If LAN is legacy, what is the UN-legacy...?
-
So there are two solutions for this that I know of Zero Tier and Pertino. What other options are there?
What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.
It seems like a lot more expensive.
Are there other options?
-
@Dashrender said:
So there are two solutions for this that I know of Zero Tier and Pertino. What other options are there?
The option is you do not need those either.
Those are simply alternate VPN methods letting you cling to your extended LAN functionality.
-
@Dashrender said:
So there are two solutions for this that I know of Zero Tier and Pertino. What other options are there?
Those are not solutions for what I am describing, those are just the most advanced uses of the legacy LAN concept. Those are all about remaining dedicated to the LAN even after your are physically in no way suitable for one. Great products, but designed solely around maintaining the LAN ideologically rather than replacing it.
-
@Dashrender said:
What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.
ZeroTier is truly free and can be done without Internet access, if you want.
-
@Dashrender said:
Are there other options?
The idea of the citadel (I call it this because the LAN was the castle) is that there is no "shared address range", or at least no dependency on it. Security is no handled by having a "safe zone" on which you put services, you assume all networks are suspect and secure data accordingly.
I think that there are two key elements to removing the LAN dependency and ideology:
- Secure everything as it everything was a suspect network.
- Publish everything so that there is not a "local" network addressing dependency for resolution.
-
I would love to read more about the idea of
but as the LAN becomes increasingly unnecessary I see "enterprise" very much not the term for this model. Enterprises are the ones best equipped to move to more modern structural models."
Any links to articles on the subject and concept
-
@scottalanmiller said:
@Dashrender said:
What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.
ZeroTier is truly free and can be done without Internet access, if you want.
But if you are doing that, why bother with ZT?
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.
ZeroTier is truly free and can be done without Internet access, if you want.
But if you are doing that, why bother with ZT?
If you are doing it for free? Just because you don't want to pay.
Without Internet? Because you want software defined networking. Same basic reasons for OpenDaylight.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.
ZeroTier is truly free and can be done without Internet access, if you want.
But if you are doing that, why bother with ZT?
Encryption is the first thing that comes to mind.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.
ZeroTier is truly free and can be done without Internet access, if you want.
But if you are doing that, why bother with ZT?
If you are doing it for free? Just because you don't want to pay.
Without Internet? Because you want software defined networking. Same basic reasons for OpenDaylight.
OpenDaylight? (searching internet)
If your network isn't attached to the internet, then why would you need SDN? What do you gain? I definitely see why you use SDN for internet connected devices/services...
-
@JaredBusch said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.
ZeroTier is truly free and can be done without Internet access, if you want.
But if you are doing that, why bother with ZT?
Encryption is the first thing that comes to mind.
most systems already have their own encryption built in, so that shouldn't be a problem.
Windows can run completely encrypted on the LAN side if you want - enable certs/keys, etc...
-
@Dashrender said:
Windows can run completely encrypted on the LAN side if you want - enable certs/keys, etc...
Right... and you are just building a complicated, proprietary SDN
-
My biggest concerns about having things like AD on Azure would be that traffic (encrypted or not) being hit by a MITM type attack. It makes your information more vulnerable to that, than if you were, say... Running your business infrastructure on ZeroTier.
-
@dafyre said:
My biggest concerns about having things like AD on Azure would be that traffic (encrypted or not) being hit by a MITM type attack. It makes your information more vulnerable to that, than if you were, say... Running your business infrastructure on ZeroTier.
Tell me how ZT makes you immune to a MITM?
-
@JaredBusch said:
@dafyre said:
My biggest concerns about having things like AD on Azure would be that traffic (encrypted or not) being hit by a MITM type attack. It makes your information more vulnerable to that, than if you were, say... Running your business infrastructure on ZeroTier.
Tell me how ZT makes you immune to a MITM?
Or at least less susceptible than Azure AD.
-
@dafyre said:
My biggest concerns about having things like AD on Azure would be that traffic (encrypted or not) being hit by a MITM type attack. It makes your information more vulnerable to that, than if you were, say... Running your business infrastructure on ZeroTier.
Azure AD doesn't have this issue because Azure AD assumes all networks are untrusted, and as such transmits data only in a secure/encrypted manner to the endpoint.
Now of course this doesn't mean it's impossible for a MITM to get in there, its much more difficult.
ZT is really only useful for systems that don't have their secure communication method already in place. And example would be traditional LAN based AD. By default this communication is not encrypted, so using ZT would provide a level of protection that the LAN does not, while at the same time enabling you to be much more mobile at the same time.
-
@scottalanmiller said:
@JaredBusch said:
@dafyre said:
My biggest concerns about having things like AD on Azure would be that traffic (encrypted or not) being hit by a MITM type attack. It makes your information more vulnerable to that, than if you were, say... Running your business infrastructure on ZeroTier.
Tell me how ZT makes you immune to a MITM?
Or at least less susceptible than Azure AD.
Less susceptible is definitely a better way of stating that.
-
This is an interesting concept. Does anyone have any documentation on this? I'd love to read about what it would take to actually implement something like this.
-
@wirestyle22 said:
This is an interesting concept. Does anyone have any documentation on this? I'd love to read about what it would take to actually implement something like this.
Sadly, no. But it is coming soon You heard it here first!!
-
Oh, we could do a case study pretty easily, though. @ntg does this and has kind of stepped through the "best of breed" network design for a modern company over the years so we are good for that.
I've worked at several companies that have done this, as well, so I have some decent insight into what others are doing, not just one company.