Discussion Room - Pertino
-
@Dashrender said:
Am I correct in my understanding that for every person who wants to connect to their work PC either directly or through RDS will require at least two licenses of Pertino? one for office computer and one for the home computer? If the user wants to use their phone as well, that would be a third, and a second computer from home, that would be a fourth Pertino license?
wow.. these licenses per user can add up fast.
If you are working it that way, yes. The billing is done on a per device basis which was a change from their per person billing. Per device makes much more sense in my opinion.
-
@ajstringham said:
Per device makes much more sense in my opinion.
Why?
-
@Dashrender said:
I just watched Scott's YouTube video on Pertino, not bad.
But unlike a traditional VPN solution - you need to setup each endpoint specifically in the Pertino cloud, right? This can get costly pretty fast considering the shear number of end points. Once a VPN solution is in place it's pretty much done. Granted there's a lot of upfront setup and that takes time and money sure, but I'm guessing the pay back for a small business would be under a year compared to the on going expenses of a subscription solution.
What am I missing?
No. You setup users and then when Pertino is installed they authenticate with those credentials and they're on. If you have 20 users with 60 devices total you don't have to setup for 60 devices, just 20 users. Also, a feature they added (FINALLY!) was being able to do batch adds. Used to be one at a time which was very limiting.
-
@dashrender Think about it. I think it was like $10/person/month before. Ok, so we have 8 users who only need one device each. That's $80. You have another 8 users who need 3 devices each. So that's also $80. So for 16 users that $160/month. Now, drop that down to, say $3/device. In the same illustration you have 32 devices. That means you've gone from paying $160/month to $96/month and it scales more easily. More efficient use of funds.
-
@scottalanmiller uses the illustration of AD authentication for remote users.
Say you have a group of users only using Pertino as a VPN to authenticate against the DC. Looking at the previous billing scheme that can be very expensive. However, by device you now have much better scalability. For what you would have paid for one user for one device you've now got three users online.
-
@ajstringham said:
@dashrender Think about it. I think it was like $10/person/month before. Ok, so we have 8 users who only need one device each. That's $80. You have another 8 users who need 3 devices each. So that's also $80. So for 16 users that $160/month. Now, drop that down to, say $3/device. In the same illustration you have 32 devices. That means you've gone from paying $160/month to $96/month and it scales more easily. More efficient use of funds.
I agree it's going to be uncommon for the average user to have three devices so the new price point makes since, but I've never heard of this product before so I can't operate with the understanding that they used to have a per person plan.
Now all that said, what about a person like your boss who has a work laptop, a work desktop, a home laptop, iPhone, Ipad and who knows what else. In tech heavy companies it's not uncommon to see several people with 5+ devices now making those people cost quite a bit more than the rest. I suppose in the end it's a 'damned if you and damned if don't' type of situation.
-
@Dashrender Originally, when it was per person, it was a 3 device/person limit. If you are the IT guy and using your account or any admin account for Pertino, this turns into a problem quick. I believe they have removed that since going to the new pricing scheme. One way or another there are tradeoffs. For someone with 5 devices it's more expensive. For most people it's more cost effective. I agree with the per person scheme. Very odd but they've moved away from that.
-
@ajstringham said:
@Dashrender said:
I just watched Scott's YouTube video on Pertino, not bad.
But unlike a traditional VPN solution - you need to setup each endpoint specifically in the Pertino cloud, right? This can get costly pretty fast considering the shear number of end points. Once a VPN solution is in place it's pretty much done. Granted there's a lot of upfront setup and that takes time and money sure, but I'm guessing the pay back for a small business would be under a year compared to the on going expenses of a subscription solution.
What am I missing?
No. You setup users and then when Pertino is installed they authenticate with those credentials and they're on. If you have 20 users with 60 devices total you don't have to setup for 60 devices, just 20 users. Also, a feature they added (FINALLY!) was being able to do batch adds. Used to be one at a time which was very limiting.
OK you don't have to spend the time provisioning all of the end point, but you do have to install Pertino onto all of them.
Here's a sample setup.
Corp office has 5 servers
remote office has 5 workstations.
With VPN I setup a P2P VPN between the firewalls and I'm done.With Pertino I need to install the client on 10 devices (OK no big deal) but I have a monthly charge for this forever. Perhaps Pertino isn't intended as a point to point replacement.
-
@ajstringham said:
@Dashrender Originally, when it was per person, it was a 3 device/person limit. If you are the IT guy and using your account or any admin account for Pertino, this turns into a problem quick. I believe they have removed that since going to the new pricing scheme. One way or another there are tradeoffs. For someone with 5 devices it's more expensive. For most people it's more cost effective. I agree with the per person scheme. Very odd but they've moved away from that.
OK this makes more since, the limits bring it in line with the costs of the device pricing seen now, only it's more usable as you mentioned.
-
@Dashrender said:
@ajstringham said:
@Dashrender said:
I just watched Scott's YouTube video on Pertino, not bad.
But unlike a traditional VPN solution - you need to setup each endpoint specifically in the Pertino cloud, right? This can get costly pretty fast considering the shear number of end points. Once a VPN solution is in place it's pretty much done. Granted there's a lot of upfront setup and that takes time and money sure, but I'm guessing the pay back for a small business would be under a year compared to the on going expenses of a subscription solution.
What am I missing?
No. You setup users and then when Pertino is installed they authenticate with those credentials and they're on. If you have 20 users with 60 devices total you don't have to setup for 60 devices, just 20 users. Also, a feature they added (FINALLY!) was being able to do batch adds. Used to be one at a time which was very limiting.
OK you don't have to spend the time provisioning all of the end point, but you do have to install Pertino onto all of them.
Here's a sample setup.
Corp office has 5 servers
remote office has 5 workstations.
With VPN I setup a P2P VPN between the firewalls and I'm done.With Pertino I need to install the client on 10 devices (OK no big deal) but I have a monthly charge for this forever. Perhaps Pertino isn't intended as a point to point replacement.
Actually, think about it. Let's say it's $4/device. I think that's about as high as they go but @josh could give you more info. That's $40/month or $480/year. Over the course of, say, 5 years, it adds up to $2400. Wow.
Flip side: You have a Cisco ASA or Juniper or Fortinet or whatever at each end. Take the cost of an appliance and multiply by 2. Say it's $800. That's $1600. Now add in licensing for each device that gets expensive every time you grow. Now add in the hours of time it takes to get the two ends configured and tested and working. Now add in troubleshooting client issues. Or is it the firewall? Is it at site A or B? Crap, they changed something so now I need to upgrade my appliances and get new licensing...Finally, what happens when you get a surge that fries one of the firewalls. Start all over.
Pertino eliminates the time, high level of expertise required, maintenance of hardware and licensing and keeps it at an easy to manage price and in a nice web interface you can access anywhere.
-
@ajstringham said:
Actually, think about it. Let's say it's $4/device. I think that's about as high as they go but @josh could give you more info. That's $40/month or $480/year. Over the course of, say, 5 years, it adds up to $2400. Wow.
Flip side: You have a Cisco ASA or Juniper or Fortinet or whatever at each end. Take the cost of an appliance and multiply by 2. Say it's $800. That's $1600. Now add in licensing for each device that gets expensive every time you grow. Now add in the hours of time it takes to get the two ends configured and tested and working. Now add in troubleshooting client issues. Or is it the firewall? Is it at site A or B? Crap, they changed something so now I need to upgrade my appliances and get new licensing...Finally, what happens when you get a surge that fries one of the firewalls. Start all over.
Pertino eliminates the time, high level of expertise required, maintenance of hardware and licensing and keeps it at an easy to manage price and in a nice web interface you can access anywhere.
I think I can say that I've spent less than the $800 (the left over from your example) in support costs on the above stated setup in the initial setup and ongoing support over 10 years. Could those things you mention happen, sure - but they are much more likely in a client to core network setup than a Point to Point setup. When I have troubles with my Point to Point setup it's always been either the ISP is having a problem, or the firewall appliance freaked (in which case a reboot resolved every time except for a fried unit). In the case of the fried unit, I simply received the unit - restored my backed up config (one of the things I love about Cisco's text configs) and I was going in less than 10 of receiving the replacement.
OH, and you can't count the firewall appliances in my case either because I'd have to have it no matter what to protect my endpoints from the internet, and in my case, the P2P VPN was included. At this scale most appliances seem to cover up to 50 users without any additional licensing.
-
@Dashrender Well, it's what works best for each environment.
-
@ajstringham said:
@Dashrender Well, it's what works best for each environment.
Don't get me wrong, I love the idea. I loved Himachi when it first hit the scene. I just can't justify the expense in my situation since my users never connect from anywhere but home and once the VPN clients are setup (and have been for many many years) the home computers can access everything inside my network and I haven't paid a penny more than the original purchase that included I think up to 20 or so VPN client terminations. Even when I moved to Sonicwall a few years ago, the VPN clients came with that too.
The best sales pitch I can here for this product is, "does your current VPN solution require a significant amount of tech support? Client endpoints not connecting? VPNs dropping? etc? Then try this product" and I do fully believe that you'll get sales and more than likely end up with a much lower incident rate and happier end users, but if you don't have that high incident rate now... the extra spend seems odd.
-
@ajstringham said:
@scottalanmiller said:
I'm not a DEB fan either but GroveSocial is on Ubuntu so we've been working with it recently.
Isn't it generally considered that debian based systems are for consumers and rpm based systems for business? That's what I always tend to see. Anything applied to business practices always uses RPMs. FWIW
Not really, it's that RedHat and it's subsequent distros have larger support groups, both historically and currently, than Debian. As a consequence, RPM and YUM are de-facto standards. Ubuntu was built around the consumer theory hence why it's got so many consumer friendly services like GNOME.
It's not that Debian or Fedora or any other fork in the kernel is better or worse, it's just one of the usual schisms that evolves in a non-centralized non-directionalized distribution. Once again, like vi, it's not used for any specific reason other than zealotry.
Real men compile from source.
-
@Dashrender said:
Perhaps Pertino isn't intended as a point to point replacement.
No, it is not.
Although I find it fun to attempt to hack it into my needs.
-
@Dashrender said:
@ajstringham said:
@Dashrender Well, it's what works best for each environment.
Don't get me wrong, I love the idea. I loved Himachi when it first hit the scene. I just can't justify the expense in my situation since my users never connect from anywhere but home and once the VPN clients are setup (and have been for many many years) the home computers can access everything inside my network and I haven't paid a penny more than the original purchase that included I think up to 20 or so VPN client terminations. Even when I moved to Sonicwall a few years ago, the VPN clients came with that too.
The best sales pitch I can here for this product is, "does your current VPN solution require a significant amount of tech support? Client endpoints not connecting? VPNs dropping? etc? Then try this product" and I do fully believe that you'll get sales and more than likely end up with a much lower incident rate and happier end users, but if you don't have that high incident rate now... the extra spend seems odd.
im with ya. Example. I have a client with a corp office and 10 state wide locations. 10 users at corp and about the same everywhere else. I just have Asa5505s at each location with the k9 sec bundle. Corp has unlimited license and each remote has 50 user cap. Oh, and any connect so they can also connect from any Internet source. I really like the sound of pertini but don't see its use for most of my folk.
-
@ajstringham said:
@scottalanmiller said:
I'm not a DEB fan either but GroveSocial is on Ubuntu so we've been working with it recently.
Isn't it generally considered that debian based systems are for consumers and rpm based systems for business? That's what I always tend to see. Anything applied to business practices always uses RPMs. FWIW
No, it's that DEB's largest downstream is Ubuntu while RPM's two biggest are RHEL/CentOS and Suse. So while DEB has Debian which is completely enterprise class (but sans support) the bulk of its users are Ubuntu which is considered, at best, a tertiary business platform and the vast majority of its users are consumers or hobbyists. RPM is used almost exclusively by business class systems. Sure Fedora runs on RPM too, but is tiny compared to RHEL and Suse and has a lot of good business use itself. Both formats are good, it's just that Ubuntu, Mint and some others that focus on desktops use DEB so are the overwhelming focus of DEB users.
-
@Dashrender said:
Am I correct in my understanding that for every person who wants to connect to their work PC either directly or through RDS will require at least two licenses of Pertino? one for office computer and one for the home computer? If the user wants to use their phone as well, that would be a third, and a second computer from home, that would be a fourth Pertino license?
If the license is per user, then each user would only be one. If they are device then each device would only be one. Per user licenses would not double for a single connection as it is only one user.
-
@Dashrender said:
I just watched Scott's YouTube video on Pertino, not bad.
But unlike a traditional VPN solution - you need to setup each endpoint specifically in the Pertino cloud, right? This can get costly pretty fast considering the shear number of end points. Once a VPN solution is in place it's pretty much done. Granted there's a lot of upfront setup and that takes time and money sure, but I'm guessing the pay back for a small business would be under a year compared to the on going expenses of a subscription solution.
What am I missing?
All mesh VPNs work this way, they always have. Site to site, hub and spoke and other models do not. Each has their own advantages. Pertino's model allows you to do a lot that traditional VPN can't handle or can't handle well. This is not replacing traditional VPN, this is allowing you to build robust networks that you could not have previously or building yourself would have been absolutely crazy to do. But look at the licensing... you were talking about per user licensing. If that's the model you purchase under, you don't care how many end points there are because you aren't paying for end points, only users.
-
@Dashrender said:
@ajstringham said:
Per device makes much more sense in my opinion.
Why?
Because networks are devices, not people. Licensing by users is quirky. If you have a ton of people and one connection, you can't afford to use a service that should be nearly free. If you have one user but a thousand servers, you are paying nothing but draining their coffers. Like any good vendor relationship you want how they bill you to be directly tied to their costs. In that way you have a naturally healthy relationship - no one is looking to screw the other. As you scale up your needs, their scale up their costs. If you have a misalignment of compensation then bad things happen.... like you do something unexpected and have to pay a fortune for something with little value or you take advantage of their billing and they don't want to keep you as a customer anymore.