LANLess explained.

travisdh1

@emad-r said in LANLess explained.:

@travisdh1

How I understood it is when creating contact web application for 2 offices that are in the same country but far from each other.

YOu can deploy web based app on 2 sites separably on their LAN, and you assume that you get extra security cause its host on the site and on premises, and not internet exposed, but imagine the hidden cost of managing 2 server rooms or 2 rugged machines that you need to check and manage, instead make each site a static external public IP and pay for that extra option, and host the web app on the cloud and in the firewall on the web based app create rule to only allow Office 1 public IP + office 2 public IP. And this way you get the best of everything. Someone else managing your server room + same security you would get as if its LAN hosted, and no need to develop application twice.

Erm... close. You've got the idea with the 1 place for the server(s), most likely either in a colo or hosted. The idea is that you don't need static IP to access them. They're accessible from anywhere, on any device. Location/IP no longer matters.

EddieJennings

@travisdh1
The idea is that you don't need static IP to access them. They're accessible from anywhere, on any device. Location/IP no longer matters.

Noob question, but how can these servers have non-static IP address. Would you be using some kind of DDNS service?

Dashrender

@eddiejennings said in LANLess explained.:

@travisdh1
The idea is that you don't need static IP to access them. They're accessible from anywhere, on any device. Location/IP no longer matters.

Noob question, but how can these servers have non-static IP address. Would you be using some kind of DDNS service?

The services being offered would be on static IP most likely from the hosted or colo.
Travis means that the offices wouldn't have to be on static IPs to allow access. - but to that I'll say - it totally depends upon the security you require. If management only wants people working on these hosted/colo'ed systems while at one of the companies locations, so be it, this does provide a bit more security than being allowed to access/use the system from anywhere on the internet.

LAN-Less does imply literal access from anywhere, it's more about the idea that the LAN is not where the security is, instead it's up the stack at the application layer (after the SSL/TLS of course).

flaxking

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

travisdh1

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

I haven't really looked at SSO with G Suite yet, they don't currently have a domain on site, so we should be able to move into this sort of setup more easily.

travisdh1

@eddiejennings said in LANLess explained.:

@travisdh1
The idea is that you don't need static IP to access them. They're accessible from anywhere, on any device. Location/IP no longer matters.

Noob question, but how can these servers have non-static IP address. Would you be using some kind of DDNS service?

Ah, I thought @Emad-R was saying to get static IPs for the office connections, the servers would need the normal static connection.

Dashrender

@travisdh1 said in LANLess explained.:

@eddiejennings said in LANLess explained.:

@travisdh1
The idea is that you don't need static IP to access them. They're accessible from anywhere, on any device. Location/IP no longer matters.

Noob question, but how can these servers have non-static IP address. Would you be using some kind of DDNS service?

Ah, I thought @Emad-R was saying to get static IPs for the office connections, the servers would need the normal static connection.

I read it the same way, Travis. But doing so isn't related to LAN-Less design, it's a security decision, from my point of view.

travisdh1

@dashrender said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@eddiejennings said in LANLess explained.:

@travisdh1
The idea is that you don't need static IP to access them. They're accessible from anywhere, on any device. Location/IP no longer matters.

Noob question, but how can these servers have non-static IP address. Would you be using some kind of DDNS service?

Ah, I thought @Emad-R was saying to get static IPs for the office connections, the servers would need the normal static connection.

I read it the same way, Travis. But doing so isn't related to LAN-Less design, it's a security decision, from my point of view.

Well, one of the big deals with going LANLess in the first place is not having to care about where workstations/clients are located. Having statically assigned IP addresses at offices would indicate that location matters somewhere.

Dashrender

@travisdh1 said in LANLess explained.:

@dashrender said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@eddiejennings said in LANLess explained.:

@travisdh1
The idea is that you don't need static IP to access them. They're accessible from anywhere, on any device. Location/IP no longer matters.

Noob question, but how can these servers have non-static IP address. Would you be using some kind of DDNS service?

Ah, I thought @Emad-R was saying to get static IPs for the office connections, the servers would need the normal static connection.

I read it the same way, Travis. But doing so isn't related to LAN-Less design, it's a security decision, from my point of view.

Well, one of the big deals with going LANLess in the first place is not having to care about where workstations/clients are located. Having statically assigned IP addresses at offices would indicate that location matters somewhere.

It matters only in so much as a form of security.

FreePBX is more or less LANLess today with it's responsive firewall. But it's not uncommon to whitelist or limit access to specified IPs, again for security purposes.

Romo

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

jmoore

Btw when I tried to look at your original website, Cloudflare said your site was down.

DustinB3403

@jmoore said in LANLess explained.:

Btw when I tried to look at your original website, Cloudflare said your site was down.

That's a cloudflare issue, it happens from time to time. Usually a refresh takes care of it.

flaxking

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

Dashrender

@flaxking said in LANLess explained.:

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

That's not the way of the world anymore.
Heck MS tried to bring that back (at least in mobile with their HUBS idea - but we all know where that is now). Each vendor wants it's own branding front and center.

flaxking

@dashrender said in LANLess explained.:

@flaxking said in LANLess explained.:

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

That's not the way of the world anymore.
Heck MS tried to bring that back (at least in mobile with their HUBS idea - but we all know where that is now). Each vendor wants it's own branding front and center.

It is achievable with open source tools, but it's kind of a stop-gap thing while we are still exposing users to the OS filesystem

Dashrender

@flaxking said in LANLess explained.:

@dashrender said in LANLess explained.:

@flaxking said in LANLess explained.:

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

That's not the way of the world anymore.
Heck MS tried to bring that back (at least in mobile with their HUBS idea - but we all know where that is now). Each vendor wants it's own branding front and center.

It is achievable with open source tools, but it's kind of a stop-gap thing while we are still exposing users to the OS filesystem

Give me an example of your achieved via open source tools solution, please.

travisdh1

@jmoore said in LANLess explained.:

Btw when I tried to look at your original website, Cloudflare said your site was down.

Yeah, the server was actually down for a while. Newbie mistake on my end, automatic updates are setup, but it wasn't autostarting httpd, oops... I need to get much better with saltstack already!

travisdh1

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

The idea would be to move to G Suite entirely, including file storage with Google Drive. No need for AD, and all credentials managed through admin.google.com

Dashrender

@travisdh1 said in LANLess explained.:

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

The idea would be to move to G Suite entirely, including file storage with Google Drive. No need for AD, and all credentials managed through admin.google.com

That just leaves managing the Windows machines, assuming they aren't BOYD.

travisdh1

@dashrender said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

The idea would be to move to G Suite entirely, including file storage with Google Drive. No need for AD, and all credentials managed through admin.google.com

That just leaves managing the Windows machines, assuming they aren't BOYD.

Who needs to manage them at that point? Besides making sure updates are downloaded and installed normally, and that they have the latest OS. Those are both automatic and free (currently, subject to change.)