Re: Advice on setting up a Win2012 RDS environment - Progress!
On Wed, Mar 20, 2013 at 7:53 PM, James Hill falc...@gmail.com wrote: Get a cert from a public CA. Far less hassle and they are very inexpensive. These are internals apps, so they won't be accessed by the public, or over a public Internet (well, perhaps over VPN). And being a government agency, we can get certs for free from another agency. Why do you want to separate the web front end? Load balancing by our hardware Cisco ACE appliance. Also it then enables use to send the session to any available session host. Separating out the web front end from the back end RDSH servers (aka the server farm) is also the current configuration we have with our Citrix environment, and is I believe the recommended design for something like this. (I am told). What we want, or will have, is 2 web front ends and 3-4 back end session hosts. James. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, 21 March 2013 4:40 AM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! SO I am making progress! I had already installed the RDS as a role, but that didn't configure the deployment. So I went to Server Manager, clicked on RDS, and clicked on Deploy. It then went into what seemed like an install of RDS as a service (which had failed before). This time, however, the deploy step went through without error. I rebooted at the end, and after I logged back in, I was able to install an app (Notepad++), and then I was able to add it to a Quick Session Collection, publish it as a RemoteApp, and I was able to access it remotely. w00t! Definite progress. So now I need to make my own collection, add an app to it. Then investigate how to use a separate web server front end for it (to separate the RDS hosts from the web access). And probably give it our self-signed internal certificate, to stop it complaining about untrusted publishers of the app. So I am definitely further along than I was. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Korean web attacks used
Yes, your conclusion appears valid. But the contents of the article provide an even more enlightening comment: *It is important to note that this attack worked only on computers with disabled DEP ( data execution prevention ). If you run this attack on computer with enabled DEP, the following message is displayed* *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Thu, Mar 21, 2013 at 12:05 PM, David Lum david@nwea.org wrote: Am I correct in reading this page: http://blog.avast.com/2013/03/19/analysis-of-chinese-attack-against-korean-banks/ ** ** that “After further searching, we were able to determine that this attack uses the CVE-2012-1889 ( http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1889 ) vulnerability, which allows a remote attacker via a crafted web site to execute arbitrary code” ** ** where looking up CVE-2012-1889 points to http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1889 which has a link to remediation at http://technet.microsoft.com/en-us/security/advisory/2719615 and thus http://technet.microsoft.com/en-us/security/bulletin/ms12-043 that this attack could have been prevented if MS12-043 had been applied? *David Lum* Sr. Systems Engineer // NWEATM Office 503.548.5229 //* *Cell (voice/text) 503.267.9764 ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Advice on setting up a Win2012 RDS environment - Progress!
For traffic handling, you don't need two web servers for 4 session hosts. You don't need 2 web servers for 40 session hosts. For HA, I presume you are using an ESX cluster. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 1:07 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Wed, Mar 20, 2013 at 7:53 PM, James Hill falc...@gmail.com wrote: Get a cert from a public CA. Far less hassle and they are very inexpensive. These are internals apps, so they won't be accessed by the public, or over a public Internet (well, perhaps over VPN). And being a government agency, we can get certs for free from another agency. Why do you want to separate the web front end? Load balancing by our hardware Cisco ACE appliance. Also it then enables use to send the session to any available session host. Separating out the web front end from the back end RDSH servers (aka the server farm) is also the current configuration we have with our Citrix environment, and is I believe the recommended design for something like this. (I am told). What we want, or will have, is 2 web front ends and 3-4 back end session hosts. James. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, 21 March 2013 4:40 AM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! SO I am making progress! I had already installed the RDS as a role, but that didn't configure the deployment. So I went to Server Manager, clicked on RDS, and clicked on Deploy. It then went into what seemed like an install of RDS as a service (which had failed before). This time, however, the deploy step went through without error. I rebooted at the end, and after I logged back in, I was able to install an app (Notepad++), and then I was able to add it to a Quick Session Collection, publish it as a RemoteApp, and I was able to access it remotely. w00t! Definite progress. So now I need to make my own collection, add an app to it. Then investigate how to use a separate web server front end for it (to separate the RDS hosts from the web access). And probably give it our self-signed internal certificate, to stop it complaining about untrusted publishers of the app. So I am definitely further along than I was. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Meraki
So, my device arrived today -- solid piece of hardware, so no complaints. As I review the setup instructions, I see a different concern than the ones that have been voiced thus far. I'm really not worried about what might happen 3 years from now, but rather how much information a cloud managed network device will provide about my whole network, and not just the device itself. The basic instructions say to logon to the website and configure the settings for the device, then put it on the network and have it download all its settings. I'm going to pay close attention to the type of traffic that this device sees fit to disclose. :) Not a complaint so much as an observation. There's always OpenWRT... *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Mon, Mar 18, 2013 at 11:34 PM, Jon Harris jk.har...@live.com wrote: Here is the question and answer from Meraki about what happens when the license expires. 1. What happens when or if the license for the Cloud Management of the device lapse?** ** **- Devices have a 90 day grace period for renewal. Beyond that, they will not be able to pass traffic. Jon -- From: jk.har...@live.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: Meraki Date: Mon, 18 Mar 2013 15:34:35 -0400 The actual response was at the end of the contract + 90 days is when the action would take place. The action in this instance was that it would stop passing traffic. When I get to work later I will cut the actual question/answer from my email and send it to the list. I don't doubt that most larger businesses would keep this device under contract. It would be very unwise to do otherwise, although I have seen other businesses that depend on their network, not keep their high dollar network devices under contract. Like I said earlier did find the fact that unlike a lot of other IT directed businesses they seemed to be more interested in allowing their hardware, in this case, to sell themselves rather than have some sales drone push it hard. That in itself to me is a big plus for the company. Jon -- From: gswe...@acts360.com To: ntsysadmin@lyris.sunbelt-software.com Subject: Re: Meraki Date: Sun, 17 Mar 2013 22:57:46 + It doesn't stop passing traffic and right now that’s not a hard cut off. We have gone a few weeks past an expiration and we can still monitor and make changes. I am sure at some point though you would lose ability to manage it. That is the one part of the whole solution that I am concerned with, but in almost all of my clients they keep up the warranty on their devices, controllers, servers, etc because to have it fail and either the replacement cost or downtime exposure is pretty steep. The renewal cost on the licenses is paying for the service. If you factor the cost of a Rukus, Firetide, Cisco, etc by the time you pay for the AP's, the controller and license cost I am pretty sure you would be very close to the cost over 3 years. At least we were when we checked it over Ruckus on 3 years. *Greg Sweers* CEO *ACTS360.com http://www.acts360.com/*** *P.O. Box 1193* *Brandon, FL 33509* *813-657-0849 Office* *813-644-3479 Cell* From: Adam Greene maill...@webjogger.net Reply-To: ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com Date: Saturday, March 16, 2013 9:27 AM To: ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com Subject: RE: Meraki I wonder if after 3 years you just lose the ability to manage it via the cloud. It seems pretty bad that the device itself would stop working if you don’t renew the license. *From:* Jon Harris [mailto:jk.har...@live.com jk.har...@live.com] *Sent:* Friday, March 15, 2013 7:57 PM *To:* NT System Admin Issues *Subject:* RE: Meraki Yes but at the end of 3 years you have to renew the license or the device will stop passing traffic. At least that is what the sales drone told me. I still don't know a lot of homeowners or mom pop SMB's that will buy into something that requires this type of commitment or yearly price. I will know better after I do my evaluation but I don't see it happening long term. Once I am finished with my evaluation I get the lovely chore of passing my findings to my boss here at work for him to think about. We are not that commited to doing wireless except for BOD and certain officers at only certain locations. This looked like something they would think about but with the yearly cost I don't know. Jon -- From: asbz...@gmail.com Date: Fri, 15 Mar 2013 09:03:56 -0400 Subject: Re: Meraki To: ntsysadmin@lyris.sunbelt-software.com My understanding was that the devices came with a 3 YEAR cloud license... *ASB
Re: Meraki
Which model did you get? Was this the free one they offer? --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Thu, 21 Mar 2013 10:45:55 -0800 Subject: Re: Meraki So, my device arrived today -- solid piece of hardware, so no complaints. As I review the setup instructions, I see a different concern than the ones that have been voiced thus far. I'm really not worried about what might happen 3 years from now, but rather how much information a cloud managed network device will provide about my whole network, and not just the device itself. The basic instructions say to logon to the website and configure the settings for the device, then put it on the network and have it download all its settings. I'm going to pay close attention to the type of traffic that this device sees fit to disclose. :) Not a complaint so much as an observation. There's always OpenWRT... *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Mon, Mar 18, 2013 at 11:34 PM, Jon Harris jk.har...@live.com wrote: Here is the question and answer from Meraki about what happens when the license expires. 1. What happens when or if the license for the Cloud Management of the device lapse?** ** **- Devices have a 90 day grace period for renewal. Beyond that, they will not be able to pass traffic. Jon -- From: jk.har...@live.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: Meraki Date: Mon, 18 Mar 2013 15:34:35 -0400 The actual response was at the end of the contract + 90 days is when the action would take place. The action in this instance was that it would stop passing traffic. When I get to work later I will cut the actual question/answer from my email and send it to the list. I don't doubt that most larger businesses would keep this device under contract. It would be very unwise to do otherwise, although I have seen other businesses that depend on their network, not keep their high dollar network devices under contract. Like I said earlier did find the fact that unlike a lot of other IT directed businesses they seemed to be more interested in allowing their hardware, in this case, to sell themselves rather than have some sales drone push it hard. That in itself to me is a big plus for the company. Jon -- From: gswe...@acts360.com To: ntsysadmin@lyris.sunbelt-software.com Subject: Re: Meraki Date: Sun, 17 Mar 2013 22:57:46 + It doesn't stop passing traffic and right now that’s not a hard cut off. We have gone a few weeks past an expiration and we can still monitor and make changes. I am sure at some point though you would lose ability to manage it. That is the one part of the whole solution that I am concerned with, but in almost all of my clients they keep up the warranty on their devices, controllers, servers, etc because to have it fail and either the replacement cost or downtime exposure is pretty steep. The renewal cost on the licenses is paying for the service. If you factor the cost of a Rukus, Firetide, Cisco, etc by the time you pay for the AP's, the controller and license cost I am pretty sure you would be very close to the cost over 3 years. At least we were when we checked it over Ruckus on 3 years. *Greg Sweers* CEO *ACTS360.com http://www.acts360.com/*** *P.O. Box 1193* *Brandon, FL 33509* *813-657-0849 Office* *813-644-3479 Cell* From: Adam Greene maill...@webjogger.net Reply-To: ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com Date: Saturday, March 16, 2013 9:27 AM To: ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com Subject: RE: Meraki I wonder if after 3 years you just lose the ability to manage it via the cloud. It seems pretty bad that the device itself would stop working if you don’t renew the license. *From:* Jon Harris [mailto:jk.har...@live.com jk.har...@live.com] *Sent:* Friday, March 15, 2013 7:57 PM *To:* NT System Admin Issues *Subject:* RE: Meraki Yes but at the end of 3 years you have to renew the license or the device will stop passing traffic. At least that is what the sales drone told me. I still don't know a lot of homeowners or mom pop SMB's that will buy into something that requires this type of commitment or yearly price. I will know better after I do my evaluation but I don't see it happening long term. Once I am finished with my evaluation I get the lovely chore of passing my findings to my boss here at work for him to think about. We
Re: Advice on setting up a Win2012 RDS environment - Progress!
On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet ken.corne...@kimball.com wrote: For traffic handling, you don't need two web servers for 4 session hosts. You don't need 2 web servers for 40 session hosts. Well, it's more for redundancy, than actual traffic balancing. Speaking of which ... does that mean for my situation I would want 2 connection brokers, rather than 2 web servers? Am I correct in assuming that the user actually hits the connection broker, which then passes to the web server (since we would want our users to be able to access via web browser), which then communicates back and forth with the session host? So I would want 2 connection brokers (which would be tied to my Cisco ACE appliance), so that if one goes down, complete access to the application itself does not. Similarly, I would want 2 web servers, and then the 3-4 session hosts (altho only the connection brokers would be connected to the ACE appliance) (also: in my case, the application being published is really just a front end itself; it communicates with SQL servers for it's data. There is no data in the application itself) For HA, I presume you are using an ESX cluster. Yep. ESXi 5.0 Update 2 cluster (hopefully soon be 5.1). -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 1:07 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Wed, Mar 20, 2013 at 7:53 PM, James Hill falc...@gmail.com wrote: Get a cert from a public CA. Far less hassle and they are very inexpensive. These are internals apps, so they won't be accessed by the public, or over a public Internet (well, perhaps over VPN). And being a government agency, we can get certs for free from another agency. Why do you want to separate the web front end? Load balancing by our hardware Cisco ACE appliance. Also it then enables use to send the session to any available session host. Separating out the web front end from the back end RDSH servers (aka the server farm) is also the current configuration we have with our Citrix environment, and is I believe the recommended design for something like this. (I am told). What we want, or will have, is 2 web front ends and 3-4 back end session hosts. James. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, 21 March 2013 4:40 AM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! SO I am making progress! I had already installed the RDS as a role, but that didn't configure the deployment. So I went to Server Manager, clicked on RDS, and clicked on Deploy. It then went into what seemed like an install of RDS as a service (which had failed before). This time, however, the deploy step went through without error. I rebooted at the end, and after I logged back in, I was able to install an app (Notepad++), and then I was able to add it to a Quick Session Collection, publish it as a RemoteApp, and I was able to access it remotely. w00t! Definite progress. So now I need to make my own collection, add an app to it. Then investigate how to use a separate web server front end for it (to separate the RDS hosts from the web access). And probably give it our self-signed internal certificate, to stop it complaining about untrusted publishers of the app. So I am definitely further along than I was. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: Meraki
Valid concern. That aside, I watched the presentation and was very impressed! -Sam From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, March 21, 2013 12:46 PM To: NT System Admin Issues Subject: Re: Meraki So, my device arrived today -- solid piece of hardware, so no complaints. As I review the setup instructions, I see a different concern than the ones that have been voiced thus far. I'm really not worried about what might happen 3 years from now, but rather how much information a cloud managed network device will provide about my whole network, and not just the device itself. The basic instructions say to logon to the website and configure the settings for the device, then put it on the network and have it download all its settings. I'm going to pay close attention to the type of traffic that this device sees fit to disclose. :) Not a complaint so much as an observation. There's always OpenWRT... ASB http://xeeme.com/AndrewBaker http://XeeMe.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market. On Mon, Mar 18, 2013 at 11:34 PM, Jon Harris jk.har...@live.com wrote: Here is the question and answer from Meraki about what happens when the license expires. 1. What happens when or if the license for the Cloud Management of the device lapse? - Devices have a 90 day grace period for renewal. Beyond that, they will not be able to pass traffic. Jon _ From: jk.har...@live.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: Meraki Date: Mon, 18 Mar 2013 15:34:35 -0400 The actual response was at the end of the contract + 90 days is when the action would take place. The action in this instance was that it would stop passing traffic. When I get to work later I will cut the actual question/answer from my email and send it to the list. I don't doubt that most larger businesses would keep this device under contract. It would be very unwise to do otherwise, although I have seen other businesses that depend on their network, not keep their high dollar network devices under contract. Like I said earlier did find the fact that unlike a lot of other IT directed businesses they seemed to be more interested in allowing their hardware, in this case, to sell themselves rather than have some sales drone push it hard. That in itself to me is a big plus for the company. Jon _ From: gswe...@acts360.com To: ntsysadmin@lyris.sunbelt-software.com Subject: Re: Meraki Date: Sun, 17 Mar 2013 22:57:46 + It doesn't stop passing traffic and right now that's not a hard cut off. We have gone a few weeks past an expiration and we can still monitor and make changes. I am sure at some point though you would lose ability to manage it. That is the one part of the whole solution that I am concerned with, but in almost all of my clients they keep up the warranty on their devices, controllers, servers, etc because to have it fail and either the replacement cost or downtime exposure is pretty steep. The renewal cost on the licenses is paying for the service. If you factor the cost of a Rukus, Firetide, Cisco, etc by the time you pay for the AP's, the controller and license cost I am pretty sure you would be very close to the cost over 3 years. At least we were when we checked it over Ruckus on 3 years. Greg Sweers CEO http://www.acts360.com/ ACTS360.com P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-644-3479 Cell From: Adam Greene maill...@webjogger.net Reply-To: ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com Date: Saturday, March 16, 2013 9:27 AM To: ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com Subject: RE: Meraki I wonder if after 3 years you just lose the ability to manage it via the cloud. It seems pretty bad that the device itself would stop working if you don't renew the license. From: Jon Harris [mailto:jk.har...@live.com] Sent: Friday, March 15, 2013 7:57 PM To: NT System Admin Issues Subject: RE: Meraki Yes but at the end of 3 years you have to renew the license or the device will stop passing traffic. At least that is what the sales drone told me. I still don't know a lot of homeowners or mom pop SMB's that will buy into something that requires this type of commitment or yearly price. I will know better after I do my evaluation but I don't see it happening long term. Once I am finished with my evaluation I get the lovely chore of passing my findings to my boss here at work for him to think about. We are not that commited to doing wireless except for BOD and certain officers at only certain locations. This looked like something they would think about but with the yearly cost I don't know. Jon _ From: asbz...@gmail.com Date: Fri, 15 Mar 2013 09:03:56 -0400 Subject: Re: Meraki To:
RE: Advice on setting up a Win2012 RDS environment - Progress!
I don't think you can have two connection brokers without complicating things (clustering and SQL server involved). If you have ESX clustering, you have your redundancy covered. No need for two web servers (or two brokers). ESX does HA with fewer headaches than any other way - use it. Here's the general traffic flow (I think...): 1. Client hits web server. 2. Web server shows available apps 3. User clicks on app 4. Web server downloads .RDP file for app. The .RDP file points to the broker as the server address. 5. User's RDP app attempts to launch app from broker. 6. The broker sends the client a RDP redirect to the appropriate session host. 7. The user's RDP then opens a connection to the session host and launches the app. It has been a while, but I think this is how it worked in 2008 R2 and RDP versions up through 7. I've just started looking at 2012. I think RDP version 8 changes this up a bit. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 2:04 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet ken.corne...@kimball.com wrote: For traffic handling, you don't need two web servers for 4 session hosts. You don't need 2 web servers for 40 session hosts. Well, it's more for redundancy, than actual traffic balancing. Speaking of which ... does that mean for my situation I would want 2 connection brokers, rather than 2 web servers? Am I correct in assuming that the user actually hits the connection broker, which then passes to the web server (since we would want our users to be able to access via web browser), which then communicates back and forth with the session host? So I would want 2 connection brokers (which would be tied to my Cisco ACE appliance), so that if one goes down, complete access to the application itself does not. Similarly, I would want 2 web servers, and then the 3-4 session hosts (altho only the connection brokers would be connected to the ACE appliance) (also: in my case, the application being published is really just a front end itself; it communicates with SQL servers for it's data. There is no data in the application itself) For HA, I presume you are using an ESX cluster. Yep. ESXi 5.0 Update 2 cluster (hopefully soon be 5.1). -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 1:07 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Wed, Mar 20, 2013 at 7:53 PM, James Hill falc...@gmail.com wrote: Get a cert from a public CA. Far less hassle and they are very inexpensive. These are internals apps, so they won't be accessed by the public, or over a public Internet (well, perhaps over VPN). And being a government agency, we can get certs for free from another agency. Why do you want to separate the web front end? Load balancing by our hardware Cisco ACE appliance. Also it then enables use to send the session to any available session host. Separating out the web front end from the back end RDSH servers (aka the server farm) is also the current configuration we have with our Citrix environment, and is I believe the recommended design for something like this. (I am told). What we want, or will have, is 2 web front ends and 3-4 back end session hosts. James. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, 21 March 2013 4:40 AM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! SO I am making progress! I had already installed the RDS as a role, but that didn't configure the deployment. So I went to Server Manager, clicked on RDS, and clicked on Deploy. It then went into what seemed like an install of RDS as a service (which had failed before). This time, however, the deploy step went through without error. I rebooted at the end, and after I logged back in, I was able to install an app (Notepad++), and then I was able to add it to a Quick Session Collection, publish it as a RemoteApp, and I was able to access it remotely. w00t! Definite progress. So now I need to make my own collection, add an app to it. Then investigate how to use a separate web server front end for it (to separate the RDS hosts from the web access). And probably give it our self-signed internal certificate, to stop it complaining about untrusted publishers of the app. So I am definitely further along than I was. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint
Re: Advice on setting up a Win2012 RDS environment - Progress!
On Thu, Mar 21, 2013 at 2:26 PM, Ken Cornetet ken.corne...@kimball.com wrote: I don't think you can have two connection brokers without complicating things (clustering and SQL server involved). If you have ESX clustering, you have your redundancy covered. No need for two web servers (or two brokers). ESX does HA with fewer headaches than any other way - use it. Yes, ESXi provides for HA, but with only 1 web server (or connection broker), what happens if something goes wrong with that machine? If I have to restart it for whatever reason (say it locks up, errors out, whatever), all users get kicked off the published app, don't they?. That's what I am trying to avoid. Would that not be best practice? Avoid a single point of failure at the various points - broker, web server, session host? Here's the general traffic flow (I think...): 1. Client hits web server. 2. Web server shows available apps 3. User clicks on app 4. Web server downloads .RDP file for app. The .RDP file points to the broker as the server address. 5. User's RDP app attempts to launch app from broker. 6. The broker sends the client a RDP redirect to the appropriate session host. 7. The user's RDP then opens a connection to the session host and launches the app. It has been a while, but I think this is how it worked in 2008 R2 and RDP versions up through 7. I've just started looking at 2012. I think RDP version 8 changes this up a bit. Thanks So the web server only really is a hand off to connection broker. Once the client gets and opens the RDP file, the web server becomes unimportant to the situation. So I guess having multiple web servers would be just for redundancy - if the web server goes down, currently connected users shouldn't even notice anything. But it means new users wouldn't be able to connect, until the web server becomes available again. Similarly for connection brokers, if I understand correctly. I'm not sure how multiple connection brokers would coordinate between themselves, or load balance. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 2:04 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet ken.corne...@kimball.com wrote: For traffic handling, you don't need two web servers for 4 session hosts. You don't need 2 web servers for 40 session hosts. Well, it's more for redundancy, than actual traffic balancing. Speaking of which ... does that mean for my situation I would want 2 connection brokers, rather than 2 web servers? Am I correct in assuming that the user actually hits the connection broker, which then passes to the web server (since we would want our users to be able to access via web browser), which then communicates back and forth with the session host? So I would want 2 connection brokers (which would be tied to my Cisco ACE appliance), so that if one goes down, complete access to the application itself does not. Similarly, I would want 2 web servers, and then the 3-4 session hosts (altho only the connection brokers would be connected to the ACE appliance) (also: in my case, the application being published is really just a front end itself; it communicates with SQL servers for it's data. There is no data in the application itself) For HA, I presume you are using an ESX cluster. Yep. ESXi 5.0 Update 2 cluster (hopefully soon be 5.1). -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 1:07 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Wed, Mar 20, 2013 at 7:53 PM, James Hill falc...@gmail.com wrote: Get a cert from a public CA. Far less hassle and they are very inexpensive. These are internals apps, so they won't be accessed by the public, or over a public Internet (well, perhaps over VPN). And being a government agency, we can get certs for free from another agency. Why do you want to separate the web front end? Load balancing by our hardware Cisco ACE appliance. Also it then enables use to send the session to any available session host. Separating out the web front end from the back end RDSH servers (aka the server farm) is also the current configuration we have with our Citrix environment, and is I believe the recommended design for something like this. (I am told). What we want, or will have, is 2 web front ends and 3-4 back end session hosts. James. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, 21 March 2013 4:40 AM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! SO I am making progress! I had already installed the RDS as a role, but that didn't configure the deployment. So I went to Server Manager, clicked on RDS, and
Re: Meraki
Yep, the free one. The MR12 *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Thu, Mar 21, 2013 at 1:54 PM, Matthew W. Ross mr...@ephrataschools.orgwrote: Which model did you get? Was this the free one they offer? --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Thu, 21 Mar 2013 10:45:55 -0800 Subject: Re: Meraki So, my device arrived today -- solid piece of hardware, so no complaints. As I review the setup instructions, I see a different concern than the ones that have been voiced thus far. I'm really not worried about what might happen 3 years from now, but rather how much information a cloud managed network device will provide about my whole network, and not just the device itself. The basic instructions say to logon to the website and configure the settings for the device, then put it on the network and have it download all its settings. I'm going to pay close attention to the type of traffic that this device sees fit to disclose. :) Not a complaint so much as an observation. There's always OpenWRT... *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Mon, Mar 18, 2013 at 11:34 PM, Jon Harris jk.har...@live.com wrote: Here is the question and answer from Meraki about what happens when the license expires. 1. What happens when or if the license for the Cloud Management of the device lapse?** ** **- Devices have a 90 day grace period for renewal. Beyond that, they will not be able to pass traffic. Jon -- From: jk.har...@live.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: Meraki Date: Mon, 18 Mar 2013 15:34:35 -0400 The actual response was at the end of the contract + 90 days is when the action would take place. The action in this instance was that it would stop passing traffic. When I get to work later I will cut the actual question/answer from my email and send it to the list. I don't doubt that most larger businesses would keep this device under contract. It would be very unwise to do otherwise, although I have seen other businesses that depend on their network, not keep their high dollar network devices under contract. Like I said earlier did find the fact that unlike a lot of other IT directed businesses they seemed to be more interested in allowing their hardware, in this case, to sell themselves rather than have some sales drone push it hard. That in itself to me is a big plus for the company. Jon -- From: gswe...@acts360.com To: ntsysadmin@lyris.sunbelt-software.com Subject: Re: Meraki Date: Sun, 17 Mar 2013 22:57:46 + It doesn't stop passing traffic and right now that’s not a hard cut off. We have gone a few weeks past an expiration and we can still monitor and make changes. I am sure at some point though you would lose ability to manage it. That is the one part of the whole solution that I am concerned with, but in almost all of my clients they keep up the warranty on their devices, controllers, servers, etc because to have it fail and either the replacement cost or downtime exposure is pretty steep. The renewal cost on the licenses is paying for the service. If you factor the cost of a Rukus, Firetide, Cisco, etc by the time you pay for the AP's, the controller and license cost I am pretty sure you would be very close to the cost over 3 years. At least we were when we checked it over Ruckus on 3 years. *Greg Sweers* CEO *ACTS360.com http://www.acts360.com/*** *P.O. Box 1193* *Brandon, FL 33509* *813-657-0849 Office* *813-644-3479 Cell* From: Adam Greene maill...@webjogger.net Reply-To: ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com Date: Saturday, March 16, 2013 9:27 AM To: ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com Subject: RE: Meraki I wonder if after 3 years you just lose the ability to manage it via the cloud. It seems pretty bad that the device itself would stop working if you don’t renew the license. *From:* Jon Harris [mailto:jk.har...@live.com jk.har...@live.com] *Sent:* Friday, March 15, 2013 7:57 PM *To:* NT System Admin Issues *Subject:* RE: Meraki Yes but at the end of 3 years you have to renew the license or the device will stop passing
RE: Advice on setting up a Win2012 RDS environment - Progress!
The web server and broker are out of the picture after the RDP client session is established with the session host. If something goes wrong with a session host, the users have lost their sessions anyway - no way to prevent that. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 3:19 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 2:26 PM, Ken Cornetet ken.corne...@kimball.com wrote: I don't think you can have two connection brokers without complicating things (clustering and SQL server involved). If you have ESX clustering, you have your redundancy covered. No need for two web servers (or two brokers). ESX does HA with fewer headaches than any other way - use it. Yes, ESXi provides for HA, but with only 1 web server (or connection broker), what happens if something goes wrong with that machine? If I have to restart it for whatever reason (say it locks up, errors out, whatever), all users get kicked off the published app, don't they?. That's what I am trying to avoid. Would that not be best practice? Avoid a single point of failure at the various points - broker, web server, session host? Here's the general traffic flow (I think...): 1. Client hits web server. 2. Web server shows available apps 3. User clicks on app 4. Web server downloads .RDP file for app. The .RDP file points to the broker as the server address. 5. User's RDP app attempts to launch app from broker. 6. The broker sends the client a RDP redirect to the appropriate session host. 7. The user's RDP then opens a connection to the session host and launches the app. It has been a while, but I think this is how it worked in 2008 R2 and RDP versions up through 7. I've just started looking at 2012. I think RDP version 8 changes this up a bit. Thanks So the web server only really is a hand off to connection broker. Once the client gets and opens the RDP file, the web server becomes unimportant to the situation. So I guess having multiple web servers would be just for redundancy - if the web server goes down, currently connected users shouldn't even notice anything. But it means new users wouldn't be able to connect, until the web server becomes available again. Similarly for connection brokers, if I understand correctly. I'm not sure how multiple connection brokers would coordinate between themselves, or load balance. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 2:04 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet ken.corne...@kimball.com wrote: For traffic handling, you don't need two web servers for 4 session hosts. You don't need 2 web servers for 40 session hosts. Well, it's more for redundancy, than actual traffic balancing. Speaking of which ... does that mean for my situation I would want 2 connection brokers, rather than 2 web servers? Am I correct in assuming that the user actually hits the connection broker, which then passes to the web server (since we would want our users to be able to access via web browser), which then communicates back and forth with the session host? So I would want 2 connection brokers (which would be tied to my Cisco ACE appliance), so that if one goes down, complete access to the application itself does not. Similarly, I would want 2 web servers, and then the 3-4 session hosts (altho only the connection brokers would be connected to the ACE appliance) (also: in my case, the application being published is really just a front end itself; it communicates with SQL servers for it's data. There is no data in the application itself) For HA, I presume you are using an ESX cluster. Yep. ESXi 5.0 Update 2 cluster (hopefully soon be 5.1). -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 1:07 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Wed, Mar 20, 2013 at 7:53 PM, James Hill falc...@gmail.com wrote: Get a cert from a public CA. Far less hassle and they are very inexpensive. These are internals apps, so they won't be accessed by the public, or over a public Internet (well, perhaps over VPN). And being a government agency, we can get certs for free from another agency. Why do you want to separate the web front end? Load balancing by our hardware Cisco ACE appliance. Also it then enables use to send the session to any available session host. Separating out the web front end from the back end RDSH servers (aka the server farm) is also the current configuration we have with our Citrix environment, and is I believe the recommended design for something like this. (I am told). What we want, or
Re: Advice on setting up a Win2012 RDS environment - Progress!
On Thu, Mar 21, 2013 at 3:59 PM, Ken Cornetet ken.corne...@kimball.com wrote: The web server and broker are out of the picture after the RDP client session is established with the session host. If something goes wrong with a session host, the users have lost their sessions anyway - no way to prevent that. Right. Another reason why we will have 3-4 session hosts (also the vendor recommends approx 35 sessions per host, of their published app, and I will have somewhere around 100 users total possible users, altho probably not that many concurrently). But if the session hosts stay up and available, without the connection broker and web server, no one who doesn't already have an active connected session can connect. That would be the reason for multiple brokers/web servers. (because even if we push an RDP to the client desktops, it points to a connection broker, right, which then re-directs to a session host, as you pointed out? So even clicking on the RDP link would fail, if the connect broker wasn't there) -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 3:19 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 2:26 PM, Ken Cornetet ken.corne...@kimball.com wrote: I don't think you can have two connection brokers without complicating things (clustering and SQL server involved). If you have ESX clustering, you have your redundancy covered. No need for two web servers (or two brokers). ESX does HA with fewer headaches than any other way - use it. Yes, ESXi provides for HA, but with only 1 web server (or connection broker), what happens if something goes wrong with that machine? If I have to restart it for whatever reason (say it locks up, errors out, whatever), all users get kicked off the published app, don't they?. That's what I am trying to avoid. Would that not be best practice? Avoid a single point of failure at the various points - broker, web server, session host? Here's the general traffic flow (I think...): 1. Client hits web server. 2. Web server shows available apps 3. User clicks on app 4. Web server downloads .RDP file for app. The .RDP file points to the broker as the server address. 5. User's RDP app attempts to launch app from broker. 6. The broker sends the client a RDP redirect to the appropriate session host. 7. The user's RDP then opens a connection to the session host and launches the app. It has been a while, but I think this is how it worked in 2008 R2 and RDP versions up through 7. I've just started looking at 2012. I think RDP version 8 changes this up a bit. Thanks So the web server only really is a hand off to connection broker. Once the client gets and opens the RDP file, the web server becomes unimportant to the situation. So I guess having multiple web servers would be just for redundancy - if the web server goes down, currently connected users shouldn't even notice anything. But it means new users wouldn't be able to connect, until the web server becomes available again. Similarly for connection brokers, if I understand correctly. I'm not sure how multiple connection brokers would coordinate between themselves, or load balance. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 2:04 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet ken.corne...@kimball.com wrote: For traffic handling, you don't need two web servers for 4 session hosts. You don't need 2 web servers for 40 session hosts. Well, it's more for redundancy, than actual traffic balancing. Speaking of which ... does that mean for my situation I would want 2 connection brokers, rather than 2 web servers? Am I correct in assuming that the user actually hits the connection broker, which then passes to the web server (since we would want our users to be able to access via web browser), which then communicates back and forth with the session host? So I would want 2 connection brokers (which would be tied to my Cisco ACE appliance), so that if one goes down, complete access to the application itself does not. Similarly, I would want 2 web servers, and then the 3-4 session hosts (altho only the connection brokers would be connected to the ACE appliance) (also: in my case, the application being published is really just a front end itself; it communicates with SQL servers for it's data. There is no data in the application itself) For HA, I presume you are using an ESX cluster. Yep. ESXi 5.0 Update 2 cluster (hopefully soon be 5.1). -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 1:07 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS
RE: Advice on setting up a Win2012 RDS environment - Progress!
With VMWare HA, your web server and broker will only be down for a minute or two - even if one physical host crashes. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 4:18 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 3:59 PM, Ken Cornetet ken.corne...@kimball.com wrote: The web server and broker are out of the picture after the RDP client session is established with the session host. If something goes wrong with a session host, the users have lost their sessions anyway - no way to prevent that. Right. Another reason why we will have 3-4 session hosts (also the vendor recommends approx 35 sessions per host, of their published app, and I will have somewhere around 100 users total possible users, altho probably not that many concurrently). But if the session hosts stay up and available, without the connection broker and web server, no one who doesn't already have an active connected session can connect. That would be the reason for multiple brokers/web servers. (because even if we push an RDP to the client desktops, it points to a connection broker, right, which then re-directs to a session host, as you pointed out? So even clicking on the RDP link would fail, if the connect broker wasn't there) -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 3:19 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 2:26 PM, Ken Cornetet ken.corne...@kimball.com wrote: I don't think you can have two connection brokers without complicating things (clustering and SQL server involved). If you have ESX clustering, you have your redundancy covered. No need for two web servers (or two brokers). ESX does HA with fewer headaches than any other way - use it. Yes, ESXi provides for HA, but with only 1 web server (or connection broker), what happens if something goes wrong with that machine? If I have to restart it for whatever reason (say it locks up, errors out, whatever), all users get kicked off the published app, don't they?. That's what I am trying to avoid. Would that not be best practice? Avoid a single point of failure at the various points - broker, web server, session host? Here's the general traffic flow (I think...): 1. Client hits web server. 2. Web server shows available apps 3. User clicks on app 4. Web server downloads .RDP file for app. The .RDP file points to the broker as the server address. 5. User's RDP app attempts to launch app from broker. 6. The broker sends the client a RDP redirect to the appropriate session host. 7. The user's RDP then opens a connection to the session host and launches the app. It has been a while, but I think this is how it worked in 2008 R2 and RDP versions up through 7. I've just started looking at 2012. I think RDP version 8 changes this up a bit. Thanks So the web server only really is a hand off to connection broker. Once the client gets and opens the RDP file, the web server becomes unimportant to the situation. So I guess having multiple web servers would be just for redundancy - if the web server goes down, currently connected users shouldn't even notice anything. But it means new users wouldn't be able to connect, until the web server becomes available again. Similarly for connection brokers, if I understand correctly. I'm not sure how multiple connection brokers would coordinate between themselves, or load balance. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 2:04 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet ken.corne...@kimball.com wrote: For traffic handling, you don't need two web servers for 4 session hosts. You don't need 2 web servers for 40 session hosts. Well, it's more for redundancy, than actual traffic balancing. Speaking of which ... does that mean for my situation I would want 2 connection brokers, rather than 2 web servers? Am I correct in assuming that the user actually hits the connection broker, which then passes to the web server (since we would want our users to be able to access via web browser), which then communicates back and forth with the session host? So I would want 2 connection brokers (which would be tied to my Cisco ACE appliance), so that if one goes down, complete access to the application itself does not. Similarly, I would want 2 web servers, and then the 3-4 session hosts (altho only the connection brokers would be connected to the ACE appliance) (also: in my case, the application being published is really just a front end itself; it communicates with SQL servers for it's data. There
Forefront client security
How is this different from SCEP? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Forefront client security
Isn't Forefront the Home/SMB version? --Matt Ross Ephrata School District - Original Message - From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Thu, 21 Mar 2013 14:11:31 -0800 Subject: Forefront client security How is this different from SCEP? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DPM and LTO6?
I haven’t a clue, but, isn't the specific tape media/type abstracted to the backup program via the driver? Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, March 21, 2013 4:28 PM To: NT System Admin Issues Subject: DPM and LTO6? Anyone know if it's supported? The last notes I see on the MSFT site don't show any references to it, just LTO5, and I've got an opportunity to buy a new tape unit before the end of the month/FY, so have to make a decision today... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DPM and LTO6?
I would expect that, but the HCL for DPM doesn't list any LTO6 machines - only LTO5 and earlier, so I ask... Kurt On Thu, Mar 21, 2013 at 2:49 PM, Brian Desmond br...@briandesmond.com wrote: I haven’t a clue, but, isn't the specific tape media/type abstracted to the backup program via the driver? Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, March 21, 2013 4:28 PM To: NT System Admin Issues Subject: DPM and LTO6? Anyone know if it's supported? The last notes I see on the MSFT site don't show any references to it, just LTO5, and I've got an opportunity to buy a new tape unit before the end of the month/FY, so have to make a decision today... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Forefront client security
From what I remember. Forefront Client Security was the original product/name. The name changed to Forefront Endpoint Protection with the initial System Center products. It is now called System Center 2012 Endpoint Protection. I wonder what it will be called next? -Original Message- From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov] Sent: Thursday, March 21, 2013 2:12 PM To: NT System Admin Issues Subject: Forefront client security How is this different from SCEP? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Advice on setting up a Win2012 RDS environment - Progress!
It is possible to overdo HA to the point of introducing fragility to a system. Too many moving pieces for not enough benefit. *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Thu, Mar 21, 2013 at 4:42 PM, Ken Cornetet ken.corne...@kimball.comwrote: With VMWare HA, your web server and broker will only be down for a minute or two - even if one physical host crashes. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 4:18 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 3:59 PM, Ken Cornetet ken.corne...@kimball.com wrote: The web server and broker are out of the picture after the RDP client session is established with the session host. If something goes wrong with a session host, the users have lost their sessions anyway - no way to prevent that. Right. Another reason why we will have 3-4 session hosts (also the vendor recommends approx 35 sessions per host, of their published app, and I will have somewhere around 100 users total possible users, altho probably not that many concurrently). But if the session hosts stay up and available, without the connection broker and web server, no one who doesn't already have an active connected session can connect. That would be the reason for multiple brokers/web servers. (because even if we push an RDP to the client desktops, it points to a connection broker, right, which then re-directs to a session host, as you pointed out? So even clicking on the RDP link would fail, if the connect broker wasn't there) -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 3:19 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 2:26 PM, Ken Cornetet ken.corne...@kimball.com wrote: I don't think you can have two connection brokers without complicating things (clustering and SQL server involved). If you have ESX clustering, you have your redundancy covered. No need for two web servers (or two brokers). ESX does HA with fewer headaches than any other way - use it. Yes, ESXi provides for HA, but with only 1 web server (or connection broker), what happens if something goes wrong with that machine? If I have to restart it for whatever reason (say it locks up, errors out, whatever), all users get kicked off the published app, don't they?. That's what I am trying to avoid. Would that not be best practice? Avoid a single point of failure at the various points - broker, web server, session host? Here's the general traffic flow (I think...): 1. Client hits web server. 2. Web server shows available apps 3. User clicks on app 4. Web server downloads .RDP file for app. The .RDP file points to the broker as the server address. 5. User's RDP app attempts to launch app from broker. 6. The broker sends the client a RDP redirect to the appropriate session host. 7. The user's RDP then opens a connection to the session host and launches the app. It has been a while, but I think this is how it worked in 2008 R2 and RDP versions up through 7. I've just started looking at 2012. I think RDP version 8 changes this up a bit. Thanks So the web server only really is a hand off to connection broker. Once the client gets and opens the RDP file, the web server becomes unimportant to the situation. So I guess having multiple web servers would be just for redundancy - if the web server goes down, currently connected users shouldn't even notice anything. But it means new users wouldn't be able to connect, until the web server becomes available again. Similarly for connection brokers, if I understand correctly. I'm not sure how multiple connection brokers would coordinate between themselves, or load balance. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 2:04 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet ken.corne...@kimball.com wrote: For traffic handling, you don't need two web servers for 4 session hosts. You don't need 2 web servers for 40 session hosts. Well, it's more for redundancy, than actual traffic balancing. Speaking of which ... does that mean for my situation I would want 2 connection brokers, rather than 2 web servers? Am I correct in assuming that the user actually hits the connection broker, which then passes to the web server (since we would want our users to be able to access via web browser), which then communicates back and forth with the session host? So I would want 2 connection brokers (which would
RE: OT: Career and Social Media
I can attest to that. My last two jobs have come because social media. Sent from Microsoft Surface Pro From: Andrew S. Baker Sent: March 21, 2013 6:38 PM To: NT System Admin Issues Subject: OT: Career and Social Media http://www.dilbert.com/fast/2013-03-21/ This is the new reality, folks. You don't have to embrace it, but to fight it is going to be career limiting . Within 5 years, it will be a major factor in employment... Who knows about you is becoming as important as what you know. -ASB: http://XeeMe.com/AndrewBaker ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Advice on setting up a Win2012 RDS environment - Progress!
Even if they aren't accessed externally I think a cert from a public CA makes sense because you don't have to distribute an internal cert to the devices that need it. If for some reasons down the track the apps are made available externally then there is no work to do. Personal choice of cause but all up including labour hours I think a public cert is cheaper, quicker and easier. You can put the web front end and RDG(if you are going to use it which it sounds like you may not) on a separate server. You would only need one for the type of load you have indicated. They sit in front of the connection broker as such. I agree with Ken on the HA side of things. Do the users browse to a website now to access the apps and this is what you want with Remote desktop services? I ask as if it is just for internal use you may like to just publish the apps to the desktops. James. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Friday, 22 March 2013 3:07 AM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Wed, Mar 20, 2013 at 7:53 PM, James Hill falc...@gmail.com wrote: Get a cert from a public CA. Far less hassle and they are very inexpensive. These are internals apps, so they won't be accessed by the public, or over a public Internet (well, perhaps over VPN). And being a government agency, we can get certs for free from another agency. Why do you want to separate the web front end? Load balancing by our hardware Cisco ACE appliance. Also it then enables use to send the session to any available session host. Separating out the web front end from the back end RDSH servers (aka the server farm) is also the current configuration we have with our Citrix environment, and is I believe the recommended design for something like this. (I am told). What we want, or will have, is 2 web front ends and 3-4 back end session hosts. James. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, 21 March 2013 4:40 AM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! SO I am making progress! I had already installed the RDS as a role, but that didn't configure the deployment. So I went to Server Manager, clicked on RDS, and clicked on Deploy. It then went into what seemed like an install of RDS as a service (which had failed before). This time, however, the deploy step went through without error. I rebooted at the end, and after I logged back in, I was able to install an app (Notepad++), and then I was able to add it to a Quick Session Collection, publish it as a RemoteApp, and I was able to access it remotely. w00t! Definite progress. So now I need to make my own collection, add an app to it. Then investigate how to use a separate web server front end for it (to separate the RDS hosts from the web access). And probably give it our self-signed internal certificate, to stop it complaining about untrusted publishers of the app. So I am definitely further along than I was. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Career and Social Media
I am glad I am getting close to the end of my career. I really dislike using things like Facebook for anything more than keeping in touch with family/friends. LinkedIN is about the only social media I use for business. I like to keep the two very separate from each other. Jon From: rodtr...@myitforum.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: OT: Career and Social Media Date: Thu, 21 Mar 2013 22:49:52 + I can attest to that. My last two jobs have come because social media. Sent from Microsoft Surface Pro From: Andrew S. Baker Sent: March 21, 2013 6:38 PM To: NT System Admin Issues Subject: OT: Career and Social Media http://www.dilbert.com/fast/2013-03-21/ This is the new reality, folks. You don't have to embrace it, but to fight it is going to be career limiting . Within 5 years, it will be a major factor in employment... Who knows about you is becoming as important as what you know. -ASB: http://XeeMe.com/AndrewBaker ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Meraki
I agree that was one of the reasons I even looked further. I think it is about time someone had something like this now it just comes down to does it work as well as the Webinar showed it working and costs. Jon From: sca...@gmail.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: Meraki Date: Thu, 21 Mar 2013 13:17:02 -0500 Valid concern. That aside, I watched the presentation and was very impressed! -Sam From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, March 21, 2013 12:46 PM To: NT System Admin Issues Subject: Re: Meraki So, my device arrived today -- solid piece of hardware, so no complaints. As I review the setup instructions, I see a different concern than the ones that have been voiced thus far. I'm really not worried about what might happen 3 years from now, but rather how much information a cloud managed network device will provide about my whole network, and not just the device itself. The basic instructions say to logon to the website and configure the settings for the device, then put it on the network and have it download all its settings. I'm going to pay close attention to the type of traffic that this device sees fit to disclose. :) Not a complaint so much as an observation. There's always OpenWRT... ASB http://XeeMe.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market… On Mon, Mar 18, 2013 at 11:34 PM, Jon Harris jk.har...@live.com wrote:Here is the question and answer from Meraki about what happens when the license expires. 1. What happens when or if the license for the Cloud Management of the device lapse? - Devices have a 90 day grace period for renewal. Beyond that, they will not be able to pass traffic. JonFrom: jk.har...@live.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: MerakiDate: Mon, 18 Mar 2013 15:34:35 -0400 The actual response was at the end of the contract + 90 days is when the action would take place. The action in this instance was that it would stop passing traffic. When I get to work later I will cut the actual question/answer from my email and send it to the list. I don't doubt that most larger businesses would keep this device under contract. It would be very unwise to do otherwise, although I have seen other businesses that depend on their network, not keep their high dollar network devices under contract. Like I said earlier did find the fact that unlike a lot of other IT directed businesses they seemed to be more interested in allowing their hardware, in this case, to sell themselves rather than have some sales drone push it hard. That in itself to me is a big plus for the company. Jon From: gswe...@acts360.com To: ntsysadmin@lyris.sunbelt-software.com Subject: Re: Meraki Date: Sun, 17 Mar 2013 22:57:46 +It doesn't stop passing traffic and right now that’s not a hard cut off. We have gone a few weeks past an expiration and we can still monitor and make changes. I am sure at some point though you would lose ability to manage it. That is the one part of the whole solution that I am concerned with, but in almost all of my clients they keep up the warranty on their devices, controllers, servers, etc because to have it fail and either the replacement cost or downtime exposure is pretty steep. The renewal cost on the licenses is paying for the service. If you factor the cost of a Rukus, Firetide, Cisco, etc by the time you pay for the AP's, the controller and license cost I am pretty sure you would be very close to the cost over 3 years. At least we were when we checked it over Ruckus on 3 years. Greg SweersCEOACTS360.comP.O. Box 1193Brandon, FL 33509813-657-0849 Office813-644-3479 Cell From: Adam Greene maill...@webjogger.net Reply-To: ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com Date: Saturday, March 16, 2013 9:27 AM To: ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com Subject: RE: Meraki I wonder if after 3 years you just lose the ability to manage it via the cloud. It seems pretty bad that the device itself would stop working if you don’t renew the license. From: Jon Harris [mailto:jk.har...@live.com] Sent: Friday, March 15, 2013 7:57 PM To: NT System Admin Issues Subject: RE: Meraki Yes but at the end of 3 years you have to renew the license or the device will stop passing traffic. At least that is what the sales drone told me. I still don't know a lot of homeowners or mom pop SMB's that will buy into something that requires this type of commitment or yearly price. I will know better after I do my evaluation but I don't see it happening long term. Once I am finished with my evaluation I get the lovely chore of passing my findings to my boss here at work for him to think about. We are not that commited to doing wireless except for BOD and certain officers at only certain locations. This looked like something they would
RE: Meraki
Will you be posting what you find out on what the system pushes up to their cloud? Jon From: asbz...@gmail.com Date: Thu, 21 Mar 2013 15:50:52 -0400 Subject: Re: Meraki To: ntsysadmin@lyris.sunbelt-software.com The technology is quite impressive, I must admit. ASB http://XeeMe.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market… On Thu, Mar 21, 2013 at 2:17 PM, Sam Cayze sca...@gmail.com wrote: Valid concern. That aside, I watched the presentation and was very impressed! -Sam From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, March 21, 2013 12:46 PM To: NT System Admin Issues Subject: Re: Meraki So, my device arrived today -- solid piece of hardware, so no complaints. As I review the setup instructions, I see a different concern than the ones that have been voiced thus far. I'm really not worried about what might happen 3 years from now, but rather how much information a cloud managed network device will provide about my whole network, and not just the device itself. The basic instructions say to logon to the website and configure the settings for the device, then put it on the network and have it download all its settings. I'm going to pay close attention to the type of traffic that this device sees fit to disclose. :) Not a complaint so much as an observation. There's always OpenWRT... ASB http://XeeMe.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market… On Mon, Mar 18, 2013 at 11:34 PM, Jon Harris jk.har...@live.com wrote: Here is the question and answer from Meraki about what happens when the license expires. 1. What happens when or if the license for the Cloud Management of the device lapse? - Devices have a 90 day grace period for renewal. Beyond that, they will not be able to pass traffic. Jon From: jk.har...@live.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: MerakiDate: Mon, 18 Mar 2013 15:34:35 -0400 The actual response was at the end of the contract + 90 days is when the action would take place. The action in this instance was that it would stop passing traffic. When I get to work later I will cut the actual question/answer from my email and send it to the list. I don't doubt that most larger businesses would keep this device under contract. It would be very unwise to do otherwise, although I have seen other businesses that depend on their network, not keep their high dollar network devices under contract. Like I said earlier did find the fact that unlike a lot of other IT directed businesses they seemed to be more interested in allowing their hardware, in this case, to sell themselves rather than have some sales drone push it hard. That in itself to me is a big plus for the company. Jon From: gswe...@acts360.com To: ntsysadmin@lyris.sunbelt-software.com Subject: Re: Meraki Date: Sun, 17 Mar 2013 22:57:46 + It doesn't stop passing traffic and right now that’s not a hard cut off. We have gone a few weeks past an expiration and we can still monitor and make changes. I am sure at some point though you would lose ability to manage it. That is the one part of the whole solution that I am concerned with, but in almost all of my clients they keep up the warranty on their devices, controllers, servers, etc because to have it fail and either the replacement cost or downtime exposure is pretty steep. The renewal cost on the licenses is paying for the service. If you factor the cost of a Rukus, Firetide, Cisco, etc by the time you pay for the AP's, the controller and license cost I am pretty sure you would be very close to the cost over 3 years. At least we were when we checked it over Ruckus on 3 years. Greg SweersCEO ACTS360.com P.O. Box 1193Brandon, FL 33509 813-657-0849 Office813-644-3479 Cell From: Adam Greene maill...@webjogger.net Reply-To: ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com Date: Saturday, March 16, 2013 9:27 AM To: ntsysadmin@lyris.sunbelt-software.com ntsysadmin@lyris.sunbelt-software.com Subject: RE: Meraki I wonder if after 3 years you just lose the ability to manage it via the cloud. It seems pretty bad that the device itself would stop working if you don’t renew the license. From: Jon Harris [mailto:jk.har...@live.com] Sent: Friday, March 15, 2013 7:57 PM To: NT System Admin Issues Subject: RE: Meraki Yes but at the end of 3 years you have to renew the license or the device will stop passing traffic. At least that is what the sales drone told me. I still don't know a lot of homeowners or mom pop SMB's that will buy into something that requires this type of commitment or yearly price. I will know better after I do my evaluation but I don't see it happening long term. Once I am finished with my evaluation I get the
RE: Advice on setting up a Win2012 RDS environment - Progress!
Or, as one of my old engineering professors like to remind us, the motto at the old Western Electric (the folks that used to make phones) was A part that isn't there is 100% reliable. Western Electric mandated a 60 *year* MTBF for their phone equipment designs. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, March 21, 2013 6:33 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! It is possible to overdo HA to the point of introducing fragility to a system. Too many moving pieces for not enough benefit. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Thu, Mar 21, 2013 at 4:42 PM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote: With VMWare HA, your web server and broker will only be down for a minute or two - even if one physical host crashes. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.commailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 4:18 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 3:59 PM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote: The web server and broker are out of the picture after the RDP client session is established with the session host. If something goes wrong with a session host, the users have lost their sessions anyway - no way to prevent that. Right. Another reason why we will have 3-4 session hosts (also the vendor recommends approx 35 sessions per host, of their published app, and I will have somewhere around 100 users total possible users, altho probably not that many concurrently). But if the session hosts stay up and available, without the connection broker and web server, no one who doesn't already have an active connected session can connect. That would be the reason for multiple brokers/web servers. (because even if we push an RDP to the client desktops, it points to a connection broker, right, which then re-directs to a session host, as you pointed out? So even clicking on the RDP link would fail, if the connect broker wasn't there) -Original Message- From: Michael Leone [mailto:oozerd...@gmail.commailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 3:19 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 2:26 PM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote: I don't think you can have two connection brokers without complicating things (clustering and SQL server involved). If you have ESX clustering, you have your redundancy covered. No need for two web servers (or two brokers). ESX does HA with fewer headaches than any other way - use it. Yes, ESXi provides for HA, but with only 1 web server (or connection broker), what happens if something goes wrong with that machine? If I have to restart it for whatever reason (say it locks up, errors out, whatever), all users get kicked off the published app, don't they?. That's what I am trying to avoid. Would that not be best practice? Avoid a single point of failure at the various points - broker, web server, session host? Here's the general traffic flow (I think...): 1. Client hits web server. 2. Web server shows available apps 3. User clicks on app 4. Web server downloads .RDP file for app. The .RDP file points to the broker as the server address. 5. User's RDP app attempts to launch app from broker. 6. The broker sends the client a RDP redirect to the appropriate session host. 7. The user's RDP then opens a connection to the session host and launches the app. It has been a while, but I think this is how it worked in 2008 R2 and RDP versions up through 7. I've just started looking at 2012. I think RDP version 8 changes this up a bit. Thanks So the web server only really is a hand off to connection broker. Once the client gets and opens the RDP file, the web server becomes unimportant to the situation. So I guess having multiple web servers would be just for redundancy - if the web server goes down, currently connected users shouldn't even notice anything. But it means new users wouldn't be able to connect, until the web server becomes available again. Similarly for connection brokers, if I understand correctly. I'm not sure how multiple connection brokers would coordinate between themselves, or load balance. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.commailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 2:04 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote:
RE: RT devices?
The issue I have with managing RT devices is that they have changed the licensing- only offering per user licensing and that there is no system center on premise solution you have to go with a cloud solution. I thought Microsoft's strategy was to offer both an on premise and cloud offering and give the costumer the option From: Tobie Fysh [mailto:tobie.f...@freebridge.org.uk] Sent: Wednesday, March 20, 2013 12:47 PM To: NT System Admin Issues Subject: RE: RT devices? They are able to be managed via System Centre/Intune as far as I'm aware. Tobie From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: 20 March 2013 15:57 To: NT System Admin Issues Subject: RE: RT devices? I'm very fond of GPOs and full application support. From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Wednesday, March 20, 2013 11:28 AM To: NT System Admin Issues Subject: RE: RT devices? Why is the RT not appropriate for business? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, March 20, 2013 11:01 AM To: NT System Admin Issues Subject: RE: RT devices? The Pro is very slick and I've got a hospital client that is testing them. So far, they are very happy with them. I don't think the RT is appropriate in a business environment. Just IMHO. From: Webster [mailto:webs...@carlwebster.com] Sent: Wednesday, March 20, 2013 8:32 AM To: NT System Admin Issues Subject: RE: RT devices? Not RT but the project I am on, the IT virtual desktop team is testing the Pro device and they love them. They prefer them to the iPads. I can't provide any specifics as that is not the part of the project I am working on. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Tuesday, March 19, 2013 11:42 PM To: NT System Admin Issues Subject: RT devices? I am curious to know if anyone is thinking or has deployed RT devices to their end users. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin This message has been scanned by MimeCast on behalf of Freebridge Community Housing and found to be free of viruses and not SPAM. If you have any concerns about the message contents please contact the ICT ServiceDesk. [Freebridge Community Housing Logo]http://www.freebridge.org.uk [twitter.com/Freebridge]http://twitter.com/Freebridge [Freebridge on Facebook]http://www.facebook.com/pages/Kings-Lynn-United-Kingdom/Freebridge-Community-Housing/192690183387?v=box_3 This e-mail (including any attachments), is confidential and intended only for the use of the addressee(s). It may contain information covered by legal, professional or other privilege. If you are not an addressee, please inform the sender immediately and destroy this e-mail. Do not copy, use or disclose this e-mail. E-mail transmission cannot be guaranteed to be secure or error free. The sender does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard copy version. Freebridge Community Housing Ltd is a Charitable Industrial and Provident Society - Reg No IP29744R Registered with the Registered with the Homes Communities Agency - No L4463. VAT Registration Number 860762121 Freebridge Community Housing, Juniper House, Austin Street, Kings Lynn, Norfolk PE30 1DZ This email message has been scanned for viruses by Mimecast.
Re: OT: Career and Social Media
+1000 I do not have a facebook account, nor any other social media account other than LinkedIn. Work and personal life are as separate as I can make them. Social media is a time stealer and a privacy invader. Kurt On Thu, Mar 21, 2013 at 5:47 PM, Jon Harris jk.har...@live.com wrote: I am glad I am getting close to the end of my career. I really dislike using things like Facebook for anything more than keeping in touch with family/friends. LinkedIN is about the only social media I use for business. I like to keep the two very separate from each other. Jon -- From: rodtr...@myitforum.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: OT: Career and Social Media Date: Thu, 21 Mar 2013 22:49:52 + I can attest to that. My last two jobs have come because social media. Sent from Microsoft Surface Pro *From:* Andrew S. Baker *Sent:* March 21, 2013 6:38 PM *To:* NT System Admin Issues *Subject:* OT: Career and Social Media http://www.dilbert.com/fast/2013-03-21/ This is the new reality, folks. You don't have to *embrace* it, but to fight it is going to be career limiting . Within 5 years, it will be a major factor in employment... Who knows about you is becoming as important as what you know. -ASB: http://XeeMe.com/AndrewBaker ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin --_ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Career and Social Media
Networking has always been important to finding work. You used to do it at work, user groups etc. Now you can also do it via LinkedIn or a blog etc. I think you’re confusing Facebook (a specific social media implementation) with digital networking/reputation (as a general concept) Cheers Ken From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 22 March 2013 1:51 PM To: NT System Admin Issues Subject: Re: OT: Career and Social Media +1000 I do not have a facebook account, nor any other social media account other than LinkedIn. Work and personal life are as separate as I can make them. Social media is a time stealer and a privacy invader. Kurt On Thu, Mar 21, 2013 at 5:47 PM, Jon Harris jk.har...@live.commailto:jk.har...@live.com wrote: I am glad I am getting close to the end of my career. I really dislike using things like Facebook for anything more than keeping in touch with family/friends. LinkedIN is about the only social media I use for business. I like to keep the two very separate from each other. Jon From: rodtr...@myitforum.commailto:rodtr...@myitforum.com To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: OT: Career and Social Media Date: Thu, 21 Mar 2013 22:49:52 + I can attest to that. My last two jobs have come because social media. Sent from Microsoft Surface Pro From: Andrew S. Baker Sent: March 21, 2013 6:38 PM To: NT System Admin Issues Subject: OT: Career and Social Media http://www.dilbert.com/fast/2013-03-21/ This is the new reality, folks. You don't have to embrace it, but to fight it is going to be career limiting . Within 5 years, it will be a major factor in employment... Who knows about you is becoming as important as what you know. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: Career and Social Media
Perhaps I am, but I don't think so - for instance, LinkedIn is trying to become the Facebook of the business set, and harvest data for sale in one form or another. I'll put it this way: if it's a free service on the Internet, you're paying in the form of data harvesting, and that's almost certainly true even after you start paying for a service that was free. On the other hand, a blog, if you have something to say in that form, certainly can be useful for finding an audience, but it requires time to do well, and also isn't something to which I want to dedicate my time. On the gripping hand, social media isn't well-defined, and probably means many things to many people. This list is an example - is it social media? While it's free to us, it's, AFAICT, one of the few places I visit (and I use that term loosely, because I don't sign on to the forum, I only post via email) that doesn't harvest data, or if they do, I haven't seen evidence of it. Sunbelt/GFI does get a fair amount of goodwill out of however, and I'm really grateful for the service. And, this list is certainly how I do some of my networking. But in the main, I find what most people consider social media (facebook, linkedin, friendster, myspace, twitter, etc.) to be nothing more than short attention span theater, along with TV, and would rather be spending real time with either friends or a book. Kurt On Thu, Mar 21, 2013 at 8:58 PM, Ken Schaefer k...@adopenstatic.com wrote: Networking has always been important to finding work. You used to do it at work, user groups etc. Now you can also do it via LinkedIn or a blog etc. I think you’re confusing Facebook (a specific social media implementation) with digital networking/reputation (as a general concept) Cheers Ken From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 22 March 2013 1:51 PM To: NT System Admin Issues Subject: Re: OT: Career and Social Media +1000 I do not have a facebook account, nor any other social media account other than LinkedIn. Work and personal life are as separate as I can make them. Social media is a time stealer and a privacy invader. Kurt On Thu, Mar 21, 2013 at 5:47 PM, Jon Harris jk.har...@live.com wrote: I am glad I am getting close to the end of my career. I really dislike using things like Facebook for anything more than keeping in touch with family/friends. LinkedIN is about the only social media I use for business. I like to keep the two very separate from each other. Jon From: rodtr...@myitforum.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: OT: Career and Social Media Date: Thu, 21 Mar 2013 22:49:52 + I can attest to that. My last two jobs have come because social media. Sent from Microsoft Surface Pro From: Andrew S. Baker Sent: March 21, 2013 6:38 PM To: NT System Admin Issues Subject: OT: Career and Social Media http://www.dilbert.com/fast/2013-03-21/ This is the new reality, folks. You don't have to embrace it, but to fight it is going to be career limiting . Within 5 years, it will be a major factor in employment... Who knows about you is becoming as important as what you know. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Career and Social Media
I'm sure we'd all prefer to be off doing the things we like to do. But we still need to find jobs somehow. And finding jobs usually depends on your network (it's possible to get some jobs 'cold' but that isn't the norm IME). That the network is extending into the digital realm, I think, is ASB's point. Obviously if you have a large offline network already, then you may need do nothing more. But for people starting out in their careers today, it's probably going to become more important. ASB's comment: Who knows about you is becoming as important as what you know. Isn't specific to social media - it's always been the case IME Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 22 March 2013 3:25 PM To: NT System Admin Issues Subject: Re: OT: Career and Social Media snippage I ... would rather be spending real time with either friends or a book. Kurt On Thu, Mar 21, 2013 at 8:58 PM, Ken Schaefer k...@adopenstatic.com wrote: Networking has always been important to finding work. You used to do it at work, user groups etc. Now you can also do it via LinkedIn or a blog etc. I think you’re confusing Facebook (a specific social media implementation) with digital networking/reputation (as a general concept) Cheers Ken From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 22 March 2013 1:51 PM To: NT System Admin Issues Subject: Re: OT: Career and Social Media +1000 I do not have a facebook account, nor any other social media account other than LinkedIn. Work and personal life are as separate as I can make them. Social media is a time stealer and a privacy invader. Kurt On Thu, Mar 21, 2013 at 5:47 PM, Jon Harris jk.har...@live.com wrote: I am glad I am getting close to the end of my career. I really dislike using things like Facebook for anything more than keeping in touch with family/friends. LinkedIN is about the only social media I use for business. I like to keep the two very separate from each other. Jon From: rodtr...@myitforum.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: OT: Career and Social Media Date: Thu, 21 Mar 2013 22:49:52 + I can attest to that. My last two jobs have come because social media. Sent from Microsoft Surface Pro From: Andrew S. Baker Sent: March 21, 2013 6:38 PM To: NT System Admin Issues Subject: OT: Career and Social Media http://www.dilbert.com/fast/2013-03-21/ This is the new reality, folks. You don't have to embrace it, but to fight it is going to be career limiting . Within 5 years, it will be a major factor in employment... Who knows about you is becoming as important as what you know. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Career and Social Media
I agree to a point with Ken, It is not what you know but who you know! that gets you the job(s). I have only gotten one position, many many years ago on the basis of what I knew. All of them since then have been on who I knew as much or more as what I know. Yes what you know is important but of more importance is who you know just to get to the stage of proving you know your stuff. Jon -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Friday, March 22, 2013 12:43 AM To: NT System Admin Issues Subject: RE: OT: Career and Social Media I'm sure we'd all prefer to be off doing the things we like to do. But we still need to find jobs somehow. And finding jobs usually depends on your network (it's possible to get some jobs 'cold' but that isn't the norm IME). That the network is extending into the digital realm, I think, is ASB's point. Obviously if you have a large offline network already, then you may need do nothing more. But for people starting out in their careers today, it's probably going to become more important. ASB's comment: Who knows about you is becoming as important as what you know. Isn't specific to social media - it's always been the case IME Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 22 March 2013 3:25 PM To: NT System Admin Issues Subject: Re: OT: Career and Social Media snippage I ... would rather be spending real time with either friends or a book. Kurt On Thu, Mar 21, 2013 at 8:58 PM, Ken Schaefer k...@adopenstatic.com wrote: Networking has always been important to finding work. You used to do it at work, user groups etc. Now you can also do it via LinkedIn or a blog etc. I think you’re confusing Facebook (a specific social media implementation) with digital networking/reputation (as a general concept) Cheers Ken From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 22 March 2013 1:51 PM To: NT System Admin Issues Subject: Re: OT: Career and Social Media +1000 I do not have a facebook account, nor any other social media account other than LinkedIn. Work and personal life are as separate as I can make them. Social media is a time stealer and a privacy invader. Kurt On Thu, Mar 21, 2013 at 5:47 PM, Jon Harris jk.har...@live.com wrote: I am glad I am getting close to the end of my career. I really dislike using things like Facebook for anything more than keeping in touch with family/friends. LinkedIN is about the only social media I use for business. I like to keep the two very separate from each other. Jon From: rodtr...@myitforum.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: OT: Career and Social Media Date: Thu, 21 Mar 2013 22:49:52 + I can attest to that. My last two jobs have come because social media. Sent from Microsoft Surface Pro From: Andrew S. Baker Sent: March 21, 2013 6:38 PM To: NT System Admin Issues Subject: OT: Career and Social Media http://www.dilbert.com/fast/2013-03-21/ This is the new reality, folks. You don't have to embrace it, but to fight it is going to be career limiting . Within 5 years, it will be a major factor in employment... Who knows about you is becoming as important as what you know. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin