Zerotier & Mikrotik design concept

I’ve been happily using Zerotier for some of my own internal SD_WAN/VPN style connectivity for a while now and have found it to be a really effective solution that obviates many of the pain points of traditional VPN solutions. And I’m been a happy Mikrotik owner, specifically on the switching side of the house. But when I discovered that there is a Zerotier package for the Mikrotik routers, that made me decide to do some more research about leveraging the fact that Zerotier isn’t just point-to-point connections between the participants, but that Zerotier clients can also be routers for complete IP subnets. [Read More]

How to (safely) run ESXi on the internet part 2

The first part of this series was about getting the basics setup so you can more safely use a rented ESXi bare metal server on the internet. However, this may not cover all of your needs for making this part of your production environment so here’s a few additional pieces. Site to site VPN connection In the original article we were content with just having a VPN connection from your computer to manage the ESXi and the virtual machines that are hosted there. [Read More]

How to (safely) run ESXi on the internet

There’s been a lot of news lately about the ESXiArgs ransomware attacks on ESXi servers that could have been avoided. As with any product, it’s important to ensure that you keep up to date with all of the patches and upgrades, but since ESXi is a virtualisation system and rebooting it to apply a patch also means taking all of your virtual machines offline, people often put this off too long. [Read More]

USB-C Caberqu

USB-C is an amazing technology that enables such diverse use cases as high-power deliver that used to be the reserved domain of wires with a much thicker copper cross-section to Thunderbolt that is the native exposition of the internal PCIe bus to external devices at native speed and latency. And as has been mentioned all over the place, this has created massive confusion over the cables and which ones are capable of handling which tasks, particularly when there is often no visible cue other than a (sometimes) Thunderbolt logo, with or without an accompanying number. [Read More]

Thoughts on the Mac Studio & Mac Pro

With these machines starting to ship and the embargoes dropping on the review units I’m starting to get a clearer picture of what the product is. In many ways this is the true successor to the trash can Mac Pro. Very powerful, specifically aimed at the new jobs around media (audio and video) for both the influencer YouTube crowd as well as a significant chunk of the TV and film production market. [Read More]

Minio at SFD23

Minio had a very interesting presentation at Storage Field Day 23 (SFD23) and outside of the actual product it sparked some interesting discussion around what do words mean anyway? The message that Minio is putting forward is that in a cloud world, object storage is going to be the place where most data lives. On top of that, now that there are great object storage solutions (like theirs) that can be deployed on-premises this applies to the datacenter as well. [Read More]

Building a hardened Veeam Repository from a Synology NAS

Veeam has done some really good work on the implementation of hardened backup repositories to help protect against advanced ransomware attackers that go after backups as well as primary data. In the wild I see a lot of smaller and mid-sized organisations using Synology or QNAP NAS boxes as the storage for their backup repositories as they are significantly less expensive than their “enterprise” counterparts and you can use disks from any supplier and not have to pay the exorbitant markup from <insert enterprise supplier here>. [Read More]

Re: What’s your work from home DR plan?

Following up on the excellent article from @networkingnerd I thought I give out some background on how I’ve approached the issue. Since much of what I do is consulting around designing and assisting companies in building their own disaster recover plans and processes it’s incumbent on me to set the example as much as possible. But of course as an independent consultant I don’t have access to the same kinds of budgets as an enterprise, but it’s surprising just how far you can push things even on a small scale. [Read More]

Veeam, S3 Object Locks, MinIO and TrueNAS

I’ve been using the Veeam feature of a scale-out repository that leverages S3 storage for offsite and long term retention for a while. One of the interesting variants on this option is the ability to leverage the S3 object lock feature which basically tells the system that whatever happens, an object that is written cannot be deleted for a fixed amount of time, generally 15-30 days in our use case. This type of WORM feature is becoming a necessary tool in restoring from ransomware/cryptolocker attacks, especially since the attackers are getting smart and go looking for the backup systems and try to compromise them as well. [Read More]