Server versus the Cloud
-
@Dashrender said:
Scott.. do you think things like AD are needed less today? should it be replaced with something like Intune for workstation policy requirements, WSUS and AV?
I think AD is needed this same... which is quite often but much less often than people normally thought. AD was rolled out far more often than needed in the past. It was jumped to as a solution and just assumed to be correct. NTG uses AD everywhere and I would not do without it for our network - if you want central management, you need it or something like it. But if you just want central support, then you don't.
InTune addresses AV, WSUS and monitoring (very basic) but doesn't address anything with AD. You didn't need AD for those things before. AD is about user accounts and password management. Typically you need that if you get to any scale unless you don't need to manage devices. If you are 100% BYOD, then AD is probably a waste. But if you have a fleet of corporate computers, without AD you have a nightmare on your hands. AD allows you to share devices, use hotel space, get the helpdesk to reset your password, lock people out, etc.
-
I know of several small business in my area that like the features of AD (currently have a local server) but a could easily move to a fully hosted solution with Onedrive as long as they could maintain AD... I suppose something like Pertino along with a Azure based AD server could work.
-
@Dashrender said:
I know of several small business in my area that like the features of AD (currently have a local server) but a could easily move to a fully hosted solution with Onedrive as long as they could maintain AD... I suppose something like Pertino along with a Azure based AD server could work.
No, Azure AD cannot authenticate desktops. Pertino plus normal AD can. There is no such thing as hosted AD (SaaS.)
-
You can run an AD server on Azure, but IaaS that you run yourself. Azure AD cannot do what you want. Office 365 has Azure AD already and doesn't meet your need.
-
IaaS is what I was referring to. I knew you couldn't use Azure's AD for PC authentication, at least not yet.
-
@Dashrender said:
I suppose something like Pertino along with a Azure based AD server could work.
Or AWS. I'm running a multi-site domain in AWS for my test lab, and it works quite well.
Something to be aware of with Pertino, if you're looking to use it with a Domain Controller - It works by adding another network interface, effectively multi-homing the DC. If it's just a DC out there, it shouldn't be much of an issue. However, if you grow into other machines in Azure/AWS and they need both local and Pertino access, it can lead to unexpected performance issues, like hairpinning local traffic through Pertino. Before going down this path, make sure to choose a VPN methodology that will effectively meet your needs.
-
Interesting conversation here. So if you had a hosted MS server with AD (not Azure) it could authenticate desktops?
-
@technobabble said:
Interesting conversation here. So if you had a hosted MS server with AD (not Azure) it could authenticate desktops?
If you had a way of getting the two to talk, yes. For an office location, a site-to-site VPN would do the trick. For offsite or remote workers, you'd need a pre-login VPN client.
-
Thanks @alexntg
-
@alexntg having never used any of the cloud server solutions in any real way (I built a test setup as part of a demo once with SW) I'm unfamiliar with what they have to offer. Does AWS have a VPN appliance gateway device that you can add to your AWS environment to terminate VPN site to site tunnels? (and client to site presumably?)
-
@Dashrender said:
@alexntg having never used any of the cloud server solutions in any real way (I built a test setup as part of a demo once with SW) I'm unfamiliar with what they have to offer. Does AWS have a VPN appliance gateway device that you can add to your AWS environment to terminate VPN site to site tunnels? (and client to site presumably?)
I can't speak for Azure, but AWS does have an IPSEC VPN instance you can add to your hosted network. That being said, I actually don't use it and rather use a pair of Sophos UTMs.
-
What does AWS charge for hosting your UTM?
-
Rackspace uses Vyatta as their UTM. It starts at $160/mo.
-
is it me or does that price does seem very high.
-
@Dashrender said:
What does AWS charge for hosting your UTM?
It's actually a subscription based license running in an AWS instance. Last I checked, it was $.10 per hour plus instance charges, so you're be looking at around $75 per month for a Sophos UTM with 90% of features unlocked and ~35 per month for the VM to run it on (if you go with small). So for ~$110 per month, you could be the proud user of one of the best UTM products on the market.
-
@Dashrender said:
is it me or does that price does seem very high.
It is, but it is a screaming fast enterprise router. Compare to buying one.
-
@scottalanmiller said:
Rackspace uses Vyatta as their UTM. It starts at $160/mo.
Ouch! For what it costs, the feature set isn't quite what I'd expect.
-
Vyatta is pretty impressive. It's more a router than a UTM, though.
-
how much bandwidth do you get with each of these servers/services?
-
@Dashrender said:
how much bandwidth do you get with each of these servers/services?
For AWS, gigabit, though unless you have a larger instance size, you won't have the horsepower to make use of it. You pay for outgoing bandwidth; incoming is free.
