Discussion Room - Pertino
-
How “we” use Pertino is truly as a full software defined network. As a highly distributed company, Pertino and SDN is a perfect option for us. Our people are spread out all over the world and making them function as a single group, a single entity on a single network is a very big deal. Every person, no matter where they are, is a member of the network just as if they were in the office – completely transparent. This is people in the office, a home office, one the road, in a hotel, at a client site, etc. The network is everywhere.
It goes farther than that, though. Because everyone and everywhere is a part of the network, we have total flexibility as to where the network is. We were freed from our single silo datacenter and were able to leverage traditional colocation, cloud hosting and a new residential datacenter all transparently. We can put any workload, in any location, however it works best. So much freedom. And unlike traditional VPN, it isn’t like it is hub and spoke and someone on a laptop in a hotel can only reach into the main datacenter – it is actually like being right in the office so every person can directly connect to every other person. Active Directory goes to every point of the network as does DNS. We can, trivially easily, provide internal applications to everyone, everywhere securely.
It is really empowering. Now there are still issues – iOS isn’t supported yet and most NAS devices are not or are not supported easily and there is no FreeBSD or Solaris support yet. But all of our Windows, Mac and Linux systems go straight to the Pertino network and instantly become part of the global network n
-
@Bob-Beatty said:
Do I install an agent on each machine, and control this from a Central Server (I'm assuming web based, cloud administration?)?
Yes. It is full mesh so every device needs an agent.
-
@Dashrender said:
What makes Pertino secure? How is this different from Hamachi?
It is a lot like hamachi but modern and still active. Much more power and already on servers.
-
So instead of have devices behind device A connected to devices behind device B, everything connects up to the cloud and everyone connects to everyone else making it ideal for highly mobile companies with few central offices.
-
@bob-beatty Not really an agent per se. Standalone program that runs as a service. Enter creds once and it's good to go. You don't have to log in each time. It can be made invisible to the user and whenever you power on the machine, before you ever log into Windows, you're on the VPN. It is quite snazzy.
-
Does the agent get pushed down from the Central console? Can security/access be configured at that point? Where does the network get added into the mix?
-
Doesn't MS have something like this... I can't recall the name of it now.
-
@Bob-Beatty said:
Does the agent get pushed down from the Central console? Can security/access be configured at that point? Where does the network get added into the mix?
No. It can't since there is no network until the agent is deployed.
The agent adds a TUN interface. That is what puts you on the network.
There is nothing to configure at the end point. You just put in the creds and let it join.
-
@Dashrender said:
Doesn't MS have something like this... I can't recall the name of it now.
Yes but requires enterprise licensing and a 100% Microsoft network and is IPv6 only and you would have to build out your own infrastructure for it. Would cost hundreds of thousands to duplicate that way.
-
The automatic connection piece is huge. Because it does this things like DNS and AD can work. Makes our lives so much easier.
-
I started using Pertino because I'm sick of RRAS and hate the costs of hardware VPN's. If I can keep a user always connected with minimal interaction, that's a huge plus and also makes them happy.
-
And you can go to the central web console and see what machines are connected and, if necessary, disconnect them.
-
Bob - thanks for setting this up! Much easier to stay on top of threads.
Security: Pertino is installed on each end point that you want connected to the network, so we are able to deploy 256-bit AES encryption end to end. The connection is an SSL connection. Data passes through our hosted "routers" to get to each destination. Each network is completely separate, and no data is stored or even cached. Device or user-based access to resources can be restricted with just two clicks.
-
@Josh said:
Bob - thanks for setting this up! Much easier to stay on top of threads.
Security: Pertino is installed on each end point that you want connected to the network, so we are able to deploy 256-bit AES encryption end to end. The connection is an SSL connection. Data passes through our hosted "routers" to get to each destination. Each network is completely separate, and no data is stored or even cached. Device or user-based access to resources can be restricted with just two clicks.
Now all we need is those [moderated] I went around and around with a while back who were saying you were gonna get hacked if you used Pertino.
I'm still trying to get the thing to work in a point to point fashion. Lots of folks have devices behind the firewall that won't be able to either use Pertino or they don't want to have the talk with users about installing it on their personal devices. If only you would release it in source I could compile the thing on something I can work with in that regards.
-
I think we missed mentioning file transfers and remote access over Pertino because they just seem so obvious. But they play big roles. RDP and SMB over Pertino are major use cases.
-
@PSX_Defector said:
@Josh said:
Bob - thanks for setting this up! Much easier to stay on top of threads.
Security: Pertino is installed on each end point that you want connected to the network, so we are able to deploy 256-bit AES encryption end to end. The connection is an SSL connection. Data passes through our hosted "routers" to get to each destination. Each network is completely separate, and no data is stored or even cached. Device or user-based access to resources can be restricted with just two clicks.
Now all we need is those [moderated] I went around and around with a while back who were saying you were gonna get hacked if you used Pertino.
I'm still trying to get the thing to work in a point to point fashion. Lots of folks have devices behind the firewall that won't be able to either use Pertino or they don't want to have the talk with users about installing it on their personal devices. If only you would release it in source I could compile the thing on something I can work with in that regards.
@psx_defector - We use outbound port 443 SSL to make the connection, so your users should be able to connect despite being behind the firewall. You can literally close all inbound ports and still connect to your Pertino resources.
Are you looking at getting it on your Linux boxes? We've got a Debian package available and an RPM in private beta.
No plans for true point-to-point connection at this point. We're still doing all the routing via localized hosted routers.
-
RPM is working great. Best of all the packages I think. We use Windows, Mac, DEB and RPM.
-
I might be able to do something with the RPM. I'm just not big on Debian distros. My initial messing around with a psudeo point to point in Windows failed miserably. It wouldn't do much without performing a bunch of crazy local routes.
Of course, compiling from source would make my life easier.
-
I'm not a DEB fan either but GroveSocial is on Ubuntu so we've been working with it recently.
-
@scottalanmiller said:
I'm not a DEB fan either but GroveSocial is on Ubuntu so we've been working with it recently.
Isn't it generally considered that debian based systems are for consumers and rpm based systems for business? That's what I always tend to see. Anything applied to business practices always uses RPMs. FWIW