Steve, thanks alot for your comments here, you've mentioned several things I was going to say. After reading every post in this thread, allow me to comment and offer my few cents.
For development, steve is correct. Offering and deploying the products on our planned roadmap happens regardless of a few outstanding issues in Astaro v5. While certianly the V5 rollout could have gone much smoother, the product now works effortlessly at thousands of locations and we're in the process of addressing some issues remaining with a very focused effort. Some of the "features" that have been included lately in v5 are the result of mass requests from several large installations that share a common need, so as such, Astaro has adadpted to fill a need in our offering.
For licensing, every company has it's system. I personally feel that ours is much more generous that others, as some of our competitors never offer the ability to remove ANY ip from the license table, even after a reboot. The licensing system is being tested continually to prepare for the future, to ensure at that time the policy is accurate and correct. During this phase, always remember that regardless of the past, no enforcement was done, so as such the only real drawback was a few extra emails in your inbox which could have easily been worked with. I don't understand why this caused such an uproar, unless it's from the people really exceeding their license agreement, or businesses that do not posses the proper license for their installation?
Lastly, when it comes to willams comments on hardware. V5 does require more resources yes, but to say that ASL requires a 2.4 ghz with 512 megs of ram (hardly at 300-400 dollar tower at todays prices anyways, but that's beside the point) is simply inaccurate.
Myself personally run a very busy website with over 3000 unique vistors per day, encompassing some 10-12 gigs a month of traffic, and it runs flawlessly on an aging p3-550 with 256 megs of ram, using FULL ips and handling about 500 smtp emails per day.
Now this system runs at about .5 load and while its below the recommended 800mhz cpu its more than adequate for my purposes. obvisouly the SHEER amount of scannign that must be done in virus scanning each file, applying content filtering, or ripping apart each packet to match against patterns will add to this list. But the folks here running their 300 mhz cyrix or p2's with 128 megs of ram are going to simply have to face the fact that v5 was not designed to run on a 25 or 50 dollar machine. Stay at v4, or upgrade your hardware to something minimal. The new framework for v5 is necessary as we expand to meet our overwhelming demand.
For responses here, this forum is designed for users to help other users and is no way a reflection of Astaros support team. For the thousands of registered businesses and users with support contracts, they consistently recieve what is often mentioned as the best tech support from any security company, with quick and thorough response times. What very little time is left as 'spare' lately has been devoted to a few other projects we have on the go, and as such the UBB gets attention when other more important obligations have been fullfilled. Thanks to users like Steve and Simon, and Redman (to name just 3 of many) the ubb often has users that recieve replys from non-astaro personnel that are more than qualified to answer such questions.
The ubb is provided as a service to you, the end user, free of charge to share info and educate each other, not as an official support medium for home users (and lurkers alike). Many questions here have been answered in some form, and a simple search reveals the results.
I hope this addresses a few concerns, thank you for listening to me ramble. [:)]
[ QUOTE ] I hope this addresses a few concerns, thank you for listening to me ramble. [:)]
[/ QUOTE ]
Thank you AngeloC! Your response goes a long way in if nothing else "setting the record straight". I think many people just needed to hear some aknowledgment direct from Astaro. Hearing it from Steve is one thing, but it just does not hold the same "weight" (sorry Steve, no offense intended).
Like I said I'm fine with Astaro not using this UBB for support, I think the problems start when Astaro employees do respond to a few posts, it's almost human nature to expect that they should always at least aknowledge users complaints or reports of bugs here. I know that's the trap I fell into. And I apologize for any comments that I made that were "over the top". It's just that I saw Astaro replying to some issues and not to others. I know we should just appreciate what ever input we get from you at Astaro here on the board and not ever "expect" it, but it's really hard. I wonder if you have ever considered having Astaro Employees not posting here at all, so as to not raise any expectations?
Anyway thanks again for the clarification, especially for us naive newbees! [:)]
And sorry for the ruffled feathers!
[ QUOTE ] Hearing it from Steve is one thing, but it just does not hold the same "weight" (sorry Steve, no offense intended).
[/ QUOTE ]
Quite alright, Patrick. I would like to restate that Partners like Office Defender exist not just to sell Astaro licenses, but to provide support as well. We can't do it for free, but we can do it reasonably. We don't limit providing support to just Astaro customers who buy a license through us. We offer a per-incident support plan, which Astaro does not and may prove useful to admins in a crisis. Our toll-free number is in my sig line.
[ QUOTE ] We offer a per-incident support plan, which Astaro does not and may prove useful to admins in a crisis. -Steve
[/ QUOTE ]
I can see that coming in handy, and sounds like a good alternative to paying for a service plan every year. I must have missed that point when you mentioned it earlier. This may be a good route for our small organization. Thanks Steve!
First, a big thankyou for making a post on this thread and the acknowledgement to myself and other posters.
A few points to raise in response to your post:
Feature addition: OK fair enough if that's the companies policy. Have Astaro considered a public bugtrack system? Or possibly a semi-public one where you have to be a paid-up up2date user to be able to access it? (Or similar restricted access). I think this would address a lot of issues.
Licensing. I think the system is fair if it worked. At the moment we have to configure our systems in a certain way in order to comply with licensing. Unless we are blocking ICMP and setting certain packet filters then the first portscan we get shoots the license count way up as we get scanned. I have a public IP DMZ and unless I have firewall tight every IP in that Class C ends up getting counted. I am very close to exceeding my 50IP license (And will have to order a 100 license soon due to staff increases) but I am not exceeding 50IP's unless I open firewall for testing, or I am building test machines.
For instance, we recently upgraded all our programming staff PC's. This temporarily doubled the number of programming PC's behind Astaro (for 1 week) before I retired the old ones. (Meaning I had 24 instead of 12), this pushed license over and I had to reboot. More annoying than anything. It's the ICMP thing that gets me most often. (End up with 100's of IP's in use).
Hardware: Hardware requirements I'm not too fussed about. That's why I bought an Athlon 2800 with 1GB RAM for work [:)]
However, it seems some systems appear to be running v5 a lot slower than it should on the hardware specified. I think this may be due to individual pecularities of the hardware in use though. (Bad RAM, bad NIC's etc etc)... Unsure.
Forum: PatrickS's comment is good. It's confusing when Astaro staff are very active in certain threads and others get totally ignored. I think Astaro need a policy on this.
Either: A) Astaro staff don't post at all. B) Astaro make an official statement, "We *may* comment on a thread or we may not" blah blah. This is more confusing because on some occasions Astaro staff have stated that they keep a close eye on the UBB. C) Astaro comment on all threads where a response from Astaro is requested... This is of course the most work. I think everyone would be extremely happy if outstanding issues had a post, once a month say, to say "We are still working on this" Some threads HAVE had a response from Astaro, then nothing for 3 months with still no fix. A follow up post would be great. (I'm sure you haven't forgotten the issue but people being what people are I'm sure they start to feel ignored).
Anyway, thanks again for the response, it is MUCH appreciated. And ASL still beats Smoothwall and other similar products hands down.
Wasn't there a time, when Astaro was glad to have those home power users, helping to make the product what it is today?
Aren't the home users the ones, that really test ASL and play around with the features, pushing new ideas into the product?
Companies just compare the list of current features of the products. I don't think that a 1000 PC Admin starts playing around with ASL!
Don't get me wrong, my ASL box is licensed, but I don't think it's fair to leave those home users standing in the rain!
Advising Astaro to stop posting in this forum is something that can be done easily when having the chance to just call the support...
On the other hand I know for myself, that I first search the forum, when having a problem. But when no new help is posted here, I'll have to start bugging the support! And compared to that, letting some employees look in the forum 2 days a week is less effort.
Agreed THoehne. I'd much prefer Astaro staff to post here as much as possible.
I always come here first before asking support. (Not that I've had to ask support for help much). Mostly I've chatted to Gert and Tom and Oliver about new features/beta testing etc...
AngeloC, first, thank you for taking the time to answer in this forum.
[ QUOTE ] For development, steve is correct. Offering and deploying the products on our planned roadmap happens regardless of a few outstanding issues in Astaro v5. While certianly the V5 rollout could have gone much smoother, the product now works effortlessly at thousands of locations and we're in the process of addressing some issues remaining with a very focused effort. Some of the "features" that have been included lately in v5 are the result of mass requests from several large installations that share a common need, so as such, Astaro has adadpted to fill a need in our offering.
[/ QUOTE ]
Being a developer myself, I perfectly understand that different people are assigned to different part of the code and that pushing back a new feature could possibly not have any impact on the bugfix deployment timeframe.
However, I also think that the current version of Astaro V5 has a lot of problems. So far, none of the ones I encountered where critical enough that I couldn't ignore them or that I couldn't find a way around them, but they are still here. And like others, I can only feel disapointed when I see 3-4 release of Astaro being pushed without ANY of these issue being addressed while new feature - somethime introducing new problems - are being deployed.
[ QUOTE ] For licensing, every company has it's system. I personally feel that ours is much more generous that others, as some of our competitors never offer the ability to remove ANY ip from the license table, even after a reboot. The licensing system is being tested continually to prepare for the future, to ensure at that time the policy is accurate and correct. During this phase, always remember that regardless of the past, no enforcement was done, so as such the only real drawback was a few extra emails in your inbox which could have easily been worked with. I don't understand why this caused such an uproar, unless it's from the people really exceeding their license agreement, or businesses that do not posses the proper license for their installation?
[/ QUOTE ]
Now, here I have to disagree on almost every single items.
First, there is the fact that you almost accuse people that complain about the way licenses are count of being theives. I am one of these people complaining and I can assure you that I have my license in order: if you want to come to Geneva to verify that, I would be more than happy to give you a tour of our installations, help you count the number of machines in our network and show you our DHCP log to further prove that we're indeed within our licensing count. I would also be happy to show you the full list of IP counted by Astaro, point to you the ones that are not correct and show you the exact reason why they are listed, along with the proof that there is nothing answering to these IPs.
My problem is that Astaro IP counting is actually broken. Yes, it can be worked around but at the cost of managability. One of the reasons I moved away from Netware Bordermanager was that I was really tired of micromanaging access rules and the workarounbd to the ASL license counting problem involves going back to micro-management in a way.
It also worries me on another level: sure, I can perfectly deal with erroneous notifications: that's what email filters are for, after all. But it is not my goal: I want to be sure that I STAY within the number of licenses I own and buy new licenses if I need to (I'm perfectly Ok with that: I'd rather have Astaro stay in business and provide me with the tools I need than cheat on the number of licenses and a supplier go out of business). The current setup, however, doesn't work that way: the number of license counted cannot be trusted and the fact that you can "reset" that count doesn't solve that problem. It also increases the TCO at our end since that reset must be done at a time where there is no one using the system and that means it's going to be in the after hours (actually, I've had to do that at 3 AM a few time and I really didn't like having to stay up that late).
It also worries me because the communication I had with the support team gave me the impression that Astaro is rather satisfied with the way licenses are counted today. And if it is so, there is little chance of the system being fixed before the license count starts to be enforced by the system.
Yes, the fact that one could reset the count is rather handy. But since the license count is actually broken, it's hardly something that I can regard as "generous". If the removal was somewhat automatic and transparent (like: "if I hadn't seen this IP for X amount of time, it's dropped from the list") then yes, perhapse I would call it generous.
[ QUOTE ] For responses here, this forum is designed for users to help other users and is no way a reflection of Astaros support team. For the thousands of registered businesses and users with support contracts, they consistently recieve what is often mentioned as the best tech support from any security company, with quick and thorough response times.
[/ QUOTE ]
Well, here is what I have to agree with you: I contacted Astaro support on all the issues that I couldn't solve here and the response time has always been very efficient. The answer have not always been what I wanted but that's a different issue. On the overall, the communication I've had with support personel from Astaro was good, direct and they really try they best to help me 8which is probably all I could ask for).
The performance is also a non-issue: we're running a couple of busy network through Astaro on rather poor hardware and it even ran extremely well with a "recovery machine" that actually was an ageing desktop that was reconverted into a firewall in a hurry by adding a couple of network cards (IIRC, it was a P2 450 with 256 megs of RAM).
[ QUOTE ] It also worries me because the communication I had with the support team gave me the impression that Astaro is rather satisfied with the way licenses are counted today. And if it is so, there is little chance of the system being fixed before the license count starts to be enforced by the system
[/ QUOTE ]
I get the impression they are happy with license counting also and I agree it introduces more micromanagement and inconveniant reboots.
FWIW, I have grave concerns about the license management in 5.x if it's going to count ICMP or other packets to addreses that don't exist, or to broadcast & network (.0) addresses.
For our web servers, we're using 3.x, and planning on upgrading to 5.x, but considering the slight price increases, plus the cost of the IPS licenses, we are going to try to reduce our IP license as we aren't actually using most of the IPs.
We would like to keep ICMP on, etc., but from what it sounds like, that's not going to work.
