ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Computing option with "no funds"

    Scheduled Pinned Locked Moved IT Discussion
    69 Posts 9 Posters 19.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Carnival Boy
      last edited by

      A lot of AD and group policy exists to prevent users harming themselves and/or the company. If I could stop working with dangerous idiots I'd be much more comfortable with getting rid of AD.

      DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
      • gjacobseG
        gjacobse @Nic
        last edited by

        @Nic said:

        Check out Tech Soup if you haven't already. They give stuff to non-profits. Also maybe check out electronics recycling centers for free old stuff.

        Yup - I've been in the NPO arena now for about nine years,.. so I've used them plenty. In the past year I did learn of GrassRoots and can now add free hosting to the mix. Being a NPO is great... and also not. I like finding options that don't include spending buckets of money but still get the results needed.

        I don't like to say I think outside the box,.. Id rather say - what box!

        1 Reply Last reply Reply Quote 0
        • gjacobseG
          gjacobse @scottalanmiller
          last edited by

          @scottalanmiller said:

          @Dashrender said:

          @scottalanmiller said:

          Funny I'm in an office of very high end tech people discussing right now how many of them have managed to almost never work in an environment with AD at all.

          Are the machines those users are working on managed by the company at all? just curious.

          It's a mix. Sometimes they are, sometimes they are not. Both models exist and flourish. On the west coast, as we mentioned in another thread, I see unmanaged a lot, but away from that I see managed being the more common.

          It might be a topic for another thread... but why would you go 'unmanaged' in a large office? How do you allocate security on network shares as easy as (at least I understand) you can with having a Domain and AD?

          DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
          • DashrenderD
            Dashrender @gjacobse
            last edited by

            @g.jacobse said:

            It might be a topic for another thread... but why would you go 'unmanaged' in a large office? How do you allocate security on network shares as easy as (at least I understand) you can with having a Domain and AD?

            The same way Sharepoint online does, or Google Docs does. It's all done on the hosting solution. The local account doesn't matter. Web account does.

            scottalanmillerS 1 Reply Last reply Reply Quote 1
            • DashrenderD
              Dashrender @Carnival Boy
              last edited by

              @Carnival-Boy said:

              A lot of AD and group policy exists to prevent users harming themselves and/or the company. If I could stop working with dangerous idiots I'd be much more comfortable with getting rid of AD.

              If you can provide all the required services via web pages or VDI or TS, and segregate the BOYDs from your production network, why do you need to care about the end device, the interfaces to the remote systems are what are protecting your data.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • C
                Carnival Boy
                last edited by

                Not sure @Dashrender. I've worked with AD for so long I can't imagine life without it. I don't use VDI or TS and all my web services use AD credentials, so I don't know how the alternative would work. Would be interested to hear from people who actually do this.

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender
                  last edited by

                  I'm in the same boat as you. It's definitely hard to image users just having their own equipment, being responsible for their own equipment - yet still somehow providing all the needed accesses, but I can envision it being done.

                  What web services do you have using AD? Internally built web apps? Those could be transferred to a datacenter where you have a small connected node of servers, one or more running AD, the webserver prompts the user for their logon (the user doesn't care that it's AD), that logon is verified against the nearby AD server, tada... no more AD needed locally.

                  Of course this is probably not the best or even ideal way to move this to a hosted solution, but it's an option.

                  coliverC 1 Reply Last reply Reply Quote 0
                  • coliverC
                    coliver @Dashrender
                    last edited by

                    @Dashrender said:

                    I'm in the same boat as you. It's definitely hard to image users just having their own equipment, being responsible for their own equipment - yet still somehow providing all the needed accesses, but I can envision it being done.

                    What web services do you have using AD? Internally built web apps? Those could be transferred to a datacenter where you have a small connected node of servers, one or more running AD, the webserver prompts the user for their logon (the user doesn't care that it's AD), that logon is verified against the nearby AD server, tada... no more AD needed locally.

                    Of course this is probably not the best or even ideal way to move this to a hosted solution, but it's an option.

                    Not only that but you could also look at other authentication options. Something like OpenID or even an open source LDAP server could provide that mechanism.

                    scottalanmillerS 1 Reply Last reply Reply Quote 1
                    • C
                      Carnival Boy
                      last edited by

                      Hosted AD is still AD though, right? Are we just talking about BYOD here? I'm not a fan of BYOD and have managed to resist it so far, though I'm sure it's only a matter of time. What happens when someone's personal device breaks and they can't use it to do any work?

                      coliverC scottalanmillerS 2 Replies Last reply Reply Quote 0
                      • coliverC
                        coliver @Carnival Boy
                        last edited by

                        @Carnival-Boy said:

                        Hosted AD is still AD though, right? Are we just talking about BYOD here? I'm not a fan of BYOD and have managed to resist it so far, though I'm sure it's only a matter of time. What happens when someone's personal device breaks and they can't use it to do any work?

                        That would be stipulated in policies, once you go BYOD the amount that you support is up to you and the management team. We haven't gone BYOD and probably never will.

                        DashrenderD 1 Reply Last reply Reply Quote 0
                        • gjacobseG
                          gjacobse
                          last edited by

                          If you don't have AD, how do you assigned policies on login? simple management of network shares and other resources such as networked printers and such?

                          Yes you can do quite a bit with hosted solutions,.. But,..

                          DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @gjacobse
                            last edited by

                            @g.jacobse said:

                            If you don't have AD, how do you assigned policies on login? simple management of network shares and other resources such as networked printers and such?

                            Yes you can do quite a bit with hosted solutions,.. But,..

                            With hosted solution you don't have network shared in the conventional ways anymore, you have files in Google Drive or in SharePoint. Navigation in these systems is similar to traditional shares though.

                            If you're using all web based services, what policies do you need to push to the users? As for printers, you create documentation on how to add the printers and you give that to the users. Or you setup the printer for them, once added, you probably don't have to do much more. Of course in this situation there would be no print servers, just direct printing.

                            1 Reply Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender @coliver
                              last edited by

                              @coliver said:

                              @Carnival-Boy said:

                              Hosted AD is still AD though, right? Are we just talking about BYOD here? I'm not a fan of BYOD and have managed to resist it so far, though I'm sure it's only a matter of time. What happens when someone's personal device breaks and they can't use it to do any work?

                              That would be stipulated in policies, once you go BYOD the amount that you support is up to you and the management team. We haven't gone BYOD and probably never will.

                              Agreed, going BYOD means completely rethinking your end user technology policies. You/your company has to decide how they want to handle users who's devices don't work, etc.

                              Like Carnival-Boy I can't see my office ever going that route for regular employees at least not without completely changing the culture. And I don't think they want that culture change.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Carnival Boy
                                last edited by

                                @Carnival-Boy said:

                                A lot of AD and group policy exists to prevent users harming themselves and/or the company. If I could stop working with dangerous idiots I'd be much more comfortable with getting rid of AD.

                                Sure, but AD is not the only means of doing that. It isn't "AD" or nothing, it's "AD or an alternative."

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @gjacobse
                                  last edited by

                                  @g.jacobse said:

                                  It might be a topic for another thread... but why would you go 'unmanaged' in a large office? How do you allocate security on network shares as easy as (at least I understand) you can with having a Domain and AD?

                                  A lot of companies don't use network shares that way anymore. With new technologies like ownCloud, SharePoint, Google Drive, etc. the move to user-centric storage is a pretty big one. As companies start decentralizing and needing to share data across states and oceans traditional file shares fall down anyway. The idea of shared drives has lots of useful cases, but the number is dropping quickly. NTG hasn't had shared drives in years, for example, because we don't all sit in one building.

                                  1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @Dashrender
                                    last edited by

                                    @Dashrender said:

                                    @g.jacobse said:

                                    It might be a topic for another thread... but why would you go 'unmanaged' in a large office? How do you allocate security on network shares as easy as (at least I understand) you can with having a Domain and AD?

                                    The same way Sharepoint online does, or Google Docs does. It's all done on the hosting solution. The local account doesn't matter. Web account does.

                                    Exactly

                                    1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @Dashrender
                                      last edited by

                                      @Dashrender said:

                                      @Carnival-Boy said:

                                      A lot of AD and group policy exists to prevent users harming themselves and/or the company. If I could stop working with dangerous idiots I'd be much more comfortable with getting rid of AD.

                                      If you can provide all the required services via web pages or VDI or TS, and segregate the BOYDs from your production network, why do you need to care about the end device, the interfaces to the remote systems are what are protecting your data.

                                      Well, in that case, the VDI or RDS are the end point and would "need" AD for management still.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Carnival Boy
                                        last edited by

                                        @Carnival-Boy said:

                                        Not sure @Dashrender. I've worked with AD for so long I can't imagine life without it. I don't use VDI or TS and all my web services use AD credentials, so I don't know how the alternative would work. Would be interested to hear from people who actually do this.

                                        That's a common feeling and if you've never seen a shop without AD it can be surprising how little it is needed. At NTG we have AD but everyone always asks "what is it for?" It manages logins to the machines, but really nothing else. We can reset passwords for people, but we have to maintain a complex network for that one benefit. It's handy, but it is really easy to see that the value is nominal for us and a lot of places that I have been.

                                        AD is great for certain use cases and very poor for others.

                                        Lots of shops are using Google Chromebooks which don't use AD but have their own thing, tons of shops use an AD alternative (OpenLDAP, for example) and many don't worry about controlling end point devices because while there is value to that, there is also huge cost and overhead and the reality is that you don't often actually need to control them. It's one of those areas where IT tends to have more of a desire to be in control than a business actually has a business need to have control.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @coliver
                                          last edited by

                                          @coliver said:

                                          Not only that but you could also look at other authentication options. Something like OpenID or even an open source LDAP server could provide that mechanism.

                                          As NTG looks to more web apps for internal stuff, we aren't even considering using AD as the central authentication system. Just doesn't make sense. Locks you into too much infrastructure without real benefit. Something like OpenID moves the authentication management off to someone else and lets you focus on the apps, not the logins.

                                          1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @Carnival Boy
                                            last edited by

                                            @Carnival-Boy said:

                                            Hosted AD is still AD though, right? Are we just talking about BYOD here? I'm not a fan of BYOD and have managed to resist it so far, though I'm sure it's only a matter of time. What happens when someone's personal device breaks and they can't use it to do any work?

                                            Can't get hosted AD. That's one of the killers that makes it far less valuable than it should be. AD is legally barred from being hosted in any manner other than a managed colo (you have to own all of the servers and licenses, someone else can just manage them on your behalf.)

                                            BYOD is awesome. I don't know any downside to it, really. It's super secure and flexible. What concerns you about it? Enforced BYOD I don't like. But optional BYOD... I don't know any Fortune 1000 that doesn't do that!

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 3 / 4
                                            • First post
                                              Last post