Howard Enos
8d975c1b44
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:
Clients (structured MSP docs under clients/<name>/docs/):
- anaise (NEW) - 13 files
- cascades-tucson - 47 files merged (existing had only reports/)
- dataforth - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa (NEW) - 22 files, multi-site (camden, river)
- kittle (NEW) - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template - 13-file scaffold for new clients
MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/ - clean_printer_ports, win11_upgrade,
screenconnect-toolbox-commands
Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
no other credentials found
Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
(identical duplicates of msp-audit-scripts versions)
Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)
Session log: session-logs/2026-04-16-howard-client-docs-import.md
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
66 lines
2.0 KiB
Markdown
66 lines
2.0 KiB
Markdown
# Step 7: Move Server & Printers to INTERNAL (LAST)
|
|
|
|
**This is the final network change.** Only after everything is stable on the transitional setup.
|
|
|
|
---
|
|
|
|
## 7a — Move printers to INTERNAL
|
|
|
|
For each printer:
|
|
|
|
1. Change switch port from native VLAN to VLAN 20 (INTERNAL) in UniFi
|
|
2. Set static IP in 10.0.20.x range (or keep LAN IP if reconfiguring server to LAN)
|
|
3. Update printer IP in CS-SERVER print server
|
|
4. Update pfSense alias `Printer_IPs` with new IPs
|
|
5. Test printing from all machines
|
|
|
|
**Do one printer at a time.** Verify printing works before moving the next one.
|
|
|
|
---
|
|
|
|
## 7b — Move CS-SERVER to INTERNAL (or re-address)
|
|
|
|
Options (decide closer to the time):
|
|
|
|
### Option A: Change CS-SERVER IP to 10.0.20.254
|
|
- Update NIC to 10.0.20.254/24, gateway 10.0.20.1
|
|
- Update DNS records (cascades.local zone)
|
|
- Update all GPOs referencing \\CS-SERVER (drive maps, printers, folder redirection)
|
|
- Update pfSense domain overrides
|
|
- Update DHCP DNS settings
|
|
- Most disruptive, but cleanest result
|
|
|
|
### Option B: Dual-home CS-SERVER
|
|
- Add a second NIC on INTERNAL (10.0.20.254)
|
|
- Keep existing LAN NIC (192.168.2.254)
|
|
- Less disruption, but dual-homed DCs can cause issues
|
|
- Need to configure DNS binding order correctly
|
|
|
|
### Option C: Leave as-is
|
|
- Server stays on LAN (192.168.2.254) permanently
|
|
- Firewall bridging continues to work
|
|
- Simplest, no disruption
|
|
- Fine if firewall performance is adequate
|
|
|
|
---
|
|
|
|
## 7c — Clean up firewall rules
|
|
|
|
After server/printers move (if choosing Option A or B):
|
|
|
|
- Remove INTERNAL → LAN bridging rules (no longer needed if everything is on INTERNAL)
|
|
- Remove NAS_IP alias rule (if Synology is backup-only and on LAN)
|
|
- Simplify to standard default-deny with internet access
|
|
|
|
If choosing Option C, keep the bridging rules as-is.
|
|
|
|
---
|
|
|
|
## Rollback
|
|
|
|
- Revert printer switch ports to native VLAN
|
|
- Revert printer static IPs to LAN addresses
|
|
- Update print server ports back to LAN IPs
|
|
- Revert CS-SERVER NIC configuration (if changed)
|
|
- Restore pfSense aliases
|