Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts

Binance support is second to none

Yesterday I had an issue with a buy order. My order history showed I was filled on an order but the currency never hit my account. Within 4 hours of the incident support had fixed the issue and apologized for the inconvenience. Blows my mind that in our unregulated world there are companies like this that make regulated industry support look subpar.

Kudus to the Binance team. You’re the real deal.

r/ccnaPosted by
CCIE Collaboration
1 year ago

How to: Calculate required bandwidth per VoIP call

So, in preparation for CCIE Collab Written, I realized I had no idea how to actually "hand jam" the formulas that result in required bandwidth per call as I always use Why may one need to figure out the required bandwidth per call you ask? QoS ;)

So, some things that will never change...

  1. The IP/UDP/RTP header size will always equal 40 bytes UNLESS you implement compressed RTP (cRTP). Enabling cRTP will shrink the 40 bytes to 4 bytes including checksum. If you do not include the checksum, cRTP is reduced to 2 bytes.

  2. Ethernet is always 18 bytes

  3. PPP/MPPP is always 6 bytes

Before actually calculating the required bandwidth per call we need to figure out what the voice payload size is so we can use this value in our formula. To accomplish this, we multiply the codec bitrate by .01 (10ms sample) and divide by 8 (converting bits to bytes). Keep in mind the ".01" is representing a 10ms sample, if we are using a 30ms sample we would multiply by .03.

Bitrate * .0X = Y bits
Y bits / 8 = Z bytes
64000 * .02 = 1280 bits (g711 * 20ms sample = 1280 bits per sample)
1280 / 8 = 160 bytes per sample AKA the "payload"

Ok now that we understand how to find the payload size we can calculate the required bandwidth per call. The formula for this is:

((payload + "IP/UDP/RTP" headers + L2 header) / payload) * Bitrate

So, given a scenario of G729 @10ms using cRTP over PPP our formula would look like this:

8000bps * .01  = 80 bits per sample (g729 / 10ms = 80 bits)
80 bits / 8 = 10 bytes per sample
10 bytes per sample + 4 bytes cRTP (IP/UDP/RTP) with checksum + 6 bytes L2 (PPP) = 20 bytes
20 bytes / 10 byte payload = 2
2 * g729 8 kbps = 16kbps

So, one call using g729 @ 10ms with cRTP enabled over PPP required 16kbps of bandwidth. Let’s do one more example...

Using 20 G711 calls @ 20ms over Ethernet would be found using:

64000 * .02 = 1280 bits per sample
1280 / 8 = 160 bytes per sample
160 bytes per sample + 40 bytes "IP/UDP/RTP" header + 18 bytes Ethernet header = 218 bytes
218 bytes / 160 byte payload = 1.36
1.36 * 64  = 87.2 kbps per call
20 calls * 87.2 kbps = 1.744Mb of required bandwidth.

So, 20 concurrent G711 calls @ 20ms sampling over Ethernet requires 1.75Mbps if bandwidth.


"Network unavailable,please refresh and try again"

I get this over and over on the login page. The login button just spins for a few seconds and says "Network unavailable,please refresh and try again". I've tried two separate internet connections and no dice. Just me or happening to anyone else?


Show me the kitty!!! CCNP Collab achieved...

I must say, albeit I passed the last exam (CTCollab), I grow more and more disappointed in Cisco exams. Not so much from the standpoint of the misdirects, or shitty grammer, etc... But from the relevance of the questions on modern day versions of CM/Routers/etc... I probably spent 20 minutes of my time leaving comments about answers that would of been right oh... 5 years ago... however are now wrong according to current cisco documentation, software/firmware version, etc.

Regardless.... Time to take a break from studying/exams for a few months before I kick it back in gear to test CCIE Collab written at Cisco Live next year.

If anyone has any questions about any of the exams, feel free to ask. I will answer as much as I can according to the EULA. I will caveat by saying I only took the new apps, ciptv2, and CTCollab... I had already taken CIPT1 previously.



Roll Call 2016

Who is in?


Somewhat interested, need clarification.

Having previously worked in logistics, supply chain block chains interest me because I know how cumbersome tracking tangibles can be. Can someone explain to me how Block Array separates themselves from VEN, or even TRAC?



CCIE Collab Lab Virl + Physical

I built the INE Collab Lab based off info provided by INE and what is currently in the workbook. Currently looks like this ( Currently it uses all IOSv images (done just for connectivity and UC App creation), however I will replace the HQ & SC routers with a 2911 w/ PVDM-128, and a 2800 w/ CME/CUE for site-c. I am more then willing to pass this topology to anyone that wants it Only caveat is, you must get the workbook material yourself (obviously), and any licensing, bootable images, etc, yourself. Biggest difference between a rack rental, and this, is im using SIP trunks to the PSTN vice h323, and you have to build out the PSTN network (which is good practice anyway). Regardless, everything you need can fit on a single r710 (i had PSTN built on on separate host already), and pass everything into an access switch and trunk it to a 3750 used as the HQ switch, and general IP phone connectivity (I have a shelf next to my desk with all phones sitting there).

This topology can easily be switched around based on whatever vendor you use, I have a collabcert topology as well. If anyone is interested they can have it, just be aware I will only give you the lab with full site connectivity, no other configs, that's your responsibility.

Edit: Forgot to add, if you don't own virl you can download EVE Alpha and import the topology though I'm not sure how flat networks work in EVE as all I have done is play with it because I own VIRL.

r/networkingPosted by
CCIE Collaboration
2 years ago

X-Post:CCIE - Erlang b/c and extended

Does anyone have a good spreadsheet they use to calculate erlang b/c and b extended?

I am looking for something to calculate the probability of dropped calls with known current CUBE SIP session, taking agent talk time, how many calls where actually presented by the ITSP, how many actually completed, also factoring in retries for failed calls. I have a client who we are trying to convince to buy a larger CUBE that can handle more sessions, 4431 specifically, who currently runs a 2921 with firewall. I have told them based on my calc's that they need XYZ sessions based on their current call average, and u-turning off CCX to an external 3rd party. They in addition are having a staffing issue with agents, and I would like to be able to compute their requirements for them. So I am looking for something (spreadsheet preferably), that I can use to calculate for call agents, and GoS = (EM/M!)/(∑Mn=0 En/n!) for probability of dropped calls. The ability to show overtime what the % of calls that would be dropped during an hour would also be benificial.

r/ccnaPosted by
CCIE Collaboration
2 years ago

AMA - Passed 640-911 & 640-916 within the last month

Ask me anything (within reason) and I will brain dump you (as long as it doesn't infringe on the user agreement).


Collab written passed...

And I am completely burnt out... Promised the wife I would take a month off before prepping for the lab however I already feel "unmotivated" if that makes sense.

Regardless, I did poorly on the sections I knew I would have issues with however surprisingly I pulled a 100% on evolving technologies. If anyone is worried about this section I officially swear by Nick Russo's study guide ( It's a quick read, I read and noted it 2-3 times and it helped tremendously.

Here's to trying to get the lab done before its supposedly gets updated at the beginning of 2018...

r/ccnaPosted by
CCIE Collaboration
1 year ago

How to: The basics of IOS voice translation-rules

Admittedly, I struggled with IOS voice translation rules for a long time a 3-4 years ago. I figured it was easier to copy and paste rules with known results (with minor changes) to achieve my desired results. Many beginning their studies often overlook the need to learn the regex format that IOS understands. It seems overwhelming at first, but once you understand the basic formatting of rules it becomes second nature. Keep in mind, we are going over translation rules alone. We are not covering profiles or application of those profiles to dial-peers, voice ports, etc. That will come later.

The Basics

There are a minimum of 4 components used to build a voice translation rule:

  1. Voice translation-rule # - where # is the numerical identifier
  2. rule # - where # is the rules precidence e.g. acsending priority of the rule 1 has higher priority than 2
  3. // - the matches string
  4. // - the replacement string

Example 1: Minimum configuration

voice translation-rule 1
 rule 1 /match/ /replace/

Basic Matching and Replacing

Now that we have gone over the minimum requirements, let's review what constitutes as a match, wildcards, and other syntax that will enable us to manipulate digits. Lets use 2084481212 as a number that we are going to manipulate in some form.

Example 2: Basic matching and replacing

Number: 2084481212

voice translation-rule 1
 rule 1 /1212/ /0000/

Result: 2084480000

When the number is evaluated by this rule, any number with the string "1212" in it, will replace the "1212" with "0000". Therefore 2084481212 will be translation into 2084480000. As is, any sequence of "1212" regardless of location in the number string will be matched on.

Match "Starts with" with ^

What if we wanted to match on an number sequence at the beginning of the string and that's it. Well let's see what happens if we use basic matching and replacing.

Example 3a: What can go wrong

Number: 2084433208

voice translation-rule 1
 rule 1 /208/ /986/

Result: 9864433986

Our intent was to change the area code for whatever reason and were looking to have a result of "98644200833" however as you can see we have a result of "9864498633". This happened because we are matching "208" regardless of location in our string, and regardless of how may times it appears in our string. All will be changed. So how do we combat this? With our friend, Mr Carrot "". Using the ^ at the beginning of our string will only match if the most left (first) digits match our "/match/" string.

Example 3b: Doing it right (or left i guess)

Number: 2084433208

voice translation-rule 1
 rule 1 /^208/ /986/

Result: 9864433208

As we can see, we now our desired result. The ^ will not match any instances of the matched string other than the first occurrence, and only if that number string beings with what is being matched on.

Match "Ends with" with $

Just like our friend , we can also match the right most digits using $ (dollar sign). Which ^ will match from left to right, $ will match from right to left.

Example 4: Matching beginning at the end of a string

Number: 2084433208

voice translatoin-rule 1
 rule 1 /208$/ /000/

Result: 2084433000

The "208" is being stripped at the end of the number string and replaced with "000" as shown in the result. A good use case for $ is changing ANI (caller-id) of a group of numbers. Perhaps you have a hunt group, and within that hunt group you have a few dozen user endpoints. We don't want any outbound calls made by these devices to show the extension (or mask) assigned to the phone line, we want to display the number associated with the hunt group. To do this we would use the $, however we can also use "." period.

Match "Any single" with . The "." is the equivalent to a "X" if you're familiar with call routing configuration in CUCM. We are going to match on anything as long as there is something there.

Example 5a: Is something there?

Number: 2084433208

voice translation-rule 1
 rule 1 /208443..../ /2084433000/

Result: 2044433000

Think of a . as a substitution for any number. If we want to translate any 10-digit number to 1234567890 we could use the following example.

Example 5b: Another Example of .

Number 2044433208

voice translation-rule 1
 rule 1 /........../ /1234567890/

Result: 1234567890

The caveat to the above example is that you must have a . for every expected digit, e.g. you're expecting 10-digits, you need to use /........../. Let's see what happens if you don't.

Example 5c: Why do I have 11-Digits now?

Number: 2084433208

voice translation-rule 1
 rule 1 /......./ /123456789/

Result: 123456789208

Since we only specified match 7-digits (when you begin a match with a . you will always match the first most left digit), we matched "2084433" and replaced with with "1234567" however we do not just drop what was not matched, so we append the non-matched digits to our replace string resulting in 1234567890208. There are use cases for this, however rarely for this specific example.

Match a sequential number range with -

The inability to exclude digits with the (.) is fixed with the (-). Say we have our dial-plan broken down by location and department. For example Bob works at Office A as a financial planner Mary also works at Office A but as a data-entry specialist. Both Bob and Mary's extension being with a 5 (e.g. 5XXX) however the financial planning departments directory numbers range from 5100-5299 while the data-entry departments directory numbers range from 5300-5499. All lines that use 5XXX and 5XXX are also assigned to direct inward dial (DID) numbers however we do not want the DID's to show up on the called parties phone as the calling ANI. The numbers 5100 and 5300 have been reserved to be routed to each departments operator so we want all outbound calls to show up as the correct calling number. Let's see how we would accomplish this.

Example 6: Matching ranges Number 1: 2084435198 Number 2: 2084433355

voice translation-rule 1
 rule 1 /2083445[1-2]../ /2083445100/
 rule 2 /2083445[3-4]../ /2083445300/

Result 1: 2083445100
Result 2: 2083445300

Wait what did I just do? We configured two rules under our translation-rule? We sure did, in fact you can configure up to 15 rules within a voice translation-rule. In fact we also incorporated our (.) wild-card in conjunction with our (-) range character. Using brackets with a number range specified with (-) we match if the 8th digit in the number string is a "1 or 2", regardless of the last two digits (.) and replace with 2083445100. Likewise for "3 or 4" replace withe 2083445300.

Matching a list numbers with [] -

Let's recycle our previous scenario with a twist. When Office A first opened, is was a small office. Initially the financial planning department had a directory number range of 5100-5199, and the data entry department used 5200-5299. We already have translations configured that will replace the calling number with the number of the departments operator

Example 7a: Everything is working! Number 1: 2084435178 Number 2: 2084435242

voice translation-rule 1
 rule 1 /20843351../ /2084435100/
 rule 2 /20843352../ /2084435200/

Result 1: 2084435100
Result 2: 2084435200

Everything works great until management comes down and decided to close another branch and consolidate its financial planning and data entry departments with Office A's existing departments. We now exceed the available directory number each department at Office A initially had. We do however have the 53XX and 54XX numbers available. We decide to give 53XX to financial planning, and 54XX to the data entry department. Now we need to change our translation rule because we want 51XX and 53XX numbers to use 2084435100 as their ANI, and 2084435200 for 52XX amd 54XX of the data entry department. We obivously cant use (-) because the numbers are not sequential, we can however use a ([list]).

Example 7b: Using a list of numbers

Number 1: 2084435178
Number 2: 2084435384
Number 3: 2084335218
Number 4: 2084435445

voice translation-rule 1
 rule 1 /2084335[13]../ /2084335100/
 rule 2 /2084335[24]../ /2084335200/

Result 1: 2084335100
Result 2: 2084335100
Result 3: 2084335200
Result 4: 2084335200

The ([list]) wild-card will only match the listed numbers. We can see that in rule 1 we're matching on either a 1 or 3, not both, not range, it's a yes or no. We can specify [0123456789] and it would provide the same result as [0-9]. However if we are matching on [012346789], we can not use [0-9] because we do not want to match on 5.

Excluding a list of numbers with [^ ] -

There are many times where it is actually easier to exclude numbers in a list rather than match. Using the above if we are matching on [012346789], we can not use [0-9] because we do not want to match on 5 however instead of specifying what to match on, maybe we just exclude the numbers we don't want to match.

Example 8: You shall not pass!

Number 1: 2084435178
Number 2: 2084435384
Number 3: 2084335418

voice translation-rule 1
 rule 1 /2084435[^01245]../ /2084335100/
 rule 2 /2084435[^4]../ /2084335200/
 rule 3 /20844354../ /2084335300/

Result 1: 2084335200 (matches rule 2)
Result 2: 2084335100 (matches rule 1)
Result 3: 2084335200 (matches rule 3)

This is a lot to chew on so let's break it down piece by piece. Rule 1 states that any number string at the 8th digit that has a 0, 1, 2, 4, or 5 don't match, however we will match on 3, 6, 7, 8, 9. This leads us to rule 2 which states that if there is a 4 in the 8th digits of the string do not match. Match only on 0-3, and 5-9. Keep in mind that rule 1 is a higher precedence than rule 2 which means that rule 2 will never be used with a 3, 6, 7, 8, or 9 because rule 1 will of matched already. This leaves rule 2 only matching with 0, 1, 2, 3, and 5. Finally rule 3 is batting cleanup with that match on 4.

Repeating the previous with (* ) and (+) -

I could split these two wild-cards but it makes more sense to to explain their usage together. To put it simply, () and (+) are the exact same thing match and repeat whatever the previous character is, however () includes null. What I mean by this is that there doesn't have to be anything provided, any to match rule. Let's look at () more closely. In the below example imagine that we have an outbound call going to 911, for whatever reason we want any outbound call to 911 to use the ANI 2084431212. From CM we are not sending ANI to our gateway therefore when there is an outbound call to 911, there is no associated ANI therefore the ANI is null. In the below example we will use a NULL ANI, however we will also just use whatever to prove the point of what () does.

Example 9: What is null?

Number 1: NULL
Number 2: 123
Number 3: 111111111111111111111

voice translation-rule 1
 rule 1 /.*/ /2084431212/

Result 1: 2084431212
Result 2: 2084431212
Result 3: 2084431212

It doesn't matter if there is a digit value presented or not, when we use /./ we are saying match NULL or match any value repeated. When I say value repeated, in this example if we use a 10-digit number, we could match it with /./ or /........../.

Using (+) will never match null, so in the above example we would see this...

Example 9b: No NULL for you!

Number 1: NULL
Number 2: 123
Number 3: 111111111111111111111

voice translation-rule 1
 rule 1 /.+/ /2084431212/

Result 1: NO MATCH
Result 2: 2084431212
Result 3: 2084431212

Grouping digits with () AKA Number Slicing -

As we wrap up translation-rules we find ourselves at the most confusing method of manipulation. Though it's actually super easy once you understand the structure used. The only real caveat to grouping digits is that you can't use more than nine groups. Why anyone would ever use nine groups other that for messing around is beyond me, regardless lets look at how we group digits.

A group is first /matched/, and can be "called" to the /replace/. For example if we wanted to match on 1212 and have our result be 3035161212 we group using an () escape followed by the "(", then the string to match, followed by another () escape, and closing the group with ")". It would look something like this "rule 1 /111222(3333)/" which would create group 1. We call group 1 by it's number like /\1/. I know it's hard to grasp, but lets breakdown what's happening and then provide a few examples:

1. /\( - Begin slice 1
2. /\(1111 - Where 1 is a 0-9 digit or wild-card
3. /\(1111\) - Stop Slice 1
4. /\(1111\)\( - Begin slice 2
5. /\(1111\)\(2222 - Where 2 is a 0-9 digit or wild-card
6. /\(1111\)(2222\) - Stop slice 2
7. /\(1111\)(2222\)\( - Begin slice 3
8. /\(1111\)(2222\)\(3333 - Where 3 is a 0-9 digit or wild-card
9. /\(1111\)(2222\)\(3333\)/ Stop slice 3 finishing match statement

To understand how to call the groups you just sliced, lets mess with the final outputs. Knowing that we created 3 groups of 4 numbers, and knowing that groups are arranged left to right beginning with 1 and acceding to the right up to 9, we can conclude the following:

Example 10: The examples...

Number: 555566667777

voice translation-rule 1
 rule 1 /\(....\)\(....\)(....\)/ /\1/
 rule 2 /\(....\)\(....\)(....\)/ /\1\2/
 rule 3 /\(....\)\(....\)(....\)/ /\1\2/3/
 rule 4 /\(....\)\(....\)(....\)/ /\3\2\1/
 rule 5 /\(....\)\(....\)(....\)/ /\3\1\/
 rule 6 /\(....\)\(....\)(....\)/ /\1\300/
 rule 7 /\(....\)\(....\)(....\)/ /200\1/
 rule 8 /\(....\)\(....\)(....\)/ /200\1\300/

!For fun!!!
 rule 9 /\(..\)(..\)(..\)(..\)(..\)(..\)/ /\1\3\5\2\4\5/
 rule 10 /\(..\)(..\)(..\)(..\)(..\)(..\)/ /\1\3\5 

Remembering that when replacing we use # where # is group 1-9 so we can conclude that if the string being matched is 555566667777, group 1 is 5555, group 2 is 6666, and group 3 is 7777. So the results from the above translation rule knowing that nothing below rule 1 will match but using the rules as an example of possible results that can be achieved.

rule 1 /\(....\)\(....\)(....\)/ /\1/ - Would result in 5555
rule 2 /\(....\)\(....\)(....\)/ /\1\2/ - Would result in 55556666
rule 3 /\(....\)\(....\)(....\)/ /\1\2/3/ - Would result in 555566667777
rule 4 /\(....\)\(....\)(....\)/ /\3\2\1/ - Would result int 777766665555
rule 5 /\(....\)\(....\)(....\)/ /\3\1\/ - Would result in 77775555
rule 6 /\(....\)\(....\)(....\)/ /\1\300/ - Would result in 5555300
rule 7 /\(....\)\(....\)(....\)/ /200\1/ - Would result in 2005555
rule 8 /\(....\)\(....\)(....\)/ /200\1\300/ - Would result in 2005555300
rule 9 /\(..\)(..\)(..\)(..\)(..\)(..\)/ /\1\3\5\2\4\5/ - Would result in 556677556677
rule 9 /\(..\)(..\)(..\)(..\)(..\)(..\)/ /\1\3\5/ - Would equal 556677

That is pretty much the gist of grouping and that sums up translations rule basics. Let's touch on one more use of translation rules.

Type and Plan matching and replacing -

Without going crazy manipulating digits let say we're using a single rule in a translation-rule that says // // or whatever we match will use to replace (e.g. /1111/ // results in 1111). We can add on to our rule a type to match and replace, and a plan to match an replace. This is optional and not required unless your carrier (or you) for what ever reason need to set the type or plan (CUCM can also apply prefixing, etc based on these). Without going into the meaning or use case for any of the following, here are the Types and Plans and how you can manipulate them:

Type Match Type Replace Plan Match Plan Replace
abbreviated abbreviated any data
any international data ermes
international national ermes isdn
national network isdn national
network reserved national private
reserved subscriber private reserved
subscriber unknown reserved telex
unknown telex unknown

Example 11: A quick and dirty example

voice translation-rule 1
 rule 1 // // type unknown national plan unknown isdn 

The above would result in any number that has an unknown type and plan being set to type national, plan isdn.

I said I wouldn't but...

A quick blurb about voice translation-profiles and their application without going to in depth. Translation-profiles bundle rules together, e.g. you "nest" the voice translation-rules within a profile. Rules can be used in multiple translation-profiles. There are five methods to call a translation rule in a translation profile however we will only discuss the most commonly used.

  1. Translate Called - When used e.g. "translate called 1" will apply translation-rule 1 (and all rules configured within) to the called number.
  2. Translate Calling - When used e.g. "translate calling 1" will apply translation-rule 1 (and all rules configured within) to the calling number.

Translation profiles are applied to dial-peers, voice-ports, etc by declaring either "incoming" or "outgoing". Keeping in mind that using the IOS devices as the reference or epicenter, incoming is referencing the incoming call leg to the IOS device (e.g. incoming pots or voip leg), while outgoing is the outgoing call leg from the IOS device (e.g. outgoing pots or voip leg).


This is my summary. Hope this was helpful, if there are questions, or if you notice that I misspoke anywhere please let me know.


FireSight SQL Queries

I have a client that would like to be able to have reports generated that allows them to specify a location based on subnet, but also query the department of a user (pulled from LDAP). Currently there is not a method to do this on box, or via estreamer (that I have found).

The only option I can think of via SQL queries off the various tables the reside on the appliance and match everything up based on the username.

Has anyone ever messed with anything like this?



CSS equivalent for Jabber?

I am being told that the ability to create CSS type restricting with Jabber exist, however I can not find reference anywhere regarding the feature or configuration.

Anyone have any input on this? Looking for the ability to prevent basic jabber users from searching in the directory, or initiating chat with say.. CXX level employees.


Edit: This is without using multiple IMP severs


Cisco Live 2017 Roll Call and Q&A

Scheduled my flight, hotel, and all my sessions today... Who else is "in"?

As always, I think this is my 5th? year... If you haven't been, but are attending this year and have questions, fire away!


Cisco 7925G Application Button PLAR?

Have a client that I previously configured Informacast PTT on a few 7925G's. Their use is a pair relationship in a healthcare environment where you have a nurse paired with a doctor. Premise is for the nurse to be able to talk to the doctor, and give him updates while out of the room, inform him a patient is ready, etc.

PTT works "ok" however the inability to use a lapel earbud/mic with a PTT button on it defeats the purpose of privacy (HIPAA, HITECH, etc). They want a "walkie talkie" solution, but dont want to pay the price for crypto loaded comm devices. They had 7925's laying around so we tried this solution and it is not viable for thier purpose (and quite frankly Informcast PTT is an embarrassing solution).

Being ignorant to XML applications in CM, I'm curious if there is a way to configure the application button "PTT Button" on a 7925G to function as a PLAR to the other device in the nurse/doctor pair. I realize it will require some XML coding, which is fine, just kind hoping someone has does something like this previously, or can point me in the right direction.


1 comment

Erlang b/c and extended

Does anyone have a good spreadsheet they use to calculate erlang b/c and b extended?



AMP Release?

Anyone have any (or heard anything) about when AMP may come out of beta? I have a bunch of customers itching for it but I'm not willing to put beta firmware in their production environments.

Edit: I must add though, I am impressed how much it actually captures. I was unsucessful getting my lap box funkwared.


Recommended hardware help?

I'm not sure if this is allowed here, or even in the right section. I am looking to migrate a RDS environment (roughly 20 servers) to VDI to mitigate the shared fate of users if a VM dumps, or a server begins acting up. I am a Cisco shop, so I would prefer UCS servers, and I am looking at UCS Mini solution so if a blade dumps, I can swap a new one in and dissociate/re-associate a profile with UCS Manager, however C series server (like a 240) are not out of the question. The only stipulation is that I need HA, as this will be deployed at a medical facility that contracts with us, so downtime due to a hypervisor issue is not acceptable. I am leaning towards ZenDesktop as out VDI solution, however I am ignorant to what type of hardware would be required.

Some parameters:

-These are not power users (no CAD, etc). The majority of GFX/Audio will be training videos for residents and doctors
-I would prefer to deploy Windows 7/8.1 with various golden images based on user role
-I would repurpose the file server to handle all the user files (currently everything is redirect there anyway)
-Initial migration will be for 50 VDI sessions
-The only someone intensive application would be a EMR, in which the only intensive imaging would be those of the medical variety (xrays, various scans, etc)
-The total numbers of users I would like to eventually be running VDI is 250-300
-They currently utilize WYSE thinclients running ThinOS (I verified the models they have would work)

I am looking for hardware (CPU/RAM/ETC), and GPU requirements to meet the 250-300 goal. By all means recommend other equipment that is not Cisco, however due to our partner status that is the direction we are leaning.

I have already reach out via my SE to Cisco, who brought on NVIDIA. They recommended the M6/M60 depending on B/C series however I have not been able to get anyone to give me definitive answers at Citrix regarding "best practice" in regards to hardware.

Any information shared is greatly appreciated, feel free to hit me up via PM if that is better for you (or if you need any additional questions answered).


Dear Meraki if you are listening.

Please give us the ability to create VPN filters for L2L VPN's from Meraki MX to 3rd party firewalls! Yes I know it can be done with SA's however when you have 50 tunnels with various SA's its easier to allow a subnet and allow specific destinations while denying everything else then fighting with various vendors trying to get them to fix their SA's.


r/sysadminPosted by
Solutions Architect
1 year ago

Allow users to authenticate to AD but deny login?

I have a need to create a few generic user accounts that need to be able to authenticate against active directory, however I do not want the users to be able to login to anything.

From my little knowledge of AD/GPO's (im a network/voice guy) I know I can put these users in a security group and then in the default domain policy deny local & remote logins. Does this prevent accessing network resources e.g. shares? Is there a better method to accomplish this task?



SSL VPN Hairping to MPLS converged circuit help

I have a client that has a converged MPLS enviroment (single circuit, ISP handles & MPLS routing over a single link), all WAN/Inet traffic egresses out of their WAN2 at each site. They want the ability to VPN in, and access other remote sites over WAN. Anyone have an config examples, or KB, that could help me accomplish this? I rarely work on fortigates, mostly cisco, basic google searches don't provide my help.


Thwarting policy mitigation by users utilizing encrypted tunnels

How I wish there was the ability to block by application like REAL layer 7 firewalls... I need to figure out how to block students in a dorm that I know for a fact have in the past mitigated policies by using tunnels. At the actual school I just blocked unknown tcp/icmp tunneling/gre/etc and it works fine, however there are no options as such with MX devices. Anyone ever ran into this and figured out something?

Cake day
December 11, 2015
Trophy Case (1)
Two-Year Club

Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.