@scottalanmiller said in Experience with NDR Solutions:
@stacksofplates said in Experience with NDR Solutions:
Is it all JWTs ?
We do, in fact, use JWTs. Pretty manual, but given that it's very simple and limited and deployed in replicable ways simple makes the most sense.
I don’t get what you mean by manual?
@scottalanmiller said in Experience with NDR Solutions:
@stacksofplates said in Experience with NDR Solutions:
SPIFFE/SPIRE
more appropriate for multi-service environments
You can treat systems as services. Comparing the machine someone is accessing the service from along with the time and location are all valid checks that should be done if you are even thinking of something like NDR software. It’s best demonstrated in multi service environments but is still very valid with even single service environments.
@scottalanmiller said in Experience with NDR Solutions:
@stacksofplates said in Experience with NDR Solutions:
Kube gives you a ton. Arguably the biggest advantage is service discovery.
How would service discovery assist? That would not help in any way. Adding service discovery for a single instance is a lot of work for no benefits. That's a great tech, when you have a use for it. But most software does not.
I wasn’t saying it would help. I was saying the biggest advantage kube gives is service discovery. Things like zero trust are secondary.
Although the benefits of something like Kube for Vetastic are nominal since it is already zero trust and very secure.
Kube gives you a ton. Arguably the biggest advantage is service discovery.
How are you doing zero trust with Verastic? Is it all JWTs ?
@scottalanmiller said in Experience with NDR Solutions:
@stacksofplates said in Experience with NDR Solutions:
@scottalanmiller said in Experience with NDR Solutions:
For the customer in question, an ERP dedicated for the produce logistics industry.
Or for many of my customers (who don't need NDR) a Veterinary Clinic Management System (PIMS).
Which of these do you know with microservices or with native container support or any addressing of zero trust? We can't deploy theoretical software for contrived customers, has to be the actual software that people need. In the real real world, we have to deploy the software that they are already on, almost never is IT consulted or listened to when it comes to which software to use. But even if it theoretically was, what software is out there that we could even recommend for real customer usages in most industries unless it is bespoke?
Vetastic could easily be containerized and deployed on Kube.
Yes, of course Vetastic could
But 99.99% of the industry won't switch to that. If I could switch them to that, that would be amazing.
Except for Vetastic, all (literally all) on premises (the only app type applicable for vet clinics) is Windows based and client/server. Archaic beyond imagination.
Although the benefits of something like Kube for Vetastic are nominal since it is already zero trust and very secure.
But the customer prompting the question is produce logistics, a field in which we create no software (currently).
Fair, but the second post I had above covers that. SPIFFE/SPIRE would work in that case.
Also you don’t need Kube for zero trust. You can essentially apply it to anything with SPIFFE/SPIRE. SPIRE provide attestations for nodes and workloads as SVIDS.
It’s easier on Kube because service meshes like istio and Kuma use spire under the hood for you.
OPA is another step in this direction. You don’t need Kube for OPA either.
@scottalanmiller said in Experience with NDR Solutions:
For the customer in question, an ERP dedicated for the produce logistics industry.
Or for many of my customers (who don't need NDR) a Veterinary Clinic Management System (PIMS).
Which of these do you know with microservices or with native container support or any addressing of zero trust? We can't deploy theoretical software for contrived customers, has to be the actual software that people need. In the real real world, we have to deploy the software that they are already on, almost never is IT consulted or listened to when it comes to which software to use. But even if it theoretically was, what software is out there that we could even recommend for real customer usages in most industries unless it is bespoke?
Vetastic could easily be containerized and deployed on Kube.
It all depends. You can inspect the layers of the images. You can also scan with trivy, snyk, etc.
You can also do what @IRJ mentioned. There’sa few ways to handle this.
Had a blip with Comcast this afternoon also. Wonder if it was related?
@Aconboy said in Scale Computing VS Proxmox:
@stacksofplates Yes, we did in 2019. There are a couple of ways that can be done. When you snapshot a VM, any disk in that snap can be mounted to any other vm, provided that the logged in user is at a permissions level allowing it. That is actually part of the mechanism that several backup vendors (acronis, storware,etc) use to do agentless backups of Scale Computing VM's. If you haven't taken a look since 2018, you should take a look again as there has been so very many things added since then.
Well I guess I mean more without doing a snapshot. The flow we were looking for at the time was we had an ephemeral VM that would boot, mount the disk for storage, we could unmount the disk, destroy the VM, bring it up a new copy and remount the disk. The data disk wouldn't be in the snapshot since it only holds app state. Think of it like persistent volumes for k8s.
Did scale ever add the ability to unmount and remount disks? The last time I used it (2018) you couldn’t unmount a disk and then mount it to a new machine.
@gjacobse said in VNC Replacement solution:
It's widely known that after you install software you should - reboot.
While many application function at one hundred percent right after install, some do not.
noMachine is like that it would seem. Thanks to @stacksofplates for mentioning this simple but very effective fact.
While I had installed noMachine, I hadn't performed that task on either the host or viewer.
Thus far - it's been working as designed and across platforms. I still need to test via the iPad - where I had had so much issue previously.
Thanks again -
No problem!
@gjacobse said in VNC Replacement solution:
@stacksofplates said in VNC Replacement solution:
@gjacobse said in VNC Replacement solution:
RDP is going to be a no go. Set it up today and was getting connected - that shouldn't have been an issue.
The issues is Audio and COM ports. Seems RDP is re-directing - even with that setting off.
I feel like we don't have enough I do to help. Is this your machine you are remotely connecting to? Someone else's? Do you need console access or do you just need a session?
My system. Needs to be GUI - Desktop access. All the programs running are to operate the radio
I'd just try nomachine then and see how that works for you.
@gjacobse said in VNC Replacement solution:
RDP is going to be a no go. Set it up today and was getting connected - that shouldn't have been an issue.
The issues is Audio and COM ports. Seems RDP is re-directing - even with that setting off.
I feel like we don't have enough I do to help. Is this your machine you are remotely connecting to? Someone else's? Do you need console access or do you just need a session?
@Pete-S said in VNC Replacement solution:
@stacksofplates said in VNC Replacement solution:
@Pete-S said in VNC Replacement solution:
@scottalanmiller said in VNC Replacement solution:
@stacksofplates said in VNC Replacement solution:
Nomachine works well. It's easy to set up and I've found it to be more performance and easier to set up than VNC. If it's just between windows and Linux, then rdp works also as Pete mentioned (if you don't want straight console access).
And easier than RDP on some platforms.
Nomachine is free only for personal use. You have to pay if you're using it for commercial use. It's not exactly straight forward to know what is what but there are some guidance here:
https://knowledgebase.nomachine.com/AR03P00972My interpretation is that you can get away with the free version only for sporadic admin tasks. Anything else in a company requires the enterprise license.
That sucks. It didn't used to be like that. I really feel like they are just strangling their product over time. The pricing for everything they have is ridiculous.
Yeah, they've made changes over the years. There is the NX protocol and it's wasn't open source but then it was and then it wasn't. I think open source project such as freenx / x2go uses NX but it's not compatible with the NX version that NoMachine uses. I've run into that problem a couple of years ago. I don't know if freenx exists anymore or what the deal is.
Yeah I think nomachine uses nx4 and x2go uses the old open source nx3. It's a mess. I know when I did this for the DoD contractor we just ended up using RDP because the whole ecosystem was terrible. X2Go looks like it still can't support anything past GNOME 3.12 which is ridiculous as it's been like 5-6 years since I last looked.
I haven't used it forever, but I think X2Go also supports Windows as a host.
@Pete-S said in VNC Replacement solution:
@scottalanmiller said in VNC Replacement solution:
@stacksofplates said in VNC Replacement solution:
Nomachine works well. It's easy to set up and I've found it to be more performance and easier to set up than VNC. If it's just between windows and Linux, then rdp works also as Pete mentioned (if you don't want straight console access).
And easier than RDP on some platforms.
Nomachine is free only for personal use. You have to pay if you're using it for commercial use. It's not exactly straight forward to know what is what but there are some guidance here:
https://knowledgebase.nomachine.com/AR03P00972My interpretation is that you can get away with the free version only for sporadic admin tasks. Anything else in a company requires the enterprise license.
That sucks. It didn't used to be like that. I really feel like they are just strangling their product over time. The pricing for everything they have is ridiculous.
Nomachine works well. It's easy to set up and I've found it to be more performance and easier to set up than VNC. If it's just between windows and Linux, then rdp works also as Pete mentioned (if you don't want straight console access).
@scottalanmiller said in Tactical RMM:
@stacksofplates said in Tactical RMM:
@scottalanmiller said in Tactical RMM:
@notverypunny said in Tactical RMM:
Maybe something that was available in the beginning or that I missed along the way. My understanding is that TacticalRMM was only ever usable with Windows endpoints.
Right, it was always "works on Windows, Linux and Mac are coming." But what was there was always free (but the agents have never been open - not ideal, they say that they plan to make them open eventually...)
Now Linux has come and when you go to use it, it just throws a code signing error.
The agents are open?
I checked their website this week and they said that the agents were currently still closed, but they hoped to open someday. Maybe they did this recently and haven't updated yet. That's great news.
They've been on GitHub for a while from what I remember. I linked them to someone back in like January, but they were under the old org name.
@scottalanmiller said in Tactical RMM:
@notverypunny said in Tactical RMM:
Maybe something that was available in the beginning or that I missed along the way. My understanding is that TacticalRMM was only ever usable with Windows endpoints.
Right, it was always "works on Windows, Linux and Mac are coming." But what was there was always free (but the agents have never been open - not ideal, they say that they plan to make them open eventually...)
Now Linux has come and when you go to use it, it just throws a code signing error.
The agents are open?