Do you have anything set up to ssh into these machines? If so you might be able to ssh in and run the MSI installer with a single command line. Maybe we can create a Windows equivalent of curl|bash?
(curl|bash is proof that software deployment across the diverse Linux ecosystem is not that much better than Windows or Mac... but at least Linux being fully OSS has an excuse.)
Hmm... we've wanted to rework updates for quite some time so maybe we'll do something with a setting.
Like I said it's very hard to do... you can fire off a background MSI installer but if it fails you are SOL. Google built an entire auto-update system for Chrome themselves because of this.
Windows software deployment is terrible. Of course Mac is not that much better... you have Apple's absolutely awful app store with its restrictions that exclude almost all interesting desktop software.
Also what do most sysadmins think about auto-updates? I know some are -- like in the Linux world -- against auto-updating software and want things to update on a schedule (for obvious reasons).
I thought there were simple ways of pushing MSIs to Windows machines. That's why we've worked really hard to keep the installer in MSI format even though it does a number of complex things that Advanced Installer keeps wanting to kick us into the EXE track to accomplish.
What's the current state of the art for managing software installs across Windows machine pools?
Right now it's a button we can push. There's a signing key we have that we keep in cold storage for it.
We'd like to revisit the update schedule at some point in the future since auto-updating quickly can be a desirable feature if it's done well. But it's very hard to do well, especially with an app that integrates with the OS the way ZeroTier does. ZeroTier has drivers, services, etc.
BTW we had a couple releases in a row over the last week since we were fixing minor issues with route management and default route override / full tunnel, both of which were new and non-trivial. Hopefully it's calmed down now.
We recently improved our docs on this: https://github.com/zerotier/ZeroTierOne/tree/master/controller
ZeroTier hasn't been self-updating on Linux since very early versions. We found that many Linux users were using it on servers and really did not want software auto-updating itself independent of their scheduled use of 'yum' or 'apt'.
In 1.1.6+ we have finally developed real Linux packages and our own Linux package repository. The install script we created just adds that repo and installs the package, and once the repo is added it should auto-update along with other Linux packages when you do system package updates. This is expected behavior on Linux for a packaged app.
We also have people working to get this into Fedora/EPEL and Debian upstream but that's another matter, and many users might still prefer our repos since they will be updated more quickly.
MacOSX and Windows have auto-update functionality but we've been sort of gun shy about using it for the same reason. So far our policy has been to keep it around in case we ever have a critical security vulnerability that we need to force-patch ASAP. So far that has not happened.
Try it again -- I think I found an issue. It should complete the URL with $releasever but was not in some cases.
Is ESXi its own completely unique thing or is it based on something else?
DNS is fundamentally not designed for concurrent use on more than one network.
@Dashrender Pertino as far as I know implemented some kind of local split brain DNS proxy. That's not quite black magic but it's a pain.
What we do is to actually put private ZT IPs in our public DNS, e.g. <host>.int.zerotier.com where int.zerotier.com is the internal LAN. But I'm not sure that'll work for Active Directory.
@Dashrender ZT does precisely nothing to DNS... at least right now.
@dafyre Your OS's DNS resolver decides how DNS works. ZeroTier gives you a port to a virtual LAN, nothing more.
One wrinkle you should be aware of (this needs to be fixed in our web UI!) -- if you change the ZT-managed range from /24 to /23 or /22 you will also need to change it on all the devices. We should add a feature to renumber automatically since right now it's tedious.
Just popped by and saw this. Curious to hear your results and feel free to ask any questions.
Yeah that's in our feature queue but after a ton of other stuff.
Our thought is to build more value into the upgraded plans over time.
Yeah the new features are new. The first is monitoring -- it'll e-mail and SMS you (if you set SMS number) if a monitored device goes offline. Other new features are in development and include things like exit gateway as a service, port/web inbound forwards into your network, etc.
@JaredBusch Hmm... so they charge a ton for what that GitHub project does? If the need for split-brain DNS is all it is, I really don't see how this is a hard problem.