06:09.19 | *** join/##pxe ScytheBlade1 (~Death@smtp.mail.averageurl.com) |
06:09.20 | *** join/##pxe ScytheBlade1 (~Death@about/pxe/ScytheBlade1) |
06:14.48 | *** join/##pxe ScytheBlade1 (~Death@smtp.mail.averageurl.com) |
06:14.49 | *** join/##pxe ScytheBlade1 (~Death@about/pxe/ScytheBlade1) |
12:09.45 | *** join/##pxe the_mgt (~ich@a89-183-76-48.net-htp.de) |
15:24.37 | *** join/##pxe yermandu (~Patapitaf@unaffiliated/yermandu) |
16:23.21 | *** join/##pxe Xires (~Xires@66-190-79-122.dhcp.dntn.tx.charter.com) |
16:38.36 | *** join/##pxe TIM9 (~tim@CPE00166f2f93f9-CM001ac311b52c.cpe.net.cable.rogers.com) |
16:51.50 | *** join/##pxe toiz (~a@33.21.190.90.dyn.estpak.ee) |
16:52.30 | toiz | i need advice: |
16:53.08 | toiz | when dhcp responds does it give the client a gateway? |
16:53.24 | toiz | i know it wont give dns |
16:54.19 | toiz | my goal is ofc making my client behind nat booting pxe from INET server |
16:56.20 | toiz | i have a M$ ris server in inet and a client behind ddwrt but i cant test before 2 days so i wondered i make this time useful and ask if someone has done it already |
17:05.38 | *** join/##pxe toiz (~a@33.21.190.90.dyn.estpak.ee) |
17:15.00 | *** join/##pxe toiz (~a@33.21.190.90.dyn.estpak.ee) |
17:24.17 | *** join/##pxe toiz (~a@33.21.190.90.dyn.estpak.ee) |
17:30.41 | Nirkus | ..gone :-/ |
17:33.35 | *** join/##pxe toiz (~a@33.21.190.90.dyn.estpak.ee) |
17:43.07 | *** join/##pxe toiz (~a@33.21.190.90.dyn.estpak.ee) |
17:53.06 | *** join/##pxe toiz (~a@33.21.190.90.dyn.estpak.ee) |
17:55.12 | toiz | keeps getting me rejoined:S |
17:56.33 | toiz | anyway if someone is interested in previous "goal" i have skype bcs_taivo |
17:56.41 | toiz | i also might come back later to this irc channel |
18:54.41 | Nirkus | ah |
18:55.25 | *** join/##pxe toiz (~a@33.21.190.90.dyn.estpak.ee) |
18:56.39 | Nirkus | mh, i guess, he wont read channel logs |
18:58.04 | Nirkus | uh, our logs have a 1 day delay |
18:58.07 | Nirkus | :) |
19:03.08 | toiz | >< |
19:04.22 | Nirkus | toiz: there you are |
19:04.37 | toiz | y i came back to check if someone says something |
19:04.49 | Nirkus | toiz: if you want to do PXE over routed networks youll need a DHCP relay |
19:05.14 | Nirkus | with RIS im not so sure, what your intentions are.. :) |
19:05.25 | toiz | y can guess |
19:05.29 | Nirkus | toiz -v |
19:05.38 | toiz | what is -v ? |
19:05.53 | Nirkus | toiz: be more verbous |
19:05.54 | Nirkus | :) |
19:05.58 | toiz | hehe |
19:06.41 | toiz | right now i just want to install an xp in any random place where i have ddwrt |
19:06.54 | toiz | i have 2 plans |
19:06.56 | Nirkus | mkay, whats ddwrt? |
19:07.07 | toiz | do you know what is wrt54gl? |
19:07.29 | Nirkus | toiz: RIS is not PXE, it just loads its own boot loader via PXE and everything from that point on is M$.. |
19:07.38 | Nirkus | ah openwrt |
19:07.41 | Nirkus | ? |
19:07.41 | toiz | y |
19:07.54 | toiz | i dont care if RIS is not pxe:] |
19:08.06 | toiz | as long as i can boot into RIS behind random ddwrt |
19:08.07 | toiz | i am WIN |
19:08.12 | Nirkus | :) |
19:08.26 | Nirkus | openwrt should have some dhcp relay module |
19:08.49 | toiz | i have this giude > http://www.dd-wrt.com/wiki/index.php/PXE |
19:09.04 | toiz | if i just replace ip with outside ip it woint work right? |
19:09.04 | Nirkus | but you should route your DHCP/PXE/RIS traffic through some VPN tunnel like IPsec |
19:09.13 | toiz | hehe |
19:09.30 | toiz | that would be the easy way |
19:09.46 | toiz | but i want to install my xp from ANY place behind ddwrt |
19:09.55 | toiz | ddwrt is very common in my land |
19:10.15 | toiz | friends, companies etcetc |
19:10.29 | Nirkus | toiz: you want to _install_ something via PXE from anywhere or boot something? |
19:10.31 | toiz | i am starting ddwrt then thinking of next routers |
19:10.35 | toiz | YES |
19:10.48 | toiz | 2 have 2 plans |
19:10.55 | toiz | planA router congig |
19:11.18 | toiz | planB modify PXE to be smater and let ethernet manufacturers apply it to new ethernet devices |
19:11.22 | toiz | planA seemed easier |
19:12.07 | Nirkus | toiz: PXE was designed so that any "smart" parts would be placed into PXE bootloaders or the apps loaded by PXE boot loaders |
19:12.24 | Nirkus | toiz: but, back to your plan :) |
19:12.43 | toiz | basicallt u understand my goal now, thats a good start |
19:12.59 | Nirkus | toiz: if you want to install something from behind $ddwrt_router under your control |
19:13.50 | Nirkus | toiz: you would need to setup a DHCP server on $ddwrt_router answering the PXE boot requests of your $client_pc |
19:13.57 | toiz | YES |
19:14.03 | toiz | like in here: http://www.dd-wrt.com/wiki/index.php/PXE |
19:14.27 | Nirkus | toiz: that $ddwrt_router would need to send some PXE boot loader like the one from M$ RIS or pxelinux or whatever to your $client_pc |
19:14.43 | toiz | yes i understand that too |
19:15.06 | Nirkus | toiz: than, the interesting part... you need to, somehow, get that PXE bootloader to load whatever data you need from your $inet_server |
19:15.14 | toiz | ee |
19:15.25 | toiz | i was thinking a shortcut |
19:15.38 | toiz | i was thinking i could boot the PXE bootloader from INET |
19:15.40 | Nirkus | toiz: so, what do you intend to do with your $client_pc, exactly? |
19:15.46 | Nirkus | toiz: no |
19:15.53 | toiz | because? |
19:16.33 | Nirkus | toiz: theoretically, it would be possible..using a DHCP server and giving a gateway and next-server ip.. |
19:16.39 | toiz | yesyes...:D |
19:16.43 | toiz | thats my plan |
19:16.49 | Nirkus | toiz: BUT.. you dont want to use TFTP (UDP) over inet |
19:16.52 | toiz | if that wont work then your plan goes |
19:17.06 | toiz | why not? |
19:17.26 | toiz | simpel protocol and psws not crypted? |
19:17.39 | Nirkus | toiz: because its conenctionless and in secure |
19:17.58 | toiz | >< |
19:18.10 | toiz | so ok thinking of your plan |
19:18.21 | toiz | your plan makes me build a pxe client into ddwrt |
19:18.27 | Nirkus | mh, no |
19:18.29 | toiz | which looks kinda complicated |
19:18.32 | toiz | hmm, no? |
19:19.15 | Nirkus | you need ddwrt to provide a DHCP server pointing pxe booting client pcs to its own tftp server, providing, for example, the pxelinux binary and a configuration for pxelinux |
19:19.33 | Nirkus | the configuration could point to some inet server |
19:19.58 | toiz | but you just sayd tftp over inet is bad |
19:20.08 | Nirkus | toiz: BUT.. that would use TFTP, still.. so you should have your ddwrt router set up some VPN tunnel to your inet_server |
19:20.13 | Nirkus | yes |
19:20.15 | Nirkus | :) |
19:20.20 | toiz | hmm |
19:20.52 | toiz | lets say that security is not the issue |
19:21.17 | toiz | it can be so unsecure like my grandmothers hut near da lake |
19:21.24 | Nirkus | so, your ddwrt router hase some encrypted VPN tunnel to your inet server to route all the traffic from and to your client pcs behind that ddwrt router through |
19:21.26 | toiz | then it would be a plan? |
19:21.35 | toiz | omgomg |
19:21.38 | Nirkus | mh |
19:21.46 | Nirkus | of course, you could do that |
19:21.54 | Nirkus | but dont say, i dindt warn ya |
19:21.55 | toiz | if my ddwrt does vpn stuff it also is complicated |
19:22.13 | toiz | but i will think about it |
19:22.43 | toiz | so plan is ddwrt makes ipsec tunnel, and bootes a pxe bootimage via tftp from inet using the vpn tunnel |
19:22.45 | toiz | so? |
19:23.12 | Nirkus | toiz: you will have (a) insecure communication between your client pcs and (b) your TFTP/ whatever download service need to be accessible to the whole inernet |
19:23.39 | toiz | ee |
19:23.43 | toiz | for which plan this goes |
19:23.53 | Nirkus | toiz: for the one w/o ipsec tunnel |
19:24.02 | Nirkus | toiz: had some lag over here |
19:24.08 | toiz | okok:) |
19:24.19 | toiz | with ipsec is insecure? |
19:24.32 | Nirkus | toiz: the machines booting via PXE wont be the ddwrt routers, right? |
19:24.39 | toiz | no |
19:24.48 | Nirkus | with ipsec in tunnel mode with auth+enc, its secure |
19:24.51 | toiz | random pcs, laptops, wmvare guests, whateveer.. |
19:24.57 | Nirkus | toiz: ok |
19:25.07 | toiz | "so plan is ddwrt makes ipsec tunnel, and bootes a pxe bootimage via tftp from inet using the vpn tunnel" good plan? |
19:25.23 | Nirkus | toiz: sounds good |
19:25.33 | toiz | i am reinstalling my RIS currently, getting some wrtg tomoorow |
19:25.36 | toiz | mmm |
19:25.39 | Nirkus | toiz: you will need to setup a DHCP and TFTP server on that ddwrt routers |
19:25.44 | toiz | eeeeee |
19:25.51 | toiz | i need tftp server in router? |
19:25.53 | toiz | why? |
19:25.55 | Nirkus | so they can answer to thos clients on their local lan |
19:26.14 | toiz | i dont understand why ..:d |
19:26.20 | toiz | i understand dhcp server yes |
19:26.21 | Nirkus | toiz: that TFTP server only servers the PXE boot loader and its configuration file (text) |
19:26.38 | toiz | and what would be in that configuration file? |
19:27.07 | Nirkus | toiz: because its easier to setup and the inital conversation between client and PXE stuff wont be affected by internet connection loss and similar errors |
19:27.16 | toiz | hmm |
19:27.24 | toiz | ris is not tftp? |
19:27.27 | toiz | y/n ? |
19:27.39 | Nirkus | toiz: for pxelinux you can configure a little menu to display and the ip addresses and files to download |
19:27.46 | toiz | hmm |
19:28.00 | Nirkus | toiz: im not sure.. my contact with RIS was years ago |
19:28.03 | toiz | basically you are sayng a linux boots |
19:28.08 | toiz | pxelinux is linux right |
19:28.23 | Nirkus | toiz: pxelinux is just a bootloader, it can boot various stuff |
19:28.25 | toiz | then i can make it use whatever protocol i want |
19:28.31 | toiz | aaa |
19:28.46 | Nirkus | http://syslinux.zytor.com/wiki/index.php/PXELINUX |
19:29.17 | Nirkus | toiz: i think, pxelinux only supports TFTP as its provided by the network cards PXE boot ROM |
19:29.47 | Nirkus | toiz: there was some guy in here recently who somehow used HTTP with pxelinux |
19:30.11 | toiz | hehe |
19:30.13 | toiz | see, magic |
19:30.15 | toiz | this means |
19:30.22 | toiz | i can use whatever protocol i want with it |
19:30.22 | Nirkus | i think, he loaded some other PXE bootloader first |
19:30.29 | Nirkus | etherboot, maybe |
19:30.33 | toiz | great |
19:30.43 | toiz | as long as all this is small enough to fot a ddwrt |
19:30.49 | toiz | 2-8 MB |
19:30.50 | toiz | >< |
19:31.04 | Nirkus | pretty sure |
19:31.49 | toiz | i am thinking now, PXE inside ddwrt, PXE bootloader has biltin IPSEC tunnel module and configuration |
19:31.58 | Nirkus | loooool |
19:32.08 | toiz | why is that lol? |
19:32.08 | toiz | :D |
19:32.19 | Nirkus | i dont think, youll find a PXE _bootloader_ with IPsec support |
19:32.26 | toiz | i will make it |
19:32.32 | Nirkus | toiz: keep the IPsec tunnel in the router |
19:32.37 | toiz | hmm |
19:32.48 | toiz | i cant make all ddwrts on estonia hold ipsec tunnels 24h with my server.. ? |
19:33.05 | toiz | only way i am thinking is that PXE booting triggers ipec tunnel |
19:33.11 | toiz | in routr |
19:33.18 | Nirkus | toiz: ipsec can detect dead tunnels and set them up again |
19:33.32 | toiz | ehm |
19:33.34 | toiz | no i mean |
19:33.48 | toiz | i cant allw that every random booting ddwrt in estonia will connect to my server |
19:33.58 | toiz | i can only allow that it contacts when it wants to boot |
19:34.03 | Nirkus | toiz: your ipsec tunnel can idle and have no more traffic than the 'dead peer detection' pings once in a while |
19:34.12 | toiz | nono |
19:34.15 | Nirkus | mkay |
19:34.16 | toiz | its a matter of security |
19:34.26 | Nirkus | security? |
19:34.37 | Nirkus | you mean a matter of network congestion? :> |
19:34.41 | toiz | random companies and homes have a all access tunnel with my server? |
19:34.50 | toiz | umm i forget that |
19:35.08 | toiz | so BIG NO ANYWAYS for 24h tunnels |
19:35.24 | Nirkus | toiz: you can configure firewall rules on that ddwrt router for the ipsec tunnels |
19:35.32 | Nirkus | if ddwrt is capable of that |
19:35.37 | toiz | can i make the rules TRGGER? |
19:35.44 | toiz | i am thinkng now: |
19:36.04 | toiz | easier to configure ipsec into PXELINUX than triggeripsec into ddwrtg |
19:36.13 | toiz | i am not planning to learn ddwrtg, waste of time |
19:37.01 | toiz | Nirkus btw, where you work and sooo on? |
19:37.27 | Nirkus | toiz: you cannot 'configure' ipsec into pxelinux |
19:37.37 | toiz | Nirkus: i say i can:D |
19:37.44 | Nirkus | toiz: it does not have support for such high level foo |
19:37.44 | toiz | cause you sayd some guy made http happen |
19:37.45 | Nirkus | :) |
19:37.56 | toiz | http happens = ipsec happens |
19:38.07 | Nirkus | toiz: he made it happen using another bootloader which wrapped the tftp download calls |
19:38.16 | toiz | hmm |
19:38.21 | toiz | ok https? |
19:38.28 | Nirkus | toiz: i work at Netpioneer GmbH, http://www.netpioneer.de/ |
19:38.34 | toiz | i can do ris over https with a ssl endppint |
19:38.36 | Nirkus | toiz: dont think so |
19:38.44 | toiz | what i do in netpioneer? |
19:38.51 | toiz | you do* |
19:39.06 | toiz | is this italy or deuchland? |
19:39.13 | Nirkus | i am a system administrator... germany |
19:39.17 | toiz | hehe:d |
19:39.32 | toiz | what platforms u admin |
19:39.39 | toiz | or what type of devices |
19:39.47 | Nirkus | atm im developing the LDAP user admin interface for them |
19:39.48 | toiz | server networks ? |
19:40.10 | toiz | LDAP is linux derivate for M$ AD? |
19:40.47 | Nirkus | managed switches (HP), linux servers (debian) hw and virtual (Xen), linux desktops, linux routers, windows desktops and even some windows servers |
19:40.53 | Nirkus | toiz: no |
19:41.02 | toiz | :o Xen |
19:41.08 | Nirkus | toiz: AD is a directory which is accesible 'LDAP like' |
19:41.16 | toiz | yes>< |
19:43.12 | toiz | hmm i have more thought about this pxe thingie |
19:43.17 | toiz | your link made my thought |
19:43.31 | toiz | that link > http://syslinux.zytor.com/wiki/index.php/PXELINUX |
19:43.46 | toiz | now i am thinking if making a all access buffer server |
19:44.22 | toiz | client boots a bootloader from INET RIS |
19:44.35 | toiz | i can basically make a windows boot into ris |
19:44.51 | toiz | now this windows i am booting from there |
19:45.05 | toiz | it has tools for creating a ipsec tunnel |
19:45.21 | toiz | hmm ok i kinda failed in this theory sry |
19:45.46 | toiz | i just understand this buffer windows forst has to plant small windows into my client computer |
19:46.12 | toiz | cause i cant start a ipsec between a client and target server when ALL commands are made from unsecure buffer server |
19:46.38 | toiz | hmm hmm.. |
19:46.53 | toiz | k seems i just have to test and then i have some more ideas |
19:48.05 | toiz | but thanks for info Nirkus, u made me consider vpn tunnel |
19:48.06 | toiz | >< |
19:52.39 | Nirkus | toiz: np :) |
19:53.14 | Nirkus | toiz: ipsec tunnels can be triggered by traffic to be routed through them, too |
19:53.29 | Nirkus | toiz: but the tunnel setup may take some time or even fail |
19:53.46 | Nirkus | which would make the PXE boot process fail on DHCP level |
19:54.20 | Nirkus | toiz: therefore haveing the DHCP server and bootloader delivered by your ddwrt box on the LAN would be more fault tolerant |
19:54.59 | toiz | mhh |
19:55.19 | toiz | ill think about with my businesspartner tomorrow |
19:55.35 | toiz | how old are you btw |
19:55.38 | toiz | ^ |
19:56.23 | Nirkus | im 27 :) |
19:56.46 | toiz | i am not :] |
19:56.50 | Nirkus | hehe |
19:57.01 | toiz | do you install everything from pxe ? |
19:57.03 | Nirkus | toiz: where are you from and how old? |
19:57.13 | toiz | i am from estonia and i am 26 ^ |
19:57.23 | toiz | estonia the land of IT developers |
19:57.33 | toiz | we eat .bat for breakfast |
19:57.42 | Nirkus | toiz: i developed a stateless and diskless linux setup based on PXE for some computer pool of the KIT soem years ago |
19:57.54 | toiz | >< |
19:58.08 | toiz | mby u should to develop more some cool stuff using pxe |
19:58.40 | toiz | like vmware is this new tecnhology where theys OS boots from some server in lan |
19:58.44 | toiz | i dont remember the name |
19:58.58 | toiz | it reminds google crome os |
19:59.04 | toiz | not the name but the techonlogy |
19:59.05 | Nirkus | toiz: vmware is obsolte :> |
19:59.10 | toiz | hehehe |
19:59.10 | Nirkus | obsolete |
19:59.15 | toiz | i have esxi |
19:59.16 | toiz | i dont care |
19:59.19 | toiz | its easy |
19:59.19 | toiz | >< |
19:59.20 | Nirkus | *g |
19:59.36 | toiz | u are reccomending something awesome? |
19:59.39 | Nirkus | esxi is ok, i guess... at least, its hypervisor based |
20:02.00 | Nirkus | KVM is too immature to be recommended, and Xen gets to 'old' to :) |
20:02.07 | toiz | currentlyin estonia populars are: OpenSUSE XEN, Citrix XenCenter, ESXi |
20:02.15 | toiz | esxi being most popular |
20:02.52 | toiz | some advanced guys use "QEMU, KVM, libvirt" |
20:02.59 | toiz | but i dont even know what this is |
20:03.12 | Nirkus | ESXi is only free w/o the management tools, right? |
20:03.44 | toiz | y |
20:03.48 | toiz | it has management |
20:03.53 | toiz | it is free woihout HA |
20:03.57 | toiz | and vmotion |
20:03.58 | Nirkus | Qemu is a full virtualization technoligy like the first VMware technoligy |
20:04.05 | toiz | ok |
20:04.24 | toiz | free esxi means no HA and no moving working guest OSes between esxi servers |
20:04.27 | Nirkus | KVM is the hypervisor included in current versions of the Linux kernel |
20:04.33 | toiz | k |
20:05.02 | Nirkus | libvirt is a generalized management tools infrastructure for things like quemu and KVM AFAIK |
20:05.42 | toiz | ok |
20:05.45 | toiz | i am thinking of it |
20:05.50 | toiz | right now vmware is all i need |
20:05.53 | toiz | esxi then |
20:05.55 | Nirkus | Citrix XenCenter is the commercial version of Xen |
20:06.20 | Nirkus | toiz: xen and kvm are interesting when you are experienced with them |
20:06.32 | Nirkus | toiz: because they are completely free of charge |
20:07.02 | toiz | okidoki |
20:07.05 | Nirkus | toiz: and Xen is a very efficient, hypervisor baed virtualization which uses Linux as a management plattform |
20:07.16 | Nirkus | s/baed/based/ |
20:07.17 | toiz | but my business is not virtualisation |
20:07.26 | toiz | i just use it for hosting my own servers |
20:07.34 | Nirkus | toiz: yes, thats ok |
20:07.59 | Nirkus | toiz: ESXi will work for you and it performs quite nicely AFAIK |
20:09.19 | toiz | my favourite topics currently are: AD, RIS(WDS), WSUS, free monitoring with sql support (like nagiosXI but free), cheap ipsec tunnel endpoints, cheap NAS devices (not eeprom based but minimum atom and stuff) |
20:09.33 | toiz | >< |
20:10.00 | toiz | i also can admin most windows server components |
20:10.09 | Nirkus | k |
20:10.12 | toiz | thats what we do here |
20:10.18 | toiz | a) admin stuff |
20:10.28 | toiz | b) thinkinf of new cool stuff |
20:10.32 | toiz | like RIS over inet |
20:10.36 | toiz | >< |
20:11.04 | Nirkus | toiz: @WSUS: you should take a good look at Secunias CSI: http://secunia.com/vulnerability_scanning/corporate/ |
20:11.47 | toiz | beta? |
20:11.49 | toiz | free? |
20:11.49 | Nirkus | toiz: i dont know if they already finished the beta phase of their WSUS integration |
20:12.03 | toiz | wsus seems to have this cool problem y |
20:12.16 | toiz | it needs to be checked after |
20:12.24 | toiz | like little child after cleaning his room |
20:12.36 | Nirkus | toiz: the private version of CSI (PSI) is free |
20:12.45 | Nirkus | hehe |
20:12.49 | toiz | private is for one person? |
20:12.52 | toiz | or what means private |
20:13.03 | toiz | WSUS is never for one person so .. ? |
20:13.08 | Nirkus | but WSUS is the only package management for windows, AFAIK |
20:13.43 | Nirkus | private means you are not allowed to use it in a corporate infrastructure but in your home machine |
20:13.49 | toiz | hehehe |
20:13.52 | toiz | seems like pointless |
20:14.11 | toiz | in home i can use this ee what was its name |
20:14.13 | toiz | bsad or smth |
20:14.17 | Nirkus | toiz: helps you keep your software up to date,k not only the microsoft foo |
20:14.36 | toiz | mbsa |
20:14.38 | toiz | WO |
20:14.48 | Nirkus | mbsa? |
20:14.51 | toiz | mbsa is same as CSI for one person? |
20:15.18 | toiz | http://technet.microsoft.com/en-us/security/cc184923.aspx |
20:15.19 | toiz | try it |
20:15.25 | toiz | on random xp or windows server |
20:15.29 | toiz | download run scan |
20:16.04 | Nirkus | toiz: reads like MBSA will only scan for microsoft programs |
20:16.19 | Nirkus | PSI/CSI scan for almost all programs installed |
20:16.52 | toiz | kk |
20:17.09 | toiz | i must think what other products my clients use |
20:17.16 | toiz | all custom and some autocad i think |
20:17.19 | toiz | nothing much |
20:17.47 | toiz | acrobat reader and flash are being deploid by gpo anyways |
20:17.51 | Nirkus | and flash, acrobat, firefox, opera, .. |
20:18.05 | toiz | cause they dont have normal updates |
20:18.11 | toiz | for users rights users |
20:18.18 | toiz | all gpo..:D |
20:18.31 | Nirkus | :) |
20:19.39 | toiz | like when i used to work in one estonian advanced company |
20:19.50 | toiz | they even dplyd M$ office via gpo |
20:19.56 | toiz | and office spellers and all |
20:20.24 | toiz | made some little .vbs that checked via regedit if the office had already been installed or not.. kinky shit:d |
20:21.01 | Nirkus | hihi |
20:21.48 | Nirkus | AFAIK, you can do almost anything with GPO foo, but it requires intense study and therefore intense money on docs and courses |
20:21.51 | Nirkus | :) |
20:22.59 | toiz | what docs and courses?:D |
20:23.07 | toiz | we have much cool practise here |
20:23.20 | Nirkus | those certified my M$? :) |
20:23.34 | toiz | hire some ex sysadmin like me who has open brain |
20:23.59 | toiz | pay him cool salary and he will implement cool stuff into gpo just using his brain and/or google |
20:24.07 | toiz | i am certified m$ |
20:24.14 | toiz | k i have support cert |
20:24.19 | toiz | but not any servers |
20:24.26 | Nirkus | toiz: or just use linux and pay yourself a cool salary :> |
20:24.30 | toiz | OH NO |
20:24.45 | toiz | i have 6 years m$ servers in my back |
20:24.52 | toiz | umm 7 or 8 |
20:24.54 | toiz | its 2010 |
20:25.07 | toiz | i am not wasting it and starting from beginning with linux |
20:25.17 | Nirkus | hehe :) |
20:25.25 | toiz | and in estonia med/small companies use m$ |
20:25.28 | toiz | and reason is: |
20:25.44 | toiz | there is 10 m$ guys and 1 linu guy in job market |
20:25.47 | Nirkus | almost all companies use M$ |
20:25.50 | toiz | so.. |
20:26.11 | toiz | they dont want that awesome risk |
20:26.21 | Nirkus | because people know windows and office from their home computers |
20:26.21 | toiz | i myself have helped 5+ companies to come over to m$ |
20:26.27 | toiz | for THAT reason |
20:26.38 | toiz | y |
20:26.40 | Nirkus | hihi |
20:26.52 | toiz | all those 5+ companies lost theyr linu admin for some reason |
20:27.02 | toiz | different resons |
20:27.19 | toiz | and so noone wanted to admin SOMEONE elses linux servers |
20:27.32 | toiz | cause u dont use standards in there.. |
20:27.39 | toiz | >< |
20:27.39 | toiz | :d |
20:28.04 | Nirkus | well, with linux admins its the same as with the windows side.. there are some who do a good job an document it, some who do a good job, but dont ocument enough andmany who just do a crappy jib |
20:28.12 | toiz | y |
20:28.20 | toiz | and when win admin dont dokuments its no worries |
20:28.24 | toiz | new admin comes |
20:28.31 | Nirkus | lol |
20:28.36 | toiz | he can understand in 5 minutes |
20:28.43 | toiz | what services are running and for what |
20:28.49 | toiz | in server |
20:28.50 | toiz | >< |
20:29.20 | toiz | its rare thing when some idiot installs some java based server app into M$ server and so on.. |
20:29.36 | toiz | those kind of examples are so only way u can fuck up |
20:29.42 | Nirkus | well with windows you cannot do as much as with linux w/o buying extra software, so you cannot compare those two worlds just like that |
20:29.50 | toiz | hehe |
20:29.55 | toiz | i compare features |
20:29.59 | toiz | btw |
20:30.05 | toiz | i have 3 linu servers |
20:30.12 | toiz | so i am not all win here:D |
20:30.21 | toiz | i compare features: what company needs |
20:30.59 | toiz | company needs AD and GPO (cause all clients are xps) they need sharepoint and fileserver, sql, exchange |
20:31.04 | toiz | u can replace exchange |
20:31.12 | toiz | with pretty good derivates |
20:31.16 | toiz | that i know |
20:31.22 | toiz | i like lotus domino for example |
20:31.29 | toiz | but u cant replace AD and gpo |
20:31.30 | toiz | >< |
20:31.40 | Nirkus | toiz: well, using AD and GPO for xp clients comes natural |
20:31.46 | toiz | y |
20:31.58 | toiz | and that is what people want here in estonia |
20:32.02 | toiz | we use linuxes for: |
20:32.04 | toiz | webapps |
20:32.08 | toiz | inestead of iis then |
20:32.12 | Nirkus | because AD and GPO are the tools provided by M$ to administer their product named windows |
20:32.20 | toiz | and hardcore clustering/special apps |
20:32.33 | toiz | basically all |
20:32.41 | toiz | for firewalls noone uses ISA NOR LINUX |
20:32.47 | toiz | only hw based firewalls |
20:32.56 | Nirkus | lol |
20:32.58 | toiz | like cisco>juniper>zywall |
20:33.02 | Nirkus | 'hw based firewall' :-D |
20:33.10 | toiz | i dont know correct word |
20:33.18 | toiz | eng is not my prim lang |
20:33.23 | Nirkus | those are appliances mostly running PC hardware and some frontend for the linux inside |
20:33.27 | toiz | i know |
20:33.34 | toiz | i just dont know the word |
20:33.39 | Nirkus | or and ther arent hardware based at all |
20:33.45 | Nirkus | ah |
20:33.47 | Nirkus | ok |
20:33.51 | toiz | its some translation error |
20:33.59 | toiz | we call them here like boxes or so |
20:34.21 | toiz | basically meaning you dont have to put software ion them specially |
20:34.37 | Nirkus | if you know TCP/IP and iptables, you dont need any expensive appliance |
20:34.40 | toiz | which leaves less possibilities to fuck up |
20:34.44 | toiz | hmm |
20:34.52 | toiz | med+ company in estonia needs |
20:35.01 | Nirkus | toiz: yes, but those are two different approaches |
20:35.15 | toiz | ipsec tunnels, local vlans, blacklists, yadayadayada |
20:35.30 | Nirkus | a) you can invest in products, which have an easy interface with less possibilities for human error |
20:35.35 | toiz | estonians even use layer3 switcher for some magic reason |
20:35.42 | toiz | a) is good |
20:35.44 | toiz | we take that |
20:35.47 | toiz | kthxbye:D |
20:35.59 | Nirkus | b) you can invest in personell that will do more with less money for licenses and hardware |
20:36.06 | toiz | very reasoable approach is A |
20:36.09 | Nirkus | *g |
20:36.10 | toiz | we cant to b |
20:36.17 | toiz | thats wasting of monay |
20:36.33 | Nirkus | toiz: thats you opinion |
20:36.36 | toiz | people ALWAYS cost more than hw |
20:36.41 | toiz | thats proven on here |
20:36.44 | toiz | >< |
20:36.50 | Nirkus | toiz: thats bullshit :) |
20:36.56 | toiz | in de its not?:D |
20:37.40 | toiz | random juniper for medsize company is max 2000 eur, using a derivate with os and sysadmin, costs every year afuckin salary++ |
20:37.47 | Nirkus | poeple always cost money, but we administer a company of >100 employees with 3 subsidiaries in a team of 2 full-time and 2 part-time admins |
20:37.54 | toiz | tell me what is your monthly salary? |
20:38.21 | Nirkus | toiz: as i am still a student, i dont have a fixed salary |
20:38.31 | toiz | 100-500 employee companies here usually have 1 admin and 1-2 support prsonnel |
20:38.55 | toiz | our admins get min 2000 eur every month |
20:38.55 | Nirkus | toiz: what is 'support personnel'? |
20:39.02 | toiz | random it guys |
20:39.07 | toiz | who install xps |
20:39.09 | Nirkus | doing what? |
20:39.11 | Nirkus | ah |
20:39.11 | toiz | proccess helpdesk |
20:39.13 | toiz | etc |
20:39.38 | Nirkus | we dont have that seperation.. we have our 2 + 2 team for everything |
20:39.42 | toiz | 2000 eur per months means 3500 eur for company |
20:39.47 | toiz | cause taxes are aswesome |
20:39.54 | toiz | a ok |
20:40.02 | Nirkus | our team leader has something less than 50k a year |
20:40.08 | toiz | eur? |
20:40.13 | Nirkus | yes |
20:40.19 | toiz | i am calculating |
20:40.51 | toiz | thats 62 000 + eur every months for company |
20:41.03 | toiz | i mean take off 10% of his slary |
20:41.08 | toiz | and u get 3 junpiers |
20:41.11 | toiz | >< |
20:41.26 | toiz | UPS |
20:41.31 | toiz | 30 UNIPERS |
20:41.38 | toiz | no i am calculating wrong |
20:41.39 | toiz | wry |
20:41.41 | toiz | sry |
20:41.44 | toiz | we have night here |
20:41.52 | Nirkus | and who will organize the budget, on which hardware will you run all the developement systems and test databases and who will administer the 2 other subsidiaries and .. |
20:41.58 | toiz | 6200 euros every month and 3 junipers |
20:42.13 | toiz | 1 guy admin |
20:42.21 | toiz | 0,5 guy on budget |
20:42.43 | toiz | 1-2 guys support personnel with low salary |
20:42.46 | toiz | happens in estonia |
20:42.47 | toiz | << |
20:42.56 | Nirkus | hehe |
20:43.06 | toiz | we also buy m$ servers |
20:43.07 | toiz | :D |
20:43.18 | Nirkus | and you support application servers and web servers and all that stuff, too? |
20:43.46 | toiz | 14 custom web apps (most iis+mssql, some apache+mysql/postgre) |
20:43.57 | toiz | then all typical m$ stuff |
20:44.07 | toiz | like ads, backups, antivirs and so on |
20:44.12 | Nirkus | we have 1 guy out of our team for the M$ stuff :) |
20:44.21 | toiz | how many m$ servers? |
20:44.34 | toiz | not physically counting |
20:44.38 | toiz | one virtual is 1 server |
20:44.56 | Nirkus | um... 1 exchange server, 4 AD servers, 1 WSUS/print/antivir/. server and some hyperV servers hosting windows developement systems |
20:45.01 | Nirkus | plus the desktops |
20:45.05 | toiz | hmm |
20:45.09 | toiz | how many desktops? |
20:45.16 | toiz | ad servers are only ad? |
20:45.28 | Nirkus | something > $number_of_employees |
20:45.29 | toiz | exchange can take time if it is massive |
20:45.33 | toiz | k |
20:45.41 | toiz | if he admins desktops too it is pretty even |
20:45.47 | Nirkus | toiz: yes, ad servers only do AD |
20:45.54 | toiz | if not then i can do all those servers for .. lets say... |
20:46.04 | toiz | 600 EUR per month |
20:46.14 | toiz | of when u rent me from my company then |
20:46.19 | toiz | 1200 EUR /months |
20:46.22 | Nirkus | we seperated exchange and WSUS and antivir and foo so the AD boxes are free |
20:46.45 | toiz | why do have free ad servers? |
20:46.52 | toiz | are u having terminal on them? |
20:47.04 | Nirkus | toiz: no, terminal server is a virtual machine |
20:47.06 | toiz | ad takes 0 resource pretty much |
20:47.08 | toiz | k |
20:47.25 | toiz | echange takes a lot and yes should be separated |
20:47.27 | toiz | but ad.. |
20:47.28 | Nirkus | toiz: yes, but all the other services on other boxes need ressources and depend on AD |
20:47.45 | Nirkus | so when you move them to more potent machines, you get free boxes doing AD |
20:47.46 | Nirkus | :> |
20:47.48 | toiz | are they at least in one virtual?:D |
20:47.54 | toiz | aaa |
20:47.55 | Nirkus | hehe |
20:47.56 | toiz | ok:D |
20:47.59 | toiz | thats normal |
20:48.12 | toiz | so your servers happen to be in estonia |
20:48.15 | toiz | 1200 EUR |
20:48.18 | toiz | >< |
20:48.21 | Nirkus | every subsidiary has 1 virtual AD and the main subsidiary has 1 physical box extra |
20:48.24 | toiz | only servers |
20:48.32 | toiz | mby i do all desktops for another 1200 eur |
20:49.08 | toiz | mby i should do "piece jobs" for you>< |
20:49.18 | Nirkus | toiz: so ⬠2400,- for the job our windows admin does? that are 28.8k/year |
20:49.38 | toiz | like one windows 2003 R2 SP2 install with random M$ services will cost u 300 eur |
20:49.45 | Nirkus | i think, our windows admin gets something between 35 and 40 |
20:49.54 | toiz | 28,8 year seems fair |
20:49.56 | toiz | y |
20:50.08 | toiz | hehe |
20:50.08 | Nirkus | its just a guess |
20:50.10 | toiz | ok almost>< |
20:50.14 | Nirkus | dont know his actual salary |
20:50.19 | toiz | BUT |
20:50.22 | toiz | this 28,8 is |
20:50.28 | toiz | when u rent me from my company |
20:50.34 | toiz | if you take me firectly |
20:50.36 | Nirkus | how much do you pay /month on rent and supplies? |
20:50.43 | toiz | direclt with contract |
20:50.45 | toiz | its hald |
20:50.48 | toiz | = 14,4 |
20:50.50 | toiz | half |
20:50.59 | toiz | what rent what supplies? |
20:51.03 | toiz | aaaa |
20:51.23 | toiz | we dont count like so in there |
20:51.23 | Nirkus | rent for your $home and supplies to stay alive ;) |
20:51.29 | toiz | aaa |
20:51.30 | toiz | hmm |
20:51.34 | toiz | 1 sek |
20:51.42 | toiz | home is 200 eur a months |
20:51.45 | toiz | cause its my own home |
20:51.51 | toiz | its only water and inet and shit.. |
20:51.56 | Nirkus | k |
20:51.58 | toiz | food is another 200 |
20:52.06 | toiz | living good is 200 |
20:52.14 | toiz | car is like in random EU country |
20:52.26 | toiz | if i would rent |
20:52.34 | toiz | home is 500/600 |
20:52.38 | toiz | food still 200 |
20:53.05 | toiz | but i need to buy lots of suits so all this 28,8-12x800= suits |
20:53.11 | toiz | i like dressing nice |
20:54.04 | Nirkus | so, in karlsruhe (germany) you would pay about 500 to 1k⬠rent a mont (depending on locationw ithint he city and size) + water,heat,inet, ... and food ... id say about 400 a month |
20:54.25 | Nirkus | hehe |
20:54.28 | toiz | 1500 then + food? |
20:54.58 | Nirkus | 1500 + food would be a very big home near the center |
20:55.04 | toiz | hehe |
20:55.04 | toiz | >< |
20:55.09 | toiz | thats fine by me |
20:55.14 | toiz | anyways coming back to the point |
20:55.20 | Nirkus | average id say you have 800-1000 + food |
20:55.23 | toiz | i see a future making onetime jobs to foreigners |
20:55.35 | toiz | like configuring one project via remote admin or so |
20:55.42 | toiz | or sending me a server via POST |
20:55.47 | Nirkus | you mean like freelancing? |
20:55.51 | Nirkus | hihi |
20:55.52 | toiz | i install and conf and send it back |
20:55.52 | toiz | yes |
20:55.55 | toiz | we do that here |
20:55.57 | toiz | in estonia |
20:56.01 | toiz | we SEND SERVERS VIA POST |
20:56.07 | toiz | between cities |
20:56.28 | Nirkus | lol |
20:56.32 | toiz | so they send me server, i install 2003 R2 + ad + terminal, send it back |
20:56.37 | toiz | i get 300 eur |
20:56.53 | toiz | they send me server + eopen keys or smth |
20:57.02 | toiz | you dont do that? |
20:57.49 | Nirkus | i mainly work at netpioneer and sometimes do little jobs for some people or companies like setting up vpn appliances or something |
20:57.59 | toiz | k |
20:58.07 | Nirkus | so that server is a 1 day job if everything works out fine? |
20:58.13 | toiz | hmm |
20:58.15 | toiz | no |
20:58.17 | toiz | 3 hour job |
20:58.27 | toiz | i have installed SO MANY WINDOWS SERVERS MAN |
20:58.28 | Nirkus | nice salary, then |
20:58.29 | Nirkus | :) |
20:58.33 | toiz | i do it 3 hour |
20:58.40 | toiz | if something fails then a day yes |
20:58.44 | toiz | or 2 |
20:58.58 | toiz | but usually wont fail unless too new HW etcetc |
20:59.05 | toiz | new services i dont know yet etcetc |
20:59.11 | toiz | if all is old then 3h |
20:59.35 | toiz | 10 min raid config, 1h win istall, 30 min-1h updates depending of media i am installng |
20:59.48 | toiz | 1h = ad, dhcp, dns, terminal, you name it |
21:00.08 | Nirkus | hehe, k |
21:00.12 | toiz | antivir= <30 min |
21:00.18 | toiz | andvir center= 1-2 hour |
21:00.27 | toiz | we have all counted up:D |
21:00.52 | toiz | proffessional estonian it businesses give EXACT plan to client |
21:00.58 | toiz | where is actions and timesoncumtion |
21:01.09 | toiz | usually they put 20% time buffer extra |
21:01.12 | toiz | in case of failures |
21:01.20 | toiz | thats all |
21:01.43 | toiz | when HW is not updated then: |
21:02.00 | toiz | IMM/RASII config 30 min, all bios/raid/imm patches 1-4h |
21:02.31 | toiz | imm/rasII is management chip for ibm servers then, if u dont know yet |
21:02.45 | toiz | its like a minicomputer connected to master server |
21:03.02 | toiz | dell and other brand have derivates but i mainly support IBM |
21:03.07 | toiz | IBM + M$ = win |
21:03.13 | toiz | >< |
21:05.19 | Nirkus | toiz: yes, with dell its called "RAC" |
21:06.10 | Nirkus | toiz: need to get away from my laptop.. cya in here? |
21:06.18 | Nirkus | was interesing, talking to you |
21:15.45 | toiz | u 2 |
21:15.51 | toiz | cya>< |