Stephen Krujelskis

I bought a  CyberPower CP1500PFCLCD  UPS roughly 6.5 years ago. The manufacturer claims it will power 900 watts of equipment for 2.5 minutes at full load (10 minutes at half load). While on battery power, it outputs a true sine wave, whereas most cheaper UPSes output only an approximated sine wave, which can cause issues for more delicate equipment. After years protecting my NAS , I recently added 3 small form-factor desktops running ESXi , and the reported load is now ±19% (170W). Last night at 11pm we had a power outage lasting 10 seconds and my lab went dark. There was no decline in time remaining or percent charge - the UPS gave up immediately. UPS batteries typically last 3-6 years. I'm still running the original set from 2016, so it's safe to assume the batteries are done. I usually buy batteries locally to save on shipping. A nearby shop sells 12V 7.5Ah batteries for $22. The original set are 9Ah but, at nearly twice the cost, I'm comfortable with the lower run time

When we moved into the house, the coax entrance was upstairs, so for 2 years we ran the network out of one of our offices. We finally got around to stringing some cables, which let me tuck away the bulk of my gear in the basement. The next thing I wanted was a switch that would power my cameras and APs, and let me segregate the equipment I manage from our work and IoT devices. I probably spent too much time looking for the ideal switch. My initial needs were basically: Managed 8 or more 1G RJ45 ports PoE+ with at least 100w power budget There are a lot of older datacenter switches that fit that bill - the Cisco 2960X and 3750X come to mind. The problem with datacenter gear is it's loud and consumes a lot of power. The 2960X has a PoE budget of 740W and uses something like 44W with nothing plugged in. No, I wanted something quiet, and at least one 10G SFP+ port would be a big plus.  While I'm sure there are more switches that meet my criteria, here's what I came up with afte

At the beginning of April, an ice storm hit Quebec and caused power outages lasting several days, particularly in areas with older trees where utility lines are not underground. When I started my ESXi host after 5 days offline, I ran into an error I've never seen before: It seemed like all of the VIBs were now failing UEFI Secure Boot validation. My first instinct was that due to an unclean shutdown, data on the boot volume was corrupted, and a reinstall would be required. The voice of my VMware TAM was in the back of my mind: I'm running non- HCL hosts, with NVMe SSDs not on the VSAN HCL , I should be thankful this works at all. And he's right. And I am.  However, I'm happy to report this had a quick fix: while goofing around in the BIOS to see how I could bypass Secure Boot and load ESXi, I noticed that my system clock had rolled back to 2017! As it turns out, I had been foiled by a $1 CR2032 battery  meant to keep time while the board is not connected to power. By s

The university, as part of its digital strategy initiative, is pushing harder than ever for SSO across its major services. Part of this means standardizing on an IdP infrastructure to tie everything into, and for a lot of reasons (future post) we chose ADFS. Recently a service provider asked us if, since we are working this way with our Shibboleth IdP now, we can provide a deep link on the IdP domain that will redirect to the SP after the authentication flow. I figured it was possible, but it was the first time we had to think about this with ADFS. Turns out it's quite easy, at least on ADFS v5 (Server 2019). I'm probably explaining this wrong, but in SAML parlance the flow where the user connects to the IdP first and then gets punted to an SP is called RelayState, and typically it is triggered by appending a query string to the IdP-initiated sign-on page. First, enable IdP-initiated sign-on if you haven't already: Set-AdfsProperties -EnableIdpInitiatedSignonPage $tr

I originally posted this on LinkedIn. I'm still figuring out syntax highlighting on Blogger so please bear with the basic formatting for the moment. This morning I got a strange IM from one of my colleagues. A virtual machine he was working on had become inaccessible in vSphere, but seemed fine otherwise. I decided to have a look around. Hostnames have been changed and sequences have been shortened to protect my institution. The Summary page for the server, which we'll call dummy-vm-3, indicated that the host it was registered on was vm-host-13. However, the last migration in the Tasks logs before the machine disappeared, indicated a vMotion from vm-host-7 to vm-host-6. Odd. From the ESXi shell, we can tell which VMs are running, whether they are listed in the client or not. I sshed into "vm-host-13" and ran the following: ~ # vim-cmd vmsvc/getallvms Skipping invalid VM '1394' Vmid Name File Guest OS Version Annotation 1 dummy-vm-1 [datastore