Pertino - Is Anyone Successfully Using Any Version Above 510 with DNS/AD Connect?
-
@IRJ said:
Everytime I install it on a Linux system, it's like opening a box of chocolates. I never know what I am going to find inside. Usually it does some weird stuff and a combination of smashing keyboards against the wall, uninstalling/reinstalling, and Native American rain dancing makes it work
Uninstall/reinstall - Check
Smash KB against the wall - Check
Native American rain dancing is what I was missing... -
@scottalanmiller said:
@wrx7m said:
@IRJ I know that they were acquired some time last year. From what I understand the tech support team that existed prior to the acquisition was let go and now Cradlepoint is handling everything and have trained their staff on some of the features but not the gateway.
Most everyone that I knew there has disappeared since the acquisition, definitively.
Bummer. How many people would you say it was? I was also told that the engineers were kept on.
-
Now the engineers want me to install the 528 client again on my DCs, which caused name resolution issues where the DNS/DC stops responding to requests, as well as preventing dynamic host record updates. They say that there are better logging options in it. I guess I can setup an isolated lab but this is just taking way too much time and effort for something that was supposed to work out of the box and does in 510.
And that is not even the gateway feature! We are moving backward!
-
@wrx7m said:
@scottalanmiller said:
@wrx7m said:
@IRJ I know that they were acquired some time last year. From what I understand the tech support team that existed prior to the acquisition was let go and now Cradlepoint is handling everything and have trained their staff on some of the features but not the gateway.
Most everyone that I knew there has disappeared since the acquisition, definitively.
Bummer. How many people would you say it was? I was also told that the engineers were kept on.
Only a handful that I normally talk to. I know nearly everyone there as I've been out and met everyone multiple times.
-
yeah, i've never not had issues with it. for atleast a year or so now.
-
@wrx7m We've considered looking into this but (a) we don't use AD or Windows much at all, and (b) default gateway, while planned, is complex for us and is currently behind a few other more IoT/P2P focused efforts.
Default gateway is hard for ZT because it's p2p. Normal tunnel VPNs can do default gateway by simply excepting traffic from their upstream endpoint, but ZT has to except all its traffic to N random endpoints that are constantly changing. There are ways to do this by binding in the right way to the right interface, etc., but it involves OS-specific hacking and some refactoring. Can be done but hasn't been done yet.
As far as AD goes, our impression for a while has been that everything's moving to Microsoft's cloud AD service. As a result we find heroics to support legacy AD to be of debatable utility. It's something we plan to investigate once we have a bit more resources (which is hopefully soon) but for now the largest amount of paying customer attention we've received is from people who want P2P network overlays for IoT and distributed systems applications. Those don't care about either of these features but they do care a lot about reliability, monitoring, uptime, etc.
-
Interesting - I don't expect to see AD leave the local LAN for at least another 5 years, for those that have it. That's a lot of SMBs that have a hard time using ZT.
Currently many locally hosted options can't work with Azure AD, they require legacy AD, even if you host that legacy in an Azure DC, it's still legacy.
-
@Dashrender said:
Interesting - I don't expect to see AD leave the local LAN for at least another 5 years, for those that have it. That's a lot of SMBs that have a hard time using ZT.
I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.
-
@scottalanmiller said:
I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.
What is your new method of authenticating?
-
@scottalanmiller said:
@Dashrender said:
Interesting - I don't expect to see AD leave the local LAN for at least another 5 years, for those that have it. That's a lot of SMBs that have a hard time using ZT.
I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.
Oh i agree - and I'm trying to do the same, and I've already one it for one client.
Sadly another client has a business manager who thinks the cloud is the devil and somehow local servers are safer... so they won't be changing anytime soon.
-
@adam.ierymenko said:
As far as AD goes, our impression for a while has been that everything's moving to Microsoft's cloud AD service.
that hosted service is BRAND new, though. Only since Windows 10. So pretty much no one on it. I've seen way more people avoiding than people moving to it. It's the future of AD for sure, but AD is a huge market.
-
@FATeknollogee said:
@scottalanmiller said:
I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.
What is your new method of authenticating?
Mostly... we aren't authenticating. It's not needed today like it used to be. Tons of companies are moving away from it today, it just doesn't have the value that it used to have.
But when we need it, Azure AD.
-
@Dashrender said:
Oh i agree - and I'm trying to do the same, and I've already one it for one client.
Same question for you @Dashrender What is your "AD"?
-
@scottalanmiller said:
Mostly... we aren't authenticating. It's not needed today like it used to be. Tons of companies are moving away from it today, it just doesn't have the value that it used to have.
But when we need it, Azure AD.
Is there some form of SSO?
-
@FATeknollogee said:
@Dashrender said:
Oh i agree - and I'm trying to do the same, and I've already one it for one client.
Same question for you @Dashrender What is your "AD"?
Personally I have a Windows 2012R2 onsite AD system. VM's of course.
-
@FATeknollogee said:
@scottalanmiller said:
Mostly... we aren't authenticating. It's not needed today like it used to be. Tons of companies are moving away from it today, it just doesn't have the value that it used to have.
But when we need it, Azure AD.
Is there some form of SSO?
We only run so many apps, so nearly everything is inside of Office 365. So not SSO itself, but it acts basically that way.
-
@Dashrender I thought you just said you got rid of AD?
-
Computers are moving more toward acting like phones. Instead of using WSUS, you'll use MDM to manage them. The laptop/desktop/tablet, whatever can check-in with the MDM server from anywhere, and get it's update instructions from there.
Intune is a good example of this.
-
@scottalanmiller said:
We only run so many apps, so nearly everything is inside of Office 365. So not SSO itself, but it acts basically that way.
That makes sense.
For those of us with legacy apps, we have to wait for our vendors to "catch up" -
@FATeknollogee said:
@scottalanmiller said:
We only run so many apps, so nearly everything is inside of Office 365. So not SSO itself, but it acts basically that way.
That makes sense.
For those of us with legacy apps, we have to wait for our vendors to "catch up"Or not use AD. Always an option.
