Kindle vs Paper Books

I’ve been using a Kindle for about 6 years.  And have been reading paper books for longer than that!  I have two Kindles, one is the discontinued Kindle Touch, and the other is the newer Kindle Paperwhite.  Here are my thoughts on the Kindle and how eBooks compare to Print Books.

The Kindle Reading Experience

For much of the reading experience I prefer the Kindle.  It’s compact, lightweight, and easy to carry around.  With a kindle I don’t have to awkwardly hold a book open while my other hand is trying to not spill my cup of coffee.  Also when it starts to dim outside and I don’t quite have enough light I can turn on the backlight instead of the house lights.

Kindle Paperwhite vs Book

Backlight

So, e-ink displays don’t have as good of a contrast as real paper.  The reason Amazon calls their latest Kindle the “Paperwhite” is it has a backlight that can sort of match the brightness of paper by supplementing the light from your environment–the idea is you turn the backlight on just enough so that it still looks like it’s reflecting light like a book, but there’s just enough extra light to make it as readable as paper.   This does work, however I think the LED color Amazon chose is a failure.  The pure white LED backlight is too much in the blue spectrum and that’s very obvious when I’m reading under incandescent lights.  It’s okay in natural light but under incandescent lighting it should be warmer to match the surrounding atmosphere  This could affect health if reading right before going to bed.  I hope Amazon fixes this in the next version…maybe it should have RGB bulbs and a sensor to match the ambient light.

In very bright light paper wins out, but if the ambient light is dim as it often is in the Fall in Idaho the Kindle let’s me read a little longer before turning on the house lights.  This probably saves me 1 or 2  cents a year.

Physical Library Size

Kindle Library Size

The Kindle does have the advantage of being able to store my entire Kindle library wherever I am… not only is it smaller than 99% of my books, it can store all of my books in that space.

Fonts

90% of paper book publishers choose great fonts–but some don’t.  For some reason some publishers think their book needs a sans-serif font, or they pick a huge font, or too small a font, or the kerning is not normal.  It bugs me!  If you get the Kindle version you can override the publishers horrible font decision.  As an added bonus the font-size is adjustable so I can read anything without glasses.

Quality

I always prefer a good hardbound paper book to an eBook, however I’ve noticed lately a lot of authors are using cheap (self-publishing?) services–it seems to me the books are printed on demand and the quality is sometimes bad–I’ve had books that–the best way I can describe it is the book feels like I’m holding some ad-hoc document put together at a business conference rather than a book.  I’ll often opt for an eBook if I see the author is using a self-publishing service (not all self-publishing books come this way–I think it’s just a quality control issue so it’s a hit and miss).

Enjoying Books with Others

Eli and Jon reading maps

The social aspect of eBooks is poor.  Often when I’m on an airplane or a friend is at my house they’ll show interest in a book I’m reading or I have on the shelf and it makes a great conversation starter.  You just don’t get that with Kindle books because nobody can see what you’re reading.  Kids love physical books and will spend hours poring over maps, illustrations, and pictures which would be boring on a tablet.  I can easily give a paper book to a friend.  While Amazon has some provision for lending it’s very limited and it’s not as simple as handing your friend a book.

Highlighting and Taking Notes

For highlighting it’s a wash–the Kindle is sometimes a bit finicky when I try to highlight a passage and sometimes gets the wrong portion highlighted but for the most part I can get it.  I always read a book with a pen or pencil but I find underlining a passage without the line going through the words to take a little more effort.  For taking notes in the margin nothing can beat pencil or pen on paper.

Diagrams and Illustrations

Diagrams are pictures are generally bad on eBooks.  For simple graphics it does fine.  But if the book has illustrations they don’t look as great because the screen is smaller and you lose color.

Kindle Lack of Color

Also, the Kindle completely fails at tables… this table below has data that is illegible on the Kindle… it’s too small to read and there’s no way to rotate it into landscape mode.

Kindle Table Fail

 

Flipping Through Pages

The Kindle is useless here.   Even in the flip through the pages mode the e-ink display takes too long to refresh.  A real book is much easier–plus I remember the layout of a page and generally know what I was looking for was in the 1st quarter of the book so can find it in seconds.

Searching

Here the Kindle shines.  If you are looking for a keyword or phrase you can find it very quickly.

Visual Indicators of Progress

Kindle Progress indicatorThis is a big deal.  I am very spacial and use the physical feel of how many pages I have read and how far to go as part of my memory.  This is all lost on eBooks.  With paper books it’s easy to see your overall progress at a glance, and if you want to thumb a few pages ahead to see when the chapter ends it takes half a second.  With an eBook I get something like location 675 or 24%.  That’s meaningless to me.   A progress bar might be nice!  Something visual and not just numbers.  Even web-browsers have scrollbars!

Reading Books as a Group

When reading books for study with others eBooks fail–I tried this once but everyone else was referring to page numbers and I couldn’t get page numbers out of my kindle.

Free eBooks

Amazon has a lot of free Kindle books for Prime members.  I’ve found the free books aren’t really that good so not much of a gain.

Free Classic Books

There are a number of great classic books you can download from the Guttenberg project, this may save you from purchasing a few paper books.

Updates to Books

Some of my more technical books have received free Kindle updates when the author chooses to update the text.  This is a benefit in my mind.  I think it would be better if the Kindle would highlight the differences.

X-Ray

Kindle X-Ray People

One nice feature on the Kindle Paperwhite is the X-Ray.  You can enable it for the page you’re on and it will tell you about the characters and give you some context (if you’ve forgotten the previous chapters or missed it).

Kindle X-Ray Terms

Newspapers

You can read newspapers on the Kindle.  But it’s worthless.  The Wall Street Journal digital subscription is completely separate from the Wall Street Journal Kindle Digital Subscription.  I’m not going to buy a Digital subscription for both my computer and my Kindle.

Synchronization

One great thing about eBooks is I can read them on my Kindle, then bring up the book on my computer to review my highlights while typing up notes–but it’s a hit and miss.  This works for Amazon books I bought from the Amazon store.  But if you buy Kindle formatted books from not Amazon there’s no way to get them to open up in the Kindle for PC program (even though they are available in Kindle for Android).  Very annoying.

So, What’s Better?  Kindle eBooks or Old Fashioned Physical Books?

It really depends.  I like both for different reasons.  I do have a preference for Print Books and mostly because I can visually track progress and visually see the layout of pages and flip through them.  Generally if it’s a book I’ll probably read once I’ll just get what is cheaper… but obviously some I’m going to insist on getting the physical version.  One feature that Amazon does for /some/ books is if you buy a physical, you can get the Kindle version for free, or heavily discounted.  I do hope that this becomes standard practice going forward–that’s the best of both worlds.

Of making many books there is no end, and much study is a weariness of the flesh.   The end of the matter; all has been heard.  Fear God and keep his commandments, for this is the whole duty of man.  For God will bring every deed into judgment, with every secret thing, whether good or evil.

– Solomon, Ecclesiastes 12:12b-14

 

7 Homelab Ideas | Why You Should Have A Homelab

Why You Should Have a Homelab

In 1998 my friend gave me a RedHat Linux CD.  I spent hours each day experimenting with Linux–I loved it.  2 years later I’m in a room with 30 other students at a University applying for the same computer lab assistant job–I’m thinking my chances are grim.  Part way through the mass interview a man walks to the front of the room and asks if anyone has ever used Linux.  I raise my hand–I’m the only one.  He takes me out of the interview for the lab assistant job, introduces me to the department director.  They took me out to lunch.  By the end of the day I had my first job as a Systems Administrator.

Learn things on your own and it will broaden your opportunities.

One of the best ways to learn about systems, applications, and technology is starting a homelab.  A Homelab can give you an enjoyable, low stress, practical way to learn technology.  A homelab will also help you find out the technical areas in which you are interested.  It’s also practical in that you can use it to service your own home.

Here’s 7 Ideas for Your Homelab

1. Router /  Firewall

Ubiquiti EdgeRouter X

The most essential piece of equipment will be your router.  I started out with consumer routers that I’d flash to DD-WRT / Tomato but now I use a virtual pfSense router.  Routers are great to learn about DHCP, DNS, VPN, Firewalls, etc.  I discourage using the router provided by your ISP, they’re usually not very capable and often not secure.  In most cases you can buy a DSL or Cable modem instead of the ISP provided modem combined with the router.  One inexpensive physical router I’d recommend is the Ubiquiti EdgeRouter X.   Ubiquiti provides free software updates (their model is you buy the hardware and the software is free), and you’ll get a handful of advanced features–it’s a very capable router and much better than a typical consumer router–to step up from Ubiquiti you’d be going to pfSense, Juniper or Cisco.

2. Storage

Supermicro StorageThe main reason I started my homelab was storage.  I was taking a lot of family pictures and videos and wanted to save them.  I know there are cloud services, but at the time they were expensive, and then you’re sort of trusting that provider to not delete all your photos or get bought out by a larger company and shutdown.

Then I started using VMware.  I needed faster storage with more IOPS.  One of the best Homelab storage solutions is ZFS.  ZFS takes the best of filesystems, and the best of RAID, and combines them into a software defined storage solution that I’ve not seen any hardware technology able to match.  Two popular free ZFS appliances I like are Napp-It (based on OmniOS) and FreeNAS.  OmniOS is a fork of OpenSolaris and is very robust and has tight integration with ZFS.

FreeNAS LogoI’m currently using FreeNAS which is the free open source version of iX System’s TrueNAS which is used by organizations of all sizes–from small businesses with a few TB of storage to large government agencies with PBs of storage.  FreeNAS has done a great job at technology convergence.  It is both a NAS and a SAN allowing you to try both approaches to storage (I prefer NAS because it takes better advantage of ZFS, but many prefer using SAN and there are benefits and drawbacks to both), it also has many built-in storage protocols:  FTP,  iSCSI, NFS, Rsync server, S3 emulator, SMB (Windows file server), TFTP, WebDav, it can join AD, it can even be an AD DC  (if you like living on the edge) it has a built-in hypervisor (bhyve) to run VMs for whatever you want.  This is now marketed as hyper-converged storage.  All of it is completely free.  You can build your own FreeNAS server like I did, or get started with a FreeNAS Mini from iX Systems.

A few years after I learned ZFS for home, my employer was looking for a new storage solution so having this knowledge and experience was helpful.  I was able to determine one vendor with a traditional RAID solution didn’t handle the RAID-5 write-hole problem properly.

3. Virtualization

VMwareVirtualization allows you to run multiple virtual servers on the same piece of hardware.  VMware is king in the small to mid-size business hypervisor market, and VMware offers their hypervisor for free.  The free version is just like the paid versions except you won’t be able to use some features (most involving high availability and fail-over with multiple servers).  But you can learn most of the concepts and features of VMware.  I’ve tried to use a number of hypervisors but I always come back to VMware.  I consider VMware my basic infrastructure.  From there you can learn about other things like networking, storage, and play with any OS or Linux distribution you want to.

Knowing VMware was hugely beneficial, I’ve implemented it for several businesses, and one of my previous employers.  And knowing how it works means I can discuss the VMware stack intelligently with the ops team.

See my FreeNAS on VMware Guide if you’re interested in running a virtual FreeNAS server inside VMware.

4. Networking

A Homelab without decent networking won’t get you far.  Fortunately if you use VMware you can leverage it to use virtual network switches.  For physical switches I really like the Unifi products.  They are simple enough for non-network engineers like me.  Everything can be configured using the GUI.  Unifi exposes you to managed switches, central management (with the Unifi controller), VLANs, and PoE (Power over Ethernet), port trunking, port mirroring, redundant paths with spanning tree, etc.

Unifi 8 Port SwitchI started with this little 8-port switch (4 are PoE ports).  I also added a 24-port switch so I could learn how to do setup a LAG and configuring VLANs across multiple switches (which was really simple using the Unifi interface).  I also like Unifi’s philosophy–they sell you the hardware but the software is free–which means you don’t pay for maintenance or support but continue to get free updates.  In a homelab you may not need to go crazy on VLANs, but separating your main network from your IoT devices may be prudent.

Learning how to setup VLAN tagging, and link aggregation and understanding how networking works helps me communicate better with the network engineers when discussing design and deployment options–they may be working on Juniper or Cisco equipment but I know the concepts of what they’re doing.

5. Wireless APs

 

Having a robust wireless setup is also a necessity for a homelab.  If you have a large house you get to setup multiple APs and make sure they can handoff connections.  I use a Unifi AP Pro (I just use one because that’s all I need to cover my house, but if you can find an excuse to have 2 or more I’d recommend it since you can practice rolling updates without downtime, wireless handoff, etc.).  These are managed by the same Unifi controller as the switches.  I first gave them a try because I read Linus Trovalds uses Unifi APs, and they seem to be highly rated by tech professionals–and now I don’t think I’d go back to anything else.

I have written more about Unifi Equipment here.

6. Network Monitoring

Icinga

It is hard to maintain a reliable network and application stack without monitoring for failures.  There are hundreds of network monitoring solutions and it really depends on your needs.  The most widely deployed solution is Nagios.  I have had that on my Homelab, but lately I’ve been using Icinga because it’s simple and it integrates into Ansible.

7. Infrastructure Automation

Automating your infrastructure may not make as much sense in a small Homelab, but it does make sense to automate any task you do repetitively or a manual task that could be automated.  For me, this was  installing updates, deploying servers and renewing SSL certificates with Let’s Encrypt.  To manage this I use Ansible which is one of the most well thought out infrastructure automation tools I’ve seen.  Ansible can manage Linux and Windows servers.  Learning infrastructure automation, especially if you do it using version control and CI/CD tools like Azure DevOps (you can get a free account for up to 5 users with unlimited private repositories) is a great thing to learn for your career if you’re interested in the DevOps world.   The book, Ansible for DevOps by Jeff Geerling helped me get started.  I suggest getting the eBook since he has been known to provide updates to the book (not sure if he will continue to provide updates, but just in case).

At work we completely automated the deployment of Linux servers using Ansible–infrastructure as code.  It took a month of investment but it paid off big time with developers now being able to deploy VMware VMs at will with Ansible by making a Git Pull Request, our entire fleet of servers is updated automatically, and our server and configurations are all consistent.  This replaced an old process of waiting several weeks for a VM to be provisioned and configured by hand.

Bonus homelab application server ideas…

  1. Minecraft Server — popular Java game–it’s like playing with Legos and a great way to get your friends together for some casual games.
  2. Mumble Server – one of the best voice protocols for in-game communication.
  3. Emby Media Server — Anyone that has kids realizes those flimsy blu-ray drives aren’t going to last long.  It’s great to store and host movies, home videos, pictures, and audio.
  4. Asterix PBX Server – VoIP Phone server (use Twilio or Flowroute for SIP trunking).  Polycom makes great VoIP phones.  With Twilio SIP Trunking you can have a real landline phone number with E911 capability for a few dollars a month–and if you get multiple phones you can use it as an intercom system.
  5. Web Server (maybe start a blog) — I hosted this blog from a server in my house for years–until my ISP couldn’t handle the bandwidth.  Now days you can also use a service like CloudFlare to act as a CDN which really reduces your bandwidth usage.  Hosting your own blog is a great learning experience and gives you a place to log your homelab experiments, and share solutions to problems.
  6. Automatic Ripping Machine — Get all your Blu-Rays, DVDs, and CDs loaded onto your Emby server
  7. Backup server — I use a CrashPlan Business subscription to backup my FreeNAS server to the cloud (one of the main reasons I use a NAS as this would be less efficient with a SAN).  BackBlaze B2 is another great option to backup FreeNAS.

There are many more areas than I listed, but I think the above is a good baseline to get started.  Pick one area at a time–my homelab was built over many years–often the case is I will improve an area after a piece of equipment fails or I need to replace it for some other reason–that’s a great time to do research.  If you aren’t sure where to start, pick the area that you enjoy the most.  For areas you have no interest the best thing to do is something else–you’re probably not going to be great at something you don’t enjoy.   Certainly a homelab isn’t going to be a substitute for real-work experience.  But it does provide an environment to learn, experiment and enhance your abilities–and the great thing is since it’s your own lab you can learn things that interest you.

I think that’s the largest benefit of a homelab.  To me it’s a playground.  It’s a place put the love of learning into practice.  It’s a place of freedom.  Nobody else is dictating what you do here.  It’s a place to have fun while enhancing your skill.

Do you see a man skillful in his work?
He will stand before kings;
he will not stand before obscure men.     – Proverbs 22:29 ESV

 

 

OpenDNS and CleanBrowsing | DNS Content Filtering

What is DNS Content Filtering?

A DNS Based Content Filtering service can prevent certain websites from loading on your network.  Most services can filter by specific categories like malware, phishing, pornography, etc.  Unlike some content filtering which can introduce security risks, DNS filtering does not intercept traffic between you and the website you’re visiting.  It doesn’t require installing any software on your computer or device making it one of the safest ways to filter web content.

Using ClearBrowsing's DNS Service a typoed domains returns a code showing the domain does not exist
Google’s DNS server returns the IP address of the phishing site, while CleanBrowsing returns NXDOMAIN

If you you accidentally typo a popular domain (such as typing .cm instead of .com) it would normally take you to a phishing site.  A DNS filtering service would block your computer by returning an NXDOMAIN (domain does not exist) instead of the IP address effectively blocking the website from loading.  The same technique can be used to prevent any undesirable category such as malware, pornography, adware, etc. from loading on your network.

The other benefit of using a DNS filtering service is it can force certain search and media services (like Google and YouTube) into safe mode preventing anyone using your network from even seeing adult content in their search results.

Why Should I use One?

It’s not only a wise way to protect yourself from malware and temptation, but also when letting guests on your WiFi network–you don’t have to worry (as much) about what they’re doing, and also a good idea when you start letting kids online.  DNS filtering doesn’t take the place of parenting, and anyone with a little technical skill can bypass it, but it may help prevent your family and anyone using your network from accidentally stumbling across bad sites.  If it prevents one cryptolocker infection it’s worth it.

I think families, churches, home networks, small businesses, organizations, schools, large enterprises, and governments could benefit from DNS filtering.   You may not want to go overboard blocking content about illegal drugs and gambling, but at the very least you probably don’t want malware on your network!

Two DNS Filtering Services

I use two DNS content filtering providers services:  OpenDNS and CleanBrowsing.  Both have simple instructions to get started so I won’t repeat that here.  Both are free, work well, and my decision to use one or the other on a particular network just depends on the situation–although in most cases either would be fine.  It’s nice to have multiple options.

OpenDNS

OpenDNS Logo

OpenDNS has been around since 2006 and was acquired by Cisco in 2014.  It offers several free plans and some paid options as well:

  • OpenDNS Family Shield (Free).  Very simple–just set your router’s DNS servers to 208.67.222.123 and 208.67.220.123 and it’s pre-configured to block malicious and adult content.
  • OpenDNS Home (Free).  For more advanced control, allows for granular category filtering as seen in the screenshots below.  If your ISP has a dynamic IP you will need to use a DDNS client to update OpenDNS with your public IP.  Below are some screenshots to show the granularity:

OpenDNS Filtering Categories

OpenDNS Filtering Security Categories

  • OpenDNS Home VIP ($20/year) — Very affordable and adds the ability to white-list specific domains if they’re on the block list.
  • Cisco Umbrella — For businesses and larger enterprises.

CleanBrowsing

CleanBrowsing Logo

CleanBrowsing is a fairly new service, starting in February of 2017.

It offers three easy free filtering plans and 2 paid plains:

  • Security Filter (Free) – Set your router’s DNS to 185.228.168.9 and 185.228.169.9 to only block malicious domains (phishing and malware).
  • Adult Filter (Free)– Set DNS to 185.228.168.10 and 185.228.169.11 to block Adult domains, set search engines to safe mode (also includes the security filter).
  • Family Filter (Free)– Set DNS to 185.228.168.168 and 185.228.169.168 to block access to VPN domains that could be used to bypass filters, mixed content sites (like Reddit), and sets YouTube to safe mode (includes Adult and Security filters as well).
  • Basic Plan ($5/month) allows you to setup custom filtering categories and whitelist and blacklist specific domains.
  • Professional ($9/month) targeting small networks (less than 2,000 devices, for more than that you can get a custom quote).

CleanBrowsing DNS Filtering Map

OpenDNS and CleanBrowsing Comparison

OpenDNS has been around the longest, but CleanBrowsing is leading in innovation (note that my comparison is on the free or low priced consumer service, not the enterprise service from each provider):

OpenDNS advantages

  • Free account allows more control of specific categories
  • Blocked domains get redirected to page saying why page is blocked (better end user understanding of what’s going on than an NXDOMAIN for most people)
  • Been Around Longer.  More mature.

CleanBrowsing advantages

  • Security – Supports DNSSEC (prevents forgery of DNS results …some ISPs have been known to hijack DNS results).  Also supports DNSCrypt, DNS over HTTPS, and DNS over TLS.
  • Blocked domains return an NXDOMAIN (better practice than redirecting for technical/security folks)
  • Privacy Policy: CleanBrowsing States it does not log requests
  • Better Test Results on Adult content filtering: blocked 100% of adult content on a Porn Filter test by Nykolas Z (OpenDNS blocked 89%).
  • Much better Test Results Blocking Phishing Sites: CleanBrowsing blocked 100% of phishing sites on 3 out of 4 tests beating out OpenDNS in every area.  On the real-time test it allowed 1 out of 12 sites through, however OpenDNS only blocked 2 out of 12 sites.

Both OpenDNS and CleanBrowsing have very fast DNS resolution rates (probably faster than your ISP), with CleanBrowsing resolving slightly faster for me but within milliseconds of each other.  I think either service is worth using.

I have made a covenant with my eyes.
How then could I look at a young woman? — Job 31:1 CSB

 

MobaXterm Professional Review

I recently switched to MobaXterm Professional from PuTTY.  And I’m not looking back…

A PuTTY Alternative

I had just re-installed Windows 10 to fix an updating issue.  As I was downloading PuTTY I thought: there has got to be something better than PuTTY.   PuTTY is a good program, but it doesn’t do four things for me:

  1.  Automatically save the SSH session
  2.  List of recent servers I’ve SSHed into for a quick reconnect.  I know this is nitpicky on my part, but I don’t really remember all my server hostnames or IP addresses.
  3. SFTP.  I just want to drag and drop files between the terminal and file explorer without having to open another program!
  4. If I make changes to a saved session in-flight and I don’t remember to save it (such as setting a keepalive) PuTTY forgets it.

I looked at and tried quite a few options.  KiTTY, MobaXterm, mRemoteNG, RoyalTS, SuperPuTTY, XShell6, Bitvise, SmarTTY, Solar-PuTTY, and SecureCRT.  I ended up buying MobaXterm.

What I Like About MobaXterm – A Quick Review

Start Screen

The start screen is simple and useful… open MobaXterm and start typing a hostname… if you’ve connected to that server before it will auto-complete, if not it creates a new session.

 

Along the left is a list of servers which can be organized into folders and the icons can be customized.  Main screen shows the last 9 sessions for quick access.

New Sessions

MobaXterm supports a number of protocols:

  • SSH
  • Telnet
  • Rsh
  • Xdmcp
  • RDP (yes, it can even manage Windows RDP sessions)
  • VNC
  • FTP
  • SFTP
  • Serial
  • File
  • Local Shell (which includes Ubuntu Bash WSL if you have it installed, Powershell, Bash on Windows, normal DOS Prompt)
  • Browser (opens a browser)
  • Mosh
  • S3

Integrated SFTP File Transfers on the Terminal

SSH into a server and the left pane shows an SFTP session which automatically follows where I am in the terminal and allows dragging and dropping files back and forth between file explorer!  No more having to open up WinSCP just to transfer a quick file.

Files can also be opened directly and edited using a built-in or an external editor.

X11 Forwarding

X11 forwarding works out of the box with no setup.  Below all I did was open an SSH session to my Linux VM running CrashPlan, ran “CrashPlanDesktop” (which is a graphical program) and it opened up the window locally in Windows.

One of my favorite programs in the world, Minesweeper, no longer comes with Windows 10.  It’s such a classic I don’t know what Microsoft was thinking by removing that.  But… no problem.  I can now run Gnome Mines on Windows via X11 Forwarding!

Terminal

The terminal itself is actually PuTTY under the hood but with some added features.  There’s a place to configure key words that if they show up on the terminal are highlighted in certain colors; the defaults are useful when reviewing logs.  Terminals can be tabbed, or split horizontal, vertical, or a grid of 4.  You can also open multiple MobaXterm Windows.  Terminals can also be dragged off to float (more like PuTTY terminals do).  Right-click can be configured to paste like PuTTY or provide a menu (also if pasting multiple-lines it will display a warning which is nice.).  If you don’t like the Windows 10 everything is flat look or you want a Dark Theme or want it to look like you’re on OSX there are a plenty of skins to chose from…

MobaXTerm Terminals

Setting up SSH tunnel port forwarding is easy…

For storing passwords and SSH key authentication MobaXterm can manage that and also save passwords (if you’re using something that uses password authentication which you shouldn’t be) securely.  I use an external ssh agent and it handled that well.

Extra Utilities

And MobaXterm comes with quite a few handy programs and utilities…  a variety of servers which is useful if you need to temporarily setup a quick Iperf or TFTP server.  Also included are Macros, and a variety of misc tools such as a Network Scanner, Port Scanner, etc.

A fantastic feature is the ability to run local terminals.  I can run a DOS Prompt, PowerShell, and Ubuntu Bash (WSL) terminal inside MobaXterm.

What Could Be Better

A few features that are missing:

  • The SFTP pane should elevate to root when I “sudo su”  Update: MobaXterm told me to use the SCP protocol instead of SFTP and there’s a quick button in the SFTP pane to sudo su.  This works.
  • I’d love to be able to open up a VMware ESXi VM console from MobaXterm.
  • Would like to have an option to use integrated SFTP with Mosh
  • The cost structure is very reasonable at $69 for a perpetual lifetime license but after the first year support/maintenance is 80% of the cost of the license.  I think the price is more than worth it but I’d love to see a lower maintenance price for home users or businesses under a certain size.
  • Some SSH settings can’t be defaulted and have to be explicitly set on each session.  I prefer to never lock the terminal title, and also I always want the SFTP directory to follow the directory in the terminal but neither of those can be set globally.  Fortunately the session remembers the settings so you only have to set it once per host, but there should be a global default.
  • RDP settings should have configurable global defaults… I never want to share my local drives or printers during an RDP session so have to uncheck those when first setting up a session.

That said it’s a good program, it works well.

 

Ansible Role Rdiff-Backup Script | World Backup Day

Happy World Backup Day!  Here’s a quick little Ansible Role I wrote to automate backup configuration for hordes of servers using Rdiff-Backup from an Ansible inventory file.  If you have no idea what I just said you may want to skip to “I’m Confused” at the very bottom of this post.

Ansible Rdiff-Backup Configuration Diagram

What does the Rdiff-Backup Ansible Role do?

  • Creates a folder on the backup storage server to store backups.
  • Creates a backup script on the backup server.  This script will use rdiff-backup over ssh to backup every server on the list (below) and prune backups older than 1-year (default).
  • Adds/removes servers in an Ansible inventory file to a backup list which the backup script calls as servers are provisioned/decommissioned (the script will not delete backups on a decommission, only stop taking them).
  • Installs the rdiff-backup program on both the client and backup server.
  • Generates an SSH key-pair on the backup server and adds that public key to the authorized key file on each client to allow the backup server to ssh into the clients.
  • Scan ssh-key from client and add it to known hosts on backup server
  • Create a cron job on the backup server to run the backup script once a day.

The rdiff-backup-script role is available on Ansible Galaxy and I’ve uploaded the source to GitHub under the MIT license.

Requirements

You will need:

  1. Ansible (best to be installed on it’s own Linux server).
  2. A Linux server with lots of disk storage to serve as a backup server.
  3. Lots of Linux servers in your Ansible inventory that need to be backed up.

I have tested this on Ubuntu 16.04, but it should work with any distribution (CentOS, RedHat, Debian, etc.) as long as rdiff-backup is in the repositories available to the package manager.

Install the Rdiff-Backup Script Ansible Role

On your Ansible server install the rdiff-backup-script role with:

Create a playbook file, rdiff-bakcup-script.yml with the contents:

Your Ansible inventory file would look something like this:

Run the playbook with:

Once the playbook has run all servers will be configured for backup which will occur at the next cron job run (defaults to 01:43 am).

The above playbook should be added to your site config so it is run automatically with the rest of your Ansible playbooks.  It would also be wise to have something like Nagios or Logcheck watch the logs and alert on failures or stale log last modified dates.

The backup script does not try to create an LVM snapshot and then backup the snapshot.  That would certainly be cleaner and I may add that ability later.  The default settings exclude quite a few files from the backup so make sure those exclusions are what you want.  One thing I excluded by default is a lot of LXC files.  If you’re using LXC you may want them.  Also always test a restore before relying on it.

Obviously, test it in a test environment and make sure you understand what it does before trying it on anything important.

Check your backup strategy

This is a good day to check your backup strategy.  A few things to consider:

  1. System backups are important, not just the data files.  You never know what you’re missing in your Document only backups and restoring service from system backups is much faster than rebuilding systems.
  2. Frequency.  If you can’t afford to lose an hour of work backup at least every hour.
  3. Geographic redundancy.  Local fires, hurricanes, fires earthquakes can wipe out multiple locations in cities all at once.  Keep at least one backup in a separate part of the globe.
  4. Versioned backups.  On Monday you took a backup.  On Tuesday your file got corrupted.  On Wednesday you overwrote Monday’s backups with Wednesday’s backup.  Enough said.
  5. Test restoring from your backups (it’s good to test at least once a year on World Backup Day) to make sure they work.
  6. Encrypt.  Make sure your backups to cloud services, insecure locations are encrypted (but also make sure you have provisions to decrypt it when needed).
  7. Cold storage.  Keep at least one backup offline.  When a bug in your backup program deletes all your live data and your backups you’ll be glad you did.
  8. Keep at least 3 copies of data you don’t want to lose.  Your live version (obviously), one onsite backup that will allow you to restore quickly, and one offsite backup in a far away state or country.

I’m Confused

You might want to backup your computer.  I’d suggest looking at CrashPlan, SpiderOak, or BackBlaze which are all reputable companies that offer automatic cloud backup services for your computer.  The main thing you want to look at for pricing is how much data you have vs the number of computers you have. CrashPlan and BackBlaze charge by the computer but offer unlimited data so they would be ideal if you have a lot of data but few computers.  SpiderOak lets you have unlimited computers but charges you by how much space you use making it ideal if you have little data and many devices.

The Mechanical Keyboard

What Is a Rubber Dome Keyboard?

Rubber DomeTake a look at your keyboard.  Push a few of the keys.  It probably feels mushy, and it’s most likely a rubber-dome keyboard.  These weren’t made for typing, they were made to be cheap.  You have this dome of rubber that the key sits on, as you press the key feels mushy until the rubber dome sort of collapses and closes the circuit registering the keypress.

Mechanical Keyboards

Buckling Spring
Buckling Spring

A mechanical keyboard by contrast has a real switch and most give audible and tactile feedback when the switch engages.  These are much more expensive to produce, but they were very common back in the 80s, and are far superior to most  keyboards made today.  When people spent $5,000 dollars on a computer it made sense to put $500 dollars into the keyboard!  On the left is an image of IBM’s infamous buckling spring key switch, which is by many considered the best keyboard switch ever designed.  It simply includes a spring, that when pressed far enough, buckles, causing the spring to hit the wall making an audible click as well as moving the plate to engage the circuit.

MX Cherry Switches

Cherry MX brown: Image from GeekHack forums.

There are a variety of switch types, the most popular and easiest to find keyboard switch on the market today is the Cherry MX mechanical switch.  Cherry style switches can be identified by the plus on the stem which the keycap fits over.  It comes in a variety of switch types for different styles of typing, designated by colors… here are some of the most popular models and how they behave.

Three Most Popular Cherry MX Switches

Cherry MX Blue – An audible click and tactile feedback on engagement.  This switch is popular for typing activities and generally preferred among authors and programmers.  It does make a loud click noise so I don’t own this style but I have typed on blues and they are a fantastic typing experience.  The one thing I don’t care for in this switch is the reset point is a bit higher than the activation point which requires a little more return travel to re-engage.  It’s not really a big deal, just my preference.  Most typists actually prefer this as it prevents an accidental double-strike and most gamers do not like this.

Cherry MX Red – No audible click, and no-tactile feedback.  This is a linear switch with consistent force all the way through.  Because there’s no bump on engagement to “slow you down” and the reset and activation point are the same this switch is very popular with gamers who need to rapidly press a key as quickly as possible.  There is no audible click, but they are still noisy if you bottom out the keys.

Cherry MX Brown – No audible click, and light tactile feedback.  This is my favorite switch, you get tactile feedback, the activation point is close to the reset point and there’s no audible click (which is a bonus if you don’t want to wake people up, however I should mention despite the keys being “silent” they’re still much louder than a rubberdome).  If you’re going to get one all purpose switch (and most of us probably should–switching between different key types all the time probably isn’t that helpful) I think the MX Browns are great.  My only complaint with browns is I feel the tactility could be a little sharper.

Less Common Cherry Switches

Cherry also makes a few other switch types with a stiffer spring that are less common but can be found as an option on high end keyboards.

Cherry MX Green – Similar to the blue but a stiffer spring, this isn’t the same as a buckling spring but probably about the closest you can get in the Cherry switch.

Cherry MX Black – Just like the red but a stiffer spring

Cherry MX Clear – Similar to the brown but a stiffer spring.  If this was more common I would consider using this over the browns since I prefer a heavier switch.

Other Switches

IBM Model M
My old IBM Model M Keyboard

Cherry MX isn’t the only game in town but they’re manufacturing the most keys today.  There are also Topre, ALPS, Kailh, and of course the traditional Buckling Spring Switch. This switch was found in the IBM Model F and IBM Model M.  It includes a spring that sits inside each key, as the key is depressed passed a certain point the spring buckles, causing it to whack the side of the key causing tactile feedback and an audible click as the flipper hits the plate.  While this is a fantastic keyboard it’s very loud.  I had to stop using it when I got roommates.  Unicomp bought the rights and manufacturing equipment from IBM so it is still possible to buy a brand new Model M Keyboard with a modern layout today.

Inside a buckling spring keyboard
Model F Buckling Spring Switch

Key Samplers

Before purchasing a mechanical keyboard.  It’s best to test out the switches.  4-key samplers usually have a Red, Black, Blue, and Brown switch.

Max keyboard testerThe WASD 6-key tester adds Clear and Green.  Generally speaking if you deviate from the most common Red, Blue, or Brown switches your options are going to be more limited and more expensive.

6-key sampler

Things To Consider In a Keyboard

Ghosting

One of the major issues with modern keyboards is ghosting, especially if you’re left handed and play games.  Keyboard manufacturers build keyboards to handle simultaneous keystrokes in the WASD region, which is great if you’re right-handed, but awful if you’re left-handed and using something like OKL; or PL:’ and you find you can’t press O, K, and space at the same time without random keystrokes being sent to the computer.  Nicer keyboards tend to have 6KRO (6 Key Rollover) which means you can press any 6 keys simultaneously and have them all register correctly.  Some keyboards also support NKRO (N-Key Rollover) which means you can literally press every single key on the keyboard at the same time without losing a keystroke.

PS/2 vs USB

PS/2 is superior.  Most modern keyboards have a USB connector, but that doesn’t mean it’s superior to PS/2.  The “legacy” PS/2 port has several advantages.  First it supports NKRO (some higher end keyboards can do NKRO with USB but it’s not as common), and 2nd on USB your computer polls the keyboard periodically thousands of times a second.  The conversation between the keyboard and computer goes like this:

CPU: Hey, any keys pressed?
USB Keyboard:  Nope.
(wait a few milliseconds)
CPU: Hey, any keys pressed?
USB Keyboard:  Nope.
(wait a few milliseconds)
CPU: Hey, any keys pressed?
USB Keyboard:  Nope.
You: Press J
(wait milliseconds)
CPU: Hey, any keys pressed?
USB Keyboard:  Yes, “J” is pressed.

And this can result in a few milliseconds delay between the time you press a key and your CPU realizes it.  By contrast on a PS/2 Connection there is no polling, instead PS/2 sends an interrupt to the CPU:

CPU: if  a is not null then … !!!interrupted!!!
USB Keyboard: Hey CPU!  “A” is pressed NOW!

For me and most people this won’t matter.  Pro-gamers may prefer PS/2.

Keyboard Size

I prefer full size keyboards.  One thing the bothers me is the wasted space above the numpad.  So I always look for keyboards that utilize the space… it’s a great spot to have volume controls like this Ducky keyboard provides.

Happy Hacking KeyboardYou can get smaller keyboards without the numpad/tenkey, or even smaller without the arrows, some like the Happy Hacking Keyboard don’t even come with function keys.  Instead you have to hit modifier keys to get to the keys you want.  I think this is a trick to sell you less keys.  I use all the keys fairly often so I prefer to have a full keyboard without having to use modifier keys.

Key Caps

KeycapsKeycaps are easily swapped out later so not as important.  But the two most common plastic materials are PBT and ABS.  PBT is higher quality, wears slower and is more expensive.  ABS is cheaper and if there is any texture on the keys it wears faster.  Caps often use subliminal dye or are doubleshot (two colors of plastic molded together) for the lettering which means the key markings will practically never wear off.

Layout

The two most popular layouts are US ANSI and International ISO.  Chances are you’ll pick what you’re used to depending on the country you’re in.  The two have a different layout especially when it comes to the position of special characters.  Since I learned to type in the United States I always get the US ANSI layout (I would probably prefer a larger enter key… but I’m not willing to sacrifice the size of a left-shift).

ANSI
ANSI Layout
ISO Layout
ISO Layout

My Favorite Keyboards (so far)…

Ducky

After testing a number of keyboard brands Cooler Master and Ducky are my favorites among keyboards you can still buy today for a reasonable price.  The keyboards are well built, nice and heavy, and are priced well considering their quality and durability.  They both have models with an extra 4 keys above the numpad so as not to waste that area.

Here are the two that I use every day…

Ducky Premier

My current keyboard is an old Ducky Premier with Cherry MX brown switches.  It uses quality PBT keys, and has a nice blue-grey color scheme.  Nothing fancy about it.  This model has been retired but there are plenty of newer Ducky Keyboards.

 

Cooler Master Masterkeys Pro

At work I use the Cooler Master Masterkeys Pro, this is backlit with white LEDs on each key (although I never turn on the LEDs).  Cooler Master also sells a more expensive Cooler Master Masterkeys Pro RGB model which has individually lit RGB LED backlit keys.  You’ll notice no wasted space above the numpad.  I really like the smooth ABS keycaps that come with it.

Coolermaster Masterkeys

Sidewinder X4 (legacy)

Sidewinder X4Lastly, there is one non-mechanical keyboard that is fantastic.  And that is the Microsoft Sidewinder X4.   I must say this is the best rubberdome keyboard ever made.  I like the feeling of it better than the more expensive Topre keyboards.  Unfortunately I wore mine out and they don’t sell them anymore.

Why Mechanical Keyboards?

I like them for the same reason I like buttons, knobs, and switches over touchscreen interfaces.  There is no substitute for physical feedback.  On a rubber-dome you can’t tell when a key engages so you press it all the way and bottom out every time.  With a mechanical keyboard you quickly learn bottoming out your keys isn’t necessary.  Instead you press the key and at some point you feel and hear it pass the activation point so you stop pressing and release it.

Another advantage is the durability, Cherry MX switches are MTBF rated for 50 million keypresses.  Older keyboards like the Model M and Model F still work today despite being over 30 years old.

What about Laptop Keyboards?

Unfortunately most laptops are built with cheap keyboards and short key-travel.  While there are a few exotic models that come with mechanical keyboards, aside from those the best laptop keyboards in general are going to come with Gaming or Business Class Laptops which I mention on my laptop buying guide.  Of those, the Lenovo ThinkPad brand is well known for having the best laptop keyboards in the market.  They’re still rubberdome, but less bad than most.

 

 

Ben’s Laptop Buying Guide

Can you recommend a laptop?  It’s one of the questions I’m asked several times a month…  and I realized I should just write a guide.  So here are some options I think are great and things I think you need to consider before buying a laptop:

Business Vs. Consumer Laptops

Most brands have at least two laptop lines.  Consumer class and business class.  Consumer class laptops are generally junk.  Support is usually bad.  Safety isn’t a priority (some consumer laptops have been known to catch fire), generally manufacturers experiment with new features on their consumer lines, consumer laptops sometimes ship with malware, or lots of junk or trial software.  They’re not as rugged, the left hinge will break after a year or two.  Parts are hard to come by so you can’t fix them.  The Wifi cards aren’t Intel so can’t connect to every Wireless network.  Don’t buy them.  Stick with the business class laptops.  It is usually better to buy an old used or refurbished business class laptop than a newer model consumer class.

Marketing is notorious for making things confusing.  It’s not obvious what’s business class and what’s consumer quality.  Here’s the translation for you (I’ve bolded what I believe are the better quality more rugged products):

  • Dell Business Product Lines
    • Latitude = Business / Enterprise
      • 3xxx = budget business laptops, not that great a quality
      • 5xxx = Workhorse
      • 6xxx = I call this the bulky line, but high quality (discontinued)
      • 7xxx = premium ultrabooks
    • Precision = Business Powerful Workstations, High Performance CPUs and GPUs
    • XPS = Premium Consumer line.  They sort of sit between the consumer and business lines.  Great quality, price, and specs but not as rugged as the Latitudes or Precision
  • Dell Consumer Product Lines
    • Inspiron = Consumer Line
    • Alienware = Consumer Gaming Laptops
    • Chromebook = More like netbooks that run ChromeOS instead of Linux or Windows… unless all you need is a browser stay away from these.
  • Lenovo Business Product Lines
    • Thinkpad = Business / Enterprise
      • X = Thin & Light Ultrabooks
      • T = Flagship, thinner than P but more powerful than X.  Best keyboards are found on the T series.
      • P = Powerful Workstations, High Performance CPUs and GPUs (formerly W).
      • E = Small Business laptops –budget, not very good
      • L = Affordable, not as good as T but a step up from E.
      • Yoga = Tablet / laptop convertibles (not as rugged)
      • 13 = 13 inch chromebook or netbook (not as rugged)
      • 11e = 11 inch educational notebooks (not really business class)
      • A = Same as T series but with an AMD processor
    • Lenovo Consumer Product Lines
      • Yoga (not to be confused with “ThinkPad Yoga)
      • IdeaPad = Consumer stuff
      • Lenovo = Consumer
      • Legion = Consumer Gaming laptops
      • Chromebooks = Chromebook or netbooks
      • Yoga Books = tablet type things

I have included Dell XPS and Apple Macbooks for comparison, they tend to be well built machines but I wouldn’t consider them business class.  They’re more in the “prosumer” class.  I generally don’t recommend them but they may be good options if you you’re not moving them around a lot.  If you want OSX Macbooks are obviously going to be the best bet even though you’re not going to get the ruggedness you’d get with a Latitude or ThinkPad.  If you’re going to run Windows or Linux I’d recommend a Latitude or ThinkPad.

Deciphering Model Numbers:

  • Dell Latitudes:
    • 2nd digit after the first number indicates screen size.  The “4” in “7480” indicates a 14 inch screen.
    • 3rd digit indicates the generation, almost matching up with the year.  The 8 in 7480 = 2018 model year (Latitude is off by a year).
  • Lenovo ThinkPads:
    • T470, the first 4 indicates the screen size, 7 is roughly the model year.  Not sure what the last digit means.  Sometimes a model number has a suffix, e.g. T470s or T470p which may differentiate it further (P = powerful, S = slim)

Recommended New Laptops

12.5 inch

Latitude 7280 – Quality Ultra Portal laptop, thin and light.  Rugged and likely to survive a drop from a few feet.  2.8 LBS.

Latitude 7280

ThinkPad X270 – Ultra Portable Laptop.  Great little notebook, runs a little on the thick side (easier to grip) but the advantage is memory isn’t soldered on and has room for a 2.5 inch drive bay.  Has two batteries (internal and external so you can swap the external without powering down) which can go up to 25 hours.  This is by far the most modular 12.5 inch laptop.

ThinkPad X270

Latitude 5280 – Slightly thicker heavier version of the 7280.

Latitude 5280

Macbook – 12 inch Macbook ultra portable.

Macbook 12 inch

(in the 12.5 inch category these screens are small, so 1366 x 768 is okay if you need little larger text, otherwise upgrade to 1920 x 1080)

Used / refurbished options include anything in the Latitude 72xx, Thinkpad x2xx series.  X220 and earlier have classic keyboards which many consider superior.

13.3 Inch ultrabook

Latitude 7380 – Almost no bezel so it’s the same size as most 12 inch laptops, business version of the very popular Dell XPS, the Latitude version adds a little more durability so I would opt for the Latitude 7380 over the XPS 13.

Dell Latitude 7380

Dell XPS 13

XPX 13 – This Dell is the “prosumer” version of the above, it’s high quality but not as durable.  I don’t think it would hold up to being dropped as well as the 7380, but it’s still a good laptop.  WARNING: Some XPS machines don’t ship with Intel branded wireless cards.  Make sure it’s Intel.

 

Macbook ProMacbook Pro 13 – Great laptop, newer ones have an annoying touchbar instead of function keys so watch out for that (unless you want it for some reason).

Used / refurbished options include older gen Dell XPS or a Latitude 7370.  13.3 is a fairly new category so you probably won’t find too many used laptops with this scrern size.

14 Inch Ultrabook (thin and light)

ThinkPad X1 Carbon (5th Gen).  A 14 inch screen in the size of a 12 or 13 inch laptop.  Very sleek, thin and narrow bezel and quite sturdy.  Lightweight, thin, it’s one of the best ultrabooks on the market.  Memory cannot be upgraded or replaced so order it with what you need.

ThinkPad X1 Carbon

Latitude 7480 – Great high quality business laptop.  Memory is upgradable.  With this latest model E-port snap in docking support has been dropped so if you want docking you’ll need a USB-C dock.

Dell Latitude 7480

ThinkPad T470s.  Thicker than the X1 carbon but thinner than a T470.  Still supports snap-in docking and memory can be upgraded.  The chassis is slightly less rigid than on the T470 or X1.  Also one ram slot is soldered on so won’t be upgradable (2nd ram slot is normal)

ThinkPad T470s

 

Used/refurbished options:  Older generation Thinkpad X1, Latitude 74xx, and ThinkPad T4xxs.

14 Inch Workhorse, All purpose laptop

ThinkPad T470 – This is one of the best all around laptops.  It’s not too thin that it’s hard to grip, but thin enough to not be bulky.  Fantastic keyboard, probably the best on the market.  Two batteries, one internal and one external so the external can be swapped out without losing power.  With a 6-cell battery (which will cause a bulge) it can get 20 hours battery life, or opt for a 3-cell that’s flush with the laptop.  For longevity this laptop is the most modular model in the ThinkPad lineup as far as swapping parts so you should be able to make it last longer if anything breaks.  No GPU options for buyers in the U.S.

.ThinkPad T470

ThinkPad T470p – Quad Core for heavy CPU and an NVIDIA 940MX GPU making it one of the most powerful notebooks in the 14 inch category.  Oddly it does not have a USB-C port.

Latitude 5480 – A little thicker than the 7480, Can be configured with Nvidia 930MX GPU.  Latest generation drops the E-docking port.  I use an older version of this laptop at work, the E5470, and at home I use a E5450 with NVIDIA.  Both have been great computers, and the E-Dock (which is now discontinued) is very robust.  Can be configured with quad core processors.

Dell Latitude 5480

ThinkPad T25 Retro – 25th Anniversary Limited edition.  Essentially a high end T470 with an NVIDIA 940MX GPU… and a classic 7-row keyboard.  This is the best keyboard available on any laptop made today.  I believe this is the only ThinkPad on a T470 chassis to have both a GPU and USB-C port.  Unfortunately it’s on the pricey side

ThinkPad T25 Retro

Used/refurbished options are the ThinkPad T4xx and ThinkPad T4xxp, Dell E64xx, Dell E54xx, Dell 54xx.

15.6 Inch “ultrabook”

ThinkPad P51s – thin “ultrabook” equipped with Quad Core processor (can be equipped with a Xeon) and  NVIDIA Quadro GPU

ThinkPad P51s

Precision 5520 – This is one of the few precisions I would consider more prosumer than business class.  It’s a re-branded Dell XPS 15, the screen has almost no bezel and the laptop is the same size as many 14 inch laptops.  I don’t think it would hold up to make abuse because of how thin it is.  However, for a mostly stationary laptop it’s fantastic.  Can be equipped with Xeon E3.  Note that some of these models don’t ship with Intel Wireless cards which may cause problems.  Make sure it’s Intel.

Precision 5520

Dell XPS 15XPS 15 – Same thing as the above.  Note that some XPS models are not shipping with Intel Wireless cards which may cause connection problems.

 

 

Macbook Pro 15

Macbook Pro 15 – Great laptop, newer ones may have a touchbar which I find annoying but can be configured with a normal function key row.

Used / Refurbished options include the ThinkPad P5x series, older gen Dell XPS 15, Precision 5510.  This is a newer category so there won’t be as many older models here.

15.6 Inch Mobile Workstations

ThinkPad T570 – Great business laptop with a 15 inch screen.ThinkPad T570

ThinkPad P51 – Can be equipped with NVIDIA Quadro GPU, and Xeon E3.  Up to 64GB memory.

ThinkPad P51

Precision 7520

Precision 3520 – Can be equipped with Nvidia Quadro GPU, and Xeon E3.

Precision 3520

One thing to look out for is the keyboard layout, some 15 inch models have the keyboard offset to the left to make room for a numpad.  Some people would rather have the numpad and some would rather have a centered keyboard.

P51s Keyboard

Used / Reburbised Models are Precision 75xx, Precision 35xx, and Dell E65xx, ThinkPad P5x, ThinkPad T5xx, ThinkPad W5xx.

17.3 Inch Workstation

ThinkPad P71 – huge.

ThinkPad P71

Precision 7720 – huge.

Precision 7720

Used / Refurbished – Precision 77xx, P7x,  ThinkPad W7xx, Macbook Pro 17 inch.

Buying Used / Refurbished

There are some risks buying used.  USB firmware hacks, malware, etc.  However, it’s a great way to save money and some sellers provide a 1-year warranty.  Most businesses keep ThinkPads and Latitudes for 3-5 years then sell them so you can save a significant amount of money just staying 3 to 5 years behind.  Generally you want to buy the laptop from the guy that always kept it docked so it’s still in great condition.  Keep in mind that the reason businesses cycle through laptops is the productivity lost due to running slower and fixing failing components is greater than the cost of just buying a new laptop proactively.  Just something to keep in mind if you value your time.

It’s probably better to get a used / refurbished ThinkPad or Latitude than it is to buy a new consumer laptop. For newer refurbished items the Dell Outlet, Lenovo Outlet, and the Refurbished Mac store are good places to look.

One of the best places to pick up old refurbished ThinkPads may be WalMart’s website.   Also there are plenty of refurbished and used laptops on eBay and sometimes they can be found on Amazon as well.  If you are not comfortable installing an OS make sure it comes with a fresh install of Windows and the seller is highly rated and offer returns.  Many sellers also offer a warranty.

For used laptops the ThinkPad T, X, P, and W series will be a higher quality than the L and E.  Latitude 5000, 6000, and 7000 will be higher quality than the 3000 series.

To roughly find the age of a computer consider the current models for ThinkPad are T470, the middle 7 roughly means it’s a 2017 notebook.  Same for the Latitude 5480, the 8 means it’s roughly a 2017 year notebook (guess Latitude is +1 on the year).  So if you’re looking around on eBay know that a T440 or Latitude E5440 is roughly a 2013-2014 notebook.  The years don’t quite line up perfectly but gives you a general idea.  Another indicator to look at for age is the generation of Intel processor used (see CPU section below).

ThinkPad Computrace warning for used ThinkPads. Some ThinkPads have a Computrace feature which allows the owner to track down or remotely disable a laptop if lost or stolen.  If enabled only the owner (or one of the previous owners who enabled it) can turn it off.  You’ll want to make sure that is turned off before buying a used laptop or if you get one with it enabled ask the owner to turn it off and if they’re not able return it for a refund.  If you can’t track the previous owner you can call Computrace and they can attempt to contact the owner for you.

Things You Should Consider

Brand.  Dell vs Lenovo.  Dell Latitude has better support, service, and screens.  Lenovo laptops have better keyboards, build quality, and durability.  Both are pretty similar and both brands offer a comparable product in almost every size/model.

Docking Support.  Many laptops have the ability to dock into a “docking station”.  Dell and Lenovo have proprietary docking connectors and docks.  These are great solutions if you’re often working in an office or home.  At my house and office I have a docking station hooked up to dual monitors, ethernet, keyboard and mouse.  It’s convenient to dock in and have a full desktop experience (having multiple screens increases productivity) then undock when I’m on the go.  Not all laptops support docking, but if it’s something you’re interested in be sure to check for that capability.

Customer Support.  When issues occur I’ve found Dell to have the best support, usually after a 30 minute phone call they’ll have a technician scheduled to come out the next day.  Lenovo is 2nd, you’ll get the same result but usually a longer phone call.  In my experience when a Macbook breaks you’re going to be out of commission for a week or two while you send it off for repair.

Warranty.  Basic vs NBD (Next Business Day) Onsite.  Basic warranty usually means a part will get mailed to you, or you’ll ship your laptop and wait a few weeks for it to come back.  When buying new, you have the option to get a more advanced warranty.  If you are in situations where a broken computer can be costly then pay extra to get NBD onsite support.  A technician will meet you wherever you are, at your house, conference, etc. the next business day with a spare part if something needs to be replaced.  For road warriors who can’t have downtime this is a must.  On the other hand, if you aren’t traveling consider the cost of NBD vs just having an extra laptop on hand (perhaps your old laptop) you could use while your main one is under repair.

I generally purchase the cheapest warranty (1 year basic) because I have a spare and if my computer breaks early I’ll just buy a new one.  Over the long run I think this is cheaper.. but if I was a frequent traveler I’d probably opt for a 3 or 4 year NBD warranty.

Ultrabook vs Mobile Workstation.   Ultrabooks are designed to be as thin and light as possible, often because of the smaller size heat can’t be dissipated as quickly so the CPU can’t run at a sustained load for long periods of time without throttling, or a weaker CPU is used.  Most people won’t notice throttling and this is becoming less of an issue as CPUs become more efficient.  The other sacrifice ultrabooks make is shorter key travel so they don’t have a great typing experience, and fewer ports, slots, and extras like GPUs.  Sometimes components like RAM are soldered on and batteries may not be replaceable.

Mobile Workstations can usually be outfitted with more battery, more processing power, more key travel giving them a fantastic typing experience, and are generally easy to service  They tend to be heavier, but generally more durable and more likely to be found with more ports, not throttle under heavy load, can get them with a GPU, and often have trappable batteries.

Ways to save money.  So, in most cases there are several base configurations which can be customized.  I have found in general that Memory and Hard drives are more expensive upgraded through Dell or ThinkPad’s store.  Often it’s cheaper to buy a base configuration unit with the CPU you want and then buy your own memory and hard drive.  For most people swapping out the hard drive will be difficult because the OS will have to be reloaded so may not be worth it.  Sometimes memory is not replaceable so check the laptop your buying to see if it is.  Generally this is possible on the workstations and a hit and miss on the ultrabooks.   If buying a ThinkPad read the ThinkPad Introduction page which has links to Perks discounts.

Wireless Card.  Always get Intel.  If it’s not Intel branded, don’t buy the laptop.

Touchscreen.  I don’t like touchscren but some people do.  Usually both options are available.

Glossy or Matte Screen.  I much prefer Matte, I don’t want to see my own reflection in the screen.  Usually both options are available.

Screen Size and Quality.

Ono of the most popular screen sizes (and my favorite) is 14.4″, it allows for a full-size keyboard (without tenkey) and seems to me to be the right balance between portability and using it like a workstation (faster CPUs, optional GPUs, more key travel on the keys.  The ThinkPad T470 and Latitude 5480 are great workstations in this class, and the Latitude 7480 and ThinkPad X1 Carbon (which is lighter than a lot of 13.3 and 12.5 inch laptops) are great ultraboooks.

For frequent travelers going to 13.3″ or 12.5″ may be better.  If you need a bigger screen or a ten-key then a 15.6″ or 17″ is the way to go.

Dell is going to have better quality screens for brightness and color than Thinkpads in general.  I think 1920×1080 (FHD) screen resolution is pretty decent.  You may want to avoid higher resolutions than that like that because many applications can’t scale properly and become difficult to read.

Apple Laptops have a 16:10 aspect ratio instead of a 16:9.  16:9 is the aspect ratio that movies are in, but in most cases the 16:10 (extra vertical space) would be preferable.

Some newer laptops are coming out with aspect ratios with more vertical space such as 3:2 which is a good compromise between 4:3 and 16:9 but they haven’t made it to mainstream yet.

Keyboard.  The best keyboards will be on the ThinkPads, and the best of those will be on the Thinkpad T series, and the best one on the market today is the ThinkPad 25 but at a high cost premium.  If you use a computer to consume media this won’t matter.  If you’re going to be docked in most of the time it’s not a big deal since you’ll use an external keyboard.  If you type a lot on your laptop the ThinkPads will be better than Dells or Apples.

Keyboard Lighting: Most laptops have a backlit option, if you want it make sure it’s there.  Some older ThinkPads have a “ThinkLight” which is a light on the top of the screen that shines down on the keyboard.

CPU: Stick to the Intel Core i5 or i7 CPUs, whichever is cheapest.  For the most part there is very little difference between an i5 and i7, in smaller computers the i5 will perform as well or better than an i7 because it puts out less heat so doesn’t have to throttle as much.  AMD processors have been behind Intel in Laptops, would consider them 1 or 2 generations behind Intel although they have started to close the gap with the Rzyen processors they’re still a year behind Intel.  I would consider a newer AMD CPU if the price was right but for anything older than 7th gen AMD stick to Intel.

In general, since the i series most CPU generational changes are not that substantial, maybe adding 10-20% boost in performance between each generation so the need to buy a new computer often to get a faster CPU is not particularly great these days.  Most of the gains are around power consumption and battery life.  However, the 8th gen CPUs which should be widely available next year (2018) offer about a 30-40% improvement over 7th gen because of an increase in core count.  You can tell which generation you’re buying by looking at the first number after the “i5” or “i7”  E.g. a Core i5-7600 is a 7th Gen.  The Core i5-8600 is 8th Gen.

Memory: 8GB should be your absolute minimum.  I always get 16GB memory, but I try to buy a laptop with the smallest amount of memory possible and buy extra memory from Amazon.

Hard drive:  The single best thing you can do for computer performance is to get an SSD.  You do need to watch out for size.  NVMe SSDs tend to be faster.  Both will well outperform a normal hard drive.  SSDs are smaller so make sure you get an adequate size.  Minimum of 256GB for most people.  If you are my mother in law maybe a terabyte minimum.

Graphics Card / GPU: Most laptops are not great for gaming.  If you are buying a dedicated gaming laptop most of my recommendations are not ideal and you many want to look at other options.  But if you do play video games you should consider getting a laptop with an AMD or NVIDIA card in it, you’ll be better off than without it.  You’re not going to get the performance from a laptop that you would out of a desktop gaming computer, but you can get pretty far.   Having a GPU usually cuts into battery life but it’s not as bad as it used to be… most laptops can shutdown the discrete video card when not in use and use the built in Intel HD graphics on the CPU which is more battery friendly.  Another option is to get a laptop without a GPU, but use an eGPU enclosure and buy a desktop GPU to put in it… it will connect to your computer via Thunderbolt port.

Batteries.  There are usually a few options for batteries.  Many laptops don’t have removable batteries.  For laptops with removable batteries smaller ones tend to sit flush with the laptop.  Some laptops also offer larger battery packs (and even slices) that make the laptop bulkier but can provide more than 20 hours of battery life.

Some laptops can be adjusted to make the battery last longer by reducing the charge cycles.  E.g.  set your laptop to not start charging the battery until it drops below 80% instead of 95%, and having it charge to only 90% capacity may improve the longevity of the battery quite a bit at the cost of perhaps an hour of battery life of run-time.

DVD Drives.  It’s hard to find newer laptops with DVD drives, but some are available, especially if buying older used models.  Generally you can buy a blu-ray laptop drive and swap it out if you want to watch blu-way video.

Ports.  Consider what ports you will want on your laptop.  Is Ethernet important?  How many USB ports do you need?  What about USB-C?  What about a docking port?  If you present frequently maybe you want a laptop with a VGA port and an HDMI port?  What about SD Card readers?  Headphone jack?  Do you have to use a Smart Card to access certain systems?  In most cases I’ve found I use ports less frequently than I think I would–for me an SD Card reader, Ethernet and a couple USB ports is all I need.

Webcam, Microphone, and Speakers.  If you care about these things google the laptop model you’re looking at plus the word “review” and read a few reviews to see if you can get a sense of the microphone, webcam, and speaker quality.  Some laptops have the webcams placed at the bottom of the screen instead of the top which results in a weird angle when on using video calls.  Also, some laptops don’t have very good speakers so check reviews to see if they’re good, my Dell Latitude E5450’s speaker is so weak I can’t really hear the audio in movies 3 feet away unless there’s absolutely no other noise.

When do new laptop models get released?  It depends, I usually see new Latitudes and ThinkPads announced and released between January and April.  Often new models are announced at electronic shows.   But it depends on whether Intel and all the other suppliers are on schedule so things often get shifted around quite a bit.

Are there other good laptops than the ones you mentioned?  Yes there are.  There are other decent brands, some of the consumer laptops are fantastic.  I don’t know every possible laptop out there at every given moment.  This guide is meant to be more of a generic guide looking at good laptop lines over time, with the availability of NBD support if needed, and docking solutions across a wide range of options from workstations with GPUs to ultrabooks.  For the most part those come from ThinkPad and Dell, but that doesn’t mean a gem isn’t produced under other brands from time to time.

Hope that helps.

 

 

Ben’s Law | The Cost of Being Interrupted

Ben’s Law: within a 4 hour block of time, for each unit of uninterrupted time in hours (t), the value of productivity and creativity is roughly t^2.

An interruption resets t to zero.

Ben's Law: Cost of Interrupting Ben

p = t^2
c = t^2

if t = 1 (1 hour of uninterrupted time) then
p (productivity) = 1 and
c (creativity) = 1

if t = 2 then
p = 4 (4 times more productive then at t = 1) and
c = 4

and so on…

Now, I say roughly, because around the 4th hour–as it gets closer to lunch productivity starts to go down, the curve probably looks more like the below but p or c=t^2 is close enough.

Uninterrupted Development – Ideal 4 hour block of time

The below is very difficult to achieve.  This only happens to me once or twice a month, but when I get a 4 hour block of uninterrupted time I get more done during the last two hours of that block than I do in an entire week!

Writing programs is not at all like rote work, or any job where you’re following a procedure and can just pick up where you left off.  Development is more of a creative task, it requires time to ramp up, load what you’re trying to accomplish in your head.  You can’t always switch into creativity mode on demand and just start coding, you just find yourself one second staring at the code, and the next moment you’re unaware of your surroundings, you’re in the zone and the longer you can stay there the more you can accomplish.  I would say programming is more creative than most people think.  It’s more like painting, or writing a book, or composing music than it is engineering.  Interrupting a programmer is like interrupting a musician in the middle of a song.

Interrupted Development – Real World 4 hour block of time sliced to bits

This is more like the real world, and probably is a better indicator of most programmer’s 4 hour blocks of times.  You can get some work done this way, but it takes about a week to do what could be a day’s worth of work.  A quick interruption sometimes won’t cause enough damage to reset back to zero, but anything over a few minutes will do so.

 

Interrupted Time

See also:

http://www.paulgraham.com/makersschedule.html

This post is licensed under the CC BY 4.0 license.

Benchmarking Guest on FreeNAS ZFS, bhyve and ESXi

FreeNAS 11 introduces a GUI for FreeBSD’s bhyve hypervisor.  This is a potential replacement for the ESXi + FreeNAS All-in-One “hyper-converged storage” design.

Hardware

Hardware is based on my Supermicro Microserver Build

  • Xeon D-1518 (4 physical cores, 8 threads) @ 2.2GHz
  • 16GB DDR4 ECC memory
  • 4 x 2TB HGST RAID-Z, 100GB Intel DC S3700s for ZIL (over-provisioned at 8GB) on an M1015.  In Environments 1 and 2 this was passed to FreeNAS via VT-d.
  • 2 x Samsung FIT USBs for booting OS (either ESXi or FreeNAS)
  • 1 x extra DC S3700 used as ESXi storage for the FreeNAS VM to be installed on in environments 1 and 2 (not used in environment 3).

Environments

E1. ESXi + FreeNAS 11 All-in-one.

Setup per my FreeNAS on VMware Guide.  Ubuntu VM with Paravirtual is installed as an ESXi guest, on NFS storage backed by ZFS on FreeNAS which has raw access to disks running under the same ESXi hypervisor using virtual networking.  FreeNAS given 2 cores and 10GB memory.  Guest gets 1GB memory.  Guest tested with 1C and 2C.

E2. Nested bhyve + ESXi + FreeNAS 11 All-in-one.

Nested virtualization test.  Ubuntu VM with VirtIO is installed as a bhyve guest on FreeNAS which has raw access to disks running under the ESXi Hypervisor.  FreeNAS given 4 cores and 12GB memory.  Guest gets 1GB memory.  Guest tested with 1C and 2C.  What is neat about this environment is it could be used as a stepping stone if migrating from environment 1 to environment 3 or vice-versa (I actually tested migrating with success).

E3. bhyve + FreeNAS 11

Ubuntu VM with VirtIO is installed as a bhyve guest on FreeNAS on bare metal.  Guest gets 1GB memory.  Guest was backed with a ZVOL since that was the only option.  Tested wih 1C and 2C.

All environments used FreeNAS 11, E1 and E2 used VMware ESXi 6.5

Testing Notes

A reboot of the guest and FreeNAS was performed between each test so as to clear ZFS’s ARC (in memory read cache).  The sysbench test files were recreated at the start of each test.  The script I used for testing is https://github.com/ahnooie/meta-vps-bench with networking tests removed.

No attempts on tuning were made in any environment.  Just used the sensible defaults.

Disclaimer on comparing Apples to Oranges

This is not a business or enterprise level comparison.  This test is meant to show how an Ubuntu guest performs in various configurations on the same hardware with constraints of a typical budget home server running a free “hyperconverged” solution–a hypervisor and FreeNAS storage on the same physical box.  Not all environments are meant to perform identically…my goal is just to see if the environments perform “good enough” for home use.  An obvious example of this is environments using NFS backed storage are going to perform slower than environments with local storage… but it should still at the very least max out a 1Gbps ethernet.  This set of tests is designed to benchmark how I would setup each environment given the constraint of one physical box running both the hypervisor and FreeNAS + ZFS as the storage backend.  The test is limited to a single guest VM.  In the real world dozens, if not hundreds or even thousands of VMs are running simultaneously so advanced hypervisor features like memory deduplication are going to make a big difference.  This test made no attempt to benchmark such.  This is not an apples to apples test, so be careful what conclusions you derive from it.

CPU 1 and 2 threaded test

I’d say these are equivalent, which probably shows how little overhead there is from the hypervisor these days, though nested virtualization is a bit slower.

CPU 1 and 2 threaded

CPU 4 threaded test

Good to see that 2 cores actually performs faster than 1 core on a 4 threaded test.  Nothing to see here…

CPU 4 threads

Memory Operations Per Second

Horrible performance with nested, but with the hypervisor on bare metal ESXi and bhyve performed identically.

Memory OPS

Memory MB/s

Once again nested virtualization was slow.. other than that neck and neck performance.

Memory Test

OLTP Transactions Per Second

The ESXi environment clearly takes the lead over bhyve, especially as the number of  cores / threads started increasing.  This is interesting because ESXi outperforms despite an I/O penalty from using NFS so ESXi is more than making up for that somewhere else.

OLTP Test

Disk I/O Requests per Second

Clearly there’s an advantage to using local ZFS storage vs NFS.  I’m a bit disappointing in the nested virtualization performance since from a storage standpoint it should be equivalent to bare metal FreeNAS, but may be due to the slow memory performance in that environment.

Disk Ransom I/O

Disk Sequential Read/Write MBps

No surprises, ZFS local storage is going to outperform NFS

Disk Sequential I/O Well there you have it.  I think it’s safe to say that bhyve is a viable solution for home (although I would like to see more people using it in the wild before considering it robust–I imagine we’ll see more of that now that FreeNAS has a UI for it).  For low resource VMs E2 (nested virtualization)  is a way to migrate between E1 and E3–but it’s not going to work for high performance VMs because of the memory performance hit.

FreeNAS Corral on VMware 6.5

This guide will install FreeNAS 10 (Corral) under VMware 6.5 ESXi, then via NFS share ZFS backed storage back to VMware.  This is an update of my FreeNAS 9.10 on VMware 6.0 Guide.

“Hyperconverged” Design Overview

FreeNAS Vmware

FreeNAS is installed as a Virtual Machine on the VMware Hypervisor.  An LSI HBA in IT Mode is passed to FreeNAS via VT-d Passthrough.  A ZFS pool is created on the disks attacked to the HBA.  ZFS provides RAID-Z redundancy and an NFS dataset is then shared from FreeNAS and mounted from VMware which is used to provide storage for the remaining guests.  Optionally containers and VM guests can run directly on FreeNAS itself using bhyve.

FreeNAS Corral

FreeNAS 10 (now called FreeNAS Corral) is a major rewrite over FreeNAS 9.10, the GUI has been overhauled, it has a CLI interface, and an API.  I think the best feature is the bhyve hypervisor and docker support.  To some degree for a single all-in-one hypervisor+NAS server you may not even need VMware and be able to get away with bhyve and docker.

FreeNAS Corral Dashboard

Like anything new I advise caution against running it in a production environment.  I do see quite a few rough edges and a few missing features that are available in FreeNAS 9.10.  I imagine we’ll see frequent updates with polishing and features added.  A good rule of thumb is to wait until TrueNAS hardware is shipping with the “Corral” version.   I think this is the best release of FreeNAS yet, and it is going to be a great platform moving forward!

1. Get Hardware

This is based on my Supermicro X10SDV Build.  For drives I used 4 x White Label NAS class HDDs (see ZFS Hard Drive Guide) and two Intel DC S3700s (similar models between S3500 and S3720 should be fine), which often show up for a decent price on Ebay.  One SSD will be used to boot VMware and provide the initial data storage and the other used as a ZIL.

You will need an HBA to pass storage to the FreeNAS guest.  I suggest the ServerRAID IBM M1015 flashed to IT mode, or you can usually find the LSI 9210-8i already flashed to IT mode for a decent price on eBay.  You will also need a Mini-SAS to 4x SAS SATA Forward Breakout Cable.

2. IPMI Setup

Go ahead and plug in the network cables to the IPMI management port, as well as at least one of the normal ethernet ports.

This should work with just about any server class Supermicro board…. first download the Supermicro IPMIView tool (I just enter “Private” for the company).  Once installed run “IPMIView20” from the Start Menu (you may need to run it as Administrator).

Scan for IPMI Devices… once it finds your Supermicro server select it and Save.

Login to IPMI using ADMIN / ADMIN (you’ll want to change that obviously).

IPMI Login

KVM Console Tab…

KVM Console Tab

Load the VMware ISO file to the Virtual DVD-ROM drive…

Download the VMware ESXi Free Hypervisor.

Select ISO file, Open Image, select the VMware ISO file which you can download here, and then hit “Plug In”

KVM Virtual Storage

Power on

KVM Power On

Hit Delete repeatedly…

KVM Boot

Change the boot order, I made the ATEN Virtual CD/DVD the primary boot devices, and my Intel SSD DC S3700 that I’ll install VMware to secondary, and disabled everything else.

BIOS Boot Order

Save and Exit, and it should boot the VMware installer ISO.

3. Install VMware ESXi 6.5.0

Install ESXi

VMware Installer

Install to the Intel SSD Drive.

VMware Install Select Drive

Once installation is complete “Plug Out” the Virtual ISO file before rebooting.

Unplug ISO file

Once it comes up get the IP address (or set it if you want it to have a static IP which I highly recommend).

VMware screen

4. PCI Passthrough HBA

Go to that address in your browser (I suggest Chrome).  Manage, Hardware, PCI Devices, select the LSI HBA card and Enable Passthrough.

Passthrough LSI HBA

Reboot

5. Setup VMware Storage Network

In the examples below my LAN / VM Network is on 10.2.0.0/16 Final Portgroups(255.255.0.0) and my Storage network is on 10.55.0.0/16.  You may need to adjust for your network.  My storage network is on VLAN 55.

I like to keep my Storage Network separate from my LAN / VM Network.  So we’ll create a VM Storage Network portgroup with a VLAN ID of 55.

Networking, Port groups, Add Port Group

Add Port Group

Add VM Storage Network with VLAN ID of 55.

(you can choose a different VLAN ID, my storage network is 10.55.0.0/16 so I use “55” to match the network so that I don’t have to remember what VLAN goes to what network, but it doesn’t have to match).

Add a second port group just like it called Storage Network with the same VLAN ID (55).

Storage Network

Add VMKernel NIC

VMKernel NIC

Attach it to the Storage Network and give it an address of 10.55.0.4 with a netmask of 255.255.0.0

VMKernel Storage

You should end up with this…

6. Create a FreeNAS Corral VM

Create VM

FreeBSD (64-bit)

Create VM

Install it to the DC S3700 Datastore that VMware is installed on.

Add PCI Device and Select your LSI Card.

Select HBA PCI

Add a second NIC for the VM Storage Network.  You should have two NICS for FreeNAS, a VM Network and a VM Storage Network and you should set the Adapter Type to VMXNET 3 on both.

VMXNET3

Add NIC

I usually give my FreeNAS VM 2 cores, if doing anything heavy (especially if you’ll be running docker images or bhyve under it you may want to increase that count).  One rule with VMware is do not give VMs more cores than they need.  I usually give each VM one core and only consider more if that particular VM needs more resources.  This will reduce the risk of CPU co-stops from occurring.  Gabrie van zanten’s How too many vCPUs can negatively affect performance is a good read.

2 Cores

ZFS needs memory.  FreeNAS 10 needs 8GB memory minimum.  Lock it.

Made the Hard Disk VMDK 16GB.  There’s an issue with the VMware 6.5 SCSI controller on FreeBSD/FreeNAS.  You’ll know it if you see an error like:

UNMAP failed. disabling BIO_DELETE
UNMAP CDB: 42 00 00 00 00 00 00 00 18 000.
CAM status: SCSI Status Error.
SCSI status: Check Condition.
SCSI sense: ILLEGAL REQUEST asc:26,0 (Invalid field in parameter list).
Command byte 0 is invalid.
Error 22, Unretryable error.

To prevent this, change the Virtual Device Node on the hard drive to SATA controller 0, and SCSI Controller 0 should be LSI Logic SAS

SATA Controller

Add CD/DVD Drive, under CD/DVD Media hit Browse to upload and select the FreeNAS Corral ISO file which you can download from FreeNAS.

Add CD-ROM

7. Install FreeNAS VM

Power on the VM…

Select the VMware disk to install to.  I should note that if you create two VMDKs you can select them both at this screen and it will create a ZFS boot mirror, if you have an extra hard drive you can create another VMware data store there and put the 2nd vmdk there.  This would provide some extra redundancy for the FreeNAS boot pool.  In my case I know the DC S3700s are extremely reliable, and if I lost the FreeNAS OS I could just re-import the pool or failover to my secondary FreeNAS server.

Install FreeNAS to VMDK

Boot via BIOS.

Once FreeNAS is installed reboot and you should get the IP from DHCP on the console (once again I suggest setting this to a static IP).

If you hit that IP with a browser you should have a login screen!

8. Update and Reboot

Before doing anything…. System, Updates, Update and Reboot.

Update

(Note: to get better insight into a task progress head over to the Console and type: task show).

9. Setup SSL Certificate

First, set your hostname, and also create a DNS entry pointing at the FreeNAS IP.

Create Internal CA

Export Certificate

Untar the file and click the HobbitonCA.crt to install it, install it to the trusted Root Certificate Authorities.  I should note that if someone were to compromise your CA or gain the key they could do a MITM attack on you forging SSL certificates for other sites.

Create a Certificate for FreeNAS

Create Certificate

Listen on HTTP+HTTPS and select the Certificate.  I also increase the token Lifetime since I religiously lock my workstation when I’m away.

Listen on HTTPS

And now SSL is Secured

SSL Secured

 

10. Create Pool

Do you want Performance, Capacity, or Redundancy?  Drag the white circle thing where you want on the triangle and FreeNAS will suggest a zpool layout.  With 4 disks I chose “Optimal” and it suggested RAID-Z which is what I wanted.  Be sure to add the other SSD as a SLOG / ZIL / LOG.

Pool Creation

11. Create Users

It’s probably best not to be logging in as root all the time.  Create some named users with Administrator access.

12. Create Top Level Dataset

I like to create a top level dataset with a unique name for each FreeNAS server, that way it’s easier to replicate datasets to my other FreeNAS servers and perform recursive tasks (such as snapshots, or replication) on that top level dataset without having to micromanage them.  I know you can sometimes do recursive tasks on the entire pool, but oftentimes I want to exclude certain datasets from those tasks (such as if those datasets are being replicated from another server).

If you’d like to see more on my reasoning for using a top level dataset see my ZFS Dataset Hierarcy

Storage, tank3, Datasets, New…

Top Level DataSet

13. Setup Samba

Services, Sharing, SMB, set the NetBIOS name and Workgroup and Enable.

Storage, SMB3, Share, to create a new dataset with a Samba Share.  Be sure to set the ownership to a user.

SMB Share

14. Setup NFS Share for VMware

I believe at this time VMware and FreeNAS don’t work together on NFSv4, so best to stick to NFSv3 for now.

NFS Share for VMware

Mount NFS Store in VMware by going to Storage, Datastores, new datastore, Mount NFS datastore.

NFS Mount

15. Snapshots

I setup automatic recursive snapshots on the top level dataset.  I like to do pruning snapshots like this:

every 5 minutes -> keep for 2 hours
every hour -> keep for keep for 2 days
every day -> keep for 1 week
every week -> keep for 4 weeks
every 4 weeks -> keep for 12 weeks

And SAMBA has Previous Versions integration with ZFS Snapshots, this is great for letting users restore their own files.

SMB ZFS Integration

16. ZFS Replication to Backup Server

Before putting anything into production setup automatic backups.  Preferably one onsite and one offsite.

Peering, New FreeNAS, and enter the details for your secondary FreeNAS server.

FreeNAS Peering

 

Now you’ll see why I created a top level dataset under the pool….

Storage, Tank3, Replications, New, select the stor2.b3n.org Peer, source dataset is your top level dataset, tank3/ds4, and target dataset is tank4/ds4 on the backup FreeNAS server.

Compression should be FAST over a LAN or BEST over a low WAN.

FreeNAS Replication

Go to another menu option and then back to Storage, tank3, Replications, replication_ds4, and Start the replication and check back in a couple hours to make sure it’s working.  My first replication attempt hung, so I canceled the task and started it again.  I also found that adjusting the peer interval from 1 minute to 5 seconds under Peering may have helped.

FreeNAS Notifications

16.1 Offsite Backups

It’s also a good idea to have Offsite backups, you could use S3, or a CrashPlan Docker Container, etc.

17. Setup Notifications

You want to be notified when something fails.  FreeNAS can be configured to send an email or sent out Pushbullet notifications.  Here’s how to setup Pushbullet.

Create or Login to your Pushbullet account.  Settings, Account, Create an Access Token

PushBullet Access Token

Services, Alerts & Reporting, Add the access key (bottom right) and configure the alerts to send out via Pushbullet.

PushBullet Setup

You can use the Pushbullet Chrome extension or Android/iOS apps to receive alerts.

18. bhyve VMs and Docker Containers under FreeNAS under VMware

Add another Port Group on your VM Network which allows Promiscuous mode, MAC address changes, and Forged transmits.  You can connect FreeNAS and any VMs you really trust to this port group.

Trusted Portgroup

Power down and edit the FreeNAS VM.  Change the VM Network to VM Network Promiscuous

Network Change

Enable Nested Virtualization, under CPU, Hardware virtualization, [x] Expose hardware assisted virtualization to the guest OS.

Enabled Nested Virtualization

After booting back up you should be able to create VMs and Docker Containers in FreeNAS under VMware.

And more….

Use at your own risk.

More topics may come later if I ever get around to it.