Calling any JumpCloud users or employees...
-
-
@scottalanmiller Grazie! Your markup skills are better than mine apparently!
-
@gregorymkeller said in Calling any JumpCloud users or employees...:
@scottalanmiller Grazie! Your markup skills are better than mine apparently!
I do this a lot
-
@scottalanmiller said in Calling any JumpCloud users or employees...:
@gregorymkeller said in Calling any JumpCloud users or employees...:
@scottalanmiller Grazie! Your markup skills are better than mine apparently!
I do this a lot
He's a robot, but we can't get him to admit it.
-
@gregorymkeller do you have any customers who have implemented your "DaaS" with an RDSH server?
-
@bigbear - I pinged the crew to see if they have any direct customer experiences and the team indicates it should work fine. The agent gets dropped on the RDSH and when we provision or bind to local accounts on that box, we drop those users in the RDP user group too. That system can not be domain joined obviously (the agent install will reject it, regardless). Give 'er a try!
-
I assume this means that RDSH license server doesn't require AD users?
-
@gregorymkeller Problem is RDSH requires an AD server or some hacks to get it in workgroup mode, in which case the users session security is very lax.
Does JumpCloud actually contract/sync AD?
-
@bigbear No, they removed the Active Directory bridge as per below:
https://support.jumpcloud.com/customer/portal/articles/2405730-installing-the-active-directory-bridge -
@Dashrender If you do it in workgroup mode, from what I have seen, its a pretty ugly setup.
Honestly I may endure the expense of Azure AD. It was a really nice setup, but $90 for the DC in the cloud was a surprise I didn't expect and the D11 instance is $220/month or so (on sale right now). So $300/month.
I can do the whole thing on a single box with more power on Vultr for $96 (Windows 2016 license included). Another $52 and I can run an AD box but I found several Microsoft articles stating that in a small single server environment it is acceptable to run AD on the RDSH box.
In our case we have no other AD servers.
-
@bigbear You should have an AD server because JumpCloud will be a lot harder to manage.
-
@dbeato The AD Bridge is in fact in the process of being upgraded. We recently made a fairly large overhaul to our grouping mechanism (it was the object called "Tags") to a proper grouping mechanism. We're re-working the APIs on our AD Bridge synch agent to point to the appropriate new objects.
-
@gregorymkeller Good to know
Love to see what is the new way -
@dbeato The mother load: https://support.jumpcloud.com/customer/en/portal/articles/2703450-getting-started-groups
-
@dbeato And this one... https://jumpcloud.com/engineering-blog/welcome-to-groups/
-
@gregorymkeller That looks like just Security Groups to be added to multiple servers.
-
@dbeato The Group, and our microservice/graph engine behind, it is the key here: the Group is bound to 'things' (RADIUS servers, systems, LDAP RBAC and SAML apps - more soon). Users get added, they get access to the connected 'things'). User is removed, they are revoked access. So think network, application, and system resources here.
-
@gregorymkeller Yeah, the same idea of a security group
Where the group are added to different services and in this case devices. It is good to maintain a central user base around servers in this case. -
@dbeato Truth ^ ^ . To be a grown up directory and support a scalable architecture, this is why we implemented Groups and sunset 'Tags' - which were more of a model dedicated to matrix-based server/user account management.
-
Could JumpCloud be used to sync passwords from multiple Office 365 Clouds (different companies and tenants) to an on Premise Active Directory server?
Mostly just interested in passwords. And I guess outside of JumpCloud I am guessing there are other products that could do it?
Example:
[email protected]
[email protected][email protected]
[email protected]sync to
[email protected]
[email protected]
[email protected]
[email protected]
