The X4540 was brought to a standstill a few weeks ago by one dead SATA disk. The box didn't hang, but any ZFS IO did. Didn't lose any data, and it might be buggy hardware and drivers, but still, Sun support had no explanation. That should not happen.Eventually, we're going to give Symantec Netbackup the finger and move to Amanda, which will enable us to upgrade to OpenSolaris. I posted on Slashdot about this and got a reply from "greg1104":
"People need to understand that SATA disks and chipsets are fundamentally weak at error reporting and recovery. There's only so much you can do about that at the driver or OS level if a problem drives the chipset crazy. You really need hardware optimized for that purpose, like a mature and battle-tested RAID controller."
I agree 100%. For now, ZFS is worth the risk. The box is a virtual tape library, so 100% uptime is not a requirement. I'm not going to start shorting the stock of midrange storage companies just yet.
[ view entry ] ( 992 views ) | permalink
The WSANDERS ORGANIZATION has been struggling for years to find a quick and dirty VPN solution that was out-of-box enterprise ready, reliable, and didn't require the secret incantations of Security High Priests to get working. We've tried:
- Microsoft Windows Remote Access: Not bad. Microsoft fixed the cryptological problems with PPTP long ago,and every Windows PC came with a VPN client until recently (oops, M$.) There was a decent Linux client, but no easy to install Mac client. You could piggyback the server off any random Windows box behind your VPN, and use Active Directory or any LDAP for authentication. Rating: 3 out of 5.
- El Cheapo EBay Anything-but-Cisco Special: You could buy an old Juniper or something firewall and use a generic client. Usually you could get it to authenticate against Radius (but not usually LDAP or AD.) If your magic box did PPTP, cool, but usually you had to fiddle with handing out generic, fiddly IPSec clients to your users. Rating: 2 out of 5 stars.
- "F*** it, just open up the firewall": Run Remote Desktop Services on VNC on the desktops. But once one power user gets a firewall hole opened, everybody wants in. Do you really want to open your entire LAN to VNC? Rating: 2 out of 5 stars.
- Magic Boxes: Well, you can just grit your teeth and pay thousands for a magic box. Thy usually work, except when the vendor decides to break a protocol and force you to use their client, which may or may not install easily or even work, or, worse, force you to pay even more per-seat for licensing. Oh - you wanted encryption with your VPN - just write us another check, please! Rating: Varies widely with size and, mostly, ease of client installation.
- Poptop, OpenSWAN, SSH tunnels: Promising, but we could never get Poptop or OpenSWAN to work. SSH tunneling is OK, but requires expert knowledge and only forwards one or two protocols at the same time.
So finally we had a chance to give OpenVPN a try. What a surprise. Better yet, there is a commercial enterprise OpenVPN Technologies that offers a added-value product for $5 per seat that makes OpenVPN fiddle-free. Rating: 5 out of 5 stars for smallish installs.
This approach solves several big problems we've had with VPN deployments: Licensing and fiddly hard to install clients.
Licensing is straightforward: $5 per seat, period. For huge installs, it might be cheaper to buy a Magic Box. But for smaller deployments, for $5 you get: Super-easy installation on most Linux platforms, a web GUI, added value support for the parts that are different from "free" OpenVPN, defaults that make it work right out of the box (with LDAP, too), a Windows client that works, and as part of the GUI, a place where Windows clients can log in and download it, and non Windows users can download a config that simply plugs in to OpenVPN for use as a client.
No more client fiddling: OpenVPN Technologies supplies the Windows client, Linux users use the OpenVPN that comes with their distro, and Mac users can either use OpenVPN or Tunnelblick. All this guarantees that the client will be compatibke with the OpenVPN Technologies server, which is OpenVPN itself, with the value-added parts wrapped around the server.
Well, enough fan mail for OpenVPN. Time to get back to work, doing real work from home instead of fiddling with a VPN.
[UPDATE: RedHat / Centos seems to have dropped OpenVPN from their repositories. You may have to build OpenVPN from source. Not too hard, but no longer fiddle-free.]
[ view entry ] ( 1245 views ) | permalink
;)
;)
Clicking on each image will open a full-size popup window.
Open each black and while image and put it in the center of your screen.
Open the corresponding color image, align the popup window directly over the black and white image, and pre-position your mouse cursor on the "X" or "-" control that will make the color image window go away.
After you have stared at the dot in the middle of the color image, click to make the window go away and see what the black and white image underneath looks like...
;)
;)
Not sure why, but the color bars don't work as well as the landscape. Either the illusion works better with "earth tones" or our brain is hardwired to "imagine" landscape colors?
If you're a Javascript maven, send me some code so I can learn how to make Javascript mouseovers work. The WSANDERS ORGANIZATION are not Javascipt experts - yet.
Thanks to johnsadowski.com by way of Simon Singh
[ view entry ] ( 1450 views ) | permalink
I discovered a very mission-critical server (the one that handles mail for 5000 people) had only one of its two redundant power supplied plugged in. When I plugged in the second power supply, the chassis stayed up but one of the cheap-ass Escalade RAID controllers began dropping disks off line and the system crashed. When I unplugged the power supply, the disk errors stopped. Luckily, the filesystems fsck-ed clean.
That's about the weirdest hardware thing I've seen in a while.
[ view entry ] ( 996 views ) | permalink
The Juniper routers are configuring themselves and throwing themselves into the racks. This is easy!
We got balled up in a licensing dispute for our Cisco ASA firewall. Before I felt comfortable putting 3000 people behind a single box, I figured we ought to get a second unit and failover working. But someone was sold mismatched licenses, and we had to throw a $5000 upgrade in the dumpster to get the units to work together. Every other brand promises "No Surprises" but Cisco seems to not mind packing a show-stopper in every device. Their tech isn't bad, it's that the products are so complicated that their sales channels cannot understand them and sell you the right stuff the first time. I don't like surprises.
[ view entry ] ( 1034 views ) | permalink
Search
