Discussion Room - Pertino
-
@Dashrender said:
@ajstringham said:
@Dashrender Well, it's what works best for each environment.
Don't get me wrong, I love the idea. I loved Himachi when it first hit the scene. I just can't justify the expense in my situation since my users never connect from anywhere but home and once the VPN clients are setup (and have been for many many years) the home computers can access everything inside my network and I haven't paid a penny more than the original purchase that included I think up to 20 or so VPN client terminations. Even when I moved to Sonicwall a few years ago, the VPN clients came with that too.
The best sales pitch I can here for this product is, "does your current VPN solution require a significant amount of tech support? Client endpoints not connecting? VPNs dropping? etc? Then try this product" and I do fully believe that you'll get sales and more than likely end up with a much lower incident rate and happier end users, but if you don't have that high incident rate now... the extra spend seems odd.
im with ya. Example. I have a client with a corp office and 10 state wide locations. 10 users at corp and about the same everywhere else. I just have Asa5505s at each location with the k9 sec bundle. Corp has unlimited license and each remote has 50 user cap. Oh, and any connect so they can also connect from any Internet source. I really like the sound of pertini but don't see its use for most of my folk.
-
@ajstringham said:
@scottalanmiller said:
I'm not a DEB fan either but GroveSocial is on Ubuntu so we've been working with it recently.
Isn't it generally considered that debian based systems are for consumers and rpm based systems for business? That's what I always tend to see. Anything applied to business practices always uses RPMs. FWIW
No, it's that DEB's largest downstream is Ubuntu while RPM's two biggest are RHEL/CentOS and Suse. So while DEB has Debian which is completely enterprise class (but sans support) the bulk of its users are Ubuntu which is considered, at best, a tertiary business platform and the vast majority of its users are consumers or hobbyists. RPM is used almost exclusively by business class systems. Sure Fedora runs on RPM too, but is tiny compared to RHEL and Suse and has a lot of good business use itself. Both formats are good, it's just that Ubuntu, Mint and some others that focus on desktops use DEB so are the overwhelming focus of DEB users.
-
@Dashrender said:
Am I correct in my understanding that for every person who wants to connect to their work PC either directly or through RDS will require at least two licenses of Pertino? one for office computer and one for the home computer? If the user wants to use their phone as well, that would be a third, and a second computer from home, that would be a fourth Pertino license?
If the license is per user, then each user would only be one. If they are device then each device would only be one. Per user licenses would not double for a single connection as it is only one user.
-
@Dashrender said:
I just watched Scott's YouTube video on Pertino, not bad.
But unlike a traditional VPN solution - you need to setup each endpoint specifically in the Pertino cloud, right? This can get costly pretty fast considering the shear number of end points. Once a VPN solution is in place it's pretty much done. Granted there's a lot of upfront setup and that takes time and money sure, but I'm guessing the pay back for a small business would be under a year compared to the on going expenses of a subscription solution.
What am I missing?
All mesh VPNs work this way, they always have. Site to site, hub and spoke and other models do not. Each has their own advantages. Pertino's model allows you to do a lot that traditional VPN can't handle or can't handle well. This is not replacing traditional VPN, this is allowing you to build robust networks that you could not have previously or building yourself would have been absolutely crazy to do. But look at the licensing... you were talking about per user licensing. If that's the model you purchase under, you don't care how many end points there are because you aren't paying for end points, only users.
-
@Dashrender said:
@ajstringham said:
Per device makes much more sense in my opinion.
Why?
Because networks are devices, not people. Licensing by users is quirky. If you have a ton of people and one connection, you can't afford to use a service that should be nearly free. If you have one user but a thousand servers, you are paying nothing but draining their coffers. Like any good vendor relationship you want how they bill you to be directly tied to their costs. In that way you have a naturally healthy relationship - no one is looking to screw the other. As you scale up your needs, their scale up their costs. If you have a misalignment of compensation then bad things happen.... like you do something unexpected and have to pay a fortune for something with little value or you take advantage of their billing and they don't want to keep you as a customer anymore.
-
@ajstringham said:
@scottalanmiller uses the illustration of AD authentication for remote users.
Say you have a group of users only using Pertino as a VPN to authenticate against the DC. Looking at the previous billing scheme that can be very expensive. However, by device you now have much better scalability. For what you would have paid for one user for one device you've now got three users online.
Exactly. You want the billing to be tied as closely to real costs as possible for everyone's benefit.
-
@Dashrender said:
@ajstringham said:
@Dashrender said:
I just watched Scott's YouTube video on Pertino, not bad.
But unlike a traditional VPN solution - you need to setup each endpoint specifically in the Pertino cloud, right? This can get costly pretty fast considering the shear number of end points. Once a VPN solution is in place it's pretty much done. Granted there's a lot of upfront setup and that takes time and money sure, but I'm guessing the pay back for a small business would be under a year compared to the on going expenses of a subscription solution.
What am I missing?
No. You setup users and then when Pertino is installed they authenticate with those credentials and they're on. If you have 20 users with 60 devices total you don't have to setup for 60 devices, just 20 users. Also, a feature they added (FINALLY!) was being able to do batch adds. Used to be one at a time which was very limiting.
OK you don't have to spend the time provisioning all of the end point, but you do have to install Pertino onto all of them.
Here's a sample setup.
Corp office has 5 servers
remote office has 5 workstations.
With VPN I setup a P2P VPN between the firewalls and I'm done.With Pertino I need to install the client on 10 devices (OK no big deal) but I have a monthly charge for this forever. Perhaps Pertino isn't intended as a point to point replacement.
Not yet, it isn't. But you just need to wait on the gateway features. Remember this is a brand new product that is just out of the gate. There is a ton of functionality coming that will really change how you look at it and will make the whole ecosystem make a lot more sense to you. You are seeing only one small piece of a large vision that makes it look a lot like a traditional VPN replacement when, in fact, it is a virtual network solution in a way that you aren't picturing (and doesn't exist yet.) So choosing it today for only the features it has now might not make sense for nearly as many people who might deploy it today (or tomorrow) for the features and functionality that are coming down the pike.
But in your example here, you would not normally deploy to ten devices. Pertino is meant for every device. Every single one. Not just those outside the building. That's where the power comes in. Not that you can't do it your way, you can, but that isn't the primary idea. That's why Pertino doesn't try to call it a VPN and why describing it as a VPN can be bad. It is a VPN, but VPN in a way very different in intention from how most people picture VPNs. A really advanced, fully hosted mesh VPN has been a viable thing for decades but 99% of IT people have never experienced one and haven't grasped what all that means - like being able to completely define your network in software at run time.
-
@Dashrender said:
@ajstringham said:
@Dashrender Originally, when it was per person, it was a 3 device/person limit. If you are the IT guy and using your account or any admin account for Pertino, this turns into a problem quick. I believe they have removed that since going to the new pricing scheme. One way or another there are tradeoffs. For someone with 5 devices it's more expensive. For most people it's more cost effective. I agree with the per person scheme. Very odd but they've moved away from that.
OK this makes more since, the limits bring it in line with the costs of the device pricing seen now, only it's more usable as you mentioned.
Yes, and if you are doing unique things, call them for pricing. Their pricing schemes are based on average users. If you are doing something on the fringe, have a conversation. It's real people there, they are going to talk to you and discuss the situation. They know that per device pricing doesn't always make sense.
-
@Dashrender said:
What makes Pertino secure? How is this different from Hamachi?
To specifically answer this point, Pertino is completely secure because there is no 1:N endpoint. Everything is device to device.
Example: You put Pertino on your DC and then on a sales laptop that is roaming the world. The person with the laptop has exactly the same access to the server as he has when he is in the office. Nothing more and nothing less. Pertino does not grant access to anything the user does not already have access to. Pertino is not a directory server or providing server authentication. Pertino is simply a network connection that happens to work from anywhere, it is not restricted to your office. -
@JaredBusch said:
@Dashrender said:
What makes Pertino secure? How is this different from Hamachi?
To specifically answer this point, Pertino is completely secure because there is no 1:N endpoint. Everything is device to device.
Example: You put Pertino on your DC and then on a sales laptop that is roaming the world. The person with the laptop has exactly the same access to the server as he has when he is in the office. Nothing more and nothing less. Pertino does not grant access to anything the user does not already have access to. Pertino is not a directory server or providing server authentication. Pertino is simply a network connection that happens to work from anywhere, it is not restricted to your office.I'm less worried about the permissions on the server itself, I would assume that the server's permissions would be in effect. I'm wondering more about the security of the tunnel since it is supported by a third party.
Here's a great example of a system that used to be bullet proof, but is no longer the case: Skype. Pertino sounds exactly like how Skype was 4 years ago. End to end encryption with the Skype servers only acting as helpers in setting up the tunnel then dropping out. But the US Gov't started putting pressure on them to create a way for Skype to 'tapped' like traditional phones (worse actually) and now the Skype protocol is eavesdroppable. -
Wow - this is a plethora of information. I've read all of the posts and now have learned more than expected - I was looking for Scott's video, can you throw that link in here? I didn't see it. Thanks for all of the input, this is a great resource - now, can we take this post and file it as a "whitepaper" of sorts, or just leave it as it is for users to search for?
-
@Bob-Beatty said:
Wow - this is a plethora of information. I've read all of the posts and now have learned more than expected - I was looking for Scott's video, can you throw that link in here? I didn't see it. Thanks for all of the input, this is a great resource - now, can we take this post and file it as a "whitepaper" of sorts, or just leave it as it is for users to search for?
http://www.youtube.com/watch?v=lyFr6ThV2As
Youtube VideoI threw mine in there for good measure.
-
@bob-beatty
And it dropped it...
Youtube Video -
@Bob-Beatty said:
Wow - this is a plethora of information. I've read all of the posts and now have learned more than expected - I was looking for Scott's video, can you throw that link in here? I didn't see it. Thanks for all of the input, this is a great resource - now, can we take this post and file it as a "whitepaper" of sorts, or just leave it as it is for users to search for?
We also host weekly demos on Thursdays at 2 PM EST. Here's the latest registration link.
@dashrender In regards to the site to site configuration, that is an ongoing discussion over here. For your use case of 5 devices at each location, then it's less than $300/year and those devices are no longer location-dependent. It's a compelling story for many scenarios. Once you get a greater number of devices on the local network then there are more factors that play into the ROI.
Where Pertino really changes the game is in enabling you to instantly and securely connect seemingly disparate devices, whether physical or virtual, located behind firewalls that you don't control. Then there's the "always on" connectivity for replication, eliminating annoying timeouts, user error, yada yada yada...
And like the guys have said, today it's all about being able to easily deploy and manage networks and making it easier for your users to access the resources they need.
-
I do understand the idea behind a virtual network that runs over the actual - the ease of use for giving users access to internal network resources (heck this would be a great solution to allow companies to use AD servers in Amazon's Cloud services).
I look forward to seeing add-ons to the current product line up.
-
Whatever happened to doing these discussion rooms?