WAN Design - Hub and Spoke vs. Partial Mesh vs. Full Mesh
-
@Jason said:
@dafyre said:
@NetworkNerd said:
@JaredBusch said:
@NetworkNerd said:
@Dashrender said:
Zero LAN?
yeah for the OP, I was wondering if going to a cloud solution would be workable.
Moving to Azure AD requires all the endpoints to move to Windows 10, or ditch Windows altogether and move to Linux.
I don't know that Azure AD is feasible for us at the moment. Keep in mind we are a manufacturing company that often times needs to support legacy software which works with machines out in our shops. Windows 10 for everyone is not really an option just yet.
Right, so you can easily keep the hub and spoke and only use it for AD authentication and such.
Really you need to look at what you are pushing over the pipes.
In a hub and spoke design, do folks often allow VPN access to the hub but then allow the vpn connected clients to connect to other site resources as well (i.e. might need access to a file server at each location)?
This is why you see @scottalanmiller pushing for things like ownCloud or SharePoint, et al... It doesn't matter where you are connected from... as long as you have internet, you can access your ownClooud / Sharepoint instances.
Yeah but that doesn't work for everyone. Mosltly SMBs that can get away with that.
Are we not an SBM centric forum?
-
@Jason said:
@dafyre said:
@NetworkNerd said:
@JaredBusch said:
@NetworkNerd said:
@Dashrender said:
Zero LAN?
yeah for the OP, I was wondering if going to a cloud solution would be workable.
Moving to Azure AD requires all the endpoints to move to Windows 10, or ditch Windows altogether and move to Linux.
I don't know that Azure AD is feasible for us at the moment. Keep in mind we are a manufacturing company that often times needs to support legacy software which works with machines out in our shops. Windows 10 for everyone is not really an option just yet.
Right, so you can easily keep the hub and spoke and only use it for AD authentication and such.
Really you need to look at what you are pushing over the pipes.
In a hub and spoke design, do folks often allow VPN access to the hub but then allow the vpn connected clients to connect to other site resources as well (i.e. might need access to a file server at each location)?
This is why you see @scottalanmiller pushing for things like ownCloud or SharePoint, et al... It doesn't matter where you are connected from... as long as you have internet, you can access your ownClooud / Sharepoint instances.
Yeah but that doesn't work for everyone. Mosltly SMBs that can get away with that.
@Jason said:
@dafyre said:
@NetworkNerd said:
@JaredBusch said:
@NetworkNerd said:
@Dashrender said:
Zero LAN?
yeah for the OP, I was wondering if going to a cloud solution would be workable.
Moving to Azure AD requires all the endpoints to move to Windows 10, or ditch Windows altogether and move to Linux.
I don't know that Azure AD is feasible for us at the moment. Keep in mind we are a manufacturing company that often times needs to support legacy software which works with machines out in our shops. Windows 10 for everyone is not really an option just yet.
Right, so you can easily keep the hub and spoke and only use it for AD authentication and such.
Really you need to look at what you are pushing over the pipes.
In a hub and spoke design, do folks often allow VPN access to the hub but then allow the vpn connected clients to connect to other site resources as well (i.e. might need access to a file server at each location)?
This is why you see @scottalanmiller pushing for things like ownCloud or SharePoint, et al... It doesn't matter where you are connected from... as long as you have internet, you can access your ownClooud / Sharepoint instances.
Yeah but that doesn't work for everyone. Mosltly SMBs that can get away with that.
True. There's never a 1-size fits all scenario. I can see the merits of doing it though, both for a backup location, as well as for live storage. In some cases it would make sense to use it for live storage, and others it would make more sense to use it only for backups.
I think that any business can use O365 / ACD / ownCloud for this type of thing. It's just a question as to what features are needed. By and large, though, in the SMB shops, they don't have folks (nor do they have the money to spend on third parties) that can do the risk-analysis of doing a Zero Lan + O365 vs doing a Traditional Lan + File Servers + Backups, etc.
-
@dafyre said:
True. There's never a 1-size fits all scenario. I can see the merits of doing it though, both for a backup location, as well as for live storage. In some cases it would make sense to use it for live storage, and others it would make more sense to use it only for backups.
There are colo's as well as data services for backups. Normal "cloud" type stuff is better at processing than massive storage with long (or forever) retention periods.
-
@Jason said:
@dafyre said:
True. There's never a 1-size fits all scenario. I can see the merits of doing it though, both for a backup location, as well as for live storage. In some cases it would make sense to use it for live storage, and others it would make more sense to use it only for backups.
There are colo's as well as data services for backups. Normal "cloud" type stuff is better at processing than massive storage with long (or forever) retention periods.
One could argue that both ways. Something like ownCloud would be awesome in a Colo... but then you are responsible for backups. ACD could be good for long-term storage (at least for the moment), they are still unlimited.
-
@dafyre said:
One could argue that both ways. Something like ownCloud would be awesome in a Colo... but then you are responsible for backups. ACD could be good for long-term storage (at least for the moment), they are still unlimited.
Own Cloud isn't true backup. It's just replication. That's like saying our replicated SAN systems are backups. They aren't. If there's an issue one place that is not at the hardware level it will be replicated to the other.
-
@Jason said:
@dafyre said:
One could argue that both ways. Something like ownCloud would be awesome in a Colo... but then you are responsible for backups. ACD could be good for long-term storage (at least for the moment), they are still unlimited.
Own Cloud isn't true backup. It's just replication. That's like saying our replicated SAN systems are backups. They aren't. If there's an issue one place that is not at the hardware level it will be replicated to the other.
I wasn't calling it a backup (although re-reading it, it does seem that way). You are responsible for backing up your ownCloud instance if you have it in a Colo.
If you are using Amazon, they claim to have your stuff backed up somewhere (I am unsure as the retention / how often the backups are taken, etc).
-
@dafyre said:
If you are using Amazon, they claim to have your stuff backed up somewhere (I am unsure as the retention / how often the backups are taken, etc).
Most of them are just addon services. there not backed up by default. infact for large farms of servers that are just web fronts/data processing you usually don't back them up you just have a script or something to configure them easily because if you lose a few it's not big deal.
-
@NetworkNerd said:
@Dashrender said:
Zero LAN?
yeah for the OP, I was wondering if going to a cloud solution would be workable.
Moving to Azure AD requires all the endpoints to move to Windows 10, or ditch Windows altogether and move to Linux.
I don't know that Azure AD is feasible for us at the moment. Keep in mind we are a manufacturing company that often times needs to support legacy software which works with machines out in our shops. Windows 10 for everyone is not really an option just yet.
You'd have to look at the workloads. But how many need "LAN" access rather then just getting specific exposure? I bet if you look there is no workload for which it would not work, just that each has to be evaluated individually.
-
@Dashrender said:
@Jason said:
@dafyre said:
@NetworkNerd said:
@JaredBusch said:
@NetworkNerd said:
@Dashrender said:
Zero LAN?
yeah for the OP, I was wondering if going to a cloud solution would be workable.
Moving to Azure AD requires all the endpoints to move to Windows 10, or ditch Windows altogether and move to Linux.
I don't know that Azure AD is feasible for us at the moment. Keep in mind we are a manufacturing company that often times needs to support legacy software which works with machines out in our shops. Windows 10 for everyone is not really an option just yet.
Right, so you can easily keep the hub and spoke and only use it for AD authentication and such.
Really you need to look at what you are pushing over the pipes.
In a hub and spoke design, do folks often allow VPN access to the hub but then allow the vpn connected clients to connect to other site resources as well (i.e. might need access to a file server at each location)?
This is why you see @scottalanmiller pushing for things like ownCloud or SharePoint, et al... It doesn't matter where you are connected from... as long as you have internet, you can access your ownClooud / Sharepoint instances.
Yeah but that doesn't work for everyone. Mosltly SMBs that can get away with that.
Are we not an SBM centric forum?
Not like SW is, no. We have a high occurrence of SMB compared to enterprise, but the forum does not have a size target audience in that way.
-
@Jason said:
@dafyre said:
@NetworkNerd said:
@JaredBusch said:
@NetworkNerd said:
@Dashrender said:
Zero LAN?
yeah for the OP, I was wondering if going to a cloud solution would be workable.
Moving to Azure AD requires all the endpoints to move to Windows 10, or ditch Windows altogether and move to Linux.
I don't know that Azure AD is feasible for us at the moment. Keep in mind we are a manufacturing company that often times needs to support legacy software which works with machines out in our shops. Windows 10 for everyone is not really an option just yet.
Right, so you can easily keep the hub and spoke and only use it for AD authentication and such.
Really you need to look at what you are pushing over the pipes.
In a hub and spoke design, do folks often allow VPN access to the hub but then allow the vpn connected clients to connect to other site resources as well (i.e. might need access to a file server at each location)?
This is why you see @scottalanmiller pushing for things like ownCloud or SharePoint, et al... It doesn't matter where you are connected from... as long as you have internet, you can access your ownClooud / Sharepoint instances.
Yeah but that doesn't work for everyone. Mosltly SMBs that can get away with that.
Having worked in the enterprise space.... what about the enterprise would make that harder than in the SMB space? Other than massive legacy investments to replace?
-
@scottalanmiller said:
@Jason said:
@dafyre said:
@NetworkNerd said:
@JaredBusch said:
@NetworkNerd said:
@Dashrender said:
Zero LAN?
yeah for the OP, I was wondering if going to a cloud solution would be workable.
Moving to Azure AD requires all the endpoints to move to Windows 10, or ditch Windows altogether and move to Linux.
I don't know that Azure AD is feasible for us at the moment. Keep in mind we are a manufacturing company that often times needs to support legacy software which works with machines out in our shops. Windows 10 for everyone is not really an option just yet.
Right, so you can easily keep the hub and spoke and only use it for AD authentication and such.
Really you need to look at what you are pushing over the pipes.
In a hub and spoke design, do folks often allow VPN access to the hub but then allow the vpn connected clients to connect to other site resources as well (i.e. might need access to a file server at each location)?
This is why you see @scottalanmiller pushing for things like ownCloud or SharePoint, et al... It doesn't matter where you are connected from... as long as you have internet, you can access your ownClooud / Sharepoint instances.
Yeah but that doesn't work for everyone. Mosltly SMBs that can get away with that.
Having worked in the enterprise space.... what about the enterprise would make that harder than in the SMB space? Other than massive legacy investments to replace?
Like you said... Legacy applications... My second thought would be scale. How many end-users do you have to separate from the LAN / Servers -- especially if it is a typical office environment.
-
@dafyre said:
@scottalanmiller said:
@Jason said:
@dafyre said:
@NetworkNerd said:
@JaredBusch said:
@NetworkNerd said:
@Dashrender said:
Zero LAN?
yeah for the OP, I was wondering if going to a cloud solution would be workable.
Moving to Azure AD requires all the endpoints to move to Windows 10, or ditch Windows altogether and move to Linux.
I don't know that Azure AD is feasible for us at the moment. Keep in mind we are a manufacturing company that often times needs to support legacy software which works with machines out in our shops. Windows 10 for everyone is not really an option just yet.
Right, so you can easily keep the hub and spoke and only use it for AD authentication and such.
Really you need to look at what you are pushing over the pipes.
In a hub and spoke design, do folks often allow VPN access to the hub but then allow the vpn connected clients to connect to other site resources as well (i.e. might need access to a file server at each location)?
This is why you see @scottalanmiller pushing for things like ownCloud or SharePoint, et al... It doesn't matter where you are connected from... as long as you have internet, you can access your ownClooud / Sharepoint instances.
Yeah but that doesn't work for everyone. Mosltly SMBs that can get away with that.
Having worked in the enterprise space.... what about the enterprise would make that harder than in the SMB space? Other than massive legacy investments to replace?
Like you said... Legacy applications... My second thought would be scale. How many end-users do you have to separate from the LAN / Servers -- especially if it is a typical office environment.
Legacy applications can generally be used without a LAN, just takes a little work. Not 100% of the time, but commonly.
Actually I think that scale makes it easier because some of the difficult mesh things that SMBs do enterprises don't because they don't scale - like using desktops as file servers.
-
@scottalanmiller said:
@dafyre said:
@scottalanmiller said:
@Jason said:
@dafyre said:
@NetworkNerd said:
@JaredBusch said:
@NetworkNerd said:
@Dashrender said:
Zero LAN?
yeah for the OP, I was wondering if going to a cloud solution would be workable.
Moving to Azure AD requires all the endpoints to move to Windows 10, or ditch Windows altogether and move to Linux.
I don't know that Azure AD is feasible for us at the moment. Keep in mind we are a manufacturing company that often times needs to support legacy software which works with machines out in our shops. Windows 10 for everyone is not really an option just yet.
Right, so you can easily keep the hub and spoke and only use it for AD authentication and such.
Really you need to look at what you are pushing over the pipes.
In a hub and spoke design, do folks often allow VPN access to the hub but then allow the vpn connected clients to connect to other site resources as well (i.e. might need access to a file server at each location)?
This is why you see @scottalanmiller pushing for things like ownCloud or SharePoint, et al... It doesn't matter where you are connected from... as long as you have internet, you can access your ownClooud / Sharepoint instances.
Yeah but that doesn't work for everyone. Mosltly SMBs that can get away with that.
Having worked in the enterprise space.... what about the enterprise would make that harder than in the SMB space? Other than massive legacy investments to replace?
Like you said... Legacy applications... My second thought would be scale. How many end-users do you have to separate from the LAN / Servers -- especially if it is a typical office environment.
Legacy applications can generally be used without a LAN, just takes a little work. Not 100% of the time, but commonly.
Actually I think that scale makes it easier because some of the difficult mesh things that SMBs do enterprises don't because they don't scale - like using desktops as file servers.
I can agree with this mostly, I think. Scale is not such a big issue for the enterprises because they have the funding to pay for it, so they get the benefit of the economy of scale as well. (Buy more, get it cheapter, etc).