RE: Time sync

2013-01-08 Thread Ken Schaefer 
SCOM is just the lowest level of tool you need for something to monitor and 
manage an environment - what are you doing for your non-Wintel devices 
(network, *nix, security appliances etc?)

You feed all of that into an event management tool - it can auto ticket into 
your ITSM system and resolve for you e.g. if disk space is growing by x% an 
hour, then migrate the machine into a temporary location that has spare disk 
space, and alert the relevant business unit to look into their app. A problem 
ticket is raised for the business unit, and they can migrate the machine back 
to the normal production host once they've identified the root cause of the 
issue.

There's no need to keep vast amounts of spare storage just sitting around "just 
in case", provided you architect the solution correctly. That could handle 
unexpected incidents.

Capacity management is handled via a proper reporting tool that'll summarise 
the data coming out of SCOM (or Tivoli or whatever you are using) and provide 
proper reporting on the issues that are expected to arise in the next 3-6 
months, so you can initiate the necessary capacity improvement project and/or 
BAU work.

Cheers
ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Wednesday, 9 January 2013 1:29 AM
To: NT System Admin Issues
Subject: RE: Time sync

We use SCOM to monitor everything, and we have some homegrown stuff on top of 
that. So, we do monitor.

However, what we saw in the early days of virtualization was that dynamic disks 
could cause things to go south *very* quickly. I personally would not be 
comfortable in a situation where we've over-allocated disk without having a 
fairly large free host disk space buffer. I know at least one of the other 
admins here feels the same way.

As far as I'm concerned, I will not implement thin disks UNLESS I can add up 
all of the file system sizes and verify  the host store has enough capacity to 
handle them fully grown. To do otherwise just seems like an invitation for 
problems.

If I can't add up all the filesystem sizes, we'll either use thick disks and 
overestimate the sizes, or we'll use thin disks and just insure that we keep 
100's of gigs of free space on each host store. Management can worry about the 
explosion of disk costs.

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Monday, January 07, 2013 11:21 PM
To: NT System Admin Issues
Subject: RE: Time sync

Seriously?

Are you an ITIL shop? Do you not have capacity management plans and 
systems/tools in place? Or do you just fly by the seat of your pants? 
Everything should be monitored, and you're getting nice trending graphs. Sure, 
sometimes things go unexpectedly wrong - but that can happen for all sorts of 
reasons and is a fact of IT - you need a proper incident system and recovery to 
handle it. This whole cloud thing you hear about is making sure you have 
resilient services

Cheers
Ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Tuesday, 8 January 2013 7:33 AM
To: NT System Admin Issues
Subject: RE: Time sync

How do you "manage your capacity properly"? I'm not being facetious - I really 
want to know since it looks like we are switching to HyperV.

Microsoft's recommendation is to create thin disks for more than you ever think 
you need. Then, when creating the OS, use disk manager to create the file 
system with the minimum you can get by with. This allows the VHD file to only 
grow up to the size of the file system it contains.

Then, if a virtual's file system runs out of space, you can use storage 
management to extend the disk into some the free space you allocated in the VHD 
file.  This allows you to have room for expansion, but keeps any one virtual 
from exhausting free physical disk.

For example: Let's say we need a SQL server. We think we can get by with the 
following disks:
C: - 40GB (os)
D: - 30GB (logs)
E: - 100GB (data)

Microsoft is telling us to create thin disks of, say,  1TB each. However, when 
we install the OS, we create NTFS file systems on each disk with the desired 
sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this 
virtual can only grow its thin disks to a total of 170GB.  If the E:  runs out 
of space, we can use disk manager to extend the NTFS file system, which will 
grow the thin disk up to the new NTFS file system size. This gives you the 
ability to easily grow disks at will, but prevents any one virtual from hogging 
all the free host disk.

This sort of seems reasonable, but it complicates disk management immensely. 
Now, in order to know the max my virtuals might take, I have to look at each 
host store, find all of the virtual machines with VHD files on that store, then 
figure out each virtual's drive letter for that VHD (is that even possible?), 
then add up all the file system sizes. Seems like a lot of work, even if you 
script it up.


From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, January 07, 2013 12:08 PM
To: NT System Admin

Re: TechEd vs TechMentor

2013-01-08 Thread Steven Peck 
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012
TechEd NA has a lot of their sessions online so you can see what the
presentations are like.  They have the EU and AU ones somewhere on the site
as well.

Steven Peck
http://www.blkmtn.org



On Tue, Jan 8, 2013 at 2:59 PM, Damien Solodow
wrote:

>  Good to know. J 
>
> What has TechEd pricing been like?
>
> ** **
>
> DAMIEN SOLODOW
>
> Systems Engineer
>
> 317.447.6033 (office)
>
> 317.447.6014 (fax)
>
> HARRISON COLLEGE
>
> ** **
>
> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
> *Sent:* Tuesday, January 08, 2013 5:57 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: TechEd vs TechMentor
>
>  ** **
>
> I have to agree with Webster, I would side with Tech Ed, especially when
> you go to the whiteboard sessions in which you can draw out your solutions
> with MVP’s and other folks that are SME’s on their particular areas. I
> remember a few years ago going over a IIS 7.0 design and one of the M$
> folks basically told me they just setup something like it just a few months
> ago. I was pretty impressed. 
>
> ** **
>
> Z
>
> ** **
>
> Edward E. Ziots, CISSP, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> ezi...@lifespan.org
>
> ** **
>
> *From:* Webster [mailto:webs...@carlwebster.com ]
>
> *Sent:* Tuesday, January 08, 2013 5:49 PM
> *To:* NT System Admin Issues
> *Subject:* RE: TechEd vs TechMentor
>
> ** **
>
> You will get nothing on the last two at either conference.
>
> ** **
>
> IMO, TechMentor is for more Beginner to Intermediate level folk.  The one
> I went to in August was an anomaly.  It was at MS HQ and most sessions were
> extremely technical.
>
> ** **
>
> TechEd runs the range from Beginner to Advanced but the average is
> Intermediate.
>
> ** **
>
> Thanks
>
> ** **
>
> ** **
>
> Webster
>
> ** **
>
> *From:* Damien Solodow 
> [mailto:damien.solo...@harrison.edu]
>
> *Subject:* RE: TechEd vs TechMentor
>
> ** **
>
> Windows Server, Exchange, SQL, PowerShell, VMware vCloud, Citrix XenApp.**
> **
>
> ** **
>
> ** **
>
> *From:* Rod Trent [mailto:rodtr...@myitforum.com ]
>
> *Subject:* RE: TechEd vs TechMentor
>
> ** **
>
> Which apps do you deal with the most? 
>
> ** **
>
> *From:* Damien Solodow 
> [mailto:damien.solo...@harrison.edu]
>
> *Subject:* TechEd vs TechMentor
>
> ** **
>
> It looks like I might be able to make one of these for the first time. ***
> *
>
> Any advice on which is the better/more useful event? Are they about the
> same price for registration normally (TechEd registration isn’t open yet to
> check)?
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: TechEd vs TechMentor

2013-01-08 Thread Michael B. Smith 
Microsoft makes it very clear that in large deployments, Citrix solutions are 
better – in some ways. ☺

From: John Cook [mailto:john.c...@pfsf.org]
Sent: Tuesday, January 8, 2013 6:26 PM
To: NT System Admin Issues
Subject: Re: TechEd vs TechMentor

Sure you will - they'll tell you why the MS offering is far superior!
John W. Cook
Network Operations Manager
Partnership for Strong Families

From: Webster [mailto:webs...@carlwebster.com]
Sent: Tuesday, January 08, 2013 05:48 PM Eastern Standard Time
To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: RE: TechEd vs TechMentor

You will get nothing on the last two at either conference.

IMO, TechMentor is for more Beginner to Intermediate level folk.  The one I 
went to in August was an anomaly.  It was at MS HQ and most sessions were 
extremely technical.

TechEd runs the range from Beginner to Advanced but the average is Intermediate.

Thanks


Webster

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Subject: RE: TechEd vs TechMentor

Windows Server, Exchange, SQL, PowerShell, VMware vCloud, Citrix XenApp.


From: Rod Trent [mailto:rodtr...@myitforum.com]
Subject: RE: TechEd vs TechMentor

Which apps do you deal with the most?

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Subject: TechEd vs TechMentor

It looks like I might be able to make one of these for the first time.
Any advice on which is the better/more useful event? Are they about the same 
price for registration normally (TechEd registration isn’t open yet to check)?


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: TechEd vs TechMentor

2013-01-08 Thread Ziots, Edward 
Last time I remember it was like 1,500 or something. I am not sure what
the price is now.. 

 

Z

 

Edward E. Ziots, CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: Damien Solodow [mailto:damien.solo...@harrison.edu] 
Sent: Tuesday, January 08, 2013 5:59 PM
To: NT System Admin Issues
Subject: RE: TechEd vs TechMentor

 

Good to know. J 

What has TechEd pricing been like?

 

DAMIEN SOLODOW

Systems Engineer

317.447.6033 (office)

317.447.6014 (fax)

HARRISON COLLEGE

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, January 08, 2013 5:57 PM
To: NT System Admin Issues
Subject: RE: TechEd vs TechMentor

 

I have to agree with Webster, I would side with Tech Ed, especially when
you go to the whiteboard sessions in which you can draw out your
solutions with MVP's and other folks that are SME's on their particular
areas. I remember a few years ago going over a IIS 7.0 design and one of
the M$ folks basically told me they just setup something like it just a
few months ago. I was pretty impressed. 

 

Z

 

Edward E. Ziots, CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: Webster [mailto:webs...@carlwebster.com] 
Sent: Tuesday, January 08, 2013 5:49 PM
To: NT System Admin Issues
Subject: RE: TechEd vs TechMentor

 

You will get nothing on the last two at either conference.

 

IMO, TechMentor is for more Beginner to Intermediate level folk.  The
one I went to in August was an anomaly.  It was at MS HQ and most
sessions were extremely technical.

 

TechEd runs the range from Beginner to Advanced but the average is
Intermediate.

 

Thanks

 

 

Webster

 

From: Damien Solodow [mailto:damien.solo...@harrison.edu] 
Subject: RE: TechEd vs TechMentor

 

Windows Server, Exchange, SQL, PowerShell, VMware vCloud, Citrix XenApp.

 

 

From: Rod Trent [mailto:rodtr...@myitforum.com] 
Subject: RE: TechEd vs TechMentor

 

Which apps do you deal with the most? 

 

From: Damien Solodow [mailto:damien.solo...@harrison.edu] 
Subject: TechEd vs TechMentor

 

It looks like I might be able to make one of these for the first time. 

Any advice on which is the better/more useful event? Are they about the
same price for registration normally (TechEd registration isn't open yet
to check)?

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: TechEd vs TechMentor

2013-01-08 Thread Rod Trent 
Keep in mind.TechEd registration has usually opened by now, well, actually
they leave it open all year long. 

 

From: Damien Solodow [mailto:damien.solo...@harrison.edu] 
Sent: Tuesday, January 08, 2013 5:59 PM
To: NT System Admin Issues
Subject: RE: TechEd vs TechMentor

 

Good to know. J 

What has TechEd pricing been like?

 

DAMIEN SOLODOW

Systems Engineer

317.447.6033 (office)

317.447.6014 (fax)

HARRISON COLLEGE

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Tuesday, January 08, 2013 5:57 PM
To: NT System Admin Issues
Subject: RE: TechEd vs TechMentor

 

I have to agree with Webster, I would side with Tech Ed, especially when you
go to the whiteboard sessions in which you can draw out your solutions with
MVP's and other folks that are SME's on their particular areas. I remember a
few years ago going over a IIS 7.0 design and one of the M$ folks basically
told me they just setup something like it just a few months ago. I was
pretty impressed. 

 

Z

 

Edward E. Ziots, CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: Webster [mailto:webs...@carlwebster.com] 
Sent: Tuesday, January 08, 2013 5:49 PM
To: NT System Admin Issues
Subject: RE: TechEd vs TechMentor

 

You will get nothing on the last two at either conference.

 

IMO, TechMentor is for more Beginner to Intermediate level folk.  The one I
went to in August was an anomaly.  It was at MS HQ and most sessions were
extremely technical.

 

TechEd runs the range from Beginner to Advanced but the average is
Intermediate.

 

Thanks

 

 

Webster

 

From: Damien Solodow [mailto:damien.solo...@harrison.edu] 
Subject: RE: TechEd vs TechMentor

 

Windows Server, Exchange, SQL, PowerShell, VMware vCloud, Citrix XenApp.

 

 

From: Rod Trent [mailto:rodtr...@myitforum.com] 
Subject: RE: TechEd vs TechMentor

 

Which apps do you deal with the most? 

 

From: Damien Solodow [mailto:damien.solo...@harrison.edu] 
Subject: TechEd vs TechMentor

 

It looks like I might be able to make one of these for the first time. 

Any advice on which is the better/more useful event? Are they about the same
price for registration normally (TechEd registration isn't open yet to
check)?

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: TechEd vs TechMentor

2013-01-08 Thread Damien Solodow 
Good to know. :)
What has TechEd pricing been like?

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, January 08, 2013 5:57 PM
To: NT System Admin Issues
Subject: RE: TechEd vs TechMentor

I have to agree with Webster, I would side with Tech Ed, especially when you go 
to the whiteboard sessions in which you can draw out your solutions with MVP's 
and other folks that are SME's on their particular areas. I remember a few 
years ago going over a IIS 7.0 design and one of the M$ folks basically told me 
they just setup something like it just a few months ago. I was pretty impressed.

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org

From: Webster [mailto:webs...@carlwebster.com]
Sent: Tuesday, January 08, 2013 5:49 PM
To: NT System Admin Issues
Subject: RE: TechEd vs TechMentor

You will get nothing on the last two at either conference.

IMO, TechMentor is for more Beginner to Intermediate level folk.  The one I 
went to in August was an anomaly.  It was at MS HQ and most sessions were 
extremely technical.

TechEd runs the range from Beginner to Advanced but the average is Intermediate.

Thanks


Webster

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Subject: RE: TechEd vs TechMentor

Windows Server, Exchange, SQL, PowerShell, VMware vCloud, Citrix XenApp.


From: Rod Trent [mailto:rodtr...@myitforum.com]
Subject: RE: TechEd vs TechMentor

Which apps do you deal with the most?

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Subject: TechEd vs TechMentor

It looks like I might be able to make one of these for the first time.
Any advice on which is the better/more useful event? Are they about the same 
price for registration normally (TechEd registration isn't open yet to check)?


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: TechEd vs TechMentor

2013-01-08 Thread Ziots, Edward 
I have to agree with Webster, I would side with Tech Ed, especially when
you go to the whiteboard sessions in which you can draw out your
solutions with MVP's and other folks that are SME's on their particular
areas. I remember a few years ago going over a IIS 7.0 design and one of
the M$ folks basically told me they just setup something like it just a
few months ago. I was pretty impressed. 

 

Z

 

Edward E. Ziots, CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: Webster [mailto:webs...@carlwebster.com] 
Sent: Tuesday, January 08, 2013 5:49 PM
To: NT System Admin Issues
Subject: RE: TechEd vs TechMentor

 

You will get nothing on the last two at either conference.

 

IMO, TechMentor is for more Beginner to Intermediate level folk.  The
one I went to in August was an anomaly.  It was at MS HQ and most
sessions were extremely technical.

 

TechEd runs the range from Beginner to Advanced but the average is
Intermediate.

 

Thanks

 

 

Webster

 

From: Damien Solodow [mailto:damien.solo...@harrison.edu] 
Subject: RE: TechEd vs TechMentor

 

Windows Server, Exchange, SQL, PowerShell, VMware vCloud, Citrix XenApp.

 

 

From: Rod Trent [mailto:rodtr...@myitforum.com] 
Subject: RE: TechEd vs TechMentor

 

Which apps do you deal with the most? 

 

From: Damien Solodow [mailto:damien.solo...@harrison.edu] 
Subject: TechEd vs TechMentor

 

It looks like I might be able to make one of these for the first time. 

Any advice on which is the better/more useful event? Are they about the
same price for registration normally (TechEd registration isn't open yet
to check)?

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: TechEd vs TechMentor

2013-01-08 Thread Webster 
You will get nothing on the last two at either conference.

IMO, TechMentor is for more Beginner to Intermediate level folk.  The one I 
went to in August was an anomaly.  It was at MS HQ and most sessions were 
extremely technical.

TechEd runs the range from Beginner to Advanced but the average is Intermediate.

Thanks


Webster

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Subject: RE: TechEd vs TechMentor

Windows Server, Exchange, SQL, PowerShell, VMware vCloud, Citrix XenApp.


From: Rod Trent [mailto:rodtr...@myitforum.com]
Subject: RE: TechEd vs TechMentor

Which apps do you deal with the most?

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Subject: TechEd vs TechMentor

It looks like I might be able to make one of these for the first time.
Any advice on which is the better/more useful event? Are they about the same 
price for registration normally (TechEd registration isn't open yet to check)?


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: TechEd vs TechMentor

2013-01-08 Thread Damien Solodow 
Windows Server, Exchange, SQL, PowerShell, VMware vCloud, Citrix XenApp.

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Rod Trent [mailto:rodtr...@myitforum.com]
Sent: Tuesday, January 08, 2013 5:24 PM
To: NT System Admin Issues
Subject: RE: TechEd vs TechMentor

Which apps do you deal with the most?

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Sent: Tuesday, January 08, 2013 5:14 PM
To: NT System Admin Issues
Subject: TechEd vs TechMentor

It looks like I might be able to make one of these for the first time.
Any advice on which is the better/more useful event? Are they about the same 
price for registration normally (TechEd registration isn't open yet to check)?

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE
500 North Meridian St
Suite 500
Indianapolis, IN 46204-1213
www.harrison.edu


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: TechEd vs TechMentor

2013-01-08 Thread Rod Trent 
Which apps do you deal with the most? 

 

From: Damien Solodow [mailto:damien.solo...@harrison.edu] 
Sent: Tuesday, January 08, 2013 5:14 PM
To: NT System Admin Issues
Subject: TechEd vs TechMentor

 

It looks like I might be able to make one of these for the first time. 

Any advice on which is the better/more useful event? Are they about the same
price for registration normally (TechEd registration isn't open yet to
check)?

 

DAMIEN SOLODOW

Systems Engineer

317.447.6033 (office)

317.447.6014 (fax)

HARRISON COLLEGE

500 North Meridian St

Suite 500

Indianapolis, IN 46204-1213

  www.harrison.edu

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Humor - ESD

2013-01-08 Thread John Cook 
Love the comment - Unlike LSD that takes you out of reality, ESD brings you 
screaming back!

 John W. Cook
Network Operations Manager
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352) 215-6944
MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4

From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Tuesday, January 08, 2013 4:58 PM
To: NT System Admin Issues
Subject: OT: Humor - ESD

http://www.youtube.com/watch?v=RtlYi1yLTVQ&feature=youtu.be


Roger Wright
___
Your mileage may vary.  Batteries not included.  Limit 1 to a customer.  
Objects in mirror are closer than they appear.  One size fits all.  While 
supplies last.  Do not immerse in water.  Information subject to change.  You 
must be present to win.  Other restrictions may apply.  Apply only to affected 
area.  May be too intense for some viewers.  Some assembly required.  No 
purchase necessary.  Contents under pressure.  Void where prohibited.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Ouch

2013-01-08 Thread Michael B. Smith 
Well that is better. But STILL!

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 8, 2013 4:45 PM
To: NT System Admin Issues
Subject: RE: Ouch 

Update - brand new virus variant baby...as of yesterday.

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 08, 2013 1:01 PM
To: NT System Admin Issues
Subject: RE: Ouch 

Welcome to my world...I had the GPO set up but was denied over a year ago. 
Guessing that will change.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, January 08, 2013 12:56 PM
To: NT System Admin Issues
Subject: RE: Ouch 

You still have autorun enabled? REALLY?

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 8, 2013 3:52 PM
To: NT System Admin Issues
Subject: Ouch 

This just in: W32/SillyFDC.   Not new to the internet, but new here :(

Bites
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Ouch

2013-01-08 Thread David Lum 
Update - brand new virus variant baby...as of yesterday.

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 08, 2013 1:01 PM
To: NT System Admin Issues
Subject: RE: Ouch 

Welcome to my world...I had the GPO set up but was denied over a year ago. 
Guessing that will change.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, January 08, 2013 12:56 PM
To: NT System Admin Issues
Subject: RE: Ouch 

You still have autorun enabled? REALLY?

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 8, 2013 3:52 PM
To: NT System Admin Issues
Subject: Ouch 

This just in: W32/SillyFDC.   Not new to the internet, but new here :(

Bites
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Ouch

2013-01-08 Thread kz20fl 
So you spread the virus then! ;-)

Sent from my Blackberry, which may be an antique but delivers email RELIABLY

-Original Message-
From: David Lum 
Date: Tue, 8 Jan 2013 21:01:24 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: RE: Ouch 

Welcome to my world...I had the GPO set up but was denied over a year ago. 
Guessing that will change.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, January 08, 2013 12:56 PM
To: NT System Admin Issues
Subject: RE: Ouch 

You still have autorun enabled? REALLY?

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 8, 2013 3:52 PM
To: NT System Admin Issues
Subject: Ouch 

This just in: W32/SillyFDC.   Not new to the internet, but new here :(

Bites
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Ouch

2013-01-08 Thread David Lum 
Welcome to my world...I had the GPO set up but was denied over a year ago. 
Guessing that will change.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, January 08, 2013 12:56 PM
To: NT System Admin Issues
Subject: RE: Ouch 

You still have autorun enabled? REALLY?

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 8, 2013 3:52 PM
To: NT System Admin Issues
Subject: Ouch 

This just in: W32/SillyFDC.   Not new to the internet, but new here :(

Bites
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Ouch

2013-01-08 Thread Michael B. Smith 
You still have autorun enabled? REALLY?

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 8, 2013 3:52 PM
To: NT System Admin Issues
Subject: Ouch 

This just in: W32/SillyFDC.   Not new to the internet, but new here :(

Bites
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Digitial Signature Software

2013-01-08 Thread Webster 
Digicert Managed PKI Services.

http://www.digicert.com/managed-pki-ssl.htm

Thanks


Webster

From: Robert Cato [mailto:cato.rob...@gmail.com]
Sent: Tuesday, January 08, 2013 2:32 PM
To: NT System Admin Issues
Subject: Digitial Signature Software


We are looking at Digital Signature Software solutions. Does anyone have 
recommendations?

The use case is having a software package to allow managers to digitally sign 
documents instead of the traditional ink signature.

Thanks,
Robert

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: SSD and 2008 R2 Hyper-V, SAS vs. SATA SSD

2013-01-08 Thread N Parr 
Lot of details you need to fill in.  50 user production server doing what?  
File share, large or lots of small files?  SQL server, OLAP or OLTP loads?  
Then there's the technology of the SSD drives.  Not just the MLC/SLC tech but 
drives with brains that can handle raid configurations.  If you look closely at 
disk I/O on SSD's most of the high end drives top out at the 240GB level.  
Larger drives can start to decrease in performance.  Given it's still faster 
than traditional drives but is the $/GB worth it to you.  You didn't mention 
how much space you needed.  How high end is your controller and does its HCL 
have specific SSD's on it?  I'm just guessing that SSD's may be overkill for 
that you are talking about.  Will the users really see improvements in their 
interactions with the server?  They won't care if the server takes 20 seconds 
to boot or 2 minutes.

That being said I love to jump on the newest tech out there and see what it can 
do.  But I've learned my lessons to never put something in production I don't 
fully understand.  I've been messing with SSD's for years, mainly using them in 
equipment in hostel environments.  The early cheap MLC drives I used tended to 
fail quite often.  I've hardly had any issues with new high end SLC drives 
other than older SATA controllers not liking them.  I boot my ESX hosts from 
them at home for power savings (guests are on my QNAP).  Have a few laptops and 
desktops and they all work great.  I've tested putting a single high end OCZ 
SSD in my QNAP and running a virtual guest off it.  In my case performance test 
showed about a 25% improvement in guest disk I/O vs the Equallogic array it was 
on before.  But even that is comparing apples to oranges.


From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 08, 2013 9:17 AM
To: NT System Admin Issues
Subject: SSD and 2008 R2 Hyper-V, SAS vs. SATA SSD

Some of you may remember I fought a little with putting an SSD drive in my old 
home lab PowerEdge 840 but I did finally get it to work. I've been running 2008 
R2 Hyper-V server on SSD for about a week now and all I can say is holy crap! 
The boot times (compared to the previous platter SATA drives) are insane. I had 
no idea a server OS could boot so fast! I haven't timed it, but I'd guess it's 
less than 10 seconds from the end of POST to me being able to RDP to it.

My question isfor a 50-user production server which would be faster - SAS 
or SATA SSD for the OS? Something I find little discussion on in the controller 
architecture (SATA SSD's vs. SAS disks) and performance with varying levels 
concurrent client connections. SATA drives now have NCQ, does this 
negate/mitigate the traditional SCSI advantage?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Cisco ASA question

2013-01-08 Thread Tom Miller 
I had the direction incorrect!  Thanks for the help folks,

Relay only by exemption on the mail servers, though.

From: Patrick Salmon [mailto:psal...@gmail.com]
Sent: Tuesday, January 08, 2013 11:21 AM
To: NT System Admin Issues
Subject: Re: Cisco ASA question

Looks right to me, both in sequence and content [1].

- You're allowing SMTP from specific host(s). Correct. Not so much a 'best 
practice'  as a must-do.
- Next, you're denying SMTP from anything else. Also correct.
- Implied, but must exist, is the Deny Any Any at the end. You'd be surprised 
how many people forget that.

An aside: this is a great forum with an abundance of expertise in many areas. 
That said, a google search on Cisco Forums / Cisco Community / Cisco support 
forum will give you a much more focused target audience. Not that you won't get 
great answers here, as you will.

Pat

[1]. CCNP. Also, full disclosure and disclaimer: I am an employee of Cisco 
Systems. Opinions expressed, however, are mine alone and not that of Cisco.
On Tue, Jan 8, 2013 at 10:54 AM, Tom Miller 
mailto:tmil...@sfgtrust.com>> wrote:
Hi Folks,

At a new job here.  I have a few Cisco ASA.  One of them, an ASA 5510, seems to 
be not very strict on outbound rules.  I'm new to ASA (came from the Fortinet 
world), so any advice on setting up outbound rules?  In particular we've been 
on spamhaus and I think there is an internal machine sending out smtp messages. 
 Short term solution would be to restrict out smtp to our mail servers only.

On the ASA | Configuration | Access Rules, I created an inside --> outside 
rule.  Traffic from mail server out, smtp, permit.  Other rule has traffic as 
deny.  This does not seem correct, even me being new to ASA.

Suggestions appreciated,
Tom

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Cisco ASA question

2013-01-08 Thread Erik Goldoff 
*and* I'd recommend checking SMTP relay on internal mail server.  Is
it allowing internal systems to relay smtp traffic instead of smtp
direct ?   Just another loophole that might need to be tightened.

in most cases, *if* internal smtp relay is required, usually limited
to a specific group of 'authorized' systems and not open to entire
internal subnets.

On Tue, Jan 8, 2013 at 11:14 AM, Ziots, Edward  wrote:
> Remember even with the Egress filtering you are looking to do outbound, it
> could be an internal compromised host or account that is using your
> legitimate email servers to send the email out, but I would drop and log all
> other traffic from trust to untrust on port 25 and eliminate the hosts.
>
>
>
> Z
>
>
>
> Edward E. Ziots, CISSP, Security +, Network +
>
> Security Engineer
>
> Lifespan Organization
>
> ezi...@lifespan.org
>
>
>
> From: Tom Miller [mailto:tmil...@sfgtrust.com]
> Sent: Tuesday, January 08, 2013 10:54 AM
> To: NT System Admin Issues
> Subject: Cisco ASA question
>
>
>
> Hi Folks,
>
>
>
> At a new job here.  I have a few Cisco ASA.  One of them, an ASA 5510, seems
> to be not very strict on outbound rules.  I’m new to ASA (came from the
> Fortinet world), so any advice on setting up outbound rules?  In particular
> we’ve been on spamhaus and I think there is an internal machine sending out
> smtp messages.  Short term solution would be to restrict out smtp to our
> mail servers only.
>
>
>
> On the ASA | Configuration | Access Rules, I created an inside à outside
> rule.  Traffic from mail server out, smtp, permit.  Other rule has traffic
> as deny.  This does not seem correct, even me being new to ASA.
>
>
>
> Suggestions appreciated,
>
> Tom
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Cisco ASA question

2013-01-08 Thread Patrick Salmon 
Looks right to me, both in sequence and content [1].

- You're allowing SMTP from specific host(s). Correct. Not so much a 'best
practice'  as a must-do.
- Next, you're denying SMTP from anything else. Also correct.
- Implied, but must exist, is the Deny Any Any at the end. You'd be
surprised how many people forget that.

An aside: this is a great forum with an abundance of expertise in many
areas. That said, a google search on Cisco Forums / Cisco Community / Cisco
support forum will give you a much more focused target audience. Not that
you won't get great answers here, as you will.

Pat

[1]. CCNP. Also, full disclosure and disclaimer: I am an employee of Cisco
Systems. Opinions expressed, however, are mine alone and not that of Cisco.

On Tue, Jan 8, 2013 at 10:54 AM, Tom Miller  wrote:

>  Hi Folks,
>
> ** **
>
> At a new job here.  I have a few Cisco ASA.  One of them, an ASA 5510,
> seems to be not very strict on outbound rules.  I’m new to ASA (came from
> the Fortinet world), so any advice on setting up outbound rules?  In
> particular we’ve been on spamhaus and I think there is an internal machine
> sending out smtp messages.  Short term solution would be to restrict out
> smtp to our mail servers only. 
>
> ** **
>
> On the ASA | Configuration | Access Rules, I created an inside à outside
> rule.  Traffic from mail server out, smtp, permit.  Other rule has traffic
> as deny.  This does not seem correct, even me being new to ASA.
>
> ** **
>
> Suggestions appreciated,
>
> Tom
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Cisco ASA question

2013-01-08 Thread Tom Miller 
Great thanks.  I did that at my last gig.  I'm amazed at the config but am 
working to tighten things.  New to ASA so it's a little slow going.   Apologies 
for my ignorance here.

Under access rules, I see Outside, and those rules are limited and seem correct.

Then I see Inside (incoming) with a few rules, and another Inside (outgoing) 
with a few rules.  What's the difference?

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Tuesday, January 08, 2013 11:00 AM
To: NT System Admin Issues
Subject: RE: Cisco ASA question

"Short term solution would be to restrict out smtp to our mail servers only."

I think all networks should do that all the time. We do as do most others folks 
that I know.

Basically you should see in order:

Inside to outside allow smpt from your mail server.
Inside to outside deny smtp from any

Cisco reads them in order and stops on the first matching rule.  So in the 
above your email server would get an allow. A desktop would not qualify on that 
first rule so it would move to the second rule and get denied. So if I am 
reading your description right I think your rules are ok.

Send us the rules in order if you want. Feel free to mask the ip addresses if 
you want.

From: Tom Miller [mailto:tmil...@sfgtrust.com]
Sent: Tuesday, January 08, 2013 10:56 AM
To: NT System Admin Issues
Subject: Cisco ASA question

Hi Folks,

At a new job here.  I have a few Cisco ASA.  One of them, an ASA 5510, seems to 
be not very strict on outbound rules.  I'm new to ASA (came from the Fortinet 
world), so any advice on setting up outbound rules?  In particular we've been 
on spamhaus and I think there is an internal machine sending out smtp messages. 
 Short term solution would be to restrict out smtp to our mail servers only.

On the ASA | Configuration | Access Rules, I created an inside --> outside 
rule.  Traffic from mail server out, smtp, permit.  Other rule has traffic as 
deny.  This does not seem correct, even me being new to ASA.

Suggestions appreciated,
Tom

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Cisco ASA question

2013-01-08 Thread Ziots, Edward 
Remember even with the Egress filtering you are looking to do outbound, it 
could be an internal compromised host or account that is using your legitimate 
email servers to send the email out, but I would drop and log all other traffic 
from trust to untrust on port 25 and eliminate the hosts.  

 

Z

 

Edward E. Ziots, CISSP, Security +, Network +

Security Engineer

Lifespan Organization

ezi...@lifespan.org

 

From: Tom Miller [mailto:tmil...@sfgtrust.com] 
Sent: Tuesday, January 08, 2013 10:54 AM
To: NT System Admin Issues
Subject: Cisco ASA question

 

Hi Folks,

 

At a new job here.  I have a few Cisco ASA.  One of them, an ASA 5510, seems to 
be not very strict on outbound rules.  I'm new to ASA (came from the Fortinet 
world), so any advice on setting up outbound rules?  In particular we've been 
on spamhaus and I think there is an internal machine sending out smtp messages. 
 Short term solution would be to restrict out smtp to our mail servers only. 

 

On the ASA | Configuration | Access Rules, I created an inside à outside rule.  
Traffic from mail server out, smtp, permit.  Other rule has traffic as deny.  
This does not seem correct, even me being new to ASA.

 

Suggestions appreciated,

Tom

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: SSD and 2008 R2 Hyper-V, SAS vs. SATA SSD

2013-01-08 Thread Maglinger, Paul 
Yeah, they replaced my 6 year old laptop to one with SSD.  I went from a 5 
minute boot to less than a minute.  I used to be able to get a cup of coffee 
while I was waiting for the old one!  :)
I'm still leery about the MTBF so I'm planning on frequent backups.

-Paul

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 08, 2013 9:17 AM
To: NT System Admin Issues
Subject: SSD and 2008 R2 Hyper-V, SAS vs. SATA SSD

Some of you may remember I fought a little with putting an SSD drive in my old 
home lab PowerEdge 840 but I did finally get it to work. I've been running 2008 
R2 Hyper-V server on SSD for about a week now and all I can say is holy crap! 
The boot times (compared to the previous platter SATA drives) are insane. I had 
no idea a server OS could boot so fast! I haven't timed it, but I'd guess it's 
less than 10 seconds from the end of POST to me being able to RDP to it.

My question isfor a 50-user production server which would be faster - SAS 
or SATA SSD for the OS? Something I find little discussion on in the controller 
architecture (SATA SSD's vs. SAS disks) and performance with varying levels 
concurrent client connections. SATA drives now have NCQ, does this 
negate/mitigate the traditional SCSI advantage?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Time sync

2013-01-08 Thread Ken Cornetet 
We use SCOM to monitor everything, and we have some homegrown stuff on top of 
that. So, we do monitor.

However, what we saw in the early days of virtualization was that dynamic disks 
could cause things to go south *very* quickly. I personally would not be 
comfortable in a situation where we've over-allocated disk without having a 
fairly large free host disk space buffer. I know at least one of the other 
admins here feels the same way.

As far as I'm concerned, I will not implement thin disks UNLESS I can add up 
all of the file system sizes and verify  the host store has enough capacity to 
handle them fully grown. To do otherwise just seems like an invitation for 
problems.

If I can't add up all the filesystem sizes, we'll either use thick disks and 
overestimate the sizes, or we'll use thin disks and just insure that we keep 
100's of gigs of free space on each host store. Management can worry about the 
explosion of disk costs.

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Monday, January 07, 2013 11:21 PM
To: NT System Admin Issues
Subject: RE: Time sync

Seriously?

Are you an ITIL shop? Do you not have capacity management plans and 
systems/tools in place? Or do you just fly by the seat of your pants? 
Everything should be monitored, and you're getting nice trending graphs. Sure, 
sometimes things go unexpectedly wrong - but that can happen for all sorts of 
reasons and is a fact of IT - you need a proper incident system and recovery to 
handle it. This whole cloud thing you hear about is making sure you have 
resilient services

Cheers
Ken

From: Ken Cornetet [mailto:ken.corne...@kimball.com]
Sent: Tuesday, 8 January 2013 7:33 AM
To: NT System Admin Issues
Subject: RE: Time sync

How do you "manage your capacity properly"? I'm not being facetious - I really 
want to know since it looks like we are switching to HyperV.

Microsoft's recommendation is to create thin disks for more than you ever think 
you need. Then, when creating the OS, use disk manager to create the file 
system with the minimum you can get by with. This allows the VHD file to only 
grow up to the size of the file system it contains.

Then, if a virtual's file system runs out of space, you can use storage 
management to extend the disk into some the free space you allocated in the VHD 
file.  This allows you to have room for expansion, but keeps any one virtual 
from exhausting free physical disk.

For example: Let's say we need a SQL server. We think we can get by with the 
following disks:
C: - 40GB (os)
D: - 30GB (logs)
E: - 100GB (data)

Microsoft is telling us to create thin disks of, say,  1TB each. However, when 
we install the OS, we create NTFS file systems on each disk with the desired 
sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this 
virtual can only grow its thin disks to a total of 170GB.  If the E:  runs out 
of space, we can use disk manager to extend the NTFS file system, which will 
grow the thin disk up to the new NTFS file system size. This gives you the 
ability to easily grow disks at will, but prevents any one virtual from hogging 
all the free host disk.

This sort of seems reasonable, but it complicates disk management immensely. 
Now, in order to know the max my virtuals might take, I have to look at each 
host store, find all of the virtual machines with VHD files on that store, then 
figure out each virtual's drive letter for that VHD (is that even possible?), 
then add up all the file system sizes. Seems like a lot of work, even if you 
script it up.


From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, January 07, 2013 12:08 PM
To: NT System Admin Issues
Subject: Re: Time sync

Yes, over subscribing can be an issue if you don't manage your capacity 
properly.

It hasn't proved to be an issue in any of the environments where I have been.





ASB
http://XeeMe.com/AndrewBaker
Providing Virtual CIO Services (IT Operations & Information Security) for the 
SMB market...




On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet 
mailto:ken.corne...@kimball.com>> wrote:
Thin provisioning seems risky to me. Seems like you are always in danger of 
non-critical virtuals deciding to use more disk space thus exhausting  physical 
space which would cause critical VMs to pause if they happen to need more space.

We tried thin provisioning  back in the old VirtualServer days, and I ran into 
this problem a few times.

-Original Message-
From: Michael B. Smith 
[mailto:mich...@smithcons.com]
Sent: Monday, January 07, 2013 10:28 AM
To: NT System Admin Issues
Subject: RE: Time sync

Because the overhead associated with dynamic disks in Hyper-V v3 is in the very 
low single digits. We don't spend any time on this process, thin provisioning 
still works seamlessly, and we get on with our lives.

:)

-Original Message-
From: Ken Cornetet 
[mailto:ken.corne...@kimball.com