My company recently purchased M365 E3 which includes MECM/SCCM and I am looking to download the System Configuration Manager and relevant licensing so I can setup a primary site server and start using it. Normally I would check the MSVLC but in this case, we purchased M365 through a MSP/reseller and the software does not show up in the portal. That said, our accounts are still tied to the MSVLC but Microsoft support hasn't been much help so far.

I did find this page that says I am supposed to open a case with Microsoft support and reference the internal article ID 4033838. This, btw, seems completely weird.

EDIT: Scratch all this. I just had to reach out to my SP/reseller and have them open a ticket with MS, who got back to them right away with a download link and license key.

@brandon220 said in Anyone here know of core banking vendors that are actually good for small community banks?:

The only one I've ever had dealings with starts with an F. I have listened to a few of the others give their "sales pitch" but when you are so heavily involved and invested with the same core for so many years, there is a "fear" among the C-levels that prevent them from wanting to change. Some of the ones we listened to even offered to buy out the current contract, etc. just to be awarded the contract.

My biggest gripe with the above mentioned is the lack of keeping software current and not using legacy programs and software. In 2020, we still are forced to use IE11 for most of the web-based items. If you question it, you are asked to submit a feature request to update a platform.

Yeah a lot of our services require IE11 and they wont even work with modern browsers. Much of the applications we have been using are terrible, slow, clunky and end of life with minimal support from our core vendor.

@scottalanmiller said in Anyone here know of core banking vendors that are actually good for small community banks?:

@dave247 said in Anyone here know of core banking vendors that are actually good for small community banks?:

So has anyone here ever worked at or done business with a community bank that actually has consistently good things to say about their core financial vendor? I'm kinda sorta just looking for other companies to suggest we look into at some point..

Nope. And we tend to find the same thing in the small cross section of banks that we talk to - they all know that their vendors are crap but none are willing to really work hard to find an alternative, none will take the vendors to task, and none are willing to invest in or group together to invest in something better.

All the same reasons that nearly any market ends up with bad software - universally the customers just don't take their businesses seriously enough and so their vendors don't either.

@Dashrender said in Anyone here know of core banking vendors that are actually good for small community banks?:

@dave247 said in Anyone here know of core banking vendors that are actually good for small community banks?:

I was just reading this article which hits home a little bit.

Paywall, can't read.

So my own two cents - I'm not surprised by your experience at all. There's nothing stopping them from providing great customer service, but as you mention, you're a small fish, and if they have other options, they don't need to care about you and your needs, and sense it's pretty clear no one else does either, it's not like you can leave them.

Well we can leave them, and we will in the next couple of years. The issue is that we 99% will end up with another vendor that's equally bad unless we can figure out how to sort through the bad ones.

Not sure if this should be in IT Discussion or IT Business....

I work at a small community bank and have talked to several others in a similar positions as me. One common thing I've noticed is that we all have consistently poor experiences with our core banking vendors, weather its Fiserv, FIS, Finastra, Jack Henry, etc.

What it comes down to is that these are big financial corporations that I feel absorb or consume small community banks and sell them expensive contracts and provide pretty poor levels of product support while continually moving away from the products they sell you. They nickle and dime you for everything and don't seem to really care about providing good long term support. Yes there are occasionally individual employees or technicians that are good people and great at their job, but most the support I talk to do not seem to know whats going on and have to reach out to other people and departments for everything. In our case, it feels like our vendor is too big and spread out/fragmented to really be agile enough to effectively meet our needs as a small community bank. We are just a tiny fish to them. So yeah, the overall experience is that they are just using us as one more "vacuum tube" to suck up money from a small community while doing the bare minimum to hold up their end of the contract.

I was just reading this article which hits home a little bit.

So has anyone here ever worked at or done business with a community bank that actually has consistently good things to say about their core financial vendor? I'm kinda sorta just looking for other companies to suggest we look into at some point..

What kind of license do you have? I just upgraded my environment from 6.5 to 6.7 but I used the custom ESXi images provided by Dell. You will want to do that for your brand of server. Make sure you start by upgrading vCenter to 6.7 first - if you have that.

@Dashrender said in Which Nas OS?:

I could have sworn that @scottalanmiller has been against at least FreeNAS - just use a Linux OS and manage the shares. What value does FreeNAS/ReadyNAS, etc add on top of Fedora/Ubuntu/CentOS, etc?

I haven't actually used FreeNAS yet but from what I can tell it has a nice GUI aimed at using the system as a NAS, similar to something like Synology with its DiskStation Manager. I feel like if you use something like FreeBSD then its going to be more manual management with no easy way to do what you want to do - unless you're really good with Linux.

@Pete-S said in Looking for solutions to allow remote users access to their internal psychical computers:

@Dashrender said in Looking for solutions to allow remote users access to their internal psychical computers:

@Pete-S said in Looking for solutions to allow remote users access to their internal psychical computers:

@Dashrender said in Looking for solutions to allow remote users access to their internal psychical computers:

@Pete-S said in Looking for solutions to allow remote users access to their internal psychical computers:

Also are you using split tunneling on the VPN connection or is all traffic passing over VPN when connected?

I'm curious how this plays into the current conversation?

OP said he wanted to "make the best use of the remote session in terms of data transmission". It also plays into the security issue, together with credentials and logins.

aww - definitely understand the bandwidth portion, but not the creds/logins though.

Split tunneling is in general considered less secure because the user's computer is basically bridging the internet and your corporate network. And you have zero or little control over the traffic outside the VPN, unless you have some security in place for this.

When not using multi-factor authentication for the VPN tunnel (which the OP isn't) you are more susceptible to phishing attacks.

With split-tunneling and no 2FA on the VPN it's much easier to trick the users to enter their credentials into something that looks just like real thing.

That's how it ties into the security - overall risk.

Here are some covid-19 recommendations for VPNs.
https://www.us-cert.gov/ncas/alerts/aa20-073a

Microsoft have some new recommendations on how to do split tunneling VPN, particular with O365 and on-prem, to make it secure and to take load and bandwidth off the VPN connection.

Not related to security but it's also possible to have a bandwidth limitation in the VPN appliance without having a bandwidth limitation on the WAN link. There is usually a maximum VPN bandwidth in the firewall / VPN appliance.

We do split tunneling since it doesn't make sense to send/receive ALL traffic through the VPN connection. The connection is secure since we use our security appliance's specific SSLVPN application for users to connect through with specifically configured settings.

@scottalanmiller said in Looking for solutions to allow remote users access to their internal psychical computers:

@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:

@scottalanmiller said in Looking for solutions to allow remote users access to their internal psychical computers:

@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:

I wanted to figure out a solution for allowing the users to login to their company issued laptops and then click one or twice and get to their remote desktops as easily and as efficiently as possible.

You CAN make all or most of the credentials between that laptop and the resulting device be cached or saved. So that it is a really quick and painless process.

True but if a user's password expires or they change it, they may get themselves locked out. We try not to encourage saving passwords too much.

For security reasons, we avoid expiring passwords. That's what makes users write them down and make them easy to guess. Non-expiring, or rarely expiring passwords, are shown to be far more secure and make things like this much easier.

yeah I know its a balance. We have had a few trade offs between password length and expiration time

@scottalanmiller said in Looking for solutions to allow remote users access to their internal psychical computers:

@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:

I wanted to figure out a solution for allowing the users to login to their company issued laptops and then click one or twice and get to their remote desktops as easily and as efficiently as possible.

You CAN make all or most of the credentials between that laptop and the resulting device be cached or saved. So that it is a really quick and painless process.

True but if a user's password expires or they change it, they may get themselves locked out. We try not to encourage saving passwords too much.

@scottalanmiller said in Looking for solutions to allow remote users access to their internal psychical computers:

@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:

Then there are usually prompts between the SSLVPN and RDP steps such as SSL cert and other pop-ups. Yes they can check "dont ask again" but this all adds to the chunkiness of everything.

Those are problems that can be fixed, though. Those particular ones should not be like that.

ok disregard then.. not worth mentioning

@Pete-S said in Looking for solutions to allow remote users access to their internal psychical computers:

I don't understand how the use of RDP could do anything to cause multiple logins?

If you RDP in to your desktop using the same login as usual then everything is exactly the same as if you're physically there.

Login 1 : User logs into business issued laptop
Login 2 : User connects to company over SSLVPN using domain credentials
Login 3 : User connects to their internal physical PC via RDP using their domain credentials

On top of this, sometimes the company issued laptop is encrypted and they must enter a password (if there's no TPM chip). Then there are usually prompts between the SSLVPN and RDP steps such as SSL cert and other pop-ups. Yes they can check "dont ask again" but this all adds to the chunkiness of everything.

We also had some telephony/call quality issues (that I won't go into) but I will say that I'm just trying to find something that makes the best use of the remote session in terms of data transmission, so like RDP vs ICA or something. I'm not too knowledgeable in this area though.

I wanted to figure out a solution for allowing the users to login to their company issued laptops and then click one or twice and get to their remote desktops as easily and as efficiently as possible.

@Dashrender said in Looking for solutions to allow remote users access to their internal psychical computers:

@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:

@Dashrender said in Looking for solutions to allow remote users access to their internal psychical computers:

When you say things are clunky - what exactly do you mean?

If you are seeing performance issues - that could easily be your ISP connection at the office is saturated. How many users do you have VPNing in? what size pipe to the internet?

Clunky means users have multiple logins and other user-unfriendly aspects of using RDP. It would be ideal to have them be able to connect with a single login (or even SSO) and then have their desktop delivered to them quickly and cleanly.

Boy this is a lot to worry about for a temporary situation. I mean if you were looking to move to WFH in general, sure I'd care, but even for 60 days, I wouldn't spend the time or the money. But that's just me.

I'm trying to envision any of the other solutions being 'less clunky.' Sure SSO can help some, my office connects to several hospitals that have SSO, we still have to log into most systems at least twice - once into the citrix/webportal and again to an app on that portal (the app often being RDP inside that portal). Now some of the apps do work with the first login to the Citrix/webportal, but not all.

Well I mean who knows, it could actually end up being long term. It may be worth it if it runs through the year. Plus we may end up keeping some WFH users through all this.

@Dashrender said in Looking for solutions to allow remote users access to their internal psychical computers:

When you say things are clunky - what exactly do you mean?

If you are seeing performance issues - that could easily be your ISP connection at the office is saturated. How many users do you have VPNing in? what size pipe to the internet?

Clunky means users have multiple logins and other user-unfriendly aspects of using RDP. It would be ideal to have them be able to connect with a single login (or even SSO) and then have their desktop delivered to them quickly and cleanly.

We have fiber Internet where I work and the speeds are great and we only have about 30 WFH users and the pipe is only like 30% utilized. The main pain-point with anything Internet related would user's home network/wifi setup - which we don't control.

@Grey said in Looking for solutions to allow remote users access to their internal psychical computers:

Horizon is great. You could do the RDP exactly as you are, and draw back on all the deployed hardware. End users migrate to their own devices (any device) and still get their own desktop experience. You could pivot to full VDI later, or use it to add a desktop for consultant access, or whatever. It's very flexible.

This is definitely a situation where you get what you pay for, and if you go cheap, you'll get cheap.

Yeah I do like VMware and have heard that Horizon is good. I'm just a little nervous about cost which I haven't really even looked into yet. We do expect to have everyone eventually return to the office so it would kind of stink to spend a lot of money on something we aren't going to really utilize long term.

@JaredBusch said in Looking for solutions to allow remote users access to their internal psychical computers:

@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:

@JaredBusch said in Looking for solutions to allow remote users access to their internal psychical computers:

@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:

I know this topic is all the buzz right now..

Currently we are having our users remotely access their internal computers by using secured laptops as "dumb terminals" as they establish an SSLVPN connection to our firewall/security appliance and then RDP from said laptop into their workstation. It works ok but the user experience is clunky with multiple logins and we have had various issues/concerns and hope to eventually get something in place that works better.

I was looking at Citrix and VMware Horizon 7 and they have some "remote to PC" options that are included with each of their main packages. It would obviously be a waste to purchase an expensive product for the purpose of using one single side-feature that lets remote users access their internal company computers. So I wanted to see if you guys could provide any suggestions.

I understand there may be a lot of resistance here against a lot of these products since they are big and expensive and may not be wise business choices, but I am trying to work with what I have and what I know and I know that I don't know much..

If anyone can point to a product/service/mixture of technologies that would help users directly connect to their internal computers while providing a simple and solid user experience, that would be a huge help.

ZeroTier (with Flow rules) + RDP is how I solved this for my clients.

Thanks Jared, I will check that out now. Do you have any sort of latency issues or anything or is it pretty snappy through and through?

It is point to point, so as fast as the network segments can be

Gravy. I'm assuming you're referring to zerotier.com?

@JaredBusch said in Looking for solutions to allow remote users access to their internal psychical computers:

@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:

I know this topic is all the buzz right now..

Currently we are having our users remotely access their internal computers by using secured laptops as "dumb terminals" as they establish an SSLVPN connection to our firewall/security appliance and then RDP from said laptop into their workstation. It works ok but the user experience is clunky with multiple logins and we have had various issues/concerns and hope to eventually get something in place that works better.

I was looking at Citrix and VMware Horizon 7 and they have some "remote to PC" options that are included with each of their main packages. It would obviously be a waste to purchase an expensive product for the purpose of using one single side-feature that lets remote users access their internal company computers. So I wanted to see if you guys could provide any suggestions.

I understand there may be a lot of resistance here against a lot of these products since they are big and expensive and may not be wise business choices, but I am trying to work with what I have and what I know and I know that I don't know much..

If anyone can point to a product/service/mixture of technologies that would help users directly connect to their internal computers while providing a simple and solid user experience, that would be a huge help.

ZeroTier (with Flow rules) + RDP is how I solved this for my clients.

Thanks Jared, I will check that out now. Do you have any sort of latency issues or anything or is it pretty snappy through and through?

I know this topic is all the buzz right now..

Currently we are having our users remotely access their internal computers by using secured laptops as "dumb terminals" as they establish an SSLVPN connection to our firewall/security appliance and then RDP from said laptop into their workstation. It works ok but the user experience is clunky with multiple logins and we have had various issues/concerns and hope to eventually get something in place that works better.

I was looking at Citrix and VMware Horizon 7 and they have some "remote to PC" options that are included with each of their main packages. It would obviously be a waste to purchase an expensive product for the purpose of using one single side-feature that lets remote users access their internal company computers. So I wanted to see if you guys could provide any suggestions.

I understand there may be a lot of resistance here against a lot of these products since they are big and expensive and may not be wise business choices, but I am trying to work with what I have and what I know and I know that I don't know much..

If anyone can point to a product/service/mixture of technologies that would help users directly connect to their internal computers while providing a simple and solid user experience, that would be a huge help.

Read: https://docs.microsoft.com/en-us/microsoftteams/teams-overview

We just started testing out Teams where I work.. nothing big yet though, just me an my co-worker.