1. OCAU Merchandise is available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion in this thread.
    Dismiss Notice

Consolidated Business & Enterprise Computing Rant Thread

Discussion in 'Business & Enterprise Computing' started by elvis, Jul 1, 2008.

  1. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    46,795
    Location:
    Brisbane
    For a small business, I'd go CentOS. Nice long term support, stable base, easy to find support for, easy to switch to commercial support from RedHat if you need to.
     
  2. tonner78

    tonner78 Member

    Joined:
    Sep 16, 2003
    Messages:
    2,220
    Location:
    Inside the Matrix
    That's what I was thinking.. Thanks elvis!
     
  3. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,640
    Location:
    Brisbane
    Pretty much everyone is complaining - 365, GAPPS, Barracuda, Mimecast, SMG/Symantec.cloud users.

    Word on reddit is people think they are targeting finance/business owners - and the list is about 2 years old.

    Honestly unless you have linux skills - don't. Samba4 AD DC does work - but if you're in an SBS environment and aren't capable of building AD from scratch, you're better off not to.

    Then there is the huge unknown of linking GAPPS to AD which is really Samba (Elvis will be talking about liking GAPPS to LDAP - which is similar but different).
     
  4. looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    26,916
    interesting read.

    http://www.economyofmechanism.com/office365-authbypass.html

     
  5. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,678
    7 Hours between notify and patch is nice, but Infinity hours between release and bug identified is of concern to anyone who looks at cloudy options, what choices are available to even do incident response on an event like this? is there any way customers can check if if someone has used this method to impersonate their users?
     
  6. lavi

    lavi Member

    Joined:
    Dec 20, 2002
    Messages:
    4,008
    Location:
    Brisbane
    problem is you should only ask for a flag not the whole OU which gets spit back to you, been working with SAML for a while now and you can really fuck it up if you don't understand the concept
     
  7. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,678
    Can you ELI5 the common pitfalls people run into for us. I've got a basic working knowledge, (I understood the flowchart on the linked article). But beyond that it's all voodoo magic to me at this stage.
     
  8. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    14,037
    Location:
    Brisbane
    Once again for me it goes back to the fact that it's still way better than what most orgs do though.

    Regarding detection, doesn't look like it's possible to detect which is a bit scary!
     
  9. Smokin Whale

    Smokin Whale Member

    Joined:
    Nov 29, 2006
    Messages:
    5,188
    Location:
    Pacific Ocean off SC
    I'm also interested in this, but it's currently in my would-be-nice-but-too-hard-and-too-expensive basket for me right now. I wonder if Google has some sort of web-based AD system in the pipeline.
     
  10. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,678
    True, but while I'm not federated, I'm not going to get caught up in the massive attack surface that is the Public cloud.

    So even if I had something that was vulnerable to a similar sort of attack, Hitting the MS endpoint to list customers, isn't going to advertise to the world that I'm a target.

    Can anyone provide any insight on how incident response works in situations like this? would they close the door and try to investigate possible breaches? would they tell customers who may had data accessed?
     
  11. ewok85

    ewok85 Member

    Joined:
    Jul 4, 2002
    Messages:
    8,097
    Location:
    Tokyo, Japan
    Personally if you are running all Windows clients, you want AD. Build a Windows Server VM on Azure, connect it however you want (VPN is cheap and fast), and add backups and you have a decent small office setup for $150/mth. Spend a few days getting the basics (group policy, WSUS, etc) setup and you have something that's easy to manage and keeps your work stations under control.

    The alternative is a good RMM configured correctly to do the same thing.
     
  12. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    14,037
    Location:
    Brisbane
    Not to mention super easy to remotely manage :)
     
  13. samus

    samus Member

    Joined:
    Jun 3, 2002
    Messages:
    1,264
    Location:
    Baulkham Hills, Sydney.
    Yes its Saturday, yes it's very early, yes the network is down.

    I'm doing scheduled maint, kindly f**k off so I can go home.

    Seriously, who comes in when YOU KNOW there is maint on, my car is in the carpark, and you come up asking why the PC isn't working?

    .....

    GRRR.

    Have a great weekend everyone.
     
  14. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    16,308
    Location:
    Canberra
    you don't even need to build a VM, just make use of their hosted AD service. Less management overhead, globally redundant, SSO integrations etc.
     
  15. ewok85

    ewok85 Member

    Joined:
    Jul 4, 2002
    Messages:
    8,097
    Location:
    Tokyo, Japan
    It doesn't do logins on workstations, Group policy, etc. It's AD-lite...
     
  16. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,640
    Location:
    Brisbane
    Ya.

    Azure AD is just Auth. Its not config management etc.
     
  17. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    16,308
    Location:
    Canberra
    and that's why I'm not windows admin any more (for at least 15 years). :lol:
     
  18. TehCamel

    TehCamel Member

    Joined:
    Oct 8, 2006
    Messages:
    4,188
    Location:
    Melbourne
    !! HAH! was doing an office move today
    about 30 other people in the office, apparently "helping" to set up desks etc
    I'm pretty sure every question I answered was "No, the internet isn't working yet. It's working in some places where we need it, but no your desk won't work. If it does, good. If it doesn't, it's not important right now."

    No questions about things like:
    * which cables go into which ports on cisco handsets,( meaning I saw plenty of cables going from wallport to laptop, and phone to phone, or wall to PC on phone, then SW to PC, or in one case, PC Port to laptop (good try at least!) then a tiny little RJ11 jammed fucking sideways into the SW port.

    or "hey, should I remove the sticky tape on this data port and use it" (hint, FUCKING NO)


    and YES the fuckin wireless is dropping out, we're working on the switch fabric.

    it felt like most of the people were there either to do stupid things and make my life harder, or whinge about why the internet isn't working on their desk yey. When i left, there was still many computers not set up..


    oh.. and you fix wifi congestion by using more wireless access points
    And you fix wifi clients not roaming by using roaming capable access points
    and you make it better by spend the sort of money relevant to your size organisation, rather than buying $20.00 TPLink access points
     
  19. TheOneWhoIsMany

    TheOneWhoIsMany Member

    Joined:
    May 1, 2003
    Messages:
    456
    This is every office move ever.

    I had one where I told the customer that I wanted ALL Saturday by ourselves to get the infrastructure set-up, switching, wireless, patching ect knowing full well that as soon as you have these "helping" staff come in they start to badger you about random shit that DOESN'T matter right now. Anyway the customer agreed to this after I was up front and explained exactly why I didn't need them on Saturday they just turn up anyway with all the staff at about 11am (after we left their office at 3am the night before and were back onsite at 7am) and start plugging shit and and hassling my team. GRRR, as soon as we had staff onsite it was "why is there no internet", "I can't print" and "why isn't this report working" I feel like we wasted hours chasing our tales.

    I don't know why clients don't get it its not like I'm not a professional most of them have seen me in action for years or dealt with my company for a long time and I've made a commitment to them that I'll get what I told them done they just never seem to believe it so they should just listen to me.
     
  20. ewok85

    ewok85 Member

    Joined:
    Jul 4, 2002
    Messages:
    8,097
    Location:
    Tokyo, Japan
    The basic concept (as I understand it) is that you sync your AD to Azure-AD, and that becomes a secure online way to connect external services (like O365) to use your internal domain for auth.
     

Share This Page

Advertisement: