ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    If LAN is legacy, what is the UN-legacy...?

    Scheduled Pinned Locked Moved IT Discussion
    188 Posts 13 Posters 91.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @scottalanmiller
      last edited by

      @scottalanmiller said:

      @Dashrender said:

      What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.

      ZeroTier is truly free and can be done without Internet access, if you want.

      But if you are doing that, why bother with ZT?

      scottalanmillerS JaredBuschJ 2 Replies Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Dashrender
        last edited by

        @Dashrender said:

        @scottalanmiller said:

        @Dashrender said:

        What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.

        ZeroTier is truly free and can be done without Internet access, if you want.

        But if you are doing that, why bother with ZT?

        If you are doing it for free? Just because you don't want to pay.

        Without Internet? Because you want software defined networking. Same basic reasons for OpenDaylight.

        DashrenderD 1 Reply Last reply Reply Quote 0
        • JaredBuschJ
          JaredBusch @Dashrender
          last edited by

          @Dashrender said:

          @scottalanmiller said:

          @Dashrender said:

          What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.

          ZeroTier is truly free and can be done without Internet access, if you want.

          But if you are doing that, why bother with ZT?

          Encryption is the first thing that comes to mind.

          DashrenderD 1 Reply Last reply Reply Quote 1
          • DashrenderD
            Dashrender @scottalanmiller
            last edited by

            @scottalanmiller said:

            @Dashrender said:

            @scottalanmiller said:

            @Dashrender said:

            What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.

            ZeroTier is truly free and can be done without Internet access, if you want.

            But if you are doing that, why bother with ZT?

            If you are doing it for free? Just because you don't want to pay.

            Without Internet? Because you want software defined networking. Same basic reasons for OpenDaylight.

            OpenDaylight? (searching internet)

            If your network isn't attached to the internet, then why would you need SDN? What do you gain? I definitely see why you use SDN for internet connected devices/services...

            1 Reply Last reply Reply Quote 1
            • DashrenderD
              Dashrender @JaredBusch
              last edited by

              @JaredBusch said:

              @Dashrender said:

              @scottalanmiller said:

              @Dashrender said:

              What do you think about the fact that these SDNs aren't really free, yeah LANs aren't free you need a switch, but SDNs need a control node and switches and internet access.

              ZeroTier is truly free and can be done without Internet access, if you want.

              But if you are doing that, why bother with ZT?

              Encryption is the first thing that comes to mind.

              most systems already have their own encryption built in, so that shouldn't be a problem.

              Windows can run completely encrypted on the LAN side if you want - enable certs/keys, etc...

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @Dashrender
                last edited by

                @Dashrender said:

                Windows can run completely encrypted on the LAN side if you want - enable certs/keys, etc...

                Right... and you are just building a complicated, proprietary SDN 🙂

                1 Reply Last reply Reply Quote 1
                • dafyreD
                  dafyre
                  last edited by

                  My biggest concerns about having things like AD on Azure would be that traffic (encrypted or not) being hit by a MITM type attack. It makes your information more vulnerable to that, than if you were, say... Running your business infrastructure on ZeroTier.

                  JaredBuschJ DashrenderD 2 Replies Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch @dafyre
                    last edited by

                    @dafyre said:

                    My biggest concerns about having things like AD on Azure would be that traffic (encrypted or not) being hit by a MITM type attack. It makes your information more vulnerable to that, than if you were, say... Running your business infrastructure on ZeroTier.

                    Tell me how ZT makes you immune to a MITM?

                    scottalanmillerS 1 Reply Last reply Reply Quote 1
                    • scottalanmillerS
                      scottalanmiller @JaredBusch
                      last edited by

                      @JaredBusch said:

                      @dafyre said:

                      My biggest concerns about having things like AD on Azure would be that traffic (encrypted or not) being hit by a MITM type attack. It makes your information more vulnerable to that, than if you were, say... Running your business infrastructure on ZeroTier.

                      Tell me how ZT makes you immune to a MITM?

                      Or at least less susceptible than Azure AD.

                      dafyreD 1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @dafyre
                        last edited by

                        @dafyre said:

                        My biggest concerns about having things like AD on Azure would be that traffic (encrypted or not) being hit by a MITM type attack. It makes your information more vulnerable to that, than if you were, say... Running your business infrastructure on ZeroTier.

                        Azure AD doesn't have this issue because Azure AD assumes all networks are untrusted, and as such transmits data only in a secure/encrypted manner to the endpoint.

                        Now of course this doesn't mean it's impossible for a MITM to get in there, its much more difficult.

                        ZT is really only useful for systems that don't have their secure communication method already in place. And example would be traditional LAN based AD. By default this communication is not encrypted, so using ZT would provide a level of protection that the LAN does not, while at the same time enabling you to be much more mobile at the same time.

                        1 Reply Last reply Reply Quote 2
                        • dafyreD
                          dafyre @scottalanmiller
                          last edited by

                          @scottalanmiller said:

                          @JaredBusch said:

                          @dafyre said:

                          My biggest concerns about having things like AD on Azure would be that traffic (encrypted or not) being hit by a MITM type attack. It makes your information more vulnerable to that, than if you were, say... Running your business infrastructure on ZeroTier.

                          Tell me how ZT makes you immune to a MITM?

                          Or at least less susceptible than Azure AD.

                          Less susceptible is definitely a better way of stating that.

                          1 Reply Last reply Reply Quote 0
                          • wirestyle22W
                            wirestyle22
                            last edited by

                            This is an interesting concept. Does anyone have any documentation on this? I'd love to read about what it would take to actually implement something like this.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @wirestyle22
                              last edited by

                              @wirestyle22 said:

                              This is an interesting concept. Does anyone have any documentation on this? I'd love to read about what it would take to actually implement something like this.

                              Sadly, no. But it is coming soon 🙂 You heard it here first!!

                              1 Reply Last reply Reply Quote 1
                              • scottalanmillerS
                                scottalanmiller
                                last edited by

                                Oh, we could do a case study pretty easily, though. @ntg does this and has kind of stepped through the "best of breed" network design for a modern company over the years so we are good for that.

                                I've worked at several companies that have done this, as well, so I have some decent insight into what others are doing, not just one company.

                                wirestyle22W 1 Reply Last reply Reply Quote 0
                                • wirestyle22W
                                  wirestyle22 @scottalanmiller
                                  last edited by

                                  @scottalanmiller I have a serious lack of knowledge that I am fervently attempting to make up for so please excuse any misinformation.

                                  Currently we are set-up with a primary Domain and a VM secondary replicated domain at the same site (as well as a few remotely replicated domains for our bigger sites). A file Server, SQL Server using Financial Edge/Blackbaud, A terminal server for remote sites to access e-mail as well as the Network Share, etc. My question would be how would Active Directory look with this? I'm assuming I would I be able to actually connect all of my remote sites to a remote domain with something like this and everything would be managed through the cloud?

                                  Any information at this point is very appreciated 🙂 Thank you as always.

                                  scottalanmillerS 3 Replies Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender
                                    last edited by

                                    @wirestyle22 I'd like to take a crack at this.

                                    There are three approaches that I can currently see for you.

                                    1. LAN/WAN (VPN or dedicated site to site links) to connect all devices "privately" - what you are doing today.
                                    2. Pertino/ZeroTier - this would involve installing Pertino/ZT on every device in your environment and using that network to interconnect all of your equipment. The physical network is more or less a way for devices to get on the internet (yes I'm making an assumption here that the SDN will work on the internet) so they can connect to the SDN.
                                    3. Use something like Azure AD (only supports Windows 10 endpoints) and other services (OwnCloud/Office 365/DropBox, etc) that assume connections are all coming from untrusted sources and acts according.
                                    wirestyle22W 1 Reply Last reply Reply Quote 0
                                    • wirestyle22W
                                      wirestyle22 @Dashrender
                                      last edited by

                                      @Dashrender That makes a lot of sense. Thank you.

                                      Wouldn't every piece of software (especially Financial Edge/Blackbaud--SQL) need to support that? Also, how is this going to access files and run queries? Is it still going to be based on the Local IP/Mac Address or is it going out and then back in? I'm sorry if these are stupid questions.

                                      DashrenderD 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @wirestyle22
                                        last edited by

                                        @wirestyle22 said:

                                        Currently we are set-up with a primary Domain and a VM secondary replicated domain at the same site (as well as a few remotely replicated domains for our bigger sites).

                                        I'm assuming that you mean Active Directory domain here?

                                        wirestyle22W 1 Reply Last reply Reply Quote 0
                                        • wirestyle22W
                                          wirestyle22 @scottalanmiller
                                          last edited by wirestyle22

                                          @scottalanmiller Yes sir. Sorry for the lack of clarification.

                                          1 Reply Last reply Reply Quote 0
                                          • DashrenderD
                                            Dashrender @wirestyle22
                                            last edited by

                                            @wirestyle22 said:

                                            @Dashrender That makes a lot of sense. Thank you.

                                            Wouldn't every piece of software (especially Financial Edge/Blackbaud--SQL) need to support that? Also, how is this going to access files and run queries? Is it still going to be based on the Local IP/Mac Address or is it going out and then back in? I'm sorry if these are stupid questions.

                                            Support? sorta. What would be really nice is if every service (your financial package, OwnCloud, etc) all support Azure AD authentication. Then the user would only have to remember one username and pasword.

                                            As for how those systems work, they each would connect to you via a secure tunnel, via TLS, SSH, SSL, whatever... and they would all prompt you for a username and password.

                                            They would all work on a similar principal as the internet at large. Every website you go you, you need to create a secure connection to (hopefully) and then give logon credentials.

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 6
                                            • 7
                                            • 8
                                            • 9
                                            • 10
                                            • 10 / 10
                                            • First post
                                              Last post