ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    If LAN is legacy, what is the UN-legacy...?

    Scheduled Pinned Locked Moved IT Discussion
    188 Posts 13 Posters 91.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      None of this is to suggest that the physical LAN network of an office will go away or that we will not attempt to secure it (firewall, UTM, etc.) It is that we will stop thinking of it as a secure place to dump data willy nilly. And once we treat the LAN as a dangerous place like the Internet, suddenly we are not tied down to it any longer either.

      FATeknollogeeF 1 Reply Last reply Reply Quote 2
      • FATeknollogeeF
        FATeknollogee @scottalanmiller
        last edited by

        @scottalanmiller said:

        None of this is to suggest that the physical LAN network of an office will go away or that we will not attempt to secure it (firewall, UTM, etc.) It is that we will stop thinking of it as a secure place to dump data willy nilly. And once we treat the LAN as a dangerous place like the Internet, suddenly we are not tied down to it any longer either.

        This was going to be my next question.
        If I understand correctly, the firewall/UTM/"insert fav mode" concept still exists & is valid.
        The old school "on prem" services (AD, File Shares, email) that were heavy on LAN kinda go away

        scottalanmillerS 1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller @FATeknollogee
          last edited by

          @FATeknollogee said:

          If I understand correctly, the firewall/UTM/"insert fav mode" concept still exists & is valid.
          The old school "on prem" services (AD, File Shares, email) that were heavy on LAN kinda go away

          Right, that is what I expect. Having a firewall to provide "as much protection as possible" will be valid for a long time (although some weird people are even arguing that that is a waste, but I don't buy it) but having services that assume you are on a LAN will go away.

          Email, AD, storage... we will continue to need those, but not in the old way. Right now we have to create this "special network" to deliver those services. SMB only works well over a low latency, high bandwidth connection. AD is complicated without local DNS controlling everything. Things like that. They are based on very limited assumptions that really curtail businesses.

          1 Reply Last reply Reply Quote 1
          • scottalanmillerS
            scottalanmiller
            last edited by

            And, of course, things like cloud platforms change this too. Once you remove the LAN, suddenly you can easily leverage not just a platform like AWS whenever needed, but you can do so in a very flexible way. We don't need a private cloud, we can use a cheaper and more powerful public one. We don't need to work with a single provider, we can use any one that is good for the needed workload.

            Things get cheaper and more powerful.

            And WAN purchasing changes. We don't need expensive VPN accelerators, managed VPN or MPLS. We just need fast WAN links, at lower cost. The WAN becomes far simpler, too.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              And of course, just as the LAN never made sense for everyone, the LAN will likely always make sense for someone. But it is the assumption of a LAN, the foregone conclusion that the LAN is how businesses run and especially that it is how "enterprise" ones run, is already past its sell by date. Nothing wrong with LANs today, but they are not the cutting edge or something special. Companies that are skipping them are either forward thinking new entities or companies that had LANs that have worked hard to phase them out.

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender
                last edited by

                So there are two solutions for this that I know of Zero Tier and Pertino. What other options are there?

                What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.

                It seems like a lot more expensive.

                Are there other options?

                JaredBuschJ scottalanmillerS 4 Replies Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @Dashrender
                  last edited by

                  @Dashrender said:

                  So there are two solutions for this that I know of Zero Tier and Pertino. What other options are there?

                  The option is you do not need those either.

                  Those are simply alternate VPN methods letting you cling to your extended LAN functionality.

                  1 Reply Last reply Reply Quote 1
                  • scottalanmillerS
                    scottalanmiller @Dashrender
                    last edited by

                    @Dashrender said:

                    So there are two solutions for this that I know of Zero Tier and Pertino. What other options are there?

                    Those are not solutions for what I am describing, those are just the most advanced uses of the legacy LAN concept. Those are all about remaining dedicated to the LAN even after your are physically in no way suitable for one. Great products, but designed solely around maintaining the LAN ideologically rather than replacing it.

                    A 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Dashrender
                      last edited by

                      @Dashrender said:

                      What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.

                      ZeroTier is truly free and can be done without Internet access, if you want.

                      DashrenderD 1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Dashrender
                        last edited by

                        @Dashrender said:

                        Are there other options?

                        The idea of the citadel (I call it this because the LAN was the castle) is that there is no "shared address range", or at least no dependency on it. Security is no handled by having a "safe zone" on which you put services, you assume all networks are suspect and secure data accordingly.

                        I think that there are two key elements to removing the LAN dependency and ideology:

                        • Secure everything as it everything was a suspect network.
                        • Publish everything so that there is not a "local" network addressing dependency for resolution.
                        1 Reply Last reply Reply Quote 1
                        • hobbit666H
                          hobbit666
                          last edited by

                          I would love to read more about the idea of

                          but as the LAN becomes increasingly unnecessary I see "enterprise" very much not the term for this model. Enterprises are the ones best equipped to move to more modern structural models."

                          Any links to articles on the subject and concept

                          1 Reply Last reply Reply Quote 1
                          • DashrenderD
                            Dashrender @scottalanmiller
                            last edited by

                            @scottalanmiller said:

                            @Dashrender said:

                            What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.

                            ZeroTier is truly free and can be done without Internet access, if you want.

                            But if you are doing that, why bother with ZT?

                            scottalanmillerS JaredBuschJ 2 Replies Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Dashrender
                              last edited by

                              @Dashrender said:

                              @scottalanmiller said:

                              @Dashrender said:

                              What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.

                              ZeroTier is truly free and can be done without Internet access, if you want.

                              But if you are doing that, why bother with ZT?

                              If you are doing it for free? Just because you don't want to pay.

                              Without Internet? Because you want software defined networking. Same basic reasons for OpenDaylight.

                              DashrenderD 1 Reply Last reply Reply Quote 0
                              • JaredBuschJ
                                JaredBusch @Dashrender
                                last edited by

                                @Dashrender said:

                                @scottalanmiller said:

                                @Dashrender said:

                                What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.

                                ZeroTier is truly free and can be done without Internet access, if you want.

                                But if you are doing that, why bother with ZT?

                                Encryption is the first thing that comes to mind.

                                DashrenderD 1 Reply Last reply Reply Quote 1
                                • DashrenderD
                                  Dashrender @scottalanmiller
                                  last edited by

                                  @scottalanmiller said:

                                  @Dashrender said:

                                  @scottalanmiller said:

                                  @Dashrender said:

                                  What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.

                                  ZeroTier is truly free and can be done without Internet access, if you want.

                                  But if you are doing that, why bother with ZT?

                                  If you are doing it for free? Just because you don't want to pay.

                                  Without Internet? Because you want software defined networking. Same basic reasons for OpenDaylight.

                                  OpenDaylight? (searching internet)

                                  If your network isn't attached to the internet, then why would you need SDN? What do you gain? I definitely see why you use SDN for internet connected devices/services...

                                  1 Reply Last reply Reply Quote 1
                                  • DashrenderD
                                    Dashrender @JaredBusch
                                    last edited by

                                    @JaredBusch said:

                                    @Dashrender said:

                                    @scottalanmiller said:

                                    @Dashrender said:

                                    What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.

                                    ZeroTier is truly free and can be done without Internet access, if you want.

                                    But if you are doing that, why bother with ZT?

                                    Encryption is the first thing that comes to mind.

                                    most systems already have their own encryption built in, so that shouldn't be a problem.

                                    Windows can run completely encrypted on the LAN side if you want - enable certs/keys, etc...

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @Dashrender
                                      last edited by

                                      @Dashrender said:

                                      Windows can run completely encrypted on the LAN side if you want - enable certs/keys, etc...

                                      Right... and you are just building a complicated, proprietary SDN 🙂

                                      1 Reply Last reply Reply Quote 1
                                      • dafyreD
                                        dafyre
                                        last edited by

                                        My biggest concerns about having things like AD on Azure would be that traffic (encrypted or not) being hit by a MITM type attack. It makes your information more vulnerable to that, than if you were, say... Running your business infrastructure on ZeroTier.

                                        JaredBuschJ DashrenderD 2 Replies Last reply Reply Quote 0
                                        • JaredBuschJ
                                          JaredBusch @dafyre
                                          last edited by

                                          @dafyre said:

                                          My biggest concerns about having things like AD on Azure would be that traffic (encrypted or not) being hit by a MITM type attack. It makes your information more vulnerable to that, than if you were, say... Running your business infrastructure on ZeroTier.

                                          Tell me how ZT makes you immune to a MITM?

                                          scottalanmillerS 1 Reply Last reply Reply Quote 1
                                          • scottalanmillerS
                                            scottalanmiller @JaredBusch
                                            last edited by

                                            @JaredBusch said:

                                            @dafyre said:

                                            My biggest concerns about having things like AD on Azure would be that traffic (encrypted or not) being hit by a MITM type attack. It makes your information more vulnerable to that, than if you were, say... Running your business infrastructure on ZeroTier.

                                            Tell me how ZT makes you immune to a MITM?

                                            Or at least less susceptible than Azure AD.

                                            dafyreD 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 6
                                            • 7
                                            • 8
                                            • 9
                                            • 10
                                            • 8 / 10
                                            • First post
                                              Last post