Service Providers

@pete-s said in Proxies as VPN?:

@emad-r Two completely different solutions for different uses.

This.

@obsolesce said in I have to change cloud drive service yet again:

@obsolesce said in I have to change cloud drive service yet again:

You're not using the correct tool for the job IMHO. This isn't what NC/ODFB/etc is for.

I'll say this again.

And I also agree 100% with Jared.

I'll disagree with your quoted statement, because it is perfectly fine to use those solutions in this way. With WebDAV. That is all he has to correctly do.

He can never do what he wants with a sync client design.

@dashrender said in I have to change cloud drive service yet again:

@coliver said in I have to change cloud drive service yet again:

@dashrender said in I have to change cloud drive service yet again:

@coliver said in I have to change cloud drive service yet again:

@dashrender said in I have to change cloud drive service yet again:

@guyinpv said in I have to change cloud drive service yet again:

@jaredbusch

@irj said in I have to change cloud drive service yet again:

@guyinpv said in I have to change cloud drive service yet again:

@irj

@irj said in I have to change cloud drive service yet again:

I use NC and love it like everyone else. However for this scenario, Office online and one drive is the best tool for what you are trying to accomplish.

It's simple, easy to use and requires very minimal training since the company is already likely utilizing office . It functions just like the desktop versions in every way and makes file sharing extremely easy.

When I tested with OneDrive over a year ago, it wasn't syncing files the way we need. It wasn't letting us sync to desktop any shared folders. I believe it might be able to do this now, I'd have to test again.

We do have Office365 but we don't have accounts for every user individually. Some of our office computers are shared and so multiple people might be working under the same user.

I personally have my own O365 business account for my home business and I've found it to work pretty well although I don'y have any shared folders with other people.

I feel like it's been only a couple months since I scrubbed onedrive off all our computers cause it wasn't working right. Feels wrong to go right back to it again. What a pain.

One Drive Sharing in itself should be sufficient. If I create a file, I can share with certain users or everyone and they are able to see it under "Shared with Me" directly under their OneDrive.

If it is shared in OneDrive, then why copy it to a network shared folder? That doesnt really make any sense? I can understand copying it locally of course, but why the need for it to be in a shared folder?

Btw that is very bad practice to share accounts like that, which I am sure you already know.

To my knowledge (tested about a year ago), OneDrive folders when shared could not be synced to local computers. It would only sync your own folders. This may have changed but local computer sync simply couldn't be done back when I used it.

I'm not doing a second copy to a local shared folder. I simply want local sync period. Obviously if our share becomes a lot larger than 11GB, it will begin to make more sense to not sync absolutely everything. But the folder isn't growing that fast so I'll wait for that day.

Syncing 11 GB just seems like a horrible situation. How do these system deal with file locks?

I'm in your same exact boat. If I want to move to LANLess, I'm going to have to break my users away from a general sync'ed drive - at least in my mind. Sync your personal files, but the central shared filestore - that's likely going to have to go on a checkout like basis with SharePoint or maybe NextCloud - but it will require re-education of users on how to use it.

Modern SaberDAV (the WebDAV server that NextCloud uses) can handle file locks similar to Sharepoint. WebDAV is a transitional technology in my mind but it does a fantastic job of it.

Offline access is the real issue. Apps that understand how to natively talk to something like NC (is that a thing?) or OneDrive or SharePoint seems to really be the future. You open the app, the app has direct access to the data in question.

The problem comes in when you need/want offline access. How do you set it up at an app level for online syncing?

Hence why I called WebDAV a transitional technology. It's good for the applications that can't directly access the date on the webserver. By the way Office natively uses WebDAV to access files on Sharepoint and Onedrive.

How do you do that with traditional on-site SMB shares? Sure you can do offline files but that introduces the same issues that we've been talking about here.

From a central shared drive - you're right, same problem.

@guyinpv - why the need for syncing? are the people really needing offline file access?

Because he has no idea what he is doing.

The answer to what he wants is to use WebDAV properly.

@dashrender said in Handling DNS in a Single Active Directory Domain Controller Environment:

Risk mitigation is one reason - OK fine. But come on - how often does someone's AD really fail?

Define fail. Fail when integrating with things, decently often. Fail because it turned out to be a security breach because we extended it to third party apps? More often than people say, or know.

@dashrender said in Handling DNS in a Single Active Directory Domain Controller Environment:

@travisdh1 said in Handling DNS in a Single Active Directory Domain Controller Environment:

@dashrender said in Handling DNS in a Single Active Directory Domain Controller Environment:

@travisdh1 said in Handling DNS in a Single Active Directory Domain Controller Environment:

@dashrender said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@dafyre said in Handling DNS in a Single Active Directory Domain Controller Environment:

@travisdh1 said in Handling DNS in a Single Active Directory Domain Controller Environment:

@dafyre said in Handling DNS in a Single Active Directory Domain Controller Environment:

@jaredbusch said in Handling DNS in a Single Active Directory Domain Controller Environment:

What really needs to be laid out here is a list of what needs done on both sides, both proactively and reactively after a failure. At that point relative costs can be estimated.

I certainly what @JaredBusch mentions would be a good grounding point for this point of discussion... Let's first describe the business scenario.

Company Details for Scenario 1
Acme, Inc.
24 Employees
1 x Virtualization Host
1 x AD Server (AD, DNS, DHCP) VM
Y x other VMs
Email is hosted on O365.
(we don't care about other VMs for sake of this discussion, do we?)
1 x Network Router

Assumptions:

• All devices use the router for DNS1, and AD Server for DNS2.
• Router points to AD Server for DNS1, and CloudFlare for DNS2.
• Company already owns a working backup product

Scenario 1:
Problem: AD Server VM Blows up, Blue Screens, Gets Deleted or just won't boot.
Impact: Services Requiring AD for authentication will not work. Devices that were working when the AD Server died continue working until DHCP lease time runs out. Internet is up since the router can use CloudFlare for DNS.
Solution: Restore VM from most recent backup into new VM on the Virtualization host.
Cost Formula: Hours Downtime * Lost Productivity (if Any) = Total Cost
**Cost: 2 hrs * $5000/hr = $10,000

Does that oversimplify the discussion or provide enough details?

Getting there. What service broke because AD was down? Most of the time, AD could be down and nobody would know the difference. To have cost associated with AD being down, a service that doesn't cache credentials has to be authenticating with it.

Seriously, try it in your home lab sometime. Just shut down any AD servers you have running and see how long it takes for something to break.

First thing that comes to mind: NextCloud with AD integration, RocketChat with AD integration.

For the case of my scenario, we don't worry about WHAT broke. If you look closely at my Cost Formula... It was Lost Productivity (if Any)... because you're right, just because AD is down, doesn't necessarily mean the entire business just stops.

Right, but that's contrived. Why are they putting in those breaking points if they are risky, and why in such a small environment?

We have a similar setup, and just avoid AD integration, problem solved. And solved solidly. I know shops with hundreds of people doing the same.

Why make things harder for people by having multiple logons when you can skip that and have some form of SSO? or at least shared credentials?

Are you assuming AD provides SSO? So many other things can provide that piece of AD if needed.

SSO is likely the wrong term in this case. What I mean is a single centralized authentication. the user only needs ONE username and password, not many.

If you use have AD username/password and a separate one for NC, that's just more work on the user - why? Sure this thread gives one possible reason why to not do it.

If SSO is a thing you want to enable, lots of LDAP servers are available that can provide it securely, in addition to AD.

Sure - but that wasn't the point. We're talking about a single AD environment. You already have AD. Why not use it?

that's very bad logic. That's sunk cost thinking. You should be evaluating AD for each case, not "use it because we have it." That's how most AD gets deployed in the first place (we have Windows, so AD is included, why not use it.)

THere are loads of times that using it for those things is good. But loads that it is not, too. Never should you say "we have it, so we should use it."

@coliver said in Handling DNS in a Single Active Directory Domain Controller Environment:

@dbeato said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@dbeato said in Handling DNS in a Single Active Directory Domain Controller Environment:

@travisdh1 said in Handling DNS in a Single Active Directory Domain Controller Environment:

@dbeato said in Handling DNS in a Single Active Directory Domain Controller Environment:

@travisdh1 said in Handling DNS in a Single Active Directory Domain Controller Environment:

@dbeato said in Handling DNS in a Single Active Directory Domain Controller Environment:

@obsolesce said in Handling DNS in a Single Active Directory Domain Controller Environment:

I do also understand that all SMBs are not equal, some may be running software that absolutely requires 99.999 uptime of AD... I get it. Then on the other side I coudl question why something like that was chosen in the first place. There are great alternatives to Windows for SMBs.

When you say they are great alternative to Windows for SMBs, what do you have in mind? Because if you see the SMB landscape you will find the opposite of what you are stating.

Just because many places deploy something, doesn't mean it was the right tool to use. There are reasons why so many SMB fail.

So what is the answer, that is all I am looking for.

Unless you want to provide very specific examples, there won't be "the answer", unless you want a good old 42.

Let's take a greenfield example. I'd use Nethserver and be done with it, if AD services are required. That's a large if tho.

Walking into a place that already has 2016 AD services in place? Then stick with that.

It's all about knowing the different options and the requirements that need to be met.

Sure, which is fine on a recommended basis and that's how you would find out but making generalizations makes it harder to really get to the matter of things. Saying that using Microsoft Windows Server or a Microsoft Environment l or using Linux Server on a Linux or Windows Environment makes a SMB unsuccessful, muddies things.

Most companies are bad. Most companies use Windows. Using Windows isn't suggested to be bad or that using it makes companies bad. Only that both are common and you can't justify the majority use of Windows as being good because most companies are bad so that makes no sense.

What the heck, most companies are bad? I mean I hope this is my last interaction on this thread as I will be just looking from the outside at the moment.

Yes? Most companies are bad and have poor business practices. The vast majority fail under two years. This is pretty common knowledge.

It's like 55% fail in 2 years, 85% before 8 years. This is why getting bank loans is nearly impossible before the 8 year mark. Being in the black after eight years is the mark of "initial success" in starting a working business generally.

@dashrender said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@dafyre said in Handling DNS in a Single Active Directory Domain Controller Environment:

@travisdh1 said in Handling DNS in a Single Active Directory Domain Controller Environment:

@dafyre said in Handling DNS in a Single Active Directory Domain Controller Environment:

@jaredbusch said in Handling DNS in a Single Active Directory Domain Controller Environment:

What really needs to be laid out here is a list of what needs done on both sides, both proactively and reactively after a failure. At that point relative costs can be estimated.

I certainly what @JaredBusch mentions would be a good grounding point for this point of discussion... Let's first describe the business scenario.

Company Details for Scenario 1
Acme, Inc.
24 Employees
1 x Virtualization Host
1 x AD Server (AD, DNS, DHCP) VM
Y x other VMs
Email is hosted on O365.
(we don't care about other VMs for sake of this discussion, do we?)
1 x Network Router

Assumptions:

• All devices use the router for DNS1, and AD Server for DNS2.
• Router points to AD Server for DNS1, and CloudFlare for DNS2.
• Company already owns a working backup product

Scenario 1:
Problem: AD Server VM Blows up, Blue Screens, Gets Deleted or just won't boot.
Impact: Services Requiring AD for authentication will not work. Devices that were working when the AD Server died continue working until DHCP lease time runs out. Internet is up since the router can use CloudFlare for DNS.
Solution: Restore VM from most recent backup into new VM on the Virtualization host.
Cost Formula: Hours Downtime * Lost Productivity (if Any) = Total Cost
**Cost: 2 hrs * $5000/hr = $10,000

Does that oversimplify the discussion or provide enough details?

Getting there. What service broke because AD was down? Most of the time, AD could be down and nobody would know the difference. To have cost associated with AD being down, a service that doesn't cache credentials has to be authenticating with it.

Seriously, try it in your home lab sometime. Just shut down any AD servers you have running and see how long it takes for something to break.

First thing that comes to mind: NextCloud with AD integration, RocketChat with AD integration.

For the case of my scenario, we don't worry about WHAT broke. If you look closely at my Cost Formula... It was Lost Productivity (if Any)... because you're right, just because AD is down, doesn't necessarily mean the entire business just stops.

Right, but that's contrived. Why are they putting in those breaking points if they are risky, and why in such a small environment?

We have a similar setup, and just avoid AD integration, problem solved. And solved solidly. I know shops with hundreds of people doing the same.

Why make things harder for people by having multiple logons when you can skip that and have some form of SSO? or at least shared credentials?

Because it is a huge amount of risk mitigation so that breaking into one thing doesn't cascade to the whole environment. And it allows for all kinds of flexible use cases that AD doesn't well support.

@dbeato said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@dbeato said in Handling DNS in a Single Active Directory Domain Controller Environment:

@travisdh1 said in Handling DNS in a Single Active Directory Domain Controller Environment:

@dbeato said in Handling DNS in a Single Active Directory Domain Controller Environment:

@travisdh1 said in Handling DNS in a Single Active Directory Domain Controller Environment:

@dbeato said in Handling DNS in a Single Active Directory Domain Controller Environment:

@obsolesce said in Handling DNS in a Single Active Directory Domain Controller Environment:

I do also understand that all SMBs are not equal, some may be running software that absolutely requires 99.999 uptime of AD... I get it. Then on the other side I coudl question why something like that was chosen in the first place. There are great alternatives to Windows for SMBs.

When you say they are great alternative to Windows for SMBs, what do you have in mind? Because if you see the SMB landscape you will find the opposite of what you are stating.

Just because many places deploy something, doesn't mean it was the right tool to use. There are reasons why so many SMB fail.

So what is the answer, that is all I am looking for.

Unless you want to provide very specific examples, there won't be "the answer", unless you want a good old 42.

Let's take a greenfield example. I'd use Nethserver and be done with it, if AD services are required. That's a large if tho.

Walking into a place that already has 2016 AD services in place? Then stick with that.

It's all about knowing the different options and the requirements that need to be met.

Sure, which is fine on a recommended basis and that's how you would find out but making generalizations makes it harder to really get to the matter of things. Saying that using Microsoft Windows Server or a Microsoft Environment l or using Linux Server on a Linux or Windows Environment makes a SMB unsuccessful, muddies things.

Most companies are bad. Most companies use Windows. Using Windows isn't suggested to be bad or that using it makes companies bad. Only that both are common and you can't justify the majority use of Windows as being good because most companies are bad so that makes no sense.

What the heck, most companies are bad? I mean I hope this is my last interaction on this thread as I will be just looking from the outside at the moment.

85% of new companies fail. Yes, the average company is HORRIBLE. THe average company loses money, makes ridiculous decisions. This is the most fundamental truth of business in general. This is taught in all business classes. The average person is terrible at making decisions, business averages reflect this.

This isn't some weird statement, this is standard business knowledge that is supposed to be something everyone knows. Businesses fail with reckless abandon because... all the reasons we see every day. No clue what they are doing, risky, wasting money, bad business planning, etc.

@dashrender said in Handling DNS in a Single Active Directory Domain Controller Environment:

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

In the scenario of 2 DC's, the VM would be backed up but is it worth it? Restoring a DC VM with multiple DC's has a higher probability of creating replication issues.

I thought this was resolved in Windows Server 2016? I.e. a restored DC would check with the other DCs and see that it was behind, and assuming authentication was still valid, it would update itself from the other DCs?

It is typically resolved, yes. Not a major issue IF you have an SMB that is current.

@dashrender said in Handling DNS in a Single Active Directory Domain Controller Environment:

@obsolesce said in Handling DNS in a Single Active Directory Domain Controller Environment:

But I must add you don't have to go MS to be LANless, above was just an example.

LOL - A stand along Mac or CentOS box is LANLess.

NOt necessarily or commonly.