ZeroTier 1.1
-
@Dashrender said:
I have sense ZT's original introduction here at ML learned just that. Because you posted that before. I've never used OpenVPN before, only Cisco and SonicWall VPN clients. The Cisco and SonicWall clients suck because you have to start and stop them... I really like the always on nature of ZT.
Well Cisco and SonicWall are pretty crappy in general. OpenVPN is always on, it is what we used before moving to Pertino. We were building our own full mesh which was a huge pain. For us full mesh is what we always needed, it's perfect. But if you want a hub and spoke, OpenVPN is the ticket. Works exactly as you want, does just what you need.
-
@Jason said:
Is it that hard for your users to connect a vpn client? We don't have users with issues with that and we have plenty of not so smart users.
I've definitely encountered users that don't understand the "you have to plug it in first" concept.
Always on is always nice as AD works transparently.
-
@Jason said:
@Dashrender said:
I have sense ZT's original introduction here at ML learned just that. Because you posted that before. I've never used OpenVPN before, only Cisco and SonicWall VPN clients. The Cisco and SonicWall clients suck because you have to start and stop them... I really like the always on nature of ZT.
Is it that hard for your users to connect a vpn client? We don't have users with issues with that and we have plenty of not so smart users.
In this particular situation, no, I'm not really having any issues with traditional VPN, but where possible removing places where users can make mistakes is always nice.
On the flip side though, a full mesh network does expose your network to greater risk of things like CryptoLocker, but if you're following Scott's suggestion and not using open file shares, that risk is mostly mitigated.
For me, Once this temporary user's project is done my boss will be the only one really using VPN, and even she barely uses it anymore.
I use other tools (mainly LogMeIn).
-
Yes, fears like Cryptolocker and moves to more modern file sharing methods have led us to begin phasing out VPNs too. Now that VPNs are not needed for AD, we have no need for it anymore.
-
@scottalanmiller said:
Yes, fears like Cryptolocker and moves to more modern file sharing methods have led us to begin phasing out VPNs too. Now that VPNs are not needed for AD, we have no need for it anymore.
Not needed because of Azure AD?
Do you guys even have any hosted Windows servers? If so, do you have an hosted AD for them that syncs to Azure AD? -
@Dashrender said:
Not needed because of Azure AD?
Do you guys even have any hosted Windows servers? If so, do you have an hosted AD for them that syncs to Azure AD?The only Windows hosts that we have are the AD servers and the DirSync server. Our entire Windows infrastructure in production is for AD.
-
@scottalanmiller said:
@Dashrender said:
Not needed because of Azure AD?
Do you guys even have any hosted Windows servers? If so, do you have an hosted AD for them that syncs to Azure AD?The only Windows hosts that we have are the AD servers and the DirSync server. Our entire Windows infrastructure in production is for AD.
Assuming you've upgraded your fleet of end points to Windows 10, why do you still have those?
-
@Dashrender said:
Assuming you've upgraded your fleet of end points to Windows 10, why do you still have those?
AD controls Office 365.
-
@scottalanmiller said:
@Dashrender said:
Assuming you've upgraded your fleet of end points to Windows 10, why do you still have those?
AD controls Office 365.
Can't Azure AD?
-
If the NIC already has ZT ip, it works fine... this is my home desktop with ZT and register dns unchecked.
-
@dafyre But are you using DHCP to assign the ZT IP address or are you using a manually assigned one?
-
I am letting ZT assign the IP addresses.
