Discussion Room - Pertino
-
What makes Pertino secure? How is this different from Hamachi?
-
@Dashrender said:
What makes Pertino secure? How is this different from Hamachi?
Easier to work with than Himachi for one. Also quite a bit cheaper (is my understanding).
-
Pertino allows you to remove hardware purchasing, maintenance, replacement and maintaining up-to-date and sufficient licensing. As you grow, Pertino scales seamlessly.
-
It works as a mesh so every device connects to every other and there is no single appliance to fail. They host on several providers and have setup means to failover automatically so if Amazon went down Rackspace would failover. They also have it setup to scale so if they notice their infrastructure is getting too bogged down, a new server can be spun up almost instantaneously.
-
In what situation would someone use this?
-
Do I install an agent on each machine, and control this from a Central Server (I'm assuming web based, cloud administration?)?
-
How “we” use Pertino is truly as a full software defined network. As a highly distributed company, Pertino and SDN is a perfect option for us. Our people are spread out all over the world and making them function as a single group, a single entity on a single network is a very big deal. Every person, no matter where they are, is a member of the network just as if they were in the office – completely transparent. This is people in the office, a home office, one the road, in a hotel, at a client site, etc. The network is everywhere.
It goes farther than that, though. Because everyone and everywhere is a part of the network, we have total flexibility as to where the network is. We were freed from our single silo datacenter and were able to leverage traditional colocation, cloud hosting and a new residential datacenter all transparently. We can put any workload, in any location, however it works best. So much freedom. And unlike traditional VPN, it isn’t like it is hub and spoke and someone on a laptop in a hotel can only reach into the main datacenter – it is actually like being right in the office so every person can directly connect to every other person. Active Directory goes to every point of the network as does DNS. We can, trivially easily, provide internal applications to everyone, everywhere securely.
It is really empowering. Now there are still issues – iOS isn’t supported yet and most NAS devices are not or are not supported easily and there is no FreeBSD or Solaris support yet. But all of our Windows, Mac and Linux systems go straight to the Pertino network and instantly become part of the global network n
-
@Bob-Beatty said:
Do I install an agent on each machine, and control this from a Central Server (I'm assuming web based, cloud administration?)?
Yes. It is full mesh so every device needs an agent.
-
@Dashrender said:
What makes Pertino secure? How is this different from Hamachi?
It is a lot like hamachi but modern and still active. Much more power and already on servers.
-
So instead of have devices behind device A connected to devices behind device B, everything connects up to the cloud and everyone connects to everyone else making it ideal for highly mobile companies with few central offices.
-
@bob-beatty Not really an agent per se. Standalone program that runs as a service. Enter creds once and it's good to go. You don't have to log in each time. It can be made invisible to the user and whenever you power on the machine, before you ever log into Windows, you're on the VPN. It is quite snazzy.
-
Does the agent get pushed down from the Central console? Can security/access be configured at that point? Where does the network get added into the mix?
-
Doesn't MS have something like this... I can't recall the name of it now.
-
@Bob-Beatty said:
Does the agent get pushed down from the Central console? Can security/access be configured at that point? Where does the network get added into the mix?
No. It can't since there is no network until the agent is deployed.
The agent adds a TUN interface. That is what puts you on the network.
There is nothing to configure at the end point. You just put in the creds and let it join.
-
@Dashrender said:
Doesn't MS have something like this... I can't recall the name of it now.
Yes but requires enterprise licensing and a 100% Microsoft network and is IPv6 only and you would have to build out your own infrastructure for it. Would cost hundreds of thousands to duplicate that way.
-
The automatic connection piece is huge. Because it does this things like DNS and AD can work. Makes our lives so much easier.
-
I started using Pertino because I'm sick of RRAS and hate the costs of hardware VPN's. If I can keep a user always connected with minimal interaction, that's a huge plus and also makes them happy.
-
And you can go to the central web console and see what machines are connected and, if necessary, disconnect them.
-
Bob - thanks for setting this up! Much easier to stay on top of threads.
Security: Pertino is installed on each end point that you want connected to the network, so we are able to deploy 256-bit AES encryption end to end. The connection is an SSL connection. Data passes through our hosted "routers" to get to each destination. Each network is completely separate, and no data is stored or even cached. Device or user-based access to resources can be restricted with just two clicks.
-
@Josh said:
Bob - thanks for setting this up! Much easier to stay on top of threads.
Security: Pertino is installed on each end point that you want connected to the network, so we are able to deploy 256-bit AES encryption end to end. The connection is an SSL connection. Data passes through our hosted "routers" to get to each destination. Each network is completely separate, and no data is stored or even cached. Device or user-based access to resources can be restricted with just two clicks.
Now all we need is those [moderated] I went around and around with a while back who were saying you were gonna get hacked if you used Pertino.
I'm still trying to get the thing to work in a point to point fashion. Lots of folks have devices behind the firewall that won't be able to either use Pertino or they don't want to have the talk with users about installing it on their personal devices. If only you would release it in source I could compile the thing on something I can work with in that regards.
