LANLess explained.



  • For my first blog post in a long time, I've written up a little bit on @scottalanmiller's LANLess network design/thinking. I'll take any comments from the peanut gallery here.

    From: https://travisdh1.net/LANLess

    First things first, the original idea here comes from Scott Alan Miller. The first presentation on the topic can be seen at https://mangolassi.it/topic/11257/scott-alan-miller-the-brave-new-lanless-future

    LANLess - the word.
    Yes, the word. It encapsulates an idea. Yes, an idea, nothing more.

    LAN - Yes, we're talking about designing a network. Today this means much more than just a local LAN.

    Less - Less LAN. Yes, really, that's the whole idea. Less of a LAN.

    To get the idea, first let's look at a traditional LAN with some branch offices and remote access.

    0_1508015106895_35da339b-ec88-4755-bc1e-23104f321bb4-image.png

    We can see a number of factors that make life more difficult for all involved here:

    The security perimeter is huge, and encompasses every device connected to the network.
    VPNs and/or remote access is difficult to do for a number of reasons:
    Every device must be secured.
    VPNs and/or remote access is a static thing, assigned per device or branch office connection.
    Applications can live anywhere, making management more difficult.
    Workstations access network services differently depending on where they're located.

    Now let's take a look at this "Brave new LANLess world."

    0_1508015172645_b39d1cb7-bc5d-4872-8ac3-92618570b6a1-image.png

    A number of things should be immediately obvious here:

    The security perimeter is tiny, only encompassing network services.
    SSL/TLS is in common use rather than static VPN
    While every device is still a security risk, it is now only a risk for the limited amount of data and services that a particular user has access to.
    SSL/TLS is just an on-demand VPN. It was originally called SSL-VPN: https://en.wikipedia.org/wiki/Virtual_private_network Basically, we're replacing static VPN with dynamically assigned VPNs.
    All applications live within a single (hopefully) easily managed point.
    All workstations access the same things no matter where they are located.
    That's all great theory, how do I accomplish this?
    The first key is to remember that, just because the servers, network servers and such are pictured within the main local LAN, does not mean they need or even should be hosted on-site or by yourself! The quick and easy methods of implementing the LANLess idea are already available in the form of Office365 and G Suite. If you're already utilizing one of these offerings, or a similar offering from another company, then you're already most of the way there.

    If you absolutely must host everything yourself, then you have plenty of open source options available. Weather it makes sense to get an entire environment setup, running, and maintained yourself is always a business decision, and frankly doesn't make much sense more often than not. If you must, then I'd look at the following offerings:

    Zimbra = Email, LDAP/Single Sign On, Chat, possibly Calendars and Task management
    NextCloud = Files and File Shares
    Spreed.ME = Video Chat, Meetings, Online Whiteboard
    LOO/OnlyOffice = Online document creation, editing, and shared editing. (LOO = Libreoffice Online)
    This is what I'm currently working on getting setup in my home lab. I don't see a reason for a business to go through all the hassle of integrating all of this and trying to secure it. The large companies like Microsoft and Google can keep things much more secure than any purely local IT department.

    Travis Hershberger



  • Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)



  • @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.



  • @travisdh1

    How I understood it is with recent example I had at work which is:

    creating web application for contacts in 2 offices that are in the same country but far from each other.

    You can deploy this web based app on 2 sites separably on their LAN, and you assume that you get extra security cause its host on the site and on premises, and not internet exposed, but imagine the hidden cost of managing 2 server rooms or 2 rugged machines that you need to check and manage, instead what you can do is make each site a static external public IP and pay for that extra option, and host the web app on the cloud. And in the firewall of the hosted web app create rules to only allow Office 1 public IP + office 2 public IP. And this way you get the best of everything. Someone else managing your server room + same security you would get as if its LAN hosted, and no need to develop application twice.

    And yes currently I manage the same web app twice, and perhaps an intranet site as well will be twice created, cause my managers love adding more work instead of working smart, and the french people are messed up in the head, they think they know everything better and they dont take advice from no one.



  • @emad-r said in LANLess explained.:

    @travisdh1

    How I understood it is when creating contact web application for 2 offices that are in the same country but far from each other.

    YOu can deploy web based app on 2 sites separably on their LAN, and you assume that you get extra security cause its host on the site and on premises, and not internet exposed, but imagine the hidden cost of managing 2 server rooms or 2 rugged machines that you need to check and manage, instead make each site a static external public IP and pay for that extra option, and host the web app on the cloud and in the firewall on the web based app create rule to only allow Office 1 public IP + office 2 public IP. And this way you get the best of everything. Someone else managing your server room + same security you would get as if its LAN hosted, and no need to develop application twice.

    Erm... close. You've got the idea with the 1 place for the server(s), most likely either in a colo or hosted. The idea is that you don't need static IP to access them. They're accessible from anywhere, on any device. Location/IP no longer matters.



  • @travisdh1
    The idea is that you don't need static IP to access them. They're accessible from anywhere, on any device. Location/IP no longer matters.

    Noob question, but how can these servers have non-static IP address. Would you be using some kind of DDNS service?



  • @eddiejennings said in LANLess explained.:

    @travisdh1
    The idea is that you don't need static IP to access them. They're accessible from anywhere, on any device. Location/IP no longer matters.

    Noob question, but how can these servers have non-static IP address. Would you be using some kind of DDNS service?

    The services being offered would be on static IP most likely from the hosted or colo.
    Travis means that the offices wouldn't have to be on static IPs to allow access. - but to that I'll say - it totally depends upon the security you require. If management only wants people working on these hosted/colo'ed systems while at one of the companies locations, so be it, this does provide a bit more security than being allowed to access/use the system from anywhere on the internet.

    LAN-Less does imply literal access from anywhere, it's more about the idea that the LAN is not where the security is, instead it's up the stack at the application layer (after the SSL/TLS of course).



  • @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.



  • @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    I haven't really looked at SSO with G Suite yet, they don't currently have a domain on site, so we should be able to move into this sort of setup more easily.



  • @eddiejennings said in LANLess explained.:

    @travisdh1
    The idea is that you don't need static IP to access them. They're accessible from anywhere, on any device. Location/IP no longer matters.

    Noob question, but how can these servers have non-static IP address. Would you be using some kind of DDNS service?

    Ah, I thought @Emad-R was saying to get static IPs for the office connections, the servers would need the normal static connection.



  • @travisdh1 said in LANLess explained.:

    @eddiejennings said in LANLess explained.:

    @travisdh1
    The idea is that you don't need static IP to access them. They're accessible from anywhere, on any device. Location/IP no longer matters.

    Noob question, but how can these servers have non-static IP address. Would you be using some kind of DDNS service?

    Ah, I thought @Emad-R was saying to get static IPs for the office connections, the servers would need the normal static connection.

    I read it the same way, Travis. But doing so isn't related to LAN-Less design, it's a security decision, from my point of view.



  • @dashrender said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @eddiejennings said in LANLess explained.:

    @travisdh1
    The idea is that you don't need static IP to access them. They're accessible from anywhere, on any device. Location/IP no longer matters.

    Noob question, but how can these servers have non-static IP address. Would you be using some kind of DDNS service?

    Ah, I thought @Emad-R was saying to get static IPs for the office connections, the servers would need the normal static connection.

    I read it the same way, Travis. But doing so isn't related to LAN-Less design, it's a security decision, from my point of view.

    Well, one of the big deals with going LANLess in the first place is not having to care about where workstations/clients are located. Having statically assigned IP addresses at offices would indicate that location matters somewhere.



  • @travisdh1 said in LANLess explained.:

    @dashrender said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @eddiejennings said in LANLess explained.:

    @travisdh1
    The idea is that you don't need static IP to access them. They're accessible from anywhere, on any device. Location/IP no longer matters.

    Noob question, but how can these servers have non-static IP address. Would you be using some kind of DDNS service?

    Ah, I thought @Emad-R was saying to get static IPs for the office connections, the servers would need the normal static connection.

    I read it the same way, Travis. But doing so isn't related to LAN-Less design, it's a security decision, from my point of view.

    Well, one of the big deals with going LANLess in the first place is not having to care about where workstations/clients are located. Having statically assigned IP addresses at offices would indicate that location matters somewhere.

    It matters only in so much as a form of security.

    FreePBX is more or less LANLess today with it's responsive firewall. But it's not uncommon to whitelist or limit access to specified IPs, again for security purposes.



  • @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account



  • Btw when I tried to look at your original website, Cloudflare said your site was down.



  • @jmoore said in LANLess explained.:

    Btw when I tried to look at your original website, Cloudflare said your site was down.

    That's a cloudflare issue, it happens from time to time. Usually a refresh takes care of it.



  • @romo said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

    Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.



  • @flaxking said in LANLess explained.:

    @romo said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

    Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

    That's not the way of the world anymore.
    Heck MS tried to bring that back (at least in mobile with their HUBS idea - but we all know where that is now). Each vendor wants it's own branding front and center.



  • @dashrender said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @romo said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

    Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

    That's not the way of the world anymore.
    Heck MS tried to bring that back (at least in mobile with their HUBS idea - but we all know where that is now). Each vendor wants it's own branding front and center.

    It is achievable with open source tools, but it's kind of a stop-gap thing while we are still exposing users to the OS filesystem



  • @flaxking said in LANLess explained.:

    @dashrender said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @romo said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

    Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

    That's not the way of the world anymore.
    Heck MS tried to bring that back (at least in mobile with their HUBS idea - but we all know where that is now). Each vendor wants it's own branding front and center.

    It is achievable with open source tools, but it's kind of a stop-gap thing while we are still exposing users to the OS filesystem

    Give me an example of your achieved via open source tools solution, please.



  • @jmoore said in LANLess explained.:

    Btw when I tried to look at your original website, Cloudflare said your site was down.

    Yeah, the server was actually down for a while. Newbie mistake on my end, automatic updates are setup, but it wasn't autostarting httpd, oops... I need to get much better with saltstack already!



  • @romo said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

    The idea would be to move to G Suite entirely, including file storage with Google Drive. No need for AD, and all credentials managed through admin.google.com



  • @travisdh1 said in LANLess explained.:

    @romo said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

    The idea would be to move to G Suite entirely, including file storage with Google Drive. No need for AD, and all credentials managed through admin.google.com

    That just leaves managing the Windows machines, assuming they aren't BOYD.



  • @dashrender said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @romo said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

    The idea would be to move to G Suite entirely, including file storage with Google Drive. No need for AD, and all credentials managed through admin.google.com

    That just leaves managing the Windows machines, assuming they aren't BOYD.

    Who needs to manage them at that point? Besides making sure updates are downloaded and installed normally, and that they have the latest OS. Those are both automatic and free (currently, subject to change.)



  • @dashrender said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @dashrender said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @romo said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

    Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

    That's not the way of the world anymore.
    Heck MS tried to bring that back (at least in mobile with their HUBS idea - but we all know where that is now). Each vendor wants it's own branding front and center.

    It is achievable with open source tools, but it's kind of a stop-gap thing while we are still exposing users to the OS filesystem

    Give me an example of your achieved via open source tools solution, please.

    I not 100% sure we are talking about the same thing, but here it goes.

    I'm almost done creating a Salt collection (I should turn it into a Salt Formula) that uses Syncthing to Sync folders like Desktop, Documents, etc to a Syncthing 'master' server (essentially replacing Folder Redirection). Therefore whenever one of my user logs on to a workstation that I manage with Salt, their files will get synced without needing to be on the same LAN, just internet connection required.

    It might be possible to do something similar using the Google Drive API



  • @travisdh1 said in LANLess explained.:

    @dashrender said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @romo said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

    The idea would be to move to G Suite entirely, including file storage with Google Drive. No need for AD, and all credentials managed through admin.google.com

    That just leaves managing the Windows machines, assuming they aren't BOYD.

    Who needs to manage them at that point? Besides making sure updates are downloaded and installed normally, and that they have the latest OS. Those are both automatic and free (currently, subject to change.)

    LANless doesn't mean leaving users to their own means on company workstations. With something like Salt, it should be easier to manage them than ever. A lot of the time, users are left to report issues with their workstation that could be fixed with routine maintenance (clearing browser cache, etc.), or that could be detected earlier (i.e. running smartmontools to report if there are bad sectors in the hard drive). Before it might have seemed like a daunting task, but with today's tools that is what a modern desktop admin should be doing. Workstations are just servers that serve one person.



  • @travisdh1 said in LANLess explained.:

    @dashrender said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @romo said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

    The idea would be to move to G Suite entirely, including file storage with Google Drive. No need for AD, and all credentials managed through admin.google.com

    That just leaves managing the Windows machines, assuming they aren't BOYD.

    Who needs to manage them at that point? Besides making sure updates are downloaded and installed normally, and that they have the latest OS. Those are both automatic and free (currently, subject to change.)

    Because if they are business owned machines, I don't want my users to have local admin rights. So some form of management still needs to take place.

    If you have a reason to not have this, I'm all ears.



  • @flaxking said in LANLess explained.:

    @dashrender said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @dashrender said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @romo said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

    Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

    That's not the way of the world anymore.
    Heck MS tried to bring that back (at least in mobile with their HUBS idea - but we all know where that is now). Each vendor wants it's own branding front and center.

    It is achievable with open source tools, but it's kind of a stop-gap thing while we are still exposing users to the OS filesystem

    Give me an example of your achieved via open source tools solution, please.

    I not 100% sure we are talking about the same thing, but here it goes.

    I'm almost done creating a Salt collection (I should turn it into a Salt Formula) that uses Syncthing to Sync folders like Desktop, Documents, etc to a Syncthing 'master' server (essentially replacing Folder Redirection). Therefore whenever one of my user logs on to a workstation that I manage with Salt, their files will get synced without needing to be on the same LAN, just internet connection required.

    It might be possible to do something similar using the Google Drive API

    This sounds good, but is it tenable for someone with many gigs on their desktop? If we discount laptop/mobile users for the moment, the idea of working off cloud only stuff, i.e. no local sync, there's no syncing required at all.

    Offline access is the sticking point in this.

    If you have policies in place that prevent huge amounts of data/files from needing to be synced, then the above mentioned syncing solution might be doable for regular users, but in the wild west of people having huge amounts of things to be synced, especially to a new machine, that's a super slow logon process.


  • Service Provider

    @travisdh1 said in LANLess explained.:

    @dashrender said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @romo said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

    The idea would be to move to G Suite entirely, including file storage with Google Drive. No need for AD, and all credentials managed through admin.google.com

    That just leaves managing the Windows machines, assuming they aren't BOYD.

    Who needs to manage them at that point? Besides making sure updates are downloaded and installed normally, and that they have the latest OS. Those are both automatic and free (currently, subject to change.)

    Needs to? You might not need to, but you can, and better than ever before.



  • @dashrender said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @dashrender said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @dashrender said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @romo said in LANLess explained.:

    @flaxking said in LANLess explained.:

    @travisdh1 said in LANLess explained.:

    @flaxking said in LANLess explained.:

    Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

    I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

    We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

    Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

    At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

    You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

    Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

    That's not the way of the world anymore.
    Heck MS tried to bring that back (at least in mobile with their HUBS idea - but we all know where that is now). Each vendor wants it's own branding front and center.

    It is achievable with open source tools, but it's kind of a stop-gap thing while we are still exposing users to the OS filesystem

    Give me an example of your achieved via open source tools solution, please.

    I not 100% sure we are talking about the same thing, but here it goes.

    I'm almost done creating a Salt collection (I should turn it into a Salt Formula) that uses Syncthing to Sync folders like Desktop, Documents, etc to a Syncthing 'master' server (essentially replacing Folder Redirection). Therefore whenever one of my user logs on to a workstation that I manage with Salt, their files will get synced without needing to be on the same LAN, just internet connection required.

    It might be possible to do something similar using the Google Drive API

    This sounds good, but is it tenable for someone with many gigs on their desktop? If we discount laptop/mobile users for the moment, the idea of working off cloud only stuff, i.e. no local sync, there's no syncing required at all.

    Offline access is the sticking point in this.

    If you have policies in place that prevent huge amounts of data/files from needing to be synced, then the above mentioned syncing solution might be doable for regular users, but in the wild west of people having huge amounts of things to be synced, especially to a new machine, that's a super slow logon process.

    You're missing the point that the data and apps live on the servers, and not on the local workstation. Syncing to the workstation actively inhibits use.


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.