Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google's Plan To Kill the Corporate Network

Soulskill posted about 10 months ago | from the your-corporate-laptop-is-being-replaced-with-an-abacus dept.

Google 308

mask.of.sanity writes "Google has revealed details on its Beyond Corp project to scrap the notion of a corporate network and move to a zero-trust model. The company perhaps unsurprisingly considers the traditional notion of perimeter defense and its respective gadgetry as a dead duck, and has moved to authenticate and authorize its 42,000 staff so they can access Google HQ from anywhere (video). Google also revealed it was perhaps the biggest Apple shop in the world, with 43,000 devices deployed and staff only allowed to use Windows with a supporting business case."

cancel ×

308 comments

Sorry! There are no comments related to the filter you selected.

Wow (2, Insightful)

MightyMartian (840721) | about 10 months ago | (#45653951)

Wow, Google has invented the VPN! What great innovators.

Re:Wow (1)

binarylarry (1338699) | about 10 months ago | (#45654057)

"Firewalls don't help"

LOL! You could make the case that Firewalls aren't perfect security solutions but god damn.

Re:Wow (5, Insightful)

Anonymous Coward | about 10 months ago | (#45654531)

What they're saying is that the idea of border security is a bad model. One compromised system on the inside and you're pretty much done. IDS and DPI are good ideas but they aren't effective enough. Breaking in to any corporate network is as easy as spamming it's users with social-engineering-laden email. Get them to click on a link and you own their soft, squishy, zero-day-vulnerable desktops. Keylog and steal their credentials and you've got a jumping off point to worm in to the rest of their network. It's that easy.

What they're saying is once you move to a trust-nothing model.. Why bother investing in a huge corp network when you can't trust it anyway? When you don't have big corp network what's, the advantages of running your own services over purchasing them from someone else? Like Google?

Re:Wow (1)

Anonymous Coward | about 10 months ago | (#45654203)

Their datacenters got owned by the NSA. Why would anyone trust them on security?

Re:Wow (1, Offtopic)

fnj (64210) | about 10 months ago | (#45654475)

Their ASSES got owned by the NSA. Why would anyone think they CARE about security?

Re:Wow (0)

Anonymous Coward | about 10 months ago | (#45654309)

Wow, Google has invented the VPN! What great innovators.

I think they discovered IPSec, which actually has little to do with VPN as most people use it. VPN is just a special case of IPSec in tunnel mode, which I think is quite crappy mode of communication, only needed because lack of IPSec deployment and lack of address space (ehem, IPv6).

This is actually quite old in Microsoft realm. MSDN has documentation of setting up domain (ie. active directory definition) with IPSec ACLs going back over a decade. It is just not used because it was deemed "difficult to use" and such and no one bothered. (that's aside of microsoft IPSec stack that cannot be audited by 3rd parties)

Re:Wow (4, Informative)

russotto (537200) | about 10 months ago | (#45654493)

No, a VPN still depends on a perimeter defense; the VPN is an tunnel through the perimeter and once the tunnel is set up, you have full access.

eh, Google no eat own dogfood? (3, Insightful)

Spy Handler (822350) | about 10 months ago | (#45653959)

why use so many Apple computers when there's your own awesome Chromebook [google.com] ?

Re:eh, Google no eat own dogfood? (5, Funny)

plover (150551) | about 10 months ago | (#45653995)

My dog eats its own poop.

Not a ringing endorsement for the dog food metaphor.

Why? (0)

Anonymous Coward | about 10 months ago | (#45654041)

My dog eats its own poop.

Why do they do this?!?

Re:Why? (2, Funny)

Anonymous Coward | about 10 months ago | (#45654133)

Because even the smartest dogs are quite stupid by human standards.

Re:Why? (0, Insightful)

Anonymous Coward | about 10 months ago | (#45654189)

But they're still smarter than the average cat.

Re:Why? (1)

g0bshiTe (596213) | about 10 months ago | (#45654307)

Don't know about that, cats won't walk on a leash, a cat won't come when you call it.

Which would you consider smarter? Hint, it's probably the one that exercises it's own free will vs the will of it's owner.

Re:Why? (1)

NatasRevol (731260) | about 10 months ago | (#45654173)

Vitamins.

Re:Why? (1)

g0bshiTe (596213) | about 10 months ago | (#45654277)

To get the taste of their owners face out of their mouths.

Re:eh, Google no eat own dogfood? (2)

BreakBad (2955249) | about 10 months ago | (#45654099)

Charlie don't surf.

Re:eh, Google no eat own dogfood? (1)

atom1c (2868995) | about 10 months ago | (#45654221)

Charlie don't surf.

YES!

Re:eh, Google no eat own dogfood? (1)

aaronjp (51549) | about 10 months ago | (#45654009)

Perhaps, because it is still primarily a content consumption device and not a content creation device.

Re:eh, Google no eat own dogfood? (1)

Anonymous Coward | about 10 months ago | (#45654127)

So in other words Google LIED about what the chromebook is as they have been pushing it as a business tool ideal for collaboration and productivity work.

Re:eh, Google no eat own dogfood? (1)

Anonymous Coward | about 10 months ago | (#45654489)

So in other words Google LIED about what the chromebook is as they have been pushing it as a business tool ideal for collaboration and productivity work.

With the rise of cloud services (formerly known as hosted application services) there is a diminishing need to have software installed on each computer, be it desktop or notebook or tablet or smartphone) these days. Even software developers can remotely access terminal sessions or a GUI VDI session to access the development toolchain and source code repositories. The most significant drawback is the potential disruption in productivity if the ISP or wireless carrier providing connectivity has an outage or degraded service level.

Re:eh, Google no eat own dogfood? (1)

Anonymous Coward | about 10 months ago | (#45654569)

that significant drawback of network connectivity isn't just significant. It is devastating and the vast majority of businesses cannot be at the whim of ISP's, cloud hosting providers or local telecoms just to be able to do basic business tasks. Many businesses suffer immensely just from having mail down. Take away their ability to do local work stuff as well when the network hiccups and you have a recipe to send many companies to the wall with just a few small outages.

Re:eh, Google no eat own dogfood? (4, Insightful)

luis_a_espinal (1810296) | about 10 months ago | (#45654141)

Perhaps, because it is still primarily a content consumption device and not a content creation device.

This. Content consumption =/= content creation. Sadly, the nuisance is missed to many in this supposedly nerd realm that slashdot is supposed to be.

Re:eh, Google no eat own dogfood? (0)

Anonymous Coward | about 10 months ago | (#45654199)

google have been pushing the chromebooks as ideal PC replacements for workers in business, Just look at there own chromebook pages. I agree that chromebooks are crap for productivity, BUT that is certainly not what they are telling other businesses.

Re:eh, Google no eat own dogfood? (0)

Anonymous Coward | about 10 months ago | (#45654567)

google have been pushing the chromebooks as ideal PC replacements for workers in business, Just look at there own chromebook pages. I agree that chromebooks are crap for productivity, BUT that is certainly not what they are telling other businesses.

It depends on the particular use case. For many organizations including schools the Google Chromebook makes sense. Although the mandatory requirement of a Google account which effectively tracks everything you do is troublesome. However, for a non-insignificant portion of the home market Google Chromebooks are the ideal solution to worry-free web browsing, instant messaging, social networking, and email.

Re:eh, Google no eat own dogfood? (1)

Anonymous Coward | about 10 months ago | (#45654207)

Perhaps, because it is still primarily a content consumption device and not a content creation device.

This. Content consumption =/= content creation. Sadly, the nuisance is missed to many in this supposedly nerd realm that slashdot is supposed to be.

Nuance. Not nuisance. Though I cannot begin to tell you how that mistake makes this discussion far more hilarious.

Re:eh, Google no eat own dogfood? (2)

Samantha Wright (1324923) | about 10 months ago | (#45654235)

I can! It makes it completely. Completely of the hilarious.

Re:eh, Google no eat own dogfood? (1)

gstoddart (321705) | about 10 months ago | (#45654247)

This. Content consumption =/= content creation. Sadly, the nuisance is missed to many in this supposedly nerd realm that slashdot is supposed to be.

First all, it's 'nuance'. (Though, an argument could be made for nuisance too)

But, the reality is, the overwhelming majority of non-nerds using the interwebs are purely doing content consumption, and that's all they ever will do. And, even as a nerd, a huge fraction of what I do outside of work is perfectly fine on a tablet.

Which means the overwhelming majority of people do not require or perform content creation, and those devices do exactly what they need them to.

Something else this supposedly nerdy realm fails to grasp. Just because we can't use it to build new things doesn't mean the people buying them will ever feel limited. In fact, most of them would roll their eyes at us.

My mother in law does 95% (or more) of everything she will ever need a computer for on her Nexus 7 tablet. For most people, that's all they'll ever need.

Re:eh, Google no eat own dogfood? (1)

jythie (914043) | about 10 months ago | (#45654423)

But.. but.. if it isn't good for everything including our l33t development/gamer/photoshop requirements it can't be good for anything!

Re:eh, Google no eat own dogfood? (3, Funny)

gtall (79522) | about 10 months ago | (#45654443)

Sadly, missing the nuance of the English language a nuisance as well.

Re:eh, Google no eat own dogfood? (-1)

Anonymous Coward | about 10 months ago | (#45654525)

Perhaps, because it is still primarily a content consumption device and not a content creation device.

This. Content consumption =/= content creation. Sadly, the nuisance is missed to many in this supposedly nerd realm that slashdot is supposed to be.

/. lost it credibility beginning in 2001 and it has only accelerated under Dice Holdings ownership. StackOverflow is flooded with Indians wanting other people to do their job while Tata et al. engage in labour arbitrage and the destruction of the IT sector as a viable long-term career. Lord I miss the old days of USENET.

Re:eh, Google no eat own dogfood? (0)

Anonymous Coward | about 10 months ago | (#45654421)

It is a content creation device, content google get's to datamine and sell to other firms.

Re:eh, Google no eat own dogfood? (0)

Anonymous Coward | about 10 months ago | (#45654089)

Not even google is dumb enough to try to use a chromebook to be productive!

Re:eh, Google no eat own dogfood? (1)

djdanlib (732853) | about 10 months ago | (#45654195)

Chromebooks aren't exactly fast or high-res. Unless you buy the Pixel, but then you might as well buy a real laptop. I wouldn't stick an employee with a slow half-top and expect them to be productive.

Re:eh, Google no eat own dogfood? (4, Insightful)

gstoddart (321705) | about 10 months ago | (#45654377)

I wouldn't stick an employee with a slow half-top and expect them to be productive.

In my experience, a lot of companies buy whatever they can get a bulk price on and which someone in purchasing deems "good enough".

Resulting in employees with slow machines on which they're expected to be productive.

Hell, at an old job they bought a crap-load of new Dell boxes, and the native aspect ratio of the monitor was a non-standard thing in which a circle was drawn as an oval because the monitor was optimized for watching movies at 720p, but not for actually being a monitor (it's native aspect ratio was oblong pixels). Oh, and the machines came with 4GB of RAM, the OS they came with could only see 3GB of RAM, and it wasn't possible to install a newer OS on it because there were no drivers available.

In short, never underestimate how crappy of a machine companies will buy for their employees if it saves them a few bucks. Because many of them do it all the time.

A slashdot first.... (4, Funny)

mevets (322601) | about 10 months ago | (#45654521)

They buy Apples to save money?

Cue the frothing idiot tax minions....

Re:A slashdot first.... (1)

gstoddart (321705) | about 10 months ago | (#45654581)

In this case, it was shitty Dell machines running Windows. Shitty HP machines running Windows also become a common choice.

Re:eh, Google no eat own dogfood? (1)

stenvar (2789879) | about 10 months ago | (#45654449)

Because Google is an engineering company. Chrome books are for home users and light business users. They are also fairly new.

I expect Google to do more development in the browser and eventually dump Apple.

Re:eh, Google no eat own dogfood? (0)

Anonymous Coward | about 10 months ago | (#45654529)

Using apple computers could also be why they are advocating the 'beyond work' anywhere computer. Apple does not have a very good AD strategy. MS has that locked tight in how well you can lock down a computer. AD is also very good at helping test/push for patches. You can get solutions like that in apple computers. But it takes a decent bit of work.

Apple is basically a BSD/Unix style computer where all computers are peers there is no concept of 'client server'. As everyone is a server and a client. Chromebooks are more like thin clients where they are not peers but consumers of data. MS computers can be both (it takes AD to pull it off in a large deployment).

It is why Apple has hit a wall in some orgs. Some orgs out there love the control (work *snap* work HARDER *snap*).

Real Unix makes the difference. (-1)

Anonymous Coward | about 10 months ago | (#45653985)

That Google chose Apple over Linux really says something. They are literally betting the company on the superior security, performance and flexibility of the *REAL* Unix system over something which is, ultimately, just a poor mans copy of Unix. Sure they probably use some Linux for cluster type work, but OS X is clearly in charge of the important day to day work of the average Google employee. This is HUGE news and should reassure all 3 people who are left using Linux that it is well past time to move over to something better.

Re:Real Unix makes the difference. (-1)

Anonymous Coward | about 10 months ago | (#45654019)

Cool troll, bro

Re:Real Unix makes the difference. (-1)

Anonymous Coward | about 10 months ago | (#45654033)

Apple devices != MacOS. Google itself runs on Linux. Android is based on Linux. So yeah, you're trolling.

Re:Real Unix makes the difference. (1)

ArcadeMan (2766669) | about 10 months ago | (#45654185)

Why would Google buy Macs if they don't use OS X? They could use Linux on ANY cheaper computer they choose but bought Macs anyway.

I believe Google thinks like a lot of us: OS X for desktops, Linux for servers, a mix of iOS and Android for mobiles.

Re:Real Unix makes the difference. (4, Informative)

hawguy (1600213) | about 10 months ago | (#45654283)

Why would Google buy Macs if they don't use OS X? They could use Linux on ANY cheaper computer they choose but bought Macs anyway.

I believe Google thinks like a lot of us: OS X for desktops, Linux for servers, a mix of iOS and Android for mobiles.

Because Apple makes good, attractive, hardware? Besides, hardware cost is inconsequential compared to the cost of a developer, whether his laptop costs $1500 or $3000 doesn't matter. Our entire development team uses Macbooks - and of 12 users, only two of them run OSX. One of them is even geeky enough to paste a Tux logo over the light-up Apple logo.

Since they deploy on Linux servers, it makes sense to develop on Linux. Write-once run-anywhere still isn't a reality - obscure platform specific bugs can still come back to bite you.

Re:Real Unix makes the difference. (3, Informative)

toppavak (943659) | about 10 months ago | (#45654553)

Our entire development team uses Macbooks - and of 12 users, only two of them run OSX. One of them is even geeky enough to paste a Tux logo over the light-up Apple logo.

The last time I visited Google HQ (about 5 years ago) the most common setup I saw was Thinkpads running Linux with Macbooks running Linux in a close second.

Re:Real Unix makes the difference. (1)

michrech (468134) | about 10 months ago | (#45654209)

If I'm not mistaken, OSX was based on BSD, not Linux...

Re:Real Unix makes the difference. (1)

su5so10 (2542686) | about 10 months ago | (#45654331)

Well, based on Mach 2.5, which contained BSD 4.4 and Mach kernel code.

Re:Real Unix makes the difference. (1)

su5so10 (2542686) | about 10 months ago | (#45654313)

Google development is done on Linux but Mac laptops at Google run MacOS. Laptops (or chromebooks, there's a mix of both) aren't used for development (except via ssh, etc); they are used for email, web, etc.

Re:Real Unix makes the difference. (-1)

Anonymous Coward | about 10 months ago | (#45654169)

1/10, too obvious. please try again

Re:Real Unix makes the difference. (2)

unixisc (2429386) | about 10 months ago | (#45654231)

They picked a company that stands behind its platform over a platform that has no clear owner. It has nothing to do w/ how 'real' the UNIX is, or the license (okay, that may be a factor) or whether the company itself makes an arguable alternative.

how would it work in the real world? (1)

alen (225700) | about 10 months ago | (#45653991)

with companies less profitable than google?
Mac's are expensive
most people don't own Mac's personally
lots of people use personal computers to VPN to work
how would it work with the files on file servers people use to get work done? like MS Access databases?

Re:how would it work in the real world? (1)

Anonymous Coward | about 10 months ago | (#45654091)

Better yet, how does this remove the need for perimeter defense? It just MOVES the perimeter.

Re:how would it work in the real world? (5, Insightful)

mspohr (589790) | about 10 months ago | (#45654117)

Both of my daughters have work issued Macs. One is in education and the other a tech company. When you look at the cost of a computer compared to the salary (and benefits) for an employee over the life of the computer, the cost of even an "expensive" computer is a small rounding error. In addition, the cost of protecting and cleaning up Windows computers is non-trivial and the cost of a data breach can be enormous.
This is not just a VPN, it is a VPN from a known, verified secure computer.
? MS Access... what a joke.

to bad Mac OS is not on more hardware (0)

Joe_Dragon (2206452) | about 10 months ago | (#45654229)

to bad Mac OS is not on more hardware or even stuff that is not cut down / made very hard to fix due to being thin.

expensive" computer is a small rounding error but some mac system can end up costing X2 or more then the cost of a PC.

the new mac pro will have it's high cost added to by all the cost over head of expansion boxes and cables. With a lot's of power bricks.

Re:how would it work in the real world? (1)

synapse7 (1075571) | about 10 months ago | (#45654339)

I'm curious what platform google is using for servers?

Re:how would it work in the real world? (1)

Buzer (809214) | about 10 months ago | (#45654617)

Publicly they have told they use Linux. As far as I know, no details have been released about on which distro it's based on (if any).

They most likely use some other servers as well on some projects (I would imagine they want to ensure compatibility at least), but they are also likely very rare.

Re:how would it work in the real world? (1)

mspohr (589790) | about 10 months ago | (#45654625)

It's widely known that they use x86 and Linux with a suite of supporting software known as the Google platform:
http://en.wikipedia.org/wiki/Google_platform [wikipedia.org]

Re:how would it work in the real world? (1)

SirGarlon (845873) | about 10 months ago | (#45654533)

This is not just a VPN, it is a VPN from a known, verified secure computer.

The only secure computer is one that has never connected to a network.

Re:how would it work in the real world? (0)

Anonymous Coward | about 10 months ago | (#45654557)

? MS Access... what a joke.

Words spoken by a someone who obviously has never spent time in an office environment.

Re:how would it work in the real world? (0)

Anonymous Coward | about 10 months ago | (#45654573)

How do you run Windows programs? That is the number one reason corporation still OVERWHELMINGLY use PCs. What your daughters use is just an anecdote.

mac's don't even real sever hardware (1)

Joe_Dragon (2206452) | about 10 months ago | (#45654155)

mac's don't even real sever hardware and the laptops are unrepairable
http://www.cultofmac.com/251359/ifixit-finds-2013-retina-macbook-pros-as-unrepairable-you-can-get/ [cultofmac.com]

Re:mac's don't even real sever hardware (0)

Anonymous Coward | about 10 months ago | (#45654463)

hey, you don't even real sentences. priorities, priorities...

Re:mac's don't even real sever hardware (0)

Anonymous Coward | about 10 months ago | (#45654467)

Who cares about "real" Mac server hardware, when the only people using Mac OS X Server is small to medium business?

Like Google would run anything in their data center besides Linux anyway, and Linux loads pretty darn nicely into a VM hypervisor running on pick-your-blade-chassis-vendor.

Re:mac's don't even real sever hardware (0)

Anonymous Coward | about 10 months ago | (#45654485)

Not really an issue when your employees can just take their computer to any apple store and have them repair or replace. It might even be a cost savings if google doesn't have to keep as many onsite repair staff.

Goobuntu (1)

bobbomo (877614) | about 10 months ago | (#45654001)

What happened to their internal deployment of Goobuntu?
http://en.wikipedia.org/wiki/Goobuntu [wikipedia.org]

Re:Goobuntu (5, Interesting)

keltor (99721) | about 10 months ago | (#45654021)

Goobuntu runs on Macs just fine.

Re:Goobuntu (0)

Anonymous Coward | about 10 months ago | (#45654101)

The two Google teams I work with can't use Goobuntu because the Google Dart team decided to not allow Goobuntu, CentOS, Debian, or SUSE to run Dart by arbitrarily requiring gcc 4.6 or newer and glibc 2.14 or newer. In other words, Google no longer allows anyone to run Dart on any common Linux server OSes. Most of the guys I deal with run OSX or Windows on their desktops because of that.

Re:Goobuntu (1)

Anonymous Coward | about 10 months ago | (#45654319)

Clearly nobody at Google can figure out that they could easily compile their own version of gcc instead of using the package manager...

Re:Goobuntu (1)

imadoofus (233751) | about 10 months ago | (#45654357)

Is there not an admin that can install these away from the system paths, and set the environment accordingly?

Re:Goobuntu (1)

larry bagina (561269) | about 10 months ago | (#45654535)

gcc 4.6 is almost obsolete at this point. 4.7 is the minimum if you want half-decent c++11 support (The 11 means 2011, ie the spec was finalized almost 3 years ago after 8 years of deliberation). GCC 4.6 is almost 3 years old. GCC 4.7 is almost 2 years old. Is it acceptable to wait 3 years for 0-day exploits to get fixed? Is it acceptable to wait 3 years for a compiler that doesn't suck ass?

Zero Trust (4, Insightful)

bloodhawk (813939) | about 10 months ago | (#45654011)

What a coincidence. Zero Trust is EXACTLY what I have in google.

that's how my corp network works (5, Interesting)

trybywrench (584843) | about 10 months ago | (#45654059)

The rj45 jacks in the office are just plain old dirty connections to the Inet. We each have multiple OpenVPN connections on our localhost giving us access to different parts of the network depending on our roles. It's convenient because our workstations work identically wherever we are ( home, work, coffee shop ) and it's convenient when someone leaves because operations just invalidates the VPN certs and the former employee is cut off no matter where they physically are. A side effect is whenever your VPN credentials don't work you're left wondering is you're about to get fired and ops just jumped the gun haha.

Re:that's how my corp network works (0)

Anonymous Coward | about 10 months ago | (#45654137)

Same, the company I work for is distributed around the world, I can work from anywhere that has an internet connection.

We maintain an office but it's just seats and internet.

Re:that's how my corp network works (0)

Anonymous Coward | about 10 months ago | (#45654483)

yes, but if you seat down at the office, Is the computer you use behind a firewall and part of the "trusted network" or is VPN'd into a separate network. At my job it's parted of the trusted network but you can VPN into the trusted network and work any-ware. But the parents company's solution seams better. Just use VPNs to connect to all servers even at the local office desks. The extra security is actually just a bonus because you gain continuity of maintenance and user interface.

Genuinely Interested (1)

Anonymous Coward | about 10 months ago | (#45654179)

I'm genuinely interested in this. You say repeatedly that it is convenient, but running a bunch of openVPN tunnels from my desktop/laptop doesn't sound convenient at all. The number of issues I have getting my openVPN connections through firewalls and NAT is very discouraging.

Please tell us more about your setup.
What type of work does the company and you do?
Approximately how many users work like this?
Does this company operate primarily as a standard physical office environment, or is this a distributed(work from home) startup?
Where are the servers, on-site, datacenter, cloud?
Approximately how many servers?
What type of applications are used, web, small applications like QB, MS Exchange or SQL systems?
What are the negative aspects of this system?

Re:Genuinely Interested (5, Interesting)

Anonymous Coward | about 10 months ago | (#45654275)

Interestingly, the company I work for is also like that. In our office, the "network" is just a regular consumer grade router (plus an expensive cisco AP). But we don't use VPNs (VPNs suck), all of our services are Internet accessible and protected independantly. So web-stuff is SSL + http authentication, email is IMAP, calendar is caldav. source code is ssh+git, etc. We have an internal SIP service (but that's also Internet connected).

Also, look at how large open source projects operate, Mozilla, Debian, Gentoo, GNOME, KDE, LibreOffice, etc. They're all a bit like big companies, but without a VPN, where everything is Internet accessible.

We don't use any internal application that's not web-based, does anyone else do that?

Re:Genuinely Interested (0)

Anonymous Coward | about 10 months ago | (#45654341)

Yeah. Regular people use IPSec. However, Linux _sucks_ at IPSec, in that it's even more painful to configure and maintain than OpenVPN (which is kind of simple, until it doesn't work). If you want a free IPSec solution, I suggest OpenBSD. You can get a dynamic tunnel up with a _single_ configuration line. And they just added LT2P a couple of releases ago.

Goodbye Cisco. That was their last killer feature, IMO... IPSec.

Re:Genuinely Interested (1)

Zarhan (415465) | about 10 months ago | (#45654367)

I don't know about OpenVPN, but for example Cisco Anyconnect is pretty flexible for this kind of stuff. It uses IKEv2+IPSec if possible, then scales down to DTLS, and finally just https (even through proxy if necessary), and as such, can pretty much punch through any firewall. In addition, you get endpoint assessment so you can for example enforce that any updates and such things are installed to the employee's device (whatever that might be).

Re:Genuinely Interested (0)

Anonymous Coward | about 10 months ago | (#45654453)

Cisco devices blow, and so does their client software. Use others, maybe OpenSwan.

Re:Genuinely Interested (5, Informative)

trybywrench (584843) | about 10 months ago | (#45654391)

I'll answer as best as I can

> Please tell us more about your setup.
We're a Java office in TX with a remote call center in OR and a handful of remote employees ( Chicago ).

> What type of work does the company and you do?
I'm the director of development, we're a j2ee web application development shop with special expertise in Oracle

> Approximately how many users work like this?
All of us ~30

> Does this company operate primarily as a standard physical office environment, or is this a distributed(work from home) startup?
A couple of my developers work from home 3 days a week and most of ops ( the network guys ) work from wherever and, apparently, whenever they want. They're pretty hot shit, published authors, speakers at LISA, etc so they're left alone most of the time.

> Where are the servers, on-site, datacenter, cloud?
We keep our staging and UAT servers on site and colo for production + another colo for failover

> Approximately how many servers?
I have no idea, I know we have some serious SAN gear for the databases. We probably have around 50 virtual servers in our testing setup and maybe 20-25 production server clusters with an average of 3 nodes each. Some physical some virtual.

> What type of applications are used, web, small applications like QB, MS Exchange or SQL systems?
Web applications, we develop/maintain some very large rewards and loyalty programs for the big banks. RDBMS is Oracle, email and IM is handled through Zimbra, project management is handled with Atlassen Jira self hosted.

> What are the negative aspects of this system?
The only problem i've ever faced is the VPN endpoints not staying connected. VPN connectivity becomes mission critical because without it no work can get done. I don't know what they're using for the VPN server, I know ops is a big fan of OpenBSD so it wouldn't surprise me if that's what they are using.

Re:Genuinely Interested (0)

Anonymous Coward | about 10 months ago | (#45654499)

"The only problem i've ever faced is the VPN endpoints not staying connected."
so users have connectivity issues... and your network designer is not fired?!!!!!!

Re:Genuinely Interested (0)

Anonymous Coward | about 10 months ago | (#45654515)

With 30 employees I can see that being manageable. From an administration perspective I don't see how it could scale. It is not like an average employee at a non-tech company can set up VPN connections on their own reliably.

Re:Genuinely Interested (1)

trybywrench (584843) | about 10 months ago | (#45654513)

One other thing. I work on an Imac and use TunnelBlick to manage the VPN connections. I've had zero issues on a wired connection but sometimes have issues using wifi, the vpn connections will drop and then re-connect after a minute or two. There must be something weird in the office because when I take my mac home i have zero issues on wifi.

hacking ? (1)

Fluffy the Destroyer (3459643) | about 10 months ago | (#45654061)

I may be wrong with this but if your computer sends data to their meta inventory system, all the hacker needs is that data to replicate with some packet capture software and use that info to log in...wont it ?

Re:hacking ? (0)

Anonymous Coward | about 10 months ago | (#45654129)

wow. just wow.

maybe just start here

http://en.wikipedia.org/wiki/Transport_Layer_Security

Re:hacking ? (1)

hawguy (1600213) | about 10 months ago | (#45654135)

I may be wrong with this but if your computer sends data to their meta inventory system, all the hacker needs is that data to replicate with some packet capture software and use that info to log in...wont it ?

Read this to see why you're right and wrong: http://en.wikipedia.org/wiki/Replay_attack [wikipedia.org]

Biggest Apple shop? (0)

Anonymous Coward | about 10 months ago | (#45654069)

Ever hear of a place called Apple? Apple has about 80,000 employees, and I'm sure they average more than one.

Looooooong game (1, Insightful)

Anonymous Coward | about 10 months ago | (#45654075)

Google lives in a fantasy world, where the WAN is as fast as the LAN. For me, both at home and in the workplace, you're talking about two and a half orders of magnitude difference. That's the whole reason all this cloud stuff, streaming (as opposed to download) video, etc all seems so bizarrely alien. You're talking about such a tremendous performance downgrade, that I just can't begin to really take it seriously.

I suppose the thinking is that they are planning for the future, when some day the WAN gets reasonably fast, where my home and business DSL line is replaced with fiber. Cool. Be ready, Google. But how are you going to spend those decades of waiting? Some cons are a little too long, IMHO.

Re:Looooooong game (4, Insightful)

hawguy (1600213) | about 10 months ago | (#45654225)

Google lives in a fantasy world, where the WAN is as fast as the LAN. For me, both at home and in the workplace, you're talking about two and a half orders of magnitude difference. That's the whole reason all this cloud stuff, streaming (as opposed to download) video, etc all seems so bizarrely alien. You're talking about such a tremendous performance downgrade, that I just can't begin to really take it seriously.

I suppose the thinking is that they are planning for the future, when some day the WAN gets reasonably fast, where my home and business DSL line is replaced with fiber. Cool. Be ready, Google. But how are you going to spend those decades of waiting? Some cons are a little too long, IMHO.

But how much data do you really need to send to your home computer?

I deal with multi-terabyte datasets every day, and can work just as effectively from home as I do from the office since my data lives on the server and I never need to bring it down to my computer. I rarely even compile code on my local computer anymore since it's so much faster to do builds on the 16-core 32GB servers than on my little 4 core 8GB home computer (and even worse on the old 2core 4GB laptop).

Likewise, I don't have a Windows computer on my desk - I remote desktop to the Windows Terminal Server when I need to run a Windows app. At long as I'm not streaming video, it works just as well from home (~12mbit DSL) as it does from the office.

Sounds Great (-1)

Anonymous Coward | about 10 months ago | (#45654087)

This sounds like a great concept, but it's an old concept that keeps going down in flames.

Single sign-on, federated identity, openID, they're all old concepts that don;t work well in the real world. But, you can trust Google, right? Frankly, I'd rather trust Microsoft... And that last statement is why the concept is still not a reality.

What about apples higher price and lack of hardwar (0)

Joe_Dragon (2206452) | about 10 months ago | (#45654121)

What about apples higher price and lack of hardware choice??

Also there laptops are very limited,

Most are stuck with on board video, memory is built into the computer maxing at 16GB right now. At an $200 upgrade from 8GB. Want a NVIDIA GeForce GT 750M only in the $2600 system.

Flash storage only with 1TB MAX at an $500-$800 upgrade. Some systems are locked at 128GB PCIe-based flash storage or 256GB. And useing the cloud over wifi can very a lot 3g/4g/LTE fast in some areas but with high overage costs.

Built-in battery.

On the desktop the New mac pro has a very high price for an 1 CPU system and there is workstation work that does not need a lot of GPU power. Or may need a lot of storage.

Re:What about apples higher price and lack of hard (1)

ArcadeMan (2766669) | about 10 months ago | (#45654265)

I agree with you that GPU options are very limited with Macs, but why the hell would onboard video and 16GB of RAM not be good enough for regular desktop work?

Re:What about apples higher price and lack of hard (1)

Joe_Dragon (2206452) | about 10 months ago | (#45654369)

It's more about the locked ram choice then the size of it. 16 Is good now but 4 years down the road?

Re:What about apples higher price and lack of hard (0)

Anonymous Coward | about 10 months ago | (#45654519)

4 years is easily longer than average corporate update cycle. Feel free to say that's crazy but that's how it is -- and in any case the people who use computers for more than 4 years probably aren't the most demanding users.

Re:What about apples higher price and lack of hard (0)

Anonymous Coward | about 10 months ago | (#45654305)

Oh boo hoo. 8GB RAM / 256GB SSD is plenty if you use your machine to run terminals, browsers, and text editors.

All the "real" processing probably happens on servers.

Re:What about apples higher price and lack of hard (4, Insightful)

Overzeetop (214511) | about 10 months ago | (#45654327)

You're kidding, right? Google - home of the cloud - is going to worry about local storage limits on drone machines. And...again...drone machines - onboard video is probably 4x as fast as they need it to be for nearly all conditions. They've rolled out fiber in an entire town; I'm going to guess that they've got a pretty speedy wireless system on campus.

Apple hardware is very limited if (a) you're looking for a bargain and aren't on a corporate buying plan, or if you're a hardcore gamer, or if you are running massive analysis software, or you are locked into industry software packages which are platform locked. None of that is an issue for desk machines at Google.

I'm not, in any way an Apple fan, but pretty much none of the problems you state are of any consequence to their usage profile.

Zero-Trust model (-1)

Anonymous Coward | about 10 months ago | (#45654145)

This is exactly the current model I adhere to when it comes to Google - "Zero Trust"

Oh I see, Google wants us to see they aren't a corporation.

Holy fuck you idiots have a hard on for the NSA *cough* google

Perimeter-less networks (5, Insightful)

tippen (704534) | about 10 months ago | (#45654187)

From a security perspective, Google is right about the notion that your internal corporate network being "safe" is dead. Between all the laptops, tablets, smartphones and very portable USB devices, there really isn't a secure perimeter on your network. Security needs to be applied at each entry point to the network, whether that is wired (internal or external doesn't matter), wireless or virtual.

The summary implied that the need for security devices goes away once you give up the idea of a perimeter, but that isn't the case at all. The form that security comes in may change, but you still need it. Authenticated users connecting via secure tunnels doesn't eliminate the risk of malware, so you still need IPS and anti-malware devices (Fidelis, FireEye, etc.) to keep your protect company assets from valid authenticated users.

If you can't trust any of the devices on your network, then you need to inspect 100% of the traffic entering the network.

Re:Perimeter-less networks (1)

dkleinsc (563838) | about 10 months ago | (#45654477)

My thinking on this is a bit different, and boils down to this principle: There's still a perimeter, but most of the office is outside of the perimeter.

Re:Perimeter-less networks (0)

Anonymous Coward | about 10 months ago | (#45654575)

Google is right about the notion that your internal corporate network being "safe" is dead. Between all the laptops, tablets, smartphones and very portable USB devices, there really isn't a secure perimeter on your network.

This. Especially with CIOs getting excited about BYOD [wikipedia.org] . (Personally I think BYOD is a disaster waiting to happen, but whatever.)

DA (-1)

Anonymous Coward | about 10 months ago | (#45654365)

Microsoft calls this Direct Access. Nothing new here...

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?