Бейне

Thanks for the feedback Good to know the video helped

Thanks for the feedback and good to know the video was useful

Good to hear the video was helpful

It's a great hypervisor to work with Glad the video was helpful

@Tech Tutorials - David McKone thx for your info. Installing with VT-x Disabled first did the trick. After proxmox installation i just enabled VT-x again. Just a little quirk/hurdle i had to o overcome.

Proxmox VE should work fine with most SSDs as the operating system is Linux, Debian to be specific Is the drive detected in the BIOS? E.g. can you configure the computer to boot from that SSD using the BIOS boot order? If not then the operating system won't see it and won't be be able to use it

Thanks for the feedback and the sub Good to know the video was helpful

Good to know the video was useful

Thanks for the feedback and good to hear the video was helpful

Good to hear the video was helpful

Good to know the video was useful

@Tech Tutorials - David McKone Not just the management interfaces, The switches themselves are made for Netgear by different companies. The status lights on each port function quite differently on different models for example.

I don't buy that many switches to have noticed I found differences between this last one and one I already own but I wasn't aware the management interface was by different developers

@Tech Tutorials - David McKone I totally understand. My provider won't help me unfortunately. Anyway thank you!

@dimitris I would suggest asking your cloud provider for further details The channel is for educational purposes I do provide some assistance for each video but only if it's not quite understand, has mistakes, etc. But I don't provide technical consultation or support

@Tech Tutorials - David McKone Thank you for your reply. I'm afraid i dont understand what you mean. My server is in a cloud infrastructure so i dont have physical access, or management on providers switches. My server has one physical network adapter, with a public IP assigned from my cloud provider. My server is virtually conected to a vSwitch (VLAN 4005) by which it can communicate with the rest of my private network. In order to that i need another virtual adapter, vlan aware, with proper IP configuration (10.x.x.x/16). In windows (hyperv) envrironments i do that with NIC Teaming, which creates 2 virtual interfaces, one configured with public IP, and one with local IP with vlan tag (4005). Now, in order for my VMs to have similar configuration, in HYPERV settings, i create two different vSwitches, one assigned to virtual adapter with public IP, and the other assigned to the adapter tagged with vlan 4005). When i create a windows VM, there are 2 network interfaces inside the OS, so that way I can config the 1st interface with a new public IP (ordered from my provider), and then i can config the 2nd one with local IP. Im sorry about repeating myself and for the long comment but I cannot find a way to do the same thing in Proxmox. In need my Windows VM to have 1 interface with public IP (no VLAN) and 1 interface with local IP (VLAN 4005) configured. How do i do that?

If there's only one physical NIC then that could remain the physical connection for the Linux bridge If you connect the server direct to an Internet provider though it would be best to install a virtual firewall in the hypervisor As in the video, configure the Linux bridge to be VLAN aware and the physical switch to allow the necessary VLANs to the hypervisor The firewall will need to be assigned vNICs in the Public VLAN and Local VLAN The hypervisor will need a virtual interface itself in a Local VLAN so that it can be managed from there

Thanks for the feedback Good to know the video was helpful

@Tech Tutorials - David McKone thank you very much for your input! Much appreciated! Would you believe the detailed PDF (which I had read) lists an incorrect command, missing the -p profile info and also the -d which is a requirement! But.. I've done it! I found a command which lists the profiles available within an image which is "esxcli software sources profile list -d /vmfs/volumes/<datastore-id>/<path>/<update-zip-filename>". This gave me the profile name I needed for the update (which was: "HPE-Custom-AddOn_703.0.0.11.2.0-9 "). I Updated the update -p section of the command which went through perfectly and server has rebooted on 7.0 Update 3 quite happily :)

I haven't seen the other comment but this one was in held for review as it contains "coding" details The profile name and file name look very different and I'm not familiar with the HPE servers to suggest what should work so you'll probably have better luck asking on the VMware or HPE forums While I was looking around though I did come across this vibsdepot.hpe.com/getting_started.html But I'm not sure if that helps Otherwise there was a much more technical PDF for ESXi on HPE servers www.hpe.com/psnow/doc/a00061651enw?jumpid=in_lit-psnow-red

Good to know the video helped I never like upgrading a hypervisor as there are too many dependencies Thankfully ESXi allows you to nest hypervisors so I can at least test patches out first

Good to hear the video was useful

@Bhupinder Singh It just connects to the repositories and downloads what's there So if you don't want the latest version then wait until it has been out longer I'm not seeing a manual option for updates other than to install over the top from an ISO

@Tech Tutorials - David McKone Can we specify the version in the no subscription mode?

As ever it depends It's usually best to use the latest version as long as that version isn't too new If it was only released last week or even last month, it hasn't had enough time for new bugs to be detected and reported and the last thing you want is to upgrade to a version that makes the computer unusable Having said that, a majority security fix can take precedence If there's a chance of a vulnerability being exploited on a computer then an upgrade to the newer version is essential

The other VLANs need to be serviced by a router or firewall in the other VLAN Computers on a network need a default gateway in the same VLAN to reach the Internet That device will then forward the traffic for them If your Asus router supports VLANs then it could be configured to do that but the switch port will need to be converted into a trunk port for this to work If it doesn't, but it has multiple physical interfaces then one interface could be placed in this other VLAN to service those computers Otherwise you need another device that either supports VLANs on a single interface or has multiple physical interfaces

Good to hear the video was useful

@Bhupinder Singh A Linux server and thus Proxmox VE do support LACP But its use depends on the physical switch If you have one single physical switch that supports LACP then you can bond two interfaces together to that switch to increase overall bandwidth The problem is if you want redundancy to cover against switch failure If you have two physical switches they need to support some form of Multichassis LACP, also known as MLAG. This allows the two switches to be managed and behave as if they were a single switch. You can then have an interface in both switches and LACP configured If they don't and will be managed independently then you have to configure the server interfaces in Active/Backup mode. You can't configure LACP like this. And you can't use an Active/Active set up as it will lead to problems for the underlying network as well as connectivity problems

@Tech Tutorials - David McKone HI David your replies are very helpful. A short question on Cluster setup. --- Documentation says the Bond Mode Should be Active-Backup mode if cluster is considered. LACP not supported. Would Using a Bond (as bridge port) enable LACP to be used? OR at the start we should use Active-Backup. It would be a waste of resources if the NIC cards are 50GBPS and one is a standby. Your thoughts will be very valuable.

@Bhupinder Singh You would still need separate VLANs as a computer can't have more than one interface in the same subnet If you use physical interfaces though then you only need to configure them on the physical switch ports

@Tech Tutorials - David McKone So If I dedicate a physical interface that is 1GB for Mgmt, another physical interface 1 GB for Corsync, Separate Physical interface for VMs, Separate interface for Storage. The Corsync will be a VLAN dedicated to it. Does VLANs require any special precaution. Shall appreciate your valuable thoughts on this approach.

@Bhupinder Singh Ideally a separate interface as well but just VLAN is fine as long as the physical interface doesn't have too much traffic

@Tech Tutorials - David McKone Makes sense too. thank you for your reply and keep making videos. It's nice to watch them. No unnecessary content, directly focused on the topic 👌

I'm not aware of similar behaviour with maintenance mode for ESXi The security guidance I've seen is to isolate the management interface to limit where remote management access can come from but nothing about limiting the the number of login attempts or the number of connections Makes a lot of sense then as to why SSH is automatically disabled after the server reboots Maintenance mode itself is more for clusters I think because it would stop other hypervisors migrating VMs to the one being worked on and also immediately after it reboots In this case we're pre-patching an update which takes effect after the reboot so it doesn't really matter as it's a standalone hypervisor

Thanks for the suggestion

Many thanks, much appreciated

@Tech Tutorials - David McKone Thank you for your prompt response. I just wanted to configure the switch in a way that some of the ports would face WAN part of the network and I wanted to prevent end devices connected to these WAN ports from being able to connect to the switch IP address....for security reasons. I was considering buying Netgear since I thought it would have better firmware, but it seems most of the switches in this category will have the same issue with this. Anyway, thank you very much for your videos, they are always very helpful and comprehensible.

Unfortunately this Netgear switch doesn't provide an option to change the management VLAN. It's stuck on VLAN 1 so that's what I'll access it on But I know on some models it isn't possible to remove VLAN 1 from a port, even if you want to As far as I recall Cisco switches allow you to remove VLAN 1 from a trunk but it actually remains active because their switches communicate with each other using VLAN 1 regardless So it's possible that's what you're experiencing

Difficult to say what the exact problem is but there will be an error in the file so you need to check it line by line to see what that is

@Tech Tutorials - David McKone understood. Thank you.

Good question The video is only meant to cover the basics of firewall rules It wasn't intended to cover the mechanics of how a firewall forwards traffic from one network to another So this firewall was only given some basic interface settings so I could provide practical advice on how to structure firewall rules

Well one day I just decided that with all the stuff I've learned over the years, plus what I'm still learning, why not share that and help folks?

Sounds like an intermittent problem Try putting the sensor closer to the Zigbee radio that HA is using and see if that resolves the problem If so then the signal near the door isn't strong enough Mains powered Zigbee devices like smart bulbs and smart plugs can act as relays to boost the signal in an area If not then ZHA may either have a problem with that sensor or the sensor itself may have a problem Try putting another Zigbee device where the door is and see what results you get with that Mind you, it's also useful to put the Zigbee radio on a USB extension lead to improve the radio reception

Thanks for the feedback And good to know the video was helpful

Yeah I think calling Zenarmor a NGFW plugin is misleading I've used various vendor firewalls and Zenarmor doesn't come close to offering anything like they do It is useful for the traffic monitoring and basic threat protection, but that's about it

Thanks for the feedback and good to know the video was useful

I've found Node-RED to be extremely useful for HA It makes the automation so much easier to set up but also to test and troubleshoot rules

This is my ESXi version as reported by the GUI, yet i get this error when trying to update

Taking snapshots of VMs has got me out of several update problems over time But good to know the video was helpful

I'm happy using shored storage for now as it's easier to backup, but at some point I might start using ceph As for cluster size though, the more you have the more likely something will go wrong So unless you have a really big network you would have 3 nodes with lots of CPU and memory After that you scale to 5 You mentioned 6, but clusters should have an odd number of nodes when all are working to avoid the risk of a voting tie

Good to know the video was useful

Good to hear the video was helpful

Thanks for the feedback, always appreciated

That's true

I'm using Linux, Pop!_OS to be specific

@Peter Moore You can control sudo rights for individual users If all I do is add a user to the sudo group that person can basically elevate any command But you can edit the /etc/sudoers file and restrict which commands that person can elevate using sudo So even if a user does have sudo rights, you can block them from being able to install software with root privilege for instance

​@Tech Tutorials - David McKone when you sudo a command you give that command root privilege. So there is no security battle won here. Only more typing.

For security reasons, I prefer not to use the root prompt You can limit the commands users can access with sudo and also the environmentals change depending on who is logged in Some software insists on you being root, but out of habit I try to use sudo as much as possible

Not sure what IP address you are using but this needs to be one which is reachable by the computer you are trying to connect from E.g. if Proxmox is given an IP address of 172.16.19.11/24 then the computer I try to connect from needs an IP address in the range of 172.16.19.1 to 172.16.19.253, with .11 now used by Proxmox and .254 likely used by a firewall

Thanks for the feedback, much appreciated

For switches like these Netgear ones, you have what's known as a primary VLAN ID (PVID) By default it's set to VLAN 1 and you have to change it for each individual interface There is no global setting that I'm aware of On a trunk port you set this to be the native VLAN On an access port it will be the access VLAN

It's not installed by default anymore but you can install it manually I showed an example of installing other nodes towards the end of the video Look for the node-red-contrib-stoptimer

A hypervisor needs to have multiple interfaces for security reasons E.g. you want to restrict, as much as possible, any other way of managing the hypervisor other than through its management interface. So that needs a dedicated interface, behind a firewall and then you reduce which computers can access the management interface, who or what can login to the jump server, etc. Other interfaces are needed for different purposes and for security reasons they too should only be carrying the relevant traffic to reduce the risk of a breach Multiple physical interfaces also bring performance benefits and can avoid connectivity problems When you have a hypervisor cluster you'll want a storage interface, a cluster interface and a migration interface A hypervisor might need to access shared storage or use something like ceph for redundancy reasons. That can result in a lot of traffic being transferred between the hypervisors so it's best to put this on a dedicated interface so that the transfer is as quick as possible, but also so it doesn't slow down other parts of the hypervisor. A large data transfer over the management interface for instance could prevent remote access and then you can't even stop the transfer You can't afford interruptions to cluster traffic or the hypervisors might think one of the nodes is down for instance and that results in contention and problems for VMs. Even if you have a single NIC, having an isolated cluster network using VLAN interfaces still avoids traffic from other computers interrupting the cluster traffic and some computers can be very chatty. Computers have to stop and process broadcast, multicast and unknown traffic in their network even if it's just to throw it away because it's not relevant to them Similar to the storage interface, you should have a dedicated physical migration interface. Even if you have VMs on shared storage, a live migration requires transferring the contents of RAM over the network and that can be several GB. So imagine what happens when several VMs are being migrated And you also need a backup interface. Backups don't always go to plan and nobody likes getting into work to find a backup job didn't complete overnight and is oversubscribing the management interface or user VMs for instance. By keeping backup traffic to a separate interface, you can run backups 24x7, as long as you can handle file locks, BUT you can also do certain restores without interruption

@Tech Tutorials - David McKone Got ya thank you very much I appreciate it.

@Michael Cooper The migration interface is more for hypervisor to hypervisor transfers e.g. when the hd files are stored in local storage But when the hd files are put on a NAS, they stay where they are when the VM is migrated and the migration interface will be used for syncing the RAM contents between the two hypervisors In this case, if the VM hd files need to move from the NAS to another computer the hypervisor will pull the files over the NIC that connects it to the NAS And then send them over the NIC that connects it to where the files need to be sent It could be the same NIC, it could be more than one, it really depends on your situation If this transfer involves the migration or management interface depends on if they provide connectivity to the source or destination

@Tech Tutorials - David McKone Sorry to bother you again, I have a situation where I need to move VM hds from the current nas it is on so I can rebuild it and then move them back on to it. I have 2.5 gb switch which I am using for the migration under options will it move on the same network or will it use the management network?

Good to know the video was useful, so thanks for the feedback