Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 48
  1. #21
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    If you think VMWare is that expensive...

    Well you need to call me because I'm telling you point blank it's wrong, and if someone ripped you for that much send some money my way.

    Besides, if you need Untangle to be that fool proof do you have redundant internet connections? Do you have a router that manages them properly? The best deployment option on that scale is just to wrap the Untangle with the Cisco that's at the edge anyway.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #22
    Untanglit
    Join Date
    Aug 2010
    Posts
    24

    Default

    Ok how much would it cost for a decent san, vmware licenses, multiple nics, and hbas?
    On a new build.
    You're looking at 12k in vmware licenses if you just need vmware and Ha. around 5k for the servers Usually with multiple nics.
    Software licenses for the servers.
    Implementation costs.
    Fibre channel or infinband switches, ethernet switches for your storage fabric.
    A san.
    It adds up on a new implementation.

    I'd love to hear your thoughts on how much a new clustered vmware build out costs.

    Quote Originally Posted by sky-knight View Post
    If you think VMWare is that expensive...

    Well you need to call me because I'm telling you point blank it's wrong, and if someone ripped you for that much send some money my way.

    Besides, if you need Untangle to be that fool proof do you have redundant internet connections? Do you have a router that manages them properly? The best deployment option on that scale is just to wrap the Untangle with the Cisco that's at the edge anyway.
    Last edited by dell4242; 08-05-2010 at 07:40 PM.

  3. #23
    Untanglit
    Join Date
    Aug 2010
    Posts
    24

    Default

    Quote Originally Posted by sky-knight View Post
    Besides, if you need Untangle to be that fool proof do you have redundant internet connections? Do you have a router that manages them properly? The best deployment option on that scale is just to wrap the Untangle with the Cisco that's at the edge anyway.
    Yes all of our clients require multiple isps. Depending on size of the client solutions vary. Some clients are happy with route tracking, dns monitoring, and no edge. Other clients need bgp on the edge with multiple routers for different carriers.
    I work with financial companies that don't accept downtime.

  4. #24
    Master Untangler
    Join Date
    Aug 2008
    Posts
    939

    Default

    Vmware is wonderful and we have it implemented at several clients, but it's not the ha solution for us and untangle. Qos is crap under virtualization.

    I believe that untangle doesn't want IPSec because of the support calls. They say that already, openvpn is accounting for the majority of their support calls. Which frankly amazes me, but I believe them.

    Did you know that their openvpn implementation is hub and spoke only? As in site A is the hub, and site b and site c can only VPN into site a. If site c needs to talk to site b, it has to go through site a. Bet that will bake your noodle!

    All in all, Untangle is my favorite.

  5. #25
    Untanglit
    Join Date
    Aug 2010
    Posts
    24

    Default

    Quote Originally Posted by far182 View Post
    Vmware is wonderful and we have it implemented at several clients, but it's not the ha solution for us and untangle. Qos is crap under virtualization.

    I believe that untangle doesn't want IPSec because of the support calls. They say that already, openvpn is accounting for the majority of their support calls. Which frankly amazes me, but I believe them.

    Did you know that their openvpn implementation is hub and spoke only? As in site A is the hub, and site b and site c can only VPN into site a. If site c needs to talk to site b, it has to go through site a. Bet that will bake your noodle!

    All in all, Untangle is my favorite.
    Yup pretty much everything I build now on the server side is esx or esxi, with vsphere.
    Esxi free is really great for dr environments, where you can run have several servers running on a freely licensed box, and application clustering. Have played around with virtual box and zen server too. But my preference is vmware.
    That said the implementation costs for a full blown vmware infrastructure aren't cheap. When you add up the san, and networking costs it really adds up. 10gb is even more onerous. You need a san for vmotion and drs. Proprietary sans aren't cheap. And as mentioned previously I wouldn't chance my vmware infrastructure for security reasons. Sure you can pause machines on nfs shares, but that's for sissies.

    The hub spoke design sounds like a feature .
    Do the vpns fall back to backup interfaces if the primary is down? Can you just hack the config file.

    To be honest I'm afraid of any vpn that doesn't have a command line. Cross platform vpns are usually a nightmare... I understand why they don't want those calls. But why not make it a free unsupported mega beta app (that works if you know what you are doing). I'd use it.

  6. #26
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    Dell... given what you've indicated, vs the requirements you've posted all over the place.

    Untangle isn't the solution for you, and I may humbly suggest it never will be. This is a SMB product, and everything you're talking about is small scale enterprise or larger. You simply don't do the kinds of things you're doing with a UTM like this. Untangle can be part of the over all scheme. But it's integrated by placing it in router mode hanging off the edge router, and your edge router is only routing specific sessions through it so you can use the nice cheap content filters. Anything else, given the stuff you've posted, simply won't work.

    And I have entry level VMWare clusters with 3x blades, 3x SANs, and appropriate network equipment starting at ~10,000. That's 3 sans, 3 blades, and the VMWare licenses. I'm sorry you haven't bothered to call VMWare and look into what they really carry. If I could just get those nuts to sell me essentials for 1 cpu on 1 server I'd be happy, and selling it everywhere to cover everything. As it is I have to install trials all over the place, it's almost as if VMWare doesn't want the money.

    P.S. OpenVPN in Untangle is limited to the primary WAN interface only, so no with the failover options and whatnot if you lose a primary link you're still down.
    Last edited by sky-knight; 08-05-2010 at 08:51 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #27
    Untanglit
    Join Date
    Aug 2010
    Posts
    24

    Default

    Quote Originally Posted by sky-knight View Post
    Dell... given what you've indicated, vs the requirements you've posted all over the place.

    Untangle isn't the solution for you, and I may humbly suggest it never will be. This is a SMB product, and everything you're talking about is small scale enterprise or larger. You simply don't do the kinds of things you're doing with a UTM like this. Untangle can be part of the over all scheme. But it's integrated by placing it in router mode hanging off the edge router, and your edge router is only routing specific sessions through it so you can use the nice cheap content filters. Anything else, given the stuff you've posted, simply won't work.

    And I have entry level VMWare clusters with 3x blades, 3x SANs, and appropriate network equipment starting at ~10,000. That's 3 sans, 3 blades, and the VMWare licenses. I'm sorry you haven't bothered to call VMWare and look into what they really carry. If I could just get those nuts to sell me essentials for 1 cpu on 1 server I'd be happy, and selling it everywhere to cover everything. As it is I have to install trials all over the place, it's almost as if VMWare doesn't want the money.

    P.S. OpenVPN in Untangle is limited to the primary WAN interface only, so no with the failover options and whatnot if you lose a primary link you're still down.
    What type of sans are you using? Blades at the price? Are those supermicro?
    I'm really curious here... 3x sans? what vendor?
    I mostly use emc and netapp, some equallalogic if the client prefers.

    I've built my own sans for home use, and it's hard to build 3 of them for 10k.
    Are you talking about iscsi?
    Do you charge for implementation?
    I've worked with vmware alot... I've installed a lot of environments.
    The esentials kit doesn't include high availability. the essentials plus does. In general we implement the advanced acceleration kit, for lower end costumers.

  8. #28
    Untanglit
    Join Date
    Aug 2010
    Posts
    24

    Default

    Quote Originally Posted by sky-knight View Post
    Dell... given what you've indicated, vs the requirements you've posted all over the place.

    Untangle isn't the solution for you, and I may humbly suggest it never will be. This is a SMB product, and everything you're talking about is small scale enterprise or larger. You simply don't do the kinds of things you're doing with a UTM like this. Untangle can be part of the over all scheme. But it's integrated by placing it in router mode hanging off the edge router, and your edge router is only routing specific sessions through it so you can use the nice cheap content filters. Anything else, given the stuff you've posted, simply won't work.
    To be honest where I see this fitting is for remote users at home, who want these kind of content filters, want the ability to vpn back to their home office. My requirements aren't all over the place. I want these two features.
    You asked about the type of environments I support professionally and I told you. putting this in as a transparent bridge (err router), might make sense I believe I mentioned this previously as an example of how other users are approaching this. If you want me to go away because I make you uncomfortable that's fine, you obviously don't care for my opinion, but I'm no idiot, and I do this stuff professionaly. If I did more small business installs, this is what I'd ask for. This is what untangle costumers have been asking for for years.
    I might try to hack it on the side, and I'm curious why it has been put off, and why it's technically dificult.
    Then again it's probably more convienient for you to treat me like a troll...

  9. #29
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    The blades are white boxes, single CPU units, but powerful enough for smaller deployments. The SANS are qnap units, nothing special, yes it's iSCSI, and yes you have to be darn careful with it or it gets really slow.

    And you don't really need HA, you just need VMotion, it's fast enough.

    And I'm treating you like a troll because you asked for it. You came out of nowhere, and started marching around demanding things you had no idea about. Spare those of us that have spent years working on this project fighting to help it grow and become profitable so we can get the toys we want.

    Oh, and in all that time how many of my clients have asked for IPSec? That would be... oh...NONE. If you're large enough for multiple sites and have need of that sort of thing Untangle probably isn't the best product for you. You'd have to be a master at the thing to tweak it the 1000 ways necessary to make it stable.

    Finally, if you've ever deployed OpenVPN successfully you'll run screaming away from IPSec faster than you can blink. Yes it's THAT much better. IPSec is just garbage, just because everyone uses it doesn't make it better. Sure the ability to terminate an IPSec tunnel would be nice, but it's not a trivial thing to add.

    Many in this community have tried, and each of them have failed.
    Last edited by sky-knight; 08-05-2010 at 09:18 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #30
    Untanglit
    Join Date
    Aug 2010
    Posts
    24

    Default

    Quote Originally Posted by sky-knight View Post
    Dell... given what you've indicated, vs the requirements you've posted all over the place.

    Untangle isn't the solution for you, and I may humbly suggest it never will be. This is a SMB product, and everything you're talking about is small scale enterprise or larger. You simply don't do the kinds of things you're doing with a UTM like this. Untangle can be part of the over all scheme. But it's integrated by placing it in router mode hanging off the edge router, and your edge router is only routing specific sessions through it so you can use the nice cheap content filters. Anything else, given the stuff you've posted, simply won't work.

    And I have entry level VMWare clusters with 3x blades, 3x SANs, and appropriate network equipment starting at ~10,000. That's 3 sans, 3 blades, and the VMWare licenses. I'm sorry you haven't bothered to call VMWare and look into what they really carry. If I could just get those nuts to sell me essentials for 1 cpu on 1 server I'd be happy, and selling it everywhere to cover everything. As it is I have to install trials all over the place, it's almost as if VMWare doesn't want the money.

    P.S. OpenVPN in Untangle is limited to the primary WAN interface only, so no with the failover options and whatnot if you lose a primary link you're still down.
    Quote Originally Posted by sky-knight View Post
    The blades are white boxes, single CPU units, but powerful enough for smaller deployments. The SANS are qnap units, nothing special, yes it's iSCSI, and yes you have to be darn careful with it or it gets really slow.

    And you don't really need HA, you just need VMotion, it's fast enough.

    And I'm treating you like a troll because you asked for it. You came out of nowhere, and started marching around demanding things you had no idea about. Spare those of us that have spent years working on this project fighting to help it grow and become profitable so we can get the toys we want.

    Oh, and in all that time how many of my clients have asked for IPSec? That would be... oh...NONE. If you're large enough for multiple sites and have need of that sort of thing Untangle probably isn't the best product for you. You'd have to be a master at the thing to tweak it the 1000 ways necessary to make it stable.

    Finally, if you've ever deployed OpenVPN successfully you'll run screaming away from IPSec faster than you can blink. Yes it's THAT much better. IPSec is just garbage, just because everyone uses it doesn't make it better. Sure the ability to terminate an IPSec tunnel would be nice, but it's not a trivial thing to add.

    Many in this community have tried, and each of them have failed.
    Ok for my understanding by blade do you mean actual blades are just members of the cluster. Typically I think of blades with a blade enclosure and shared storage and resources. I've deployed them and they aren't cheap.
    HA is nice because the failover is automated. THey don't call you it just happens. In addition the essentials kit doesn't include vmotion. The essentials plus does but this includes ha anyway (and support from vmware isn't free).

    I've done a lot of ipsec vpn connections, and I've configured ssl vpns. The painful truth is that ipsec is what everyone uses. Interplatform vpns are a PITA, but it's a neccesary evil. I have to do vpn tunnels between different vendors firewalls often enough to know. It takes tweaking, but it works.

    I'm sorry if your insulted and that you interpreted my posts that way.

Page 3 of 5 FirstFirst 12345 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2