ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices

    Scheduled Pinned Locked Moved Unsolved IT Discussion
    23 Posts 9 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • matteo nunziatiM
      matteo nunziati @jn19
      last edited by matteo nunziati

      @jn19 said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

      @matteo-nunziati

      You're very correct about the automation PCs--they're a horror show as far as security goes.
      They autologon with admin privileges, and they rarely get updates due to bandwidth and manageability issues. To be clear, the automation PCs don't actually need to be joined to our organization Active Directory, and it'd probably be best if they weren't. If there's a different solution available to monitor/patch/secure them, I'm all for it. Unfortunately, we're stuck with Windows, as a lot of the automation tools we have to interface with only have Windows drivers and utilities available.

      unfortunately it is not a good idea to keep them update. unless you can recover them.

      In theory if you can filter security updates only, those machines should be NOT subject to relevant alterations, but automation software could relay on specifica behaviours (even if the imolementor doesn't know) and any change can be risky.
      at least, if you have access to the machines and vendor doesn't put a veto, just keep an image of the system before any update (with stuff like veeam free agent + a recovery usb pen - made by veeam) and then and only then patch the system.

      manually.

      I mean how many of those systems do you have?! treat them as a server patch manually and never do automatic updates on them.

      just my 2 cents.

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @jn19
        last edited by

        @jn19 said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

        What's your take on the best way forward? Thanks for any help you can provide!

        If you really want AD for that, having a SDN probably makes sense. Something like ZeroTier that allows your AD to exist on every device, everywhere. But to make this work in a reasonable way, you generally either want to do fancy gateway tricks or you want to use a total SDN that extends to every device you have.

        1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @dashrender said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

          I'm with the rest - What are you trying to accomplish with AD? Can it be accomplished with other means?

          I agree, if it were me, I'd not look at AD here at all. This is where Salt or Ansible seems like a better fit.

          wrx7mW 1 Reply Last reply Reply Quote 2
          • wrx7mW
            wrx7m @scottalanmiller
            last edited by

            @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

            @dashrender said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

            I'm with the rest - What are you trying to accomplish with AD? Can it be accomplished with other means?

            I agree, if it were me, I'd not look at AD here at all. This is where Salt or Ansible seems like a better fit.

            Can salt and/or ansible be used for user/device authentication?

            ObsolesceO scottalanmillerS 2 Replies Last reply Reply Quote 0
            • ObsolesceO
              Obsolesce @wrx7m
              last edited by

              @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

              @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

              @dashrender said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

              I'm with the rest - What are you trying to accomplish with AD? Can it be accomplished with other means?

              I agree, if it were me, I'd not look at AD here at all. This is where Salt or Ansible seems like a better fit.

              Can salt and/or ansible be used for user/device authentication?

              Salt/Ansible is not an authentication platform. It's a systems management or state configuration system.

              You can use Salt/Ansible to sync accounts across devices... so that you can control what local users and passwords are on which systems.

              wrx7mW 1 Reply Last reply Reply Quote 1
              • wrx7mW
                wrx7m @Obsolesce
                last edited by

                @tim_g said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                @dashrender said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                I'm with the rest - What are you trying to accomplish with AD? Can it be accomplished with other means?

                I agree, if it were me, I'd not look at AD here at all. This is where Salt or Ansible seems like a better fit.

                Can salt and/or ansible be used for user/device authentication?

                Salt/Ansible is not an authentication platform. It's a systems management or state configuration system.

                You can use Salt/Ansible to sync accounts across devices... so that you can control what local users and passwords are on which systems.

                I didn't think it was, but did not know about the account sync functionality. Thanks for the info.

                ObsolesceO scottalanmillerS 2 Replies Last reply Reply Quote 0
                • ObsolesceO
                  Obsolesce @wrx7m
                  last edited by

                  @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                  @tim_g said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                  @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                  @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                  @dashrender said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                  I'm with the rest - What are you trying to accomplish with AD? Can it be accomplished with other means?

                  I agree, if it were me, I'd not look at AD here at all. This is where Salt or Ansible seems like a better fit.

                  Can salt and/or ansible be used for user/device authentication?

                  Salt/Ansible is not an authentication platform. It's a systems management or state configuration system.

                  You can use Salt/Ansible to sync accounts across devices... so that you can control what local users and passwords are on which systems.

                  I didn't think it was, but did not know about the account sync functionality. Thanks for the info.

                  WIndows users:
                  https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_useradd.html

                  Local group policy:
                  https://docs.saltstack.com/en/latest/ref/states/all/salt.states.win_lgpo.html

                  Also, remember you can encrypt stuff in SaltStack Pillars for example, so you don't ever have to provide passwords in plain text.

                  1 Reply Last reply Reply Quote 2
                  • scottalanmillerS
                    scottalanmiller @wrx7m
                    last edited by

                    @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                    @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                    @dashrender said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                    I'm with the rest - What are you trying to accomplish with AD? Can it be accomplished with other means?

                    I agree, if it were me, I'd not look at AD here at all. This is where Salt or Ansible seems like a better fit.

                    Can salt and/or ansible be used for user/device authentication?

                    No, but it manages the things that are 🙂

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @wrx7m
                      last edited by

                      @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                      @tim_g said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                      @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                      @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                      @dashrender said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                      I'm with the rest - What are you trying to accomplish with AD? Can it be accomplished with other means?

                      I agree, if it were me, I'd not look at AD here at all. This is where Salt or Ansible seems like a better fit.

                      Can salt and/or ansible be used for user/device authentication?

                      Salt/Ansible is not an authentication platform. It's a systems management or state configuration system.

                      You can use Salt/Ansible to sync accounts across devices... so that you can control what local users and passwords are on which systems.

                      I didn't think it was, but did not know about the account sync functionality. Thanks for the info.

                      That's a key feature in SodiumSuite's design. Account management across platforms.

                      syko24S 1 Reply Last reply Reply Quote 2
                      • syko24S
                        syko24 @scottalanmiller
                        last edited by

                        @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                        @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                        @tim_g said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                        @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                        @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                        @dashrender said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                        I'm with the rest - What are you trying to accomplish with AD? Can it be accomplished with other means?

                        I agree, if it were me, I'd not look at AD here at all. This is where Salt or Ansible seems like a better fit.

                        Can salt and/or ansible be used for user/device authentication?

                        Salt/Ansible is not an authentication platform. It's a systems management or state configuration system.

                        You can use Salt/Ansible to sync accounts across devices... so that you can control what local users and passwords are on which systems.

                        I didn't think it was, but did not know about the account sync functionality. Thanks for the info.

                        That's a key feature in SodiumSuite's design. Account management across platforms.

                        Is that available in SodiumSuite at this time?

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @syko24
                          last edited by

                          @syko24 said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                          @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                          @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                          @tim_g said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                          @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                          @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                          @dashrender said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                          I'm with the rest - What are you trying to accomplish with AD? Can it be accomplished with other means?

                          I agree, if it were me, I'd not look at AD here at all. This is where Salt or Ansible seems like a better fit.

                          Can salt and/or ansible be used for user/device authentication?

                          Salt/Ansible is not an authentication platform. It's a systems management or state configuration system.

                          You can use Salt/Ansible to sync accounts across devices... so that you can control what local users and passwords are on which systems.

                          I didn't think it was, but did not know about the account sync functionality. Thanks for the info.

                          That's a key feature in SodiumSuite's design. Account management across platforms.

                          Is that available in SodiumSuite at this time?

                          Not quite, but VERY soon.

                          @QuixoticJeremy

                          syko24S 1 Reply Last reply Reply Quote 0
                          • syko24S
                            syko24 @scottalanmiller
                            last edited by

                            @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                            @syko24 said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                            @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                            @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                            @tim_g said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                            @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                            @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                            @dashrender said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                            I'm with the rest - What are you trying to accomplish with AD? Can it be accomplished with other means?

                            I agree, if it were me, I'd not look at AD here at all. This is where Salt or Ansible seems like a better fit.

                            Can salt and/or ansible be used for user/device authentication?

                            Salt/Ansible is not an authentication platform. It's a systems management or state configuration system.

                            You can use Salt/Ansible to sync accounts across devices... so that you can control what local users and passwords are on which systems.

                            I didn't think it was, but did not know about the account sync functionality. Thanks for the info.

                            That's a key feature in SodiumSuite's design. Account management across platforms.

                            Is that available in SodiumSuite at this time?

                            Not quite, but VERY soon.

                            @QuixoticJeremy

                            Every time I login to my account I always click on the Terminal tab hoping there will be some added functionality. Really looking forward to some of the more advanced features of the platform to be implemented.

                            scottalanmillerS 1 Reply Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller @syko24
                              last edited by

                              @syko24 said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                              @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                              @syko24 said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                              @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                              @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                              @tim_g said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                              @wrx7m said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                              @scottalanmiller said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                              @dashrender said in Implement new Active Directory across Azure, on-prem, offsite, and cell-data IoT devices:

                              I'm with the rest - What are you trying to accomplish with AD? Can it be accomplished with other means?

                              I agree, if it were me, I'd not look at AD here at all. This is where Salt or Ansible seems like a better fit.

                              Can salt and/or ansible be used for user/device authentication?

                              Salt/Ansible is not an authentication platform. It's a systems management or state configuration system.

                              You can use Salt/Ansible to sync accounts across devices... so that you can control what local users and passwords are on which systems.

                              I didn't think it was, but did not know about the account sync functionality. Thanks for the info.

                              That's a key feature in SodiumSuite's design. Account management across platforms.

                              Is that available in SodiumSuite at this time?

                              Not quite, but VERY soon.

                              @QuixoticJeremy

                              Every time I login to my account I always click on the Terminal tab hoping there will be some added functionality. Really looking forward to some of the more advanced features of the platform to be implemented.

                              LOL, honestly I do that from time to time, too. It was actually there at one point, but wasn't tested enough and we made the devs claw it back. That's why the tab is there, because it's working in testing.

                              1 Reply Last reply Reply Quote 0
                              • 1
                              • 2
                              • 1 / 2
                              • First post
                                Last post