Computing option with "no funds"

Dashrender

Considering the geographically disperse company you have there, AD (in general) will require either dedicated communication links or VPN tunnels. Either costly or potentially painful to manage (granted once a VPN site to site is up, you rarely have to deal with it).

What advantages are you gaining using AD company wide vs moving to Google Apps or O365 along with some sort of management solution for the desktops outside of AD (managed engine for example).

Nic

Check out Tech Soup if you haven't already. They give stuff to non-profits. Also maybe check out electronics recycling centers for free old stuff.

scottalanmiller

@g.jacobse said:

Agency wise (as a whole) getting into AD shouldn't be that costly. We can get Server 2012 with software assurance for next to nothing, add the required CALs and go forward. Being a Non Profit helps.

I was basing the costs off of AD being free. If it costs anything, it is that much more. Your issue is that you can't afford the Windows machines necessary to connect to AD.

scottalanmiller

@g.jacobse said:

Things can be done without AD, however there are a number of things which make having AD so much easier. I have the hardware - it needs to be upgraded a bit - but I have it.

You're early post about people bringing their own machines or getting Chromebooks suggested that you didn't have and couldn't get the hardware. Do you have access to company-owned Windows Pro machines or not? I'm confused.

scottalanmiller

@Dashrender said:

Considering the geographically disperse company you have there, AD (in general) will require either dedicated communication links or VPN tunnels. Either costly or potentially painful to manage (granted once a VPN site to site is up, you rarely have to deal with it).

Pertino works really well for this.

Dashrender

@scottalanmiller said:

@Dashrender said:

Considering the geographically disperse company you have there, AD (in general) will require either dedicated communication links or VPN tunnels. Either costly or potentially painful to manage (granted once a VPN site to site is up, you rarely have to deal with it).

Pertino works really well for this.

But as you mentioned work best with windows machines, not personally owned Chromebooks.

scottalanmiller

@Dashrender said:

But as you mentioned work best with windows machines, not personally owned Chromebooks.

Doesn't work on Chromebooks at all. But Chromebooks don't need it as they get their storage from Google.

scottalanmiller

Funny I'm in an office of very high end tech people discussing right now how many of them have managed to almost never work in an environment with AD at all.

Dashrender

@scottalanmiller said:

Funny I'm in an office of very high end tech people discussing right now how many of them have managed to almost never work in an environment with AD at all.

Are the machines those users are working on managed by the company at all? just curious.

scottalanmiller

@Dashrender said:

@scottalanmiller said:

Funny I'm in an office of very high end tech people discussing right now how many of them have managed to almost never work in an environment with AD at all.

Are the machines those users are working on managed by the company at all? just curious.

It's a mix. Sometimes they are, sometimes they are not. Both models exist and flourish. On the west coast, as we mentioned in another thread, I see unmanaged a lot, but away from that I see managed being the more common.

Carnival Boy

A lot of AD and group policy exists to prevent users harming themselves and/or the company. If I could stop working with dangerous idiots I'd be much more comfortable with getting rid of AD.

gjacobse

@Nic said:

Check out Tech Soup if you haven't already. They give stuff to non-profits. Also maybe check out electronics recycling centers for free old stuff.

Yup - I've been in the NPO arena now for about nine years,.. so I've used them plenty. In the past year I did learn of GrassRoots and can now add free hosting to the mix. Being a NPO is great... and also not. I like finding options that don't include spending buckets of money but still get the results needed.

I don't like to say I think outside the box,.. Id rather say - what box!

gjacobse

@scottalanmiller said:

@Dashrender said:

@scottalanmiller said:

Funny I'm in an office of very high end tech people discussing right now how many of them have managed to almost never work in an environment with AD at all.

Are the machines those users are working on managed by the company at all? just curious.

It's a mix. Sometimes they are, sometimes they are not. Both models exist and flourish. On the west coast, as we mentioned in another thread, I see unmanaged a lot, but away from that I see managed being the more common.

It might be a topic for another thread... but why would you go 'unmanaged' in a large office? How do you allocate security on network shares as easy as (at least I understand) you can with having a Domain and AD?

Dashrender

@g.jacobse said:

It might be a topic for another thread... but why would you go 'unmanaged' in a large office? How do you allocate security on network shares as easy as (at least I understand) you can with having a Domain and AD?

The same way Sharepoint online does, or Google Docs does. It's all done on the hosting solution. The local account doesn't matter. Web account does.

Dashrender

@Carnival-Boy said:

A lot of AD and group policy exists to prevent users harming themselves and/or the company. If I could stop working with dangerous idiots I'd be much more comfortable with getting rid of AD.

If you can provide all the required services via web pages or VDI or TS, and segregate the BOYDs from your production network, why do you need to care about the end device, the interfaces to the remote systems are what are protecting your data.

Carnival Boy

Not sure @Dashrender. I've worked with AD for so long I can't imagine life without it. I don't use VDI or TS and all my web services use AD credentials, so I don't know how the alternative would work. Would be interested to hear from people who actually do this.

Dashrender

I'm in the same boat as you. It's definitely hard to image users just having their own equipment, being responsible for their own equipment - yet still somehow providing all the needed accesses, but I can envision it being done.

What web services do you have using AD? Internally built web apps? Those could be transferred to a datacenter where you have a small connected node of servers, one or more running AD, the webserver prompts the user for their logon (the user doesn't care that it's AD), that logon is verified against the nearby AD server, tada... no more AD needed locally.

Of course this is probably not the best or even ideal way to move this to a hosted solution, but it's an option.

coliver

@Dashrender said:

I'm in the same boat as you. It's definitely hard to image users just having their own equipment, being responsible for their own equipment - yet still somehow providing all the needed accesses, but I can envision it being done.

What web services do you have using AD? Internally built web apps? Those could be transferred to a datacenter where you have a small connected node of servers, one or more running AD, the webserver prompts the user for their logon (the user doesn't care that it's AD), that logon is verified against the nearby AD server, tada... no more AD needed locally.

Of course this is probably not the best or even ideal way to move this to a hosted solution, but it's an option.

Not only that but you could also look at other authentication options. Something like OpenID or even an open source LDAP server could provide that mechanism.

Carnival Boy

Hosted AD is still AD though, right? Are we just talking about BYOD here? I'm not a fan of BYOD and have managed to resist it so far, though I'm sure it's only a matter of time. What happens when someone's personal device breaks and they can't use it to do any work?

coliver

@Carnival-Boy said:

Hosted AD is still AD though, right? Are we just talking about BYOD here? I'm not a fan of BYOD and have managed to resist it so far, though I'm sure it's only a matter of time. What happens when someone's personal device breaks and they can't use it to do any work?

That would be stipulated in policies, once you go BYOD the amount that you support is up to you and the management team. We haven't gone BYOD and probably never will.