ipmi and things like that But there is a perfectly good working server. Uh, it does everything I needed to do And if we go to the task the health check was successful It actually just gives you this right here unless you uh, have it set up as a report But it lets you know that my Restore of this system was successful and once it restored it it deleted it. So I don't I don't need it once it's done But I love that being built in because that validates your backups for you really easy Hi, Tom. Do you know if xe xo and xcp and g have the ability to damage resize vm's virtual display based on the size of the browser? Uh, no It does not resize based on the size of the browser. So this Like here's my windows vm Resizing the browser It will not change the size. I mean it well, I take that back It's got this little bar If that's what you're asking It's but it's not actually changing your resolution. You're just zooming in and out So if that's the question, yes, it has a zoom But if the question is does it change the windows resolution? No, it does not The windows resolution is what it is But we're not because we're not doing anything the windows resolution is not uh dynamically Changing but I honestly never really used the console. I don't say hey look at booted After that I rdp in uh, or whatever service I'm using Usually rdp screen connect for our business clients. So we're not really looking through the council of things very often Yeah, stretching is what i'm doing there But it's it's all those things that Not really a um It's not something I run into very often. It actually pains me when I see people doing things like using the um Well, I I see people using this council and not ssh again like I always ssh into everything I'm not I'm never using this like the council to me is like did it boot cool? I see the boot on the screen now I'm gonna ssh in matter of fact, uh Like you know here it's booted up Go to network And the reason it is one of the things I love is they have copied a clipboard So I I can click on this and I can ssh right into this Done. I don't have to do anything else. I can just ssh in and be good with it Way easier to copy paste in ssh for sure Yeah, I only use the council to install or troubleshoot. Yeah ssh is the way especially because I use tmux for everything so I'm You know, once you're kind of used to using something like tmux you're definitely share out that Screen stop. So I logged into it directly but um You know copy paste and then oh no, I need to You know if I need to split the screen so I can have something down here Resize it once you get used to using tmux It it changes you you're just like this is this is the easy way to do it I'm just going to split my screens with tmux And then I can do something over here, you know, uh, I want to run whatever it is. I'm running here Move these around here, and I'm not doing a mouse for me this and then I can run Can I run be already did that one? So I need uh, what? There we go. Now we installed beatop on this It needs to be resized bigger. Can I There we go and like I said once you get used to using something like tmux and especially when you're um Disconnecting sessions or attaching them you just kind of pick up where you left off It's a quality of life thing. Uh, and this is why I SSH into everything Make your life easier learn some of that I thought I had neo fetch If you're asking what I'm running Tmux is like when Veronica knows man once you spend some time in there. You're just like, yeah, I'm I'm just You just get tmux all over the place tmux for the win Is there a way to be dynamic with your vm? For example, I have your vm's move to another server if they're Uh, one in this high cpu and killing performance to the guest to us. Yeah Yeah, you uh, the load balancing is supported. There's a plugin built in for load balancing and such. So yep, that's a feature For xcp and g these remote enforcement vs code to SSH makes really experience Tmux for the win Do you know if open vm tool supports? xcp and g tools package being where abandon its Linux tools in favor open vm tools where xcp supports the same Uh, they have tools written in rust Matter of fact, I think yeah, this this has those tools So if we They actually rewrote Inside of theirs they have these this is the Guest agent tools written in rust So yeah, this is they've got their own set of tools that they have for it yeah, um This is one of those things about Tmux that you once you get used to using you you like starting all your sessions in tmux because then you I it's one of the advantages, especially if you use a jumpbox for example You can kick off all these processes and i'm right now down in my studio area, but uh It's cool as my studio might be I don't always want to be in here Especially when i'm just you know copying files and stuff. I know it's going to take a while So you started all kick it all off here that i'm like all right. I'm done for the day I power off my studio I go outside touch grass and Open up my laptop and check the progress of things and that's a nice thing I just reattached that same session on my laptop. Oh cool. It's further than it was or It's running into a problem and I can use tmux and once again drop the session it's also another advantage using tmux of course is The roaming ability you have if your session gets dropped like you're remote. You're you're on an unstable connection You got tmux If you're using a jumpbox it's all the sessions are attached on that jumpbox Then you're attaching to that. It's kind of a nice way of doing it um, maybe you know, I've done a tmux video jay's got a tmux series. Maybe it's a Not just how to get started with tmux. How I use tmux how how I solve problems That you may run into in how tmux makes life easier from an admin standpoint for doing these things Oh, see in my tmux is telling me wonderful things like that. It's um I got time information at the bottom of it I just realized how late it is 9 19 p.m I'll probably wind this down here if um, you know, I love all these xcp ng questions So feel free to keep asking them by the way The uh, they're definitely fun the field a lot of these questions I like encouraging people. There's a lot of I've done some good getting started videos now. I've got some pretty good videos overall on xcp ng Uh, but yeah, I don't mind answering all the questions people have about it kind of understanding. It's it's a pretty High high-end product with a lot of features and it's fully open source um Back in the day. I use screen me too. Uh, I was a screen user I was a tmux holdout for a long time. I like screen This is but there's one that's my only use I have for screen here in 2024 is I use it for uh screen Uh dash t slash you connect to the a tty device and set your rate Um, that in fact, that's how if I have to terminal into something like a Broken pf sense that doesn't have a display. That's the way to do it I remember screen once I introduced tmux to co-worker. It was over. Yeah Um, I didn't ban anyone but if you tried posting links, uh, youtube will Not allow you to do that. So if you were trying to drop links inside the chat that will Not work Uh, does xcpg have helper scripts to create containers like they're in proxbox No There's not a container manager in xcp ng. So if you need like the lxc containers inside of proxbox There's not a one-to-one equivalent. So no Uh, does it make sense to keep xoa on the same network as your storage vlan? Think about backups that go through xoa not routing through The way I do that Is pretty simple if you look at my Networks, this is the storage network I aptly labeled storage. So I have a storage network and I have a uh communications network. So yes I like having a dedicated network interface for storage So I'm going to say that's a hundred percent. Yes, it makes sense Yeah, dedicated nick. That's exactly it Uh, dedicating a network to storage, um Makes your life easier And you'll actually notice a common theme So if you can see these ip addresses The ip address is 192 163 dot 91. That's the server address. The storage is 20 dot 91 So if you were to go over to my true nas server One of them will all all of them are set up the same way, but when you go over to the networking I always pair them the same way. So here's the networking on my true nas box It's 192 168 20 dot 228 and 3 dot 228 So I always pair them the same way for sanity reasons So the the last three are going to match on the main network it's on and the storage network for uh devices I organized them all that way. Um So as I add them To the systems There there's there's a method to it By the way, if you were to look at several of my true nas boxes You'll figure out that my true nas boxes are above 200 and my virtualization things are below 100 in the range So there's there's just habits. I have Uh to know where things live Uh does tail scale cost per user Uh tail scale gives you I forget how many for free Let's look under site you get three users and 100 devices for free So the first three users and the first 100 devices are free Uh, actually we're about to switch to 100 gig for land can vlan specified for backup network. Yeah, you can use the vlan Um, I have some projects coming up that I'll be deploying xoproxy I've done no videos on it. I don't have anything in production with xoproxy right now Nothing in production with it Single 100 gig nick all vlan's can especially be on a backup nick I mean, yes You it's not a backup nick at that point So I mean the virtualized version is but yes You can take that 100 gig nick and add vlan's to it and one of those vlan's can be your storage vlan Um, you know video talking about how and why to do a storage network The y is really simple. It's so all of your storage traffic is in one place some if you go all out You would want your storage network first. You don't want it to be routed Uh, like you don't want to have any gateways on it doesn't need to it's it's a network that doesn't have An escape so to speak it doesn't have a gateway that allows you internet traffic because you don't want internet traffic on it The other reason you often want to do a storage network Is if you have things that are critical and you have a switch on your storage directly You've built it physically separate like, you know, if we're doing an enterprise setup We'd probably build a separate storage network And those switches the switches would be isolated as well that way when you're updating switches you Are aware of which ones are or not in the storage plane because you don't want to update a switch That could potentially cause a disconnect between The hypervisor and its storage targets. So you want to separate those out So there's like maybe i'll do an architecture video on that talking about like just some good practice It not everybody does it and it's not like Not doing it will always cause you problems. But for example, my storage network has a lot of nfs on it and nfs I mean, there's a level of security in nfs But generally you don't run a lot of security because it's not an isolated network So you don't have to worry about the security aspects of it So that's generally why you want to keep it separate because that way all the data on the storage network You're not accidentally ever having any users on there that could sniff packets or cause any drama right there So to make sure I understand x away vm has the same ip as your storage network Well, it's got it's got two network interfaces It's got one leg one network interface in the storage network and one interface in the uh I'll call it my general network the management network if you will So I have a management network, which is my three dot network and I have the storage network, which is my 20 dot network Uh, you can have the backup remote in there too. So if you So as I noted I've got two network interfaces The three dot network and the 20 dot network, which is one's labeled dot three. That's management and it's a storage So if we go to backups and we go to uh, or settings and we go to remotes Hey look It is in the um, oh the lab isn't the lab is over on this one But there's the 20 network on the remotes. So yeah, that works fine Oops, that wasn't showing it. But yes So yep The remotes can be on there too Similarly the networking portion in the w so many some vpn host and dns writing in wsl Uh, not rolling this vlog whatsoever, but any plans for covering wsl for folks like me that have you Using linux and enjoying the new Uh, I don't use windows subsystem for linux So I'm not the person to do a video on it because I just don't use it I'm one of those people who haven't run windows in so many years It's just not something I I fumble through windows. I gave up on windows circa 2009 Yeah, when xl store v2 gets released, I'll definitely be doing a video about it That's why I haven't done a video I'm not going to do a video on the old one and until xl store 2 comes out I'm not going to bother doing a video until it's released I got too many other things I need to do I mean, there's nothing special about it. Just put the switch in there now Of course, the challenge you have is if you're using one of those switches Like the aggregation switch make sure you don't have auto updates turned on Because auto updates will automatically update and reboot the switch That may not be an ideal situation for your storage servers. You probably want to schedule when you do that Yeah, it developers are a tricky bunch So maybe I mean, I feel confident it'll come out this year. I won't I won't stick a date on it They're a very careful group over there at bates They don't like to release things that don't work properly. So they do a high level of quality testing Best practice. Yeah, that might not be a bad video Yeah, he's the official on I know I know he's pushing to have it out sooner than later Yeah, I mean the they're the one writing a code so he's gonna know And seeing this oliver's president of the company He's probably got the best idea of exactly when it's happening and he's also a developer So that sounds that's not if he said it. I believe him. My faith is with them. So I know they're working on it pretty consistently But I've gone on about this for an hour and a half. So I'm going to wander off Thank you everyone for joining. This was a lot of fun. As always great talking everyone Can't yeah, you can bond together multiple switches If you look up how to there's plenty of documentation on how to do that, but yes That is the ideal way to do it Looking forward to the improved performance me too Me too Uh, great. So they said great scene. I love doing these vlogs I love being able to answer everyone's questions and have fun and interact But when I'm not here, I'm in the forums I left that up there because I've been, you know, I've been interacting and people who know that have been emailing vlog There's the atloresystems.com. I've been replying. I've been trying to do this now that I don't have Is the you know, with the transition since I split the company back in July I've got a better cadence now for what I got going on So I've been trying to reply to everybody on this now the only thing I'm not I don't necessarily reply to is people who just want text support questions But people who just want to reach out and say hi I like to say hi back, you know, it's the hey I've had people though start attaching log files and hey, can you review these log files? And I'll just reply. No posts in my forums so But yeah, I like I said, I've been I've been putting that that email has been up here all day for If people want to email me and stuff. I've been trying to I'm getting better at that social aspect I used to keep my email very clean just for business stuff, but I'm dealing with less business stuff on my email now So reach out if you want to say hi. I'm around. Thanks everyone and take care