"Even RAID6 is risky once you get past about 10TB."
Nope. Risk for RAID 6 is still close to zero even in worst case of say 14+2 using multi-terabyte SATA disks. See http://pics.aboutnetapp.ru/hds_raid_5_and_raid_6_risk_of_data_loss_probability.jpg
3511 publicly visible posts • joined 17 Jan 2013
"For critical data, I'm now only using RAID 10"
That's very expensive on disks / slots though - so not ideal for many deployments. Most commonly in disk arrays these days SATA storage uses RAID 6 (or RAID DP), and SSD / FC uses RAID 5.
High end arrays also often have additional inbuilt error correction / redundancy striped across the RAID sets - for instance 3PAR does this...
"I seriously hope that RAID reconstruction does NOT stop....as there is a very nonzero probability that the smoked sector is not even being used."
Modern arrays don't generally try and rebuild sectors without any data on. If the array does hit a hard error on rebuild, I wouldn't want it to just pretend everything is OK! In my experience arrays will go into a fault condition in this case and will indeed stop rebuilding...
"Since the UK will end up as a "migrant holding station" my betting is on the Euro...."
I think you mean the EU will end up like that.
Thanks to Brexit, the UK will at least have the option of saying NO once global warming really kicks in throughout the third world, and we get millions of migrants heading to Europe...
"But of course this also means assuming your using a cloud provider your now screwed and locked into where the vm was created"
Nope. You can move between providers. See for instance: https://technet.microsoft.com/en-us/windows-server-docs/security/guarded-fabric-shielded-vm/guarded-fabric-create-vm-move-to-guarded-fabric
"if you can move to replacement hardware then you can copy it."
You can copy the encrypted VM container, yes. That doesn't give you any access to the data...
"If you have access to take the VM, you also have access to take any needed keys."
No, you don't. Even the rights of admins can be limited to just the access required via JEA or the existing granular ACLs - see: https://msdn.microsoft.com/en-us/library/dn896648.aspx
"I've ever encountered a HDD/SSD manufacturer anywhere that offers to recover data from a failed unit under warranty."
I have had HP in on site before when a RAID controller firmware bug trashed a disk array. If that array had had non HP disks in it I doubt they would have helped.
"That's what backups are for..."
Backups don't recover data that changed since the last backup...
"The VERY first thing it does, BEFORE loading any software, is ask for the email account you will be using"
No it doesn't. It installs without asking for any license information. It asks for an email address the first time you run it. Which is required for Office 365 users. If it was not being used by an O365 user then you can put a MAK key in instead.
"because you have to keep separate records of the product key AND email address used for the installation"
Utter rubbish. You either use a MAK key (which can be pre-installed), OR leave the user to input their email which is licensed via the O365 management console
"This makes it very difficult for IT departments and consultants to preload software on a computer before it is put on the user desktop."
Unless you RTFM or hire someone who has a clue....
"If they were to implement an OPEN 2FA platform such as the TOTP model the Google Authenticator supports, or the newer U2F I would be quite happy to enable that"
Microsoft already offer MFA included in the cost of O365:
https://azure.microsoft.com/en-gb/documentation/articles/multi-factor-authentication-how-it-works/#feature-comparison-of-versions
I don't know what you are seeing but I don't think it's Office 365.
See https://technet.microsoft.com/en-us/library/dn569286.aspx
"Office 365 encrypts your data while it's on our servers and while it's being transmitted between you and Microsoft"
Pretty sure you can't connect at all to O365 without TLS encryption...
"peer to peer updating and phoning home every 20 seconds are NOT something you want on your network"
Peer to peer updating - don't see why you wouldn't want that on a local LAN versus downloading each update multiple times, but phoning home - probably not - hence why it doesn't in the corporate versions...
"What works for 100 users frequently doesn't work for 10,000"
If you implement a critical and complex system such as AD for 10,000 users without proper planning and choosing the right configuration settings for your environment you deserve what you get!
"whereas with AD, the entire object had to be resent."
Nope. Fixed in Server 2003. Active Directory replicates directory data updates at the attribute level.
"AD hasn't progressed in the years since I stopped being responsible for directories."
Implementing AD ideally requires some design and planning. Don't confuse choosing safe default values with no progress. The defaults are designed to not break limited WAN connectivity and to not overload limited bandwidth networks...
"Twenty to forty minutes to 1st boot."
I think you mean more like ~ 5-10 minutes (for a clean non upgrade install at least). Sounds like you haven't installed Windows for a while...
"All day to change all the settings"
Or just set them once by Group Policy or via Desired State Configuration. Can't think of a single thing I needed to change from the express defaults on a clean install of Windows 10 though...
"Unless you have preconfigured images"
No need to touch the images for that.
"No wonder most consumers home PCs are badly set up"
You can blame PC manufacturers for that...Most home users never have to install an OS from defaults...
"Actually, you're quite wrong. "Sites" are more than just a useful means to mentally break up domain controllers. They are used by other applications that hang off AD to determine network topology for their replication,"
Microsoft says a site is a set of well connected (LAN speeds or greater) IP subnets. That can easily be your entire organisation these days...
"to determine how to break up the load on the AD servers (latency matters!) and more."
No, sites are not for that. Active Directory already has load balancing techniques built into it. Also Netlogon contains load balancing features that will automatically exclude logging onto to slower to respond (potentially overloaded) DCs.
"putting everything in a single site doesn't solve the problem of needing different propagation times for different classes of object, which is ultimately what is required."
That's never required in AD, and the entire design of AD is to avoid such differentiation.
"sites also determine which AD server a client should use for authentication?"
Yes, hence why sites are only really needed to differentiate very slow links, etc.
So how else does the client localise it's requests?"
It uses the fastest domain controller to reply to a ping.
They have now moved the controlling logic to Windows:
https://technet.microsoft.com/en-us/windows-server-docs/networking/sdn/technologies/network-controller/network-controller
The switch underneath can be running anything - including Windows or Hyper-V Server - or Linux...
"IP crime? Surely it's just a "service crime", like tapping off next door's gas supply?"
Taking something physical like next door's gas without paying for it is theft. Accessing something intangible like PPV content without paying for is not theft. If not clear, see https://www.youtube.com/watch?v=IeTybKL1pM4