 Happy Sunday from my backyard live Q&A. It is simply too nice to be inside. I wanted to go live because well, I was gonna record. I had these lofty goals like I'm gonna go get up and work and I've set outside reading, which is often what I do. And I just couldn't bring myself to go back inside. So I'm outside for those wondering. And here to answer questions, talk about VPN and all that fun stuff. I will add some context for where outside I am because why not? While people join, I will share screen, present. Where's my buttons for this? Share screen. And we'll go with that's probably it. There, that's where I sit in my gazebo and actually sit in the mornings and do this. I've been updating my Wi-Fi to make sure I have reach. And I realized I never did installing Wi-Fi at my home type of video. So I might do that because people overthink it as much as I'm a person who says put a lot of Wi-Fi in to get coverage, you don't always need a lot of Wi-Fi for good coverage. I don't know, I gotta measure just how many feet away I am from my house and the Wi-Fi is inside. I haven't even bothered installing an outdoor Wi-Fi. And well, I'm actually live streaming from a Wi-Fi in the house to my laptop all the way in my backyard. So that'll be, that's something worth talking about. Jason needs to mount his access points. Yes. You know, we've been talking about it. And I think me and Jason are working on a format and I don't know that we're gonna do it live, but that's a maybe. It will be Tom and Jason do free tech support. And I wanna make it more like a mail in where people, because people contact us a lot, but I get not everyone can afford necessarily hiring us for consulting. And I said, you know, maybe we'll do this where we set it up as you can email us and then me and Jason read through your questions and offer you essentially free tech support. And I, you know, maybe kind of a fun thing where we can go through, answer questions. And I don't know how sustainable it is over long term because it starts out as an idea that it morphs into here's a thousand emails a day. And then you're like, oh, only that has no sound. I tested this earlier and the sound seem to be working because there are people that can't. So, okay. Someone said, okay, only annoy theirs. I did a test and made sure that this worked because this is the first time I've streamed from my, this laptop. So I wasn't sure if the, how good the audio, I'll make sure the auto quality was different. So, okay. Lots of people have sound. Awesome. Let's see here. Coverage needs very massively with congested airways. You need many more APs. Yes, that's true. I am not in a area. There's a ton of it. So, we'll get an intern to read all the emails and just pick them. That's probably not a bad idea is just hire an intern to do it. Makes sense to me. Cool. I have no sound on the laptop and TV Apple. I don't know why because with the majority of people saying they have sound, I don't know what is causing your individual no sound issue. You know, certainly I'm in a mirror. So I think I like, oh, I want to put this behind my ear, but I'm in a mirror. So I'm keep doing it the wrong way. All right. Oh, let's see here. You know, it maybe me and Cody should discuss this too. Ping me, Cody. Because I have questions on things. And maybe we'll do a video together on the Unify access stuff. There's some confusing things I've seen that I've got questions on. So I see Cody from mctail.com networks in here. Obviously he knows a ton about Unify, especially the door access system. So I'll ping you on the socials somewhere and we'll chat about it because there's some questions that have been coming up. But let's start with this question here. I started using Unify two years ago after watching all your videos, more than 50 projects later. I want to say big thank you. That is the next video I'm working on. I've got an outline for it. And it's about our use of Unify on projects is because I did this video in 2022. So I want to do a 2023 version because a lot has changed. Now, my still liking Unify for projects hasn't changed, but it's funny because I mentioned buying over $200,000 with the Unify equipment. Since then, there's been a single project with almost $200,000 with the Unify equipment. So I've actually scaled it more than what I had talked about in that previous video. But I think it's always one of those worth warranting because everyone talks about the Unify competitors and things like that. Yeah, it's just one of those questions around it about what's good, what's not good when it comes to Unify. Now, the thing I want to talk to you Cody about, and it's going to be a good topic, is are there some UID licensings concerns around the access system? Like I know Unify has been releasing a series of videos bragging about it all being free, but they do charge for UID, but I don't know what systems and what integrations require UID. And before UID was part of why they tied in the VPN, and I thought it was dumb, they got rid of that requirement and now the Dream Machine works without that. So I think that's great, but are there other concerns? And just you can just message me Cody on that. And like I said, me and you could do a video on my channel together on it as a topic. Now I do like this topic because I did do a video a long time ago about why Meraki sucks. And I think we can do this Jason and I want to loop in one of our employees, Eric, because he has some strong opinions on the Meraki firewalls as well. So I'm definitely all for the Meraki shootout. Matter of fact, let's just go take it further and do some Wi-Fi testing at the office. We'll set up a Unify, we'll set up a Meraki and we'll do a bunch of Wi-Fi testing at the office and let's just make this kind of a fun video. I think that I'm all for the head-to-head comparison of Unify and Meraki. And the problem and someone was right in my old video on this, that's a time you don't know a lot about the Meraki. And I said, that's correct, I'm not a Meraki expert. And therefore someone who's had a lot more experience like you on it, definitely will make that video more interesting. The Unify access free versions, degradation is worrying, we're lucky we can make do with five users. That's the part I'm kind of confused about. The access issues give me serious reservations about coming and can we make the Meraki choose this broken. That's the part I, like I said, I'm gonna ping Cody on that, me and him will do a video together on it as a discussion topic. So I think it's interesting, I wanna make sure there's some clarity on it because even reading the Unify website, I didn't, I don't have one to log into to verify any of the claims that were stated. And because I don't have any, without firsthand knowledge, I don't like to make assumptions or statements on that. I need to learn more about firewalls. They've been much on my radar. Absolutely, jump right in on the PF sense and ping me if you have any questions. You know, I'm always willing to chat with you on it. I have a couple of MR44s we can use, perfect. And we have shot, we even shot anything at the Toledo office. You know, maybe I should, well, the Toledo office is pretty new, but I would not call it complete because it's been built in a functional way, but it's lacking the fun yet. So I think that's the thing we wanna do in the Toledo office is do a walkthrough, kind of show, cause it's a cool building, a really cool building. And it's a cool office space where everybody works, but then it'll be one of those progression. Like here's what it looks like today. Then we're gonna start applying ideas cause I think there's some cool art stuff we can do there and techie nerd stuff we can do to customize it. Cause it's like a big blank canvas at the Toledo office. So it's a great, and I like to show people the progress of it because even my office is weird as it is. There's a lot of progression from 2017 to 2023 and just kind of the nerd stuff that we have there. And I always think that's fun. My job has been using mainline Cisco switches, been looking at Meraki, but very expensive, leaning closer to Unify for a third to price. The licensing, it's not just the price of the Meraki equipment, you have equipment and then the licensing. And Unify has been poking hard at all the other people rightfully so at their licensed lock ins that are just kind of ridiculous. Like they really push hard for extensive licensing and it's, I don't think so. It's just not a, it's one of those things like, especially when we work with school districts, we did a school district, it was almost a quarter million dollar project. The next closest bid, because they were rolling in a five year licensing on there was like $450,000 to go with a Meraki system. And other people were doing Cisco and they were all in that same price range. But to think for a school district in a rural area, to go from a quarter million to 450 and the big difference is licensing. And then people go, well, did it work? I mean, come on, Tom, you're talking about Meraki and they've got the backing of Cisco, aren't they awesome and aren't they amazing? Well, the reality is they've had no problems with the Unify. It's been working since we installed it pushing a year. Well, it's not been a year, but we have other, I mean, we have a couple of projects we did like three years ago that are working fine. This one's not quite that long, but it's, you know, it's been working for nine months. So we're gonna say it seems to have saved them $200,000 and it's nine months into working. So I don't really, yeah, just stuff to think about. Well, let's see if we can get straight from the source. Maybe a big one would get in a hint. Well, we're not gonna get a straight from the source. You're gonna get it from someone like me and Cody straight from the source. They don't do that. Can we use Xabix for log ingestion or gray log is better? Well, Xabix doesn't do log ingestion. So my answer is no, you can't use it for log ingestion because it's not a logging tool. It is Xabix is a monitoring tool. It will give you statistics on the device, but it doesn't give you the logs. The logs are different than statistics. Statistics are things like how much bandwidth was this device using? You know, the over time, maybe certain CPU usage on a device. Logging is this happened at this time. This service stopped, this thing stopped. So logging is different than service monitoring. We are able to remove all Cisco switches for Unify. Support license is way too much, but extra switches in case of failure. Yeah, that was one of the arguments when we went to bid for a corporate company. Their argument was, well, you know, the Meraki have next day warranty. I'm like, well, you can buy two Unify for every one Meraki. The price is that much cheaper. So just keep a couple spares on stock and you solve the problem. They're like, oh yeah, we don't have to wait for overnight shipping. I say, yeah, I mean, they'll overnight you a Meraki, but you also don't need to wait for overnight shipping. You could just keep it plugged in, keep it firmware up to date. And then if a switch goes bad, then you just swap it and life is good. We run many ubiquity products. Use a dream machine for business. Do you think PF Sense is much safer than the dream machine Pro? Safer, I mean, not exactly. The safety of it is a little bit fuzzier because ubiquity seems to be on top of security updates. So they haven't given me any concern for security updates. They seem to be, they have a bug mining program. They're very on top of it. So as long as you keep it up to date from a security standpoint, it's not security I've ever really argued about. It's always features. It's, does it have the features to meet your needs? Yes or no. That's the question that you're pushing for. Not, does it have the same level of security? High-end enterprise gear has been in horrible direction, licensing for years. Yeah, Korean market for possessors for them. Yeah, HP likes to put things like their firmware behind paywalls that include labor. Yes, it was about a quarter million dollar project, including labor. Of course, labor is a big factor in the project. There's no doubt. I'll do the breakdown of it. I have four schools all unified. I've been running for four years with no issues. Hardware, yep. Well, Xabix rate logs into gray log. I mean, you could, but it's not gonna grab the sys log and hand it to gray log. You'll still have to take the device logs and send them to gray log, but you could take your Xabix logs and send them to gray log as well. Is there an updated recommendation on home security system for user not having a strategy and answering UDM? I don't know, I don't understand what the question is. What security are you looking for? You're looking for not a unified or not a Synology like another security system. I only really use those ones. So I don't know what other ones are out there and the question comes up a lot. Isn't there an open source one? I've never seen a good, good open source top to bottom system for security cameras. If it exists, I've not seen one. Is there such thing as SAS SSD? Believe so, yeah. I mean, they come in that form factor. Most, a lot of things, if you're looking for speed are going to the MVME though. Can we use Amcrest cameras with VMs like milestone or Marissa? I don't use those. I don't use those, so I don't know. Oh yeah, yeah. The Dream Machine Pro or PF Sense can count as the next gen firewall. How many spares do you recommend for unified? Just one enough. Should one spare for every production? The failure rate is so, so low. I mean, I generally, how critical is that device? Is it gonna take down the company? Definitely have a couple of them. If it's not gonna take down the company, it's gonna annoy a few users for a couple of hours. Maybe it just depends on how many you need. I mean, ideally, if your budget allows it, one extra of each switch would be great. But if you standardize in like everywhere, for example, we did a medical facility that has 20, 48 port pro switches. So we have two spares there. That was enough for them in case one goes bad or two go bad, but they're all the same switch. So they don't have to keep, it's a big facility. So they keep two in the IT room that are spare. It comes down to your risk tolerance. That's how many you need. I'm converting my home lab to use ZFS. My PF sense and ZFS, how many resilient is the mirror versus an extra drive? I have a PF sense on ZFS mirror. How resilient is that mirror versus an extra drive? Oh, you're talking about Z1? I mean, it's three drives versus two. I don't, I can't find a use case personally for having three drives in a PF sense. A mirror sounds pretty good. I think you're fine with a mirror. Are there reasonable? Well, reasonable is the problem. The one of the other ones we use is we don't, we haven't interacted with that client as much because I think they're moving to something else. There's a exact vision. Reasonable can down to what do you think that licensing is worth? I mean, if you have, I think that company is spending 5,000 a year on licensing. Is 5,000 a year on licensing? Reasonable. I can't run this tool as a VM, but it's also got all these licensing fees attached to it. So that's one of the problems I have with most of the ones that run a VM is they all just, it's the licensing fees that are, especially for home users, they go, oh, that's kind of pricey. Yes. Now, Blue Iris seems to be popular. I tried it, I didn't like it. I thought the interface was convoluted and it runs on Windows. So Blue Iris is a popular choice. It's certainly not my choice. So that's probably the only one I can think of. Yeah, and this is what it comes down to is does it meet the needs of the client? We are bidding on another project that requires more than Ubiquiti can offer it. Therefore, we're not using Ubiquiti, problem solved. They want a 100 gig network and a lot of features. We're looking at a Rista for the bid. And there's times you use other things, but you start with the client needs. You don't just start with features because who cares if it has features? I mean, technically I could buy a freight liner truck and drive to work in it, but it seems to exceed my needs. You could say, but Tom, freight liners, what's better truck than your Dodge Ram? And I'm like, well, yes, it certainly is a vehicle that has more capabilities that I will never use. And this is how you have to look at the network here of, do you, you don't buy the network here based on the features you like. You build it on the features the client needs. If the client doesn't need those features, why buy it? Am I doing well after the merger? I'm doing better than well after the merger. The merger has gone really well. Any chance to update a video on setting reverse proxy, let's encrypt, or if there's a better method. You know, I want to do a new one. I started notes on it and I never finished them because it's going to be a long recording because I changed the way I do tutorials or a little bit more in depth now. But yes, definitely, I'd still recommend the same setup with HAProxy. So the setup hasn't changed, but the tutorial needs to make, I mean, I need a 2023 version, yes. Chance to test with, there's so many variations in that. There's not a way to easily quantify that. The site magic testing with that. It's using WireGuard. We can probably quantify how fast is WireGuard in a unified dream machine. And the rest is your internet provider after that. Schools are good use case ubiquity because they don't have a lot of channel competition. Yes. Yes, since SAS SSDs exist, I should have been more concise on that answer. The enterprise SSDs are generally SAS, but we're seeing a lot more, for people who really want the speed, it's MVME is where they're going there. My friends at 45 Drive just released a really good video on that topic about enterprise versus non-enterprise and QDepth and all the questions that me and Jason, we were just talking about the other day about the performance that you get from different drives. And QDepth is another one that is not something you may think about until you start building these in an enterprise environment and put a lot of demands on it. 45 Drive's just released a good video on that. Shinobi is the best open source, but the analogy looks like it works better. Yes. So Shinobi is one, I've just never bothered to review because I played with it. I said, boy, this is just so basic. And you could cobble something together with Frigate and Shinobi and try to build some alerts. I don't feel, it feels like a home project that's not very complete. And if people are using these for security cameras, they usually want something more complete that works and that they can go, hey, I wanna see this information right now of who's in my driveway. And I don't feel like there's a lot of reliability or completeness in the other ones. So I stumbled upon a video of yours a couple of weeks ago about smart switches not being that smart. Can I use D-Link smart switch reliably with PF sense and a VLAN with no problem? If I don't use D-Link very often, so if you're trying to pass VLANs, is it a managed switch that has VLANs? Do you guys have a free open source server monitoring? I use Uptimecuma, but also want to track CPU RAM usage. Xabix will track CPU and RAM usage. So that's probably a popular solution for that. Outside is nice. I've only had one hardware failure with unified device in five years caused by a lightning strike. Yeah, we have extreme, we wouldn't sell so many of them and recommend them if they failed. The failure rate is extremely low. Check MK, I haven't used it, but Jason Slagle, president of CNWR, the company we worked with, he says it's pretty good. I haven't used it to tell you much directly about it, but I see a lot of people recommending Check MK for monitoring. What job title would you look for? System administrator is some of what we do. Managing clients, it starts at help desk, it then goes to network engineering. Network engineers probably, it depends on specifically which you're asking. You know, are you a Linux support engineering? Network engineer, those are all valid questions. Yeah, PF Sense mirror. Verkata, I think they have a lot of licensing costs, so I don't use them. I don't know, I've never tested them. I don't plan to. I know they advertise a lot because I see ads constantly for them. You know, that's how it works. You get a good ad cycle going and then you need more revenue, so you increase your licensing to get more ads going and, you know, that's how you pay for them. I don't know much about them, though. I just see ads for them. I remember looking in their licensing was like coal or partner. I don't know what it costs. With Salji, you print the DBA task, each task assigned to a specific camera, then you can ask it to multiple cameras at the same time, still counting as one task. No, no, I cover that in my DBA video. It's one task per camera. Can Unify Access Point be used as a client for a Unify APHNHNR Wi-Fi network as a hotel? No, it's not designed to do that. You could hack it to do that? So I'm not gonna say it can't. I'm gonna say that's not if you're using the Unify software the way it works. You're looking for a bridging device that's not what they're designed to do. You think that Victor Metrics and Telegraph and Grafana is easier, whichever, that comes down to opinion. You can't host the Dream Machine on another Unify controller. So you always have to, if you're using that, you're gonna tie it to Unify's cloud if you want cloud access. With Salji, students ask each task as specific, you already asked that. Nope, Layer 7 filtering is not a PF Sense feature that works well at all. It's not that you can't, it just sucks. Do you plan to make a video on routing between Unify switches? Not really, it's not a feature I recommend from Unify. Their Layer 3 routing kinda sucks, so it's nothing I like. To my knowledge, they do not have a local controller. And if I'm wrong about that, let me know. So no, I'm not gonna do anything on Grandstream until they have a local controller and no license option. Cause if not, why? I don't need more things with cloud lock-in. Have you looked, oh, I've never swapped a power supply in the Unify switch. So if the Unify switch power supply dies, I don't have any insight into repairing it. We've never tried to repair one. I used to do electronic repair years ago. I actually had an electronic repair store. So I'm pretty familiar with it. It just comes down to cost. The technicians that can do board level repair like that are expensive. And if I'm paying a technician a lot of money, it suddenly becomes not worth it because I'm paying the technician what I could buy another switch for. So it's kinda just a labor problem. No, I really haven't done much testing with the C2 identity. Kinda been low on my list because it's not something we use commercially and I don't see our commercial use for it. So it's one of those problems. Like we deal with a lot of small businesses and all the small businesses are just using Azure. I don't like it. They're using either like Google Cloud, some use Okta and the others are using Microsoft. It's hard to get into the identity space for compatibility reasons and support reasons that I don't like that. I would love if people had better solutions. I think I like that the people at Synology are working towards that solution. So it's not my to do is to play with it but it's hard because I can't really, I'd like to sell it but I'll run into a trouble supporting it. Yes, I have a video all about do you need a late call? I think it's called do you need layer three routing? You'll find that video, lots of graphics. Maybe I'll make a 2023 version but the content won't change. Just the quality of my videos has gotten better because I've got more skills at making diagrams but the content's the same. You mentioned you don't like PF sense to route traffic but you also don't like unified routing. I've never said I don't like PF sense to route traffic. PF sense is what I do like for routing traffic. So I don't know where you got, I don't like it for routing. I don't like it for filtering. Filtering and routing are different features. Morning, I asked the question back but the UXG was still here. Have you deployed any UXG pros, cons, better solution? I don't feel like the long term of that product looks good. I feel like that'll be abandoned at some point. I don't know how long Unify will support it so we don't deploy them now. We don't have any clients where we manage the firewall. We have plenty of clients that have Unified Dream Machines. We don't have any of them that we manage and I don't really foresee it as a solution we're gonna really be rolling out. We generally like PF sense for most stuff. What are your thoughts on extreme switches considering staying in the ecosystem? Are APs but having it, didn't extreme networks get bought by another company? I don't know, I don't use them so I can't really speak to them. You should rename the sessions. Go ahead, pick my brain. Yeah, pretty much. That's why I just put live Q&A. Trying to plan on my TrueNAS storage system, would you, what do you recommend? Why don't you have a VM storage, plaques, backup separate pools, mirrors, RAID-Z. That's a great question to ask in my forums because you gotta add about a paragraph more of context of what you're trying to do. I mean, if your budget's unlimited build like 20 different pools buy about 20 or 30 drives for each pool maybe even build some all SSD SAS ones. If without any context, I have no idea how to answer your question. FY, you can represent as an engineer use your professional title and designation is protected in US Canada unless you hold, you can't represent as an engineer. Oh, I can call myself a network engineer all day. No one's gonna assume me for calling myself a network engineer. Splice to see you outside. Yes. Question XC PNG and VLANs as your previous video still apply to the networking configuration in PF Sense, you can find ZanarkaShot probably yes. I'm not sure which one you're referring to but I still use VLANs with PF Sense and ZanarkaShot. I bought an F5 lab license to see how reverse proxy works. More for work project, I'll tell you F5 would create some sort of GUI for itself. Yeah. The answer is no, no open source AD solutions. I don't, everyone I see is always a mess. So I just don't use them. We need to have more VDevs for high IOPS. Yes, you can get a higher IOPS if you have more VDevs. I've got a video on that topic as well about VDev design. There's a long write up on my forums with tons of test results and links and all the factors that go into it. Have embedded controller with 30 devices but can only provision other, fully agree. Okay, so they do have an embedded controller. That makes them a little bit more interesting but that's not a real compelling reason to use them over unify. That's my problem with switching. Like there's a lot of effort I put in and then my experience comes from deploying thousands of devices. Before I can deploy thousands of devices I have to trust the device but before I can trust or even think about the device it has to have a compelling reason for me to use it. Is it just that much better on Wi-Fi? I don't even get why these companies put so much effort into some of the things they do. Like they're trying to take a slice to the market but if you're not gonna innovate on the product you're going, look at my clone. I marked it like 10% less than the competition. Okay, is that my reason to use you is you're 10% less than the competition? I kind of don't get it sometimes. What do you recommend for backing up Docker containers on a Synology NAS? I don't know. Is that don't use Docker on SNAS? Is it Marius hosting has good videos on that as a topic? I think it's called Marius hosting. Maybe look it up. Or not videos, good articles on that topic. This person, yeah it is Marius hosting. They have more write-ups on Synology than I do in terms of the setting up the Synology Docker. Synology Docker is confusing, it's just not normal Docker so I don't use it much. I just prefer to run normal Docker. I don't know why Synology had to be weird. Can confirm with the Gramscape info. Have you revisited or moderately changed opinion change? No, my opinion hasn't changed on it. It's knock off, unify with less security. That's still the same opinion I have. I'm trying MSP360 backup. Have an issue to get it connected to TrueNAS NFS share to a backup, Mac OS devices. No, I don't use, we're not backing up any Mac OS so I have no thoughts on that I've never tried backing up a Mac OS device. Due to limited circumstances, unified products in my country, what's your thoughts on TP-Link and Zyxel? Zyxel has a terrible security record. TP-Link has somehow a less terrible security record than Zyxel. I don't know if that makes them good but I'm not gonna say it makes them great. Is it okay using mesh routers behind PF sensor and put them in wireless APs? You can use mesh, PF sense has nothing to do with it but I use mesh as a last resort. Certainly not my first choice. How do you test your backups for your stacks? Support, you store your clients. You run through resource scenarios, you rebuild the VM, the system, you restore and test. Untest the backups or wishful thinking. PSN routing obviously things like I wouldn't route traffic through the firewall. Yes, it's dumb to route storage through your firewall. It would be my most common example of quit routing storage through your firewall. That's the part that I say it's not good for. So you gotta add context. I wouldn't route that traffic and that you have to replace with storage traffic. That's an easy example. Don't route storage like NFS is an example or SMB storage traffic through your firewall. That's just not a good idea. That's a good rule, not just for PF sense. That's a good rule. It's not that it can't be done. It's that it's less ideal and generally when we see people with lots of problems I do lots of consulting and that's a problem we're into and why are you routing your storage across your firewall? Someone told us this was a good idea. Well, that's why you've now hired me to make this good idea that someone else had that doesn't work into an idea that works where we're gonna remove and put storage on the same network. Building a separate storage network is ideal. Routing your storage through a firewall, not ideal. Maybe I should do a video called storage design which is pretty much quit routing your storage. Have I said talk behind PF sense? No, I haven't used talk at all. Can you containerize Unify application? Well, while it can be containerized, it does not come containerized from the people at Unify. Therefore, if you would like to do it yourself, yes you can build Docker containers. No, I'm not doing a video on how to build Docker containers because it's outside the scope of what I cover on this channel. Is Cloudflare tunnel better than HA proxy? Not a fair comparison. One, HA proxy is a self-hosted proxy. Cloudflare tunnels is a proprietary system by Cloudflare that makes you dependent on Cloudflare to provide it. Doesn't mean it's bad, it's just you have to be aware their proprietary system and their terms of service that may change at any time are what you're going to be subjected to versus if you use HA proxy, you're using it under whatever your providers terms and services are going to be. Matter of fact, specifically, Cloudflare has rules about what you can and cannot run over it. So you have to be very concerned about that. When do you concern about DDoS to your clients? Never. If there's some reason that client is potentially hosting something that could get DDoS, do you put something in place to help them with the DDoS protection? Pretty much small businesses, not an issue. Clients hosting services, that's just part of the cost of doing business is having some way to mitigate DDoS. It's not really a concern for the small business clients. I even call them small business. We deal with some very large companies, they just aren't hosting services in a place where that's a problem. No one's speaking in a lawsuit, it's every spec for people who are engineers. Okay. I don't think I'm trying to take away the credibility of a train engineer. So we'll add some context to that. I wouldn't represent myself as a doctor. Well, I can still call myself a network engineer. I mean, network doctor? I think if I said I was a network doctor, that might just be a fun title. I don't think it offends doctors though, but I do not have a doctorate in anything. So I actually don't have any college degree at all or any certifications. I have anointed myself engineer, I guess. I don't know, I just don't know a better term. Network person, that sounds like it would confuse people more, so you're a network person. If I said work engineer, at least I think you have context for what I've been doing for the last 20 plus years of my life and my professional career. Am I streaming from the Mac now? Do you think you'll ever be going back to a Linux laptop? Yes, I'm streaming from a MacBook Air. Yes, I will go back to a Linux laptop. As soon as I can find one that rivals the MacBook Air. I didn't buy this for myself. We bought this for a project we needed at the office. The project is over and the MacBook was just sitting there. So I chose it. Now, it suits my needs, but I still wouldn't go out of, well, it's hard to say. I mean, I just don't care for the lock-in and proprietaryness of Apple. And I know the new, is it, framework laptops are coming out with some slim, good battery life laptops. My problem is the MacBook Air fits a niche that I think Apple is really smart about that PC makers seem to have a harder time figuring out. And that niche is I don't care as much about fast CPU, not on my laptop. I need it fast enough to do a live stream and fast enough to run a web browser. And that doesn't require a ton of power. So some of these companies are like, hold on, let me put a really fast processor in here that will chew up your battery and I need something with long battery, good keyboard and good screen. Those are my three requirements. And I prefer to run Linux. And most of them are kind of bulky, but I've seen the new framework ones look less bulky and I think they have some that are more reasonable. So eventually I'll replace this with probably a framework because this is just an M1. It's a nice laptop. It'll last me probably another year or two, but I just don't do anything intensive on it. I just type a lot. I run all the wifi in a separate LAN because so many wifi IoT is terrible on security. You are completely right about that. IoT is junk on security. Follow up on the USG, I run a USG and it doesn't feel long-term threat protection end, turn heat, routing VLAN specific internet. Yeah, I don't, I just don't feel it's like a long-term product. They're really pushing their dream machines. Talescale or cloud for autonomous remote access. Well, Talescale is nice and private. Cloudflare, you're publicly exposing things. I am leaning towards not publicly exposing things. Please do a storage network video. Maybe I will because it's easy because it's gonna be short, quit routing storage. Cheap AliExpress clone here in the market. Do you feel a router on that software? The device is actually safe to hear? Yeah, I don't think it's a big deal. Untangle might be a good choice. Cloudflare tunnels come with more authentication options along with DDoS production. That is true. That is correct. You can route storage with real firewalls such as Palo Alto. You can route storage with a PF sense. It just, any time you route storage, you are routing those, let's say, NFS connections. That can create problems there's a reason, even in the enterprise environments where you'll see Palo Alto firewalls and really nice Arista switches and things like that or even Palo Alto switches, you'll go, hey, look, this well-designed network does not have routed storage. And there's a reason for that. Yeah, HAProxy can be locally hosted and also a TCP load balancer. Well, you have a more direct connection with HAProxy. So I run HAProxy. It's on my public IP that my ISP gives me and because of that, there's no extra hops in between. Cloudflare tunnels proxies the connection over to Cloudflare. Therefore, you're going to deal with the latency issues that come with passing it off to another hop and going in through the Cloudflare network. Always enjoy your videos. You are really hung up on the network engineer thing. I should call myself a network specialist, network guru maybe. If you could download more RAM, can you download a doctorate? Oh, you can absolutely download a doctorate. I'm sure I could grab a template. Hold on. Google auto-completed this for me, by the way. I'm just going to throw this out there. I started typing and Google auto-completed the words. Doctor certificate template. That amuses me greatly. Yeah, by the way, I'm not always impressed with people who actually do have. It's not that I think people with search are bad, but I've certainly met, and many of you probably have too, people who have certifications that you just scratch your head and go, how'd they get that? Yeah, people seem hung up on the network engineer. It's a common phrase. It's like saying, give me a Kleenex instead of a tissue. I think it's just one of those type of phrases that's been so brand new. Now, I'm going to say doctor is not saying that you have a doctor, but generally, if someone makes the statement, I'm a doctor, it's not of something outside of medical. Generally, people will assume or add that title when they're a medical doctor. There are other doctorates that people have that they may not be in the medical profession. So even that is usually more limited to, and even though, technically, you could say I'm a doctor of something non-medical, but it would be a less acceptable thing. So doctor almost has been generic in the vernacular, I guess, generally in English, if you say you're a doctor, people are assuming you are a doctor of medicine. Anyways, I'm going to get way off topic on that. My NAS has two networks, LAN and DMZ, both networks have restricted access, no routing between them. This is for my home lab. Well, let's see. I already have OpenSense, instead of planning on using TP-Link EAP series, it's just dumb access point, would that be okay last research? Sure. No hot sauce to the day choice today. Agreed, disappointed M1's higher performance with battery life purpose, hasn't been replicated by other laptop vendors until even AMD. Yeah, I'm all here for an ARM Linux laptop. ARM Windows, I don't think has done very well, but ARM Linux is really popular by things like the Raspberry Pi and many other devices. ARM processors are getting better, and I would love to see a good ARM laptop besides a Chromebook. A Chromebook's actually my other choice that I actually thought about because Chromebooks have that same thing, but they're kind of that proprietary lock-in that I don't like as much. Any reason VLAN instead of separate LAN? Got a few nicks ahead collecting dust, so I might put them in there. I mean, VLANs are usually out of convenience, but for home lab, you usually don't have to figure out how to have, for example, you know, here's a better use for a VLAN versus a LAN. We have a 20,000 square foot warehouse. There's a docking office at the back of the warehouse that needs multiple networks on it. I have a fiber line that goes from the front of the warehouse to the back of the warehouse. I would have to run a separate LAN for each one to get those separate networks. VLANs allow me to conveniently consolidate on one fiber to get all the way from one end of the building to another. Home users may not have that, so yeah, running separate physical networks is great because you don't have the shared bandwidth problem. Network specialist. That's a good one too. Hey, Tom, in your experience, does TrueNAS work well with VMware? It works awesome with VMware. I would say that. If you're not using VMware yourself, maybe you thought, we do consult. So a lot of the commercial installs, because we're a reseller for AIX systems, and a lot of the commercial installs we do are VMware with TrueNAS. That's, that is like a peanut butter and jelly going out there in the enterprise world. Definitely work well together. I'm a lead systems engineer, so my responsibility for infrastructure, data center, hardware, right down to VMware. OS is different, teams depending. Yeah, you mentioned the benefits of VPN for protecting services, I gotta move. I'm gonna lean back in the chair. It's easier to read these if I hold the laptop. You mentioned a lot of benefits to using VPN for protecting our servers behind it. How are they like vulnerabilities in the actual VPN server? How likely are vulnerabilities in the actual VPN server? So because WireGuard and OpenVPN, pretty common, very standardized VPN services that are well vetted, well used, and I think will hold up well. Fortinet is an example of garbage VPN software writing because they go, hold on, we have an idea to make this better and in better, a lot of spaghetti code that keeps getting pwned, that keeps them in the news. So if you're using a Fortinet and they're weird VPN, there's some problems. If you're using a system, PF Sense is an example, but plenty of others out there that are using OpenVPN and WireGuard, I'm less worried. I'm much more worried about companies that have invented new ways of doing VPN to make your life easier and easier to hack at the same time. So it's always with exception. Our sand is flex OS down, moving to peer storage and a Cisco flash stack. That's not gonna be cheap. On a home network, should I worry about port forwarding games or apps? I mean, it's not a home network question. It's all about what those apps are. So what's the risk? You know, maybe we should walk through this one day because this is a topic I've been thinking about is what happens when someone pops an app? What's the next steps and what's the risk? So you have to ask yourself, if I have something port forwarded and then that app gets taken over, where would that person go next? What would they be able to leverage? For example, my son's gaming computer is on a separate network. Unless they had port forwarded something and for a game he's running, it's not on the same network as me. What would they do? Well, they would have control maybe of his machine and maybe other systems on the network they would try to gain access to, but would they gain access to them? What else is on that network? Those are the questions. It's not like there's a, you know, instant response to it and how much time and effort will someone put into that because the reality is owning my son's gaming desktop would be amusing, but there's not much money in it. Maybe the still esteem games. I don't think that's a big monetary payoff. So it comes down to like, do they have something worth money and how will they leverage it? Generally they're after money. There's certainly people that's after chaos, but money is mostly what they're after. Hey, awesome. Hey, Andrew from Build Health International here. Look up Build Health International. They're doing awesome stuff. Thanks for your help. Got the network up and running. That is awesome. That is a, you know, maybe sometime Andrew, reach out to me or something. I mean, if you want to talk publicly about what you guys got going on, ping me. It might be an interesting topic that we can spread some awareness. You guys are doing some cool things. Brought my first MacBook December 22 and been conflicted ever since. They work so well, but yeah, the ecosystem lock on is less than ideal. Yeah, that's how I feel too. Although the recent and more frequent videos I didn't know I wasn't sub. It's a pleasure to chat in the community here. Yeah, I'm trying to curate a good community of people who interested in a home lab and networking and all that fun stuff. I'm at a CCA who couldn't even ping or trace you out. Yeah, we all have. To you, Chassis, I can't think of one. I don't build many of them. So I don't have a ton of opinions on those. We haven't done a whole lot with honeypots, but that's probably going to change. We actually have through Blue Mara some honeypot stuff going on, but nothing extensive. But I want to get a little more into that. I don't think there's enough demand to bring the VX LAN to PF Sense. I don't think so. It kind of comes down to demand. If there's enough demand for that, they would add it. But if they're not seeing enough push towards it, it may not justify the engineering time. What sort of extra risk involved with using tail scale similar mesh orchestration versus attrition over the hand? I have a whole video on the overlay networks. The only extra risk is the controller because it can add new nodes. So if someone were to get into your tail scale account, they could add more nodes to your tail scale. That's about it. It's really much lower risk in a VPN for the most part. ARM is great. Just need more OS support similar to X86. I would say OS support in Linux world for ARM is awesome. The only Linux laptop I know about is the Pinebook and Haven't dove into details. Yeah, I mean, the Pinebook is kind of cool. That's ARM. Yeah, it's ARM based. I'm almost positive. But it's not that fast. But I think we're getting there. The path has been set. It just might take, and hopefully by the time this is obsolete, I'll be right back. I'll be in an ARM Linux laptop that works just as well. Because I've been streaming for an hour, an hour. Now, this would actually kill the battery on my i7 laptop that I was using. This would just, I'd watch the battery rip through after an hour and go, yeah, look, it's killed like a lot of the battery. This system, we have burned through 10% of the battery in an hour, 10% of the battery in an hour. And I'm like, I got all these tabs open and everything else. I'm watching emails in the background go, like it's doing a lot of stuff besides live streaming. I mean, that's just 10% in an hour. I just want to repeat that. That's awesome. I started with a man switch, split up to VLANs on the switch, used physical LANs before I got VLANs working as intended. VLANs are a learning curve if you've never used them before. I learned a lot from your videos. We have a neck eight, 70, 100, and 60, 100 with, which site to site VPN is running the least overhead. I'm going to say definitely WireGuard is your easy, we've been using WireGuard for a while. I probably need to do an updated video on it, but WireGuard for site to site just works wonderful in PF Sense. Most of our VPN usage is dropped because the tail scales are true. Yeah, it just works really well to use those. Over VPN on PF Sense versus over the server on PF Sense for your port forwarding. Oh, on PF Sense, why would I use, I mean, unless you have some special use case, I would definitely run it on a PF Sense. Are we approaching practical limit with NVMe due to cooling constraints? No. Well, the CPU vulnerabilities are keeping us busy of our virtual environments. How about you? Yeah, I mean, we keep them up to date to mitigate those. It is what it is. They suck, but they're a problem. Patching is a solution. Yeah, I didn't watch the video. That is NAS compare. She's a friend of mine. I didn't watch this video on it, but I think it's cool. I don't use GPU pass-through, so I'm not likely to do a video on it. Do you have logging and monitoring what sort of indicated compromises you look for in a host or on the network? I don't bother with my, what I call my not safe for work home network. I do have Huntress running on my son's computer. So I would let Huntress alert me if there was a problem. Have you tried Nix? Apparently it works well with Mac OS, restoring configurations. I don't think it works on the ARM-based ones. Yeah, the MDM stuff is neat. I don't know, but the reality is we couldn't get our clients all the switch to Mac. It's not likely because their line of business apps don't always work on Mac. I have a dual Xeon workstation I want to use for a home server. Should I start with XP and G? I have a Nvidia RTX. They find a solution. I don't know what the solution you're looking for is. I don't use video pass through. So I don't have any answers for that. I'm using IPsec VPN and PSS remote access VPN by Mac OS because it's there. You know, I'm using tail scale on my Mac because it works so well. So an open source alternatives for Intune Autopilot? No. Wait, oh, for Linux? Um, well, we never deploy Linux to end users. Linux is pretty much exclusively servers, but you have Chef, Ansible, Puppet are all, you know, better than Intune in every way for deployments. Jay from LearnLinuxTV is working on his video for his Ansible poll. But yeah, Ansible, there's a ton automation solutions for Linux. Microsoft is going, oh, derpy derp, I guess we can finally start doing automation that's half ass and maybe as good as Linux, but we're gonna make it harder and more complicated to do than Linux. And we're gonna have a ton of security problems with it and we're gonna change the interface every now and then. Microsoft's a terrible company that doesn't care about your security. I love that the tenable CEO called them out and just said, look, you guys suck. And I've got plenty of videos about how Microsoft just doesn't care about security. They care about money. And if sometimes if there's a potential for money disruption, they fix security. If there's no potential for money disruption, Microsoft doesn't even fix security. They're like, it won't disrupt the flow of cash. Therefore, put the junior, put the intern on this project. Make a video on GPU pass-true. No, not likely. I just don't use it. Jeff from Craft Computing has videos on it. I can't really improve upon them because he uses them and talks about all the details. I don't use it. So I, yeah, I just don't use video pass-true. Not seeing you shouldn't, but when Tom doesn't, it makes it a lot harder for me to do videos on. I have other, if I had unlimited time, I would do it. No, Tailscale on PF Sense does not use the same WireGuard package. It's separate, as far as I know. As far as I know, it uses the Tailscale version of WireGuard. Identity management and WinMac loan, I don't have a suggestion for identity management. Not, I mean, I don't have a need for it either. Like, I don't understand, the problem comes down to will it integrate with everything that you want to do? And a lot of the stuff I have is standalone login. So there's, messy with identity management system wouldn't make my lab any better because if it doesn't have a tie-in for all the things, then if the tie-in only supports like Google or Microsoft, which is pretty, the two most common matter of fact, Tailscale is an example of this. If you go into login to Tailscale, you have the option of, I believe, GitHub? I haven't looked in a while, they might have oct on there, but I remember when I first signed up for it, you could auth through GitHub, Google or Microsoft, end of story. And that's the problem, you're like, oh, we want to use this third-party authentication system, okay, but does the things you want to authenticate and support it? A follow-up to pass you a question, I haven't XO yet, but try it out, how good is pass you for devices like storage controllers and eth adapters? I just don't use it, so I don't know. I still have a Tesla, it's still my daily driver, and for those curious, I thought I'd do videos on it and I realized everyone's doing videos on Tesla, so my opinion is just, it doesn't matter much, but one thing I will talk about for anyone wondering, 66,000 miles on my Tesla as of today, 66,345 miles. So I still have my Tesla, it still has a lot of miles, it works well. I haven't had any problems with it, so I still like my Tesla. Yeah, well it's not just user space, they have, Tailscale has a go implementation of PF of WireGuard, and Chris McDonald has talked about, this is why I say, as I know of right now, they're still using, Tailscale still uses that, but Chris McDonald mentioned that at some point in the future, maybe they would use the kernel driver in PF sense, but to my knowledge, right now they're not, unless someone rewrote it and I didn't know it. Is anybody who can compete with Microsoft products and services, we'll hit their profit flows. There's not really anyone that can compete with them, that's the biggest problem, they're a monopoly captured through regulatory capture, and because Microsoft works that way, that's why they don't have to care about security, because you can raise your arm and angrily say, Microsoft, you did a bad job on this, and Microsoft would go, okay, go ahead and use your competitor. You know, it's a cable company joke from, that I love South Park's episode on this, you know. Oh, what are you gonna do, switch to another cable provider? And, you know, the cable providers and internet providers here are frequently the same problem where they've captured a market, and my friend worked, and before he quit, he worked at Comcast at a high level, and we used to talk about how terrible a company were. He hated working there, he hated how terrible they were. He's like, yeah, he goes, he worked in management, and he says, they simply just raise prices and gave him less technicians on each of his service areas where there was no competition. He always had less resources to fix things because like the Comcast people would jokingly say internally, never put it in writing as they were, you know, it was always the inside joke. Well, yeah, they can't switch to another provider. It was a couple of places in the southern areas of the United States where Comcast had exclusive rights. So they had one half the technicians that he had back, I met him when he worked in the Detroit area where I'm at. We have competition here, so there's a lot of technicians and they try to be very friendly. But if you go to an area where they don't have competition, Comcast, they're like, here's two technicians for this service area. We'll fix your stuff in a week, but I need it sooner. Well, yeah, you're not gonna switch to another provider, so we'll fix it when we get to it. And Microsoft kind of has that same attitude. Referring us to KraftQ's central answer. Yeah, he's done more research on Pastor than I ever have, or probably ever will. XCB, is XCB the best? I like XCB and G the best. We do a lot of consulting on it. I'm very familiar with it, but Proxmox is not bad at all. No, I've never used NordVPN and don't plan to either. Tailscale and P.F. Sense is fantastic. I agree with that. I don't really deal much with virtual desktop infrastructure. Citrix, I think, is king of that, not even XCB and G. Yes, you can use Tailscale for remotely managing XCB and G hosts in Zennarkasha. Just wanna say thanks for your video on Cloudflare Zero Trusted. It's been perfect solution for me and the headache of faffing about with traffic with HGproxy and networking illiterate. Yeah, I think it's a good solution for a lot of people. I just wait sure in, as long as you're always aware is why I'm always clear in these videos. And I say things like, hey, you have to trust Cloudflare with this. So as long as you do, you're fine. I mean, absolutely. When you have to run a Windows server, would it be possible to make it a Windows server core? Most page reboots are due to the GUI updates. Yeah. Place on our Windows AD servers, Astrology works great for small business. What's the longest homestay network journey you have completed in your Tesla? I drove through the Tennessee mountains. So that is 10 hours, 15 hour, I don't know. I haven't really, I haven't gone cross country in my Tesla, but I did drive down to the Tennessee mountains. And if you measure from Detroit to here, I think that's a 10 hour drive, 10 or 11 where I went. I don't remember. You can go to their site, they'll tell you how many charging stops. What VoIP provider do you recommend? We use, we resell, OIT is the company we partnered with. It's my friend Ray's company. We partnered with them. We got free PBX because it was just a support headache. So pretty much we've settled on OIT is what we resell. For good introduction to DNS firewalls, I don't use an X DNS or control ID. So I don't really know. Thanks for a video about Xenoboard. Any good idea for supply for five HDs, ATX, PCU, big candy? I know I buy a lot of stuff from Amazon. I don't have suggestions for where to buy it cheaper unless you have a commercial account with like Ingram micro, but that usually means you're buying things in mass bulk quantity. Does load balancing club, for example, out traffic through Cloudflare or just a repoint the DNS? So I guess it depends. Also the load balancer is usually gonna be on Cloudflare. They're gonna proxy your connection and they're gonna load balance on their side, not yours. But I guess it depends on how you configure and how you set it up. Is there a way to get a public IP address on your router? No, not really. I mean, there's ways you could spit up but some hosted account somewhere and forward the public IP of let's say a Linoad or a digital ocean account over to your system. But that would do it, but I don't know if that meets the goal you're trying to achieve. Is Asterix VoIP still a thing? Asterix is still the underlying piece of FreePBX. So yes, as PFS is using Kernel module for Wayagard as Wayagard in the 14 kernel now. As far as I know, it's in the 14 kernel. We can Google that real quick. So we'll look up, Wayagard, VPN, VSD, kernel. Oh, let's see. Yeah. So it's been in the kernel for a while. It looks like it's 2022 is when it got added. So it's in there. I use VMs for my public facing servers. Nothing gets routed to the physical host of my DMZ. PFS is blocking everything inbound, but yes. What are the blank spots for your channel? I like to start my channel filling in your blank spots. If it's okay, I don't know. Maybe this. Mikrotik Smart or TP-Link JetStream. I don't know, I don't really have a lot of experience with either one of those. There's no reason not to cover the same things I cover. I won't lie. They're covered by other channels because they're popular and I can't even possibly cover all the topics. I mean, I don't bother like people asking about the forward or past through. I don't bother doing it. I only really cover things I use. So you could possibly cover it. Jeff covered it and people are still asking me, Jeff has an extensive amount of videos on craft computing about past through. Matter of fact, Jeff has a weird problem. Jeff has a weird problem and he's talked about this. When Jeff tries to figure something out or sort out a problem with PCI past through and he looks up the problem, he's the solution. And he says, no, I'm trying to solve a problem that I don't know. And it's become to the point where Jeff has become the solution so much so and posted in so many forums that he keeps finding himself. And he's like, no, I need an answer to this. So there's always room for more if you have something to add, feel free. Bring your question. Does it make sense for a device that keeps POE camera redundant between two switches? So if one does the update and the camera says online, well, how would you connect the camera to two switches at once? I don't understand that as a questionnaire. Wireless, I want to scan all incoming emails to prevent viruses. Gmail does a great job of that. So does minecast is something you can use as well. I don't think a POE connected to be a pigtail to mirrored ports would, I don't know how that would work. You end up with a power, you end up with a weird power. That's a science experiment. That's not something I think I'd ever use in production. And as the important meant, the need for external power when you run HDs or is there any elegant solution? Oh, there's no elegant solution. I had a ATX power supply. So we had a forward external IPs through double NAT, NAT router setup. I have a DMZ, PFSense, PNZ, ASP router. I mean, there's ways to do it. I mean, you could bridge things out. It's just a pain. There's no, there's no one click simple easy way. And you have to go have some hosted, you know, like I said, hosted in some cloud space, your public IP. And then you would forward the traffic from that down to your PFSense through some type of VPN and bridge them together. Sounds like a fun experiment. Yeah. Yeah. I mean, I wonder if someone's ever built something like that. The reality is we install a absolute ton of cameras, like a lot of cameras. And with that being said, I haven't really found a, I haven't really found anyone asking us for that, going, hey, you need to update a switch, but it's going to take things down, you know, for a minute. And no one's ever said, oh boy, here, let me share this tab instead here. Like even right now, this, I was just at the office the other day, this just got delivered. Those are all more cameras at the office. So we have another big project, there's more on the floor too. We have all these large scale projects of cameras going in, but of all the ones we've done, no one's ever go, I can't have these cameras even go off for 30 seconds for an update. It's just no one's ever had that request. We just scheduled the maintenance time and life happens. Yeah, Cloudflare works through double nap. Yeah, these are just 35 more cameras. I'm working, I am working on a getting started with Synology video. So I'll probably do it with the pile of cameras that we have right now. Yes, they still run Unify access points at home. This video is brought to you on a Unify access point. There we go. I said it like an ad. For Synology, what model do you recommend? For also offsite backup redundant, which is better. Synology snapshot replication, Synology share sync. I don't have a lot of experience with the drive share sync. I want to play with it. It's better to do this and goof with it some because it's got some definitely things. Ah, yes, Beetlejuice, Beetlejuice, Beetlejuice and craft computing has appeared, which I'm also, I think Jeff already knows this, that they're making a new Beetlejuice, which I'm here for that. So, but Synology snapshot replication should work well offsite. And as far as model, use their NBR selector because the model question isn't a me question, it's a your use case question. Back to the craft computing. The, I have, I have referred more people to Jeff at craft computing for the ultimate guide on passing through all the things. Because Jeff has done more research than any other human I'm aware of when it comes to that as a topic. Jeff is, Jeff's the official. I mean, Jeff has a Hyper-V pass-through video. Think about that. So if you feel compelled to use Hyper-V and want to use pass-through, I can only name one other person who's done the work and explains how to game on multiple systems. And that would be Jeff from craft computing. Will you perform maintenance on the devices or the devices do it for you? Yeah. Do you know of any camera with good bit rate? All they seem to care about is the resolution to end up with 4K video P. Um, that varies a lot. And the reality is the bit rate is lower because like Travis just mentioned, when you have a, when you have like 35 cameras and you don't have a budget to store 90 days at a super high bit rate of 90, you know, of all those 35 cameras that is just in practice. You don't use bit rates. That's the biggest reason that you don't see high bit rate cameras because they're just, they understand the use case of it. Yes, you're the Hyper-V guy now, Jeff. Sorry, we've threw, we've threw you under the Hyper-V bus. I'm currently using Microsoft Teams phone system. Not happy with it. My office is, because you recommend to get a small office five call us. We are a phone provider. So you can call us. OIT is what we use, you know, there's other ones out there. 3CX is popular. They were really popular over their latest security blunder, which was just stupid. Dedicated video on the A16 doing four way pass through. So yeah, it's a not just pass through, four way pass through. I watched Jeff's videos on it because I was, I found it interesting. I was curious because so many of you ask about it and I don't use it. So my experience with it is watching Jeff's videos. That's why, and I said, wow, those videos are really good. Hence, I recommend Jeff's videos. How do you decide if you need L2 arc? I don't believe I need one at the moment, but I might need it when I move VMs to Ice Guzzi. I don't know if I actually need, is it just enough to track the arc hit rate? Yes. And mostly you want more memory. Mostly it's all about the memory. We feel like Ubiquiti is shifting their target audience like we buy a U6 Pro. It comes in boxes of one. If I buy 50, I have to open, if you buy 50, I have to open 50 boxes with PoE adapters. No, you can buy bulk, unless they change it very, very recently, we buy them in bulk. We usually buy through Unified Direct, but sometimes we buy through Ingram Micro as well. Or it's a streak wave. I forget, I don't do the purchasing. I just see like invoices flying around sometimes. And we buy quantities of these. So, I don't know if you heard that. That's things falling on the roof of my gazebo here. It's a metal roof. So, see around my backyard if you want. I don't like grass. That's all mulch, because I don't want to do a grass. There are settings with its knowledge to instantiation, a lot of you auto adjust the resolution and instantly beat rate gets auto adjusted too. Yeah. You heard the stuff hit the roof. I think it's, there's, I have a lot of trees and there's a lot of squirrels and the squirrels drop crap on the roof all the time. They're up there cutting branches or whatever it is squirrels do. Well, this is why they have rate limiting in Run Zero. Cause yes, you absolutely can do a full take down of the network. Yes, my son, you're just curious about still on the, still out here. I see, I see my wife has come home. Is he true Nascale only uses 50% of the arcs? I might move to true Nascore. Well, I mean the solution on that, you know, there's the squirrels are fighting now. The solution to that is moving to core or just set the arc size. You can reset the arc size and make it use the rest of the memory. I should do a video on that cause I don't know why they have it set that way. It's kind of dumb. So I just set the arc size to use more memory. That's my solution. I don't know why it's not the out of the box solution. I usually buy a unified direct for warranty issues getting Yelster. Yes. If it's not an official reseller, I don't recommend it. And the Amazon is no longer an official place to buy a unified. Are there any IP phones you know of that can phone locally on the same network without using the VoIP server? No, because the phones aren't usually smart enough to do that or be aware of the other phones on a network. That's why they need a VoIP server. Now, if you're using free PBX, for example, the phones are all connected and the phones are aware of each other via the free PBX server. Therefore, they can talk to each other. I follow Christian McDonald's video on that as a topic. So yes, it is a manual set up in PF Sense and yes, that's just how PF Sense works. Matter of fact, that's how most firewalls should work and most enterprise firewalls work is deny and then you have to go through and set the rules to allow traffic to pass. Are you gonna experiment with cloud provider services like AWS? I don't use them. So no, I don't like cloud. We have clients using it, but it's nothing that interests me. It comes down to time. There's only so much time to cover so many topics. If time was unlimited, sure. I could hire, maybe if I build my channel bigger, I hire a group of people that do AWS. But the unfortunate part about the way YouTube works is you have to subscribe to a channel, not a playlist. YouTube could solve so many of their problems if they allowed people to subscribe to a playlist because if a channel goes too broad on a topic and touches topics lightly instead of like myself going deep into topics, it's harder to gain subscribers. The more niche your channel is, the more subscribers like you because they care about the topics you're talking about. This is one of the reasons even me posting my business videos, I would lose subscribers because the majority of my subscribers are here for technical topics, not business ones. So every business video would cost me 10 or 20 subscribers. So I quit posting them and if I went into the AWS world and started making videos on it, I'd probably lose subscribers because they are here for the true NAS and PF sense content. So yeah, that's mostly why I try to stay within a narrower niche. You won't find me telling you not to increase the arc skies. If you don't increase it, you won't use the memory. I don't have another solution for that. Now, don't increase it to use all the memory because you have to leave some memory aside for things you want to run. But I have 64 gigs of RAM in my true NAS and I think I have 50 gigs dedicated to arc and then the rest I use for VMs and things like that. But as far as I know, even if you over allocate, this is what I got to test before I do a video on it. What happens when you allocate all the memory for it? Will it properly size like it does in VSD? I don't know. I'll ask, I will try to ask Chris Moore and see if he answers that. Do all of your clients have fixed IP? I'm having issues shovel shooting site to site dynamic DNS on both sides. If a client needs a site to site VPN, they will buy a fixed IP. We do have some clients that have site to site VPN where only one side is fixed. That works fine too. If one side's not fixed, not a big deal. But generally speaking, at least one should be fixed unless you want to have a bad time. Cloud is made up term, it means paint. So the cloud is a rental service and that's the problem. The renter, the landlord of the servers will simply keep increasing price. Despite cloud prices going down and services going down, the price for cloud always gets bigger. And this is why we see people moving away from the cloud and this is actually a niche that my consulting does a lot of, is we have a quarter million dollar project we're working on right now for people getting out of the cloud and petabytes of storage, et cetera, things that they're all putting internal at their business because the cloud bill, it pays off pretty quickly. It's not even like they have to wait a few years to pay this off. The cloud bills for storage are really high. Your true next skill, when you use standard apps instead of true charged ones, do you have security concerns about true charts? Yes, quality concerns and security concerns. It depends on who manages and updates the app, but the apps have been kind of hit and miss. So they're just kind of messy. Some work, some don't and I don't have time to validate them. So I've not bothered endorsing any of the true charts stuff. I don't dislike it. They got some apps on there that are okay, but for the most part, it's just, yeah. Use it if you want. I wouldn't use it in production. It's probably fine for a home lab. Love your channel. I've recently upgraded to two gig in a connection. I have to upgrade my WAN, NIC PF sense. So SFP is similar to leveraged speed. It depends on how it's handed off to you from your provider. So you don't have to get a SFP, but if it's handed to you and you need something you would need like SFP plus. So the handoff can be, it's kind of dependent on how your ISP presents it to you. Can you use local DNS to use domain names instead of IP address for local services? Do I need a reverse proxy? I would, you don't need a reverse proxy in order to make local DNS work, but you need a reverse proxy in order to make the SSL certificates work. Reverse proxy is more for the SSL cert. The DNS is just DNS instead of IP. So that's just setting up your DNS. And I have a PF sense guide on DNS and setting up local names and I've got a reverse proxy guide. You kind of need both of those. The reverse proxy doesn't work unless DNS works, but DNS can work without a reverse proxy. Hopefully that made sense. Well, I'm gonna wind this down because I'm actually thinking about eating some lunch. My wife is out of town and she's back. Is there any final questions? We'll let this go because I'll end it in two minutes because that'll make it an hour and a half long. Tom hangs out in his backyard in BSS. So two more minutes of questions and then I'll wind it down. And it's funny cause I see there's like 170 people here and it'll start, I said I'm winding it down so we'll see them all wandering off. I got one gig from ISP. I can count on one hand the servers that would allow you to get one gig of bandwidth. That's very true. That's the problem people run into is whether or not the bandwidth will actually scale to what you need it to. DMark RUA reports. How do you get the center email address? I don't understand your question. Yes, do you have a video on how to start your IT business? Kind of, we have a whole series of business videos. You go Lawrence.video slash B-I-Z and you'll go to our business technicality channel. You'll also find a link in the description of like tons of my videos. We talk about running an IT business there. If I was copying my NAS to my OneDrive it'd be 30K per month. Yeah. You can use something like tail scale zero tier or TNC sites to be handled overhead. Okay. Interesting. Before we were planning on replacing all the PF Sense boxes with Sophos because the lack of web filtering. Any paid add-ons for PF Sense that do that? None I would recommend. So we just don't do layer seven filtering in the firewall. That's our rule. We do layer seven filtering on the endpoint where the things are happening. So that's why we don't really have a solution. The other option is for people who insist on it we still sell some untangle boxes that we maintain. So untangle is a different firewall altogether but it does have layer seven filtering. I have four port one gig NIG wanted to replace with the four port TIG headache. I have tons of VLANs all going to need to be recreated. If you're using PF Sense, no, you can reassign a port in PF Sense. One of the days of member of the tail scale team we love content and love content like your last video. Awesome. As someone who enjoys tail scale, thank you guys for being awesome. You just have a good product and you seem like a good company too. Because I know when I did the head scale video, I thought it was really cool that tail scale even contributes to head scale and tail scale has some of the best documentation not just about tail scale. The tail scale nat write up is absolutely like if someone says, how does that work? I'm like, you have to read this article. This is the best description of Nat I've ever seen like in all the little details of Nat. So definitely awesome. The untangle UI is bad. It is different. Bad is a bad compared to other interfaces. Maybe I don't know. It's definitely a challenge. The layer eight is the hardest part to work with. Like the layer eight networking absolutely the user. Yeah, that layer eight, man. That's it's all networking. It's all computer words. That's the hardest part about computers is all the people touching them. So that's where it all gets really challenging. Yeah. All right. Well, thanks everyone for joining. I will see you next time on Vlog Thursday. It's the next live stream I have planned and I got some more videos to rock out in between. Thanks.