Pertino - Is Anyone Successfully Using Any Version Above 510 with DNS/AD Connect?
-
@wrx7m We've considered looking into this but (a) we don't use AD or Windows much at all, and (b) default gateway, while planned, is complex for us and is currently behind a few other more IoT/P2P focused efforts.
Default gateway is hard for ZT because it's p2p. Normal tunnel VPNs can do default gateway by simply excepting traffic from their upstream endpoint, but ZT has to except all its traffic to N random endpoints that are constantly changing. There are ways to do this by binding in the right way to the right interface, etc., but it involves OS-specific hacking and some refactoring. Can be done but hasn't been done yet.
As far as AD goes, our impression for a while has been that everything's moving to Microsoft's cloud AD service. As a result we find heroics to support legacy AD to be of debatable utility. It's something we plan to investigate once we have a bit more resources (which is hopefully soon) but for now the largest amount of paying customer attention we've received is from people who want P2P network overlays for IoT and distributed systems applications. Those don't care about either of these features but they do care a lot about reliability, monitoring, uptime, etc.
-
Interesting - I don't expect to see AD leave the local LAN for at least another 5 years, for those that have it. That's a lot of SMBs that have a hard time using ZT.
Currently many locally hosted options can't work with Azure AD, they require legacy AD, even if you host that legacy in an Azure DC, it's still legacy.
-
@Dashrender said:
Interesting - I don't expect to see AD leave the local LAN for at least another 5 years, for those that have it. That's a lot of SMBs that have a hard time using ZT.
I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.
-
@scottalanmiller said:
I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.
What is your new method of authenticating?
-
@scottalanmiller said:
@Dashrender said:
Interesting - I don't expect to see AD leave the local LAN for at least another 5 years, for those that have it. That's a lot of SMBs that have a hard time using ZT.
I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.
Oh i agree - and I'm trying to do the same, and I've already one it for one client.
Sadly another client has a business manager who thinks the cloud is the devil and somehow local servers are safer... so they won't be changing anytime soon.
-
@adam.ierymenko said:
As far as AD goes, our impression for a while has been that everything's moving to Microsoft's cloud AD service.
that hosted service is BRAND new, though. Only since Windows 10. So pretty much no one on it. I've seen way more people avoiding than people moving to it. It's the future of AD for sure, but AD is a huge market.
-
@FATeknollogee said:
@scottalanmiller said:
I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.
What is your new method of authenticating?
Mostly... we aren't authenticating. It's not needed today like it used to be. Tons of companies are moving away from it today, it just doesn't have the value that it used to have.
But when we need it, Azure AD.
-
@Dashrender said:
Oh i agree - and I'm trying to do the same, and I've already one it for one client.
Same question for you @Dashrender What is your "AD"?
-
@scottalanmiller said:
Mostly... we aren't authenticating. It's not needed today like it used to be. Tons of companies are moving away from it today, it just doesn't have the value that it used to have.
But when we need it, Azure AD.
Is there some form of SSO?
-
@FATeknollogee said:
@Dashrender said:
Oh i agree - and I'm trying to do the same, and I've already one it for one client.
Same question for you @Dashrender What is your "AD"?
Personally I have a Windows 2012R2 onsite AD system. VM's of course.
-
@FATeknollogee said:
@scottalanmiller said:
Mostly... we aren't authenticating. It's not needed today like it used to be. Tons of companies are moving away from it today, it just doesn't have the value that it used to have.
But when we need it, Azure AD.
Is there some form of SSO?
We only run so many apps, so nearly everything is inside of Office 365. So not SSO itself, but it acts basically that way.
-
@Dashrender I thought you just said you got rid of AD?
-
Computers are moving more toward acting like phones. Instead of using WSUS, you'll use MDM to manage them. The laptop/desktop/tablet, whatever can check-in with the MDM server from anywhere, and get it's update instructions from there.
Intune is a good example of this.
-
@scottalanmiller said:
We only run so many apps, so nearly everything is inside of Office 365. So not SSO itself, but it acts basically that way.
That makes sense.
For those of us with legacy apps, we have to wait for our vendors to "catch up" -
@FATeknollogee said:
@scottalanmiller said:
We only run so many apps, so nearly everything is inside of Office 365. So not SSO itself, but it acts basically that way.
That makes sense.
For those of us with legacy apps, we have to wait for our vendors to "catch up"Or not use AD. Always an option.
-
@Dashrender The cloud is the devil. Problem is that local servers are also the devil.
-
@scottalanmiller said:
Or not use AD. Always an option.
Not when you need the app & AD is the only option to authenticate!
-
@FATeknollogee said:
@scottalanmiller said:
Or not use AD. Always an option.
Not when you need the app & AD is the only option to authenticate!
What app requires AD for all authentication?
-
@FATeknollogee For us though, ZT always tends to focus on the future. We don't work too hard to support things that are too legacy, at least right now, because we are a very lean little startup. If we had more resources we might if there were a demonstrated market.
-
@FATeknollogee said:
@scottalanmiller said:
Or not use AD. Always an option.
Not when you need the app & AD is the only option to authenticate!
huh - have you asked that vendor if they are developing to be able to use Azure AD as well as legacy AD?
