Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
16
Installation and Upgrades / Re: Lack of documentation - DNS setup
« on: February 18, 2010, 04:30:53 am »
Oceanwatcher,
Is you ebox visible from outside your local LAN? if so what did you do to accomplish that? I have been complaining about better documentation of what has to be done exclusive of configuring ebox to get these services running correctly.
-jeff
Is you ebox visible from outside your local LAN? if so what did you do to accomplish that? I have been complaining about better documentation of what has to be done exclusive of configuring ebox to get these services running correctly.
-jeff
17
Installation and Upgrades / Re: Finding and thoughts on LDAP (Support for Master-Slave)
« on: February 18, 2010, 02:38:07 am »
Christan,
You have convinced me. HA for the SMB is less important than all of the issues you raised... (* But I still want it!!!!
*).
-jeff
You have convinced me. HA for the SMB is less important than all of the issues you raised... (* But I still want it!!!!
*).-jeff
18
Installation and Upgrades / Re: eBox as LAN NTP server
« on: February 18, 2010, 02:29:17 am »
Sam, For some fun reading on time http://physics.nist.gov/GenInt/Time/ancient.html
Some background, A stratum 0 clock is a clock that can generate very accurate time. That is fed into a computer to make a Stratum 1 Server. A stratum 1 server can be the source for time for many Stratum 2 servers. Each step removed from the clock causes an increment in the stratum number. So a stratum 2 server keeps less accurate time than a stratum 1 server.... In large stable networks where the source clock is GPS based or Cesium atomic clock, even the stratum 3 servers will often be within a few hundred nanoseconds of "True Time". Very highly accurate time indeed. - very much more than needed at most locations.
Consider a larger environment where you have thousands of systems that you want to keep good time. Such an environment often has 1 or more stratum 1 servers that may talk to each other to help each of them keep better time than they could alone and typically a stratum 2 server in every DHCP zone. By using DHCP settings all of the systems in your environment can be told what list of systems to use for NTP synchronization. And because it is served by DHCP you don't have to keep entering it into each systems configuration by hand; DHCP does it for you.
It is my experience that the more you automate the more you get done and the more consistent it is.
The most accurate clocks can now keep time to withing one second in over 400 million years....
-jeff
Some background, A stratum 0 clock is a clock that can generate very accurate time. That is fed into a computer to make a Stratum 1 Server. A stratum 1 server can be the source for time for many Stratum 2 servers. Each step removed from the clock causes an increment in the stratum number. So a stratum 2 server keeps less accurate time than a stratum 1 server.... In large stable networks where the source clock is GPS based or Cesium atomic clock, even the stratum 3 servers will often be within a few hundred nanoseconds of "True Time". Very highly accurate time indeed. - very much more than needed at most locations.
Consider a larger environment where you have thousands of systems that you want to keep good time. Such an environment often has 1 or more stratum 1 servers that may talk to each other to help each of them keep better time than they could alone and typically a stratum 2 server in every DHCP zone. By using DHCP settings all of the systems in your environment can be told what list of systems to use for NTP synchronization. And because it is served by DHCP you don't have to keep entering it into each systems configuration by hand; DHCP does it for you.
It is my experience that the more you automate the more you get done and the more consistent it is.
The most accurate clocks can now keep time to withing one second in over 400 million years....
-jeff
19
Installation and Upgrades / Re: eBox as LAN NTP server
« on: February 16, 2010, 04:41:50 am »
Guys,
DHCP Option 42 is for listing NTP servers that the clients are to use for NTP services.
"
42
Variable (Multiple of 4)
Network Time Protocol Servers: Specifies a list of IP addresses of Network Time Protocol servers the client may use. Servers are listed in the order of preference for the client to use.
"
Is a quote from http://www.tcpipguide.com/free/t_SummaryOfDHCPOptionsBOOTPVendorInformationFields-5.htm
This makes it easy to keep all of the DHCP clients consistently configured. - The main reason for DHCP.....
-jeff
DHCP Option 42 is for listing NTP servers that the clients are to use for NTP services.
"
42
Variable (Multiple of 4)
Network Time Protocol Servers: Specifies a list of IP addresses of Network Time Protocol servers the client may use. Servers are listed in the order of preference for the client to use.
"
Is a quote from http://www.tcpipguide.com/free/t_SummaryOfDHCPOptionsBOOTPVendorInformationFields-5.htm
This makes it easy to keep all of the DHCP clients consistently configured. - The main reason for DHCP.....
-jeff
20
Installation and Upgrades / Re: Finding and thoughts on LDAP (Support for Master-Slave)
« on: February 16, 2010, 02:36:52 am »
All,
Ubuntu vs any other distribution is a good discussion those of you in the know can have, and I'll enjoy following it, just let me know where it is.
In my post I was just saying what I believe to be a true path for success for both eBox as a project and the company behind it.
I concur that stability is the most critical item. After that it has to do what is expected.... well maybe those two should be reversed.....
After that then I'd put HA/FT.....
After that easy of use and breath of functionality become an issue...
But understand I am the Senior Security Technical person for a 100,000+ user federal government organization.... so my priorities are sort of biased.
-jeff
Ubuntu vs any other distribution is a good discussion those of you in the know can have, and I'll enjoy following it, just let me know where it is.
In my post I was just saying what I believe to be a true path for success for both eBox as a project and the company behind it.
I concur that stability is the most critical item. After that it has to do what is expected.... well maybe those two should be reversed.....
After that then I'd put HA/FT.....
After that easy of use and breath of functionality become an issue...
But understand I am the Senior Security Technical person for a 100,000+ user federal government organization.... so my priorities are sort of biased.
-jeff
21
Installation and Upgrades / Re: Finding and thoughts on LDAP (Support for Master-Slave)
« on: February 15, 2010, 05:18:38 pm »
Christian,
I agree that for small environments MM is not as critical as it is for larger environments.
Most home users will not use it, the few that do really don't have a REQUIREMENT for it, just a desire at most.
Most everyone would agree that for HA/FT architectures it is a must.
For this product to gain more acceptance in the SMB arena then HA/FT and thus MM is a absolute requirement.
That is not to say that MM is a requirement for this next release or even this year, But I believe that that it has to be on the road map.
-jeff
I agree that for small environments MM is not as critical as it is for larger environments.
Most home users will not use it, the few that do really don't have a REQUIREMENT for it, just a desire at most.
Most everyone would agree that for HA/FT architectures it is a must.
For this product to gain more acceptance in the SMB arena then HA/FT and thus MM is a absolute requirement.
That is not to say that MM is a requirement for this next release or even this year, But I believe that that it has to be on the road map.
-jeff
22
Installation and Upgrades / Re: Block by time based on IP address
« on: February 14, 2010, 08:56:15 pm »
You know that made me think. and thats usually dangerous for the status quo!
It would be wonderful if we could allow different users different levels of access to internal and external resources. Limitations by TOD, by Protocol, by Sites, by detestations, by origin, etc....
This would allow me to setup rules so that when my users connected to the network via a VPN, from their desk or at certain times of the day, I could chose to give them different access to internal and external recourses. That would be cool.
-jeff
It would be wonderful if we could allow different users different levels of access to internal and external resources. Limitations by TOD, by Protocol, by Sites, by detestations, by origin, etc....
This would allow me to setup rules so that when my users connected to the network via a VPN, from their desk or at certain times of the day, I could chose to give them different access to internal and external recourses. That would be cool.
-jeff
23
Installation and Upgrades / Re: Block by time based on IP address
« on: February 14, 2010, 08:45:21 pm »
Javier,
I remember that now, there was a desire to allow internal users selected access times.
I'd say that the ability to incorporate additional white/black lists on a time basis would be a really good thing. That way I could say have a set of "Normal" white/black lists and then add additional ones for short periods of time Like lunch break and after hours or shut down the whole network while backups are going on.... the Ideas here are pretty big.
Besides the ability to have multiple white and black lists is really cool, once that is in place the ability to add and remove them based on some schedule sounds easy to do conceptually.... but of course that's true for lots of really cool stuff that never gets out of the rats nest of actual implementation.
-jeff
I remember that now, there was a desire to allow internal users selected access times.
I'd say that the ability to incorporate additional white/black lists on a time basis would be a really good thing. That way I could say have a set of "Normal" white/black lists and then add additional ones for short periods of time Like lunch break and after hours or shut down the whole network while backups are going on.... the Ideas here are pretty big.
Besides the ability to have multiple white and black lists is really cool, once that is in place the ability to add and remove them based on some schedule sounds easy to do conceptually.... but of course that's true for lots of really cool stuff that never gets out of the rats nest of actual implementation.
-jeff
24
Installation and Upgrades / Re: Block by time based on IP address
« on: February 13, 2010, 02:05:12 am »
Javier,
I thought that the ability to block specific sites by the tuple of (Address, TOD) was on the features list, is it not?
-jeff
I thought that the ability to block specific sites by the tuple of (Address, TOD) was on the features list, is it not?
-jeff
25
Installation and Upgrades / Re: Finding and thoughts on LDAP (Support for Master-Slave)
« on: February 13, 2010, 02:00:13 am »
Alvinquah,
The long term plan is to remove this limitation on what can run on the Master. Most modern directory servers can actually run in a "Multi-Master" mode where every instance is a true Master and none of them are limited to being a Slave. But getting LDAP to that level is still several years off in my understanding. But eBox should be able to remove the limitation on the Master server in a few versions. Javi or another staff member can speak to that better than I.
-jeff
The long term plan is to remove this limitation on what can run on the Master. Most modern directory servers can actually run in a "Multi-Master" mode where every instance is a true Master and none of them are limited to being a Slave. But getting LDAP to that level is still several years off in my understanding. But eBox should be able to remove the limitation on the Master server in a few versions. Javi or another staff member can speak to that better than I.
-jeff
26
Installation and Upgrades / Re: Remaking the eBox sidebar (discussion help needed)
« on: February 13, 2010, 01:12:52 am »
Saturn2888,
Yes, I have seen your posts, but the documentation says that the MASTER can not have any services running that are dependent on usersandgroups....
-jeff
Yes, I have seen your posts, but the documentation says that the MASTER can not have any services running that are dependent on usersandgroups....
-jeff
27
Installation and Upgrades / Re: Remaking the eBox sidebar (discussion help needed)
« on: February 11, 2010, 11:28:25 pm »
Well with the new Master and Slave arrangement I'd say that LDAP Master is one as well, and it has significant restrictions on what else can reside on the eBox system.
-jeff
-jeff
28
Installation and Upgrades / Re: Remaking the eBox sidebar (discussion help needed)
« on: February 11, 2010, 06:29:10 am »
I agree that the amount of clicking needed to do just about anything is way too much, but finding the right idea to organize around is the first thing needed in my book.
Maybe, one approach is to base the organization around the IDEA of roles (that the server is supporting). The most efficient method to organize the settings needed to configure a GATEWAY system is most likely quite different from the most efficient method to organize the settings needed to configure a FILE Server.
-jeff
Maybe, one approach is to base the organization around the IDEA of roles (that the server is supporting). The most efficient method to organize the settings needed to configure a GATEWAY system is most likely quite different from the most efficient method to organize the settings needed to configure a FILE Server.
-jeff
29
Installation and Upgrades / Re: Do you like EBOX ? TELL IT HERE TO ENCOURAGE THE EBOX COMPANY !!
« on: February 11, 2010, 05:44:14 am »
They do a wonderful job, and this is a great product.
-jeff
-jeff
30
Installation and Upgrades / Re: WAN-eBox-server-Switch or WAN-Switch-eBox?
« on: February 11, 2010, 05:27:33 am »
OK, if the two external networks come into only one interface - Switch first - can you set up bonding? Load Balancing? Traffic Shaping?
-jeff
-jeff