Discussion on:
View:
Show:
After having already gone thru the DirectAccess pain and gain scenario, the inclusion of IPv4 is a boon. While the learning curve was steep for that one, it has and will continue to be beneficial.
Virtualization of the DA front end is also an added benefit.
RDP improvements also work in my favor as does the extended storage capability.
Virtualization of the DA front end is also an added benefit.
RDP improvements also work in my favor as does the extended storage capability.
I don't know about anyone else, but the highlight of 2012 for me is DHCP fail-over and load balancing!
That alone warrants the upgrade.
That alone warrants the upgrade.
I wonder how well that will work with VoIP systems that have a reliance on specific DHCP options and the presence of multiple scopes on the same DHCP servers. I see no reason for it not to work but experience tells me to be cautious rather than optimistic here. I should work....in theory at least.
I agree though - these two features will be very handy for DHCP indeed and have been a long time coming.
I agree though - these two features will be very handy for DHCP indeed and have been a long time coming.
.....MS will continue to confuse customers and create headaches for admins until they take a leaf out of the Transformers book with regards to their OS editions. 'Til all are one.
Edit: Crikey! That was a bit geektastic for this time in the morning. Sorry!
Edit: Crikey! That was a bit geektastic for this time in the morning. Sorry!
Although many of us will undoubtedly roll our eyes when we hear that the might MS is thinking about security (don't laugh. DON'T LAUGH!!) the whole idea of DAC certainly seems to be an interesting step in the right direction.
Although we haven't played with it much on our win 2008 servers yet the 2012 iteration of DAC does concern me on a number of levels. A few questions drifting through my mind are:
1) Will this work without the ReFs?
2) What's the overhead on performance for running such a service over a WAN, MPLS, VPN or other site-to-site link where limited bandwidth to the server may already slow the retrieval/opening operations on a file? (yes, yes. I know VDI would help solve that but our business isn't ready to deploy that tech yet. We have enough trouble with Citrix Metaframe and ESx 2.5!)
3) Will tagged files need to exist on the Win 2012 server? (cutting tech like NetApp filers and other NAS technologies out of the loop)
4) How tied to Ad8 is the new DAC? Will you need 2012 Native mode, for instance, or can the new DAC attributes be added to earlier AD implementations.
5) How will DAC affect the world of permissions elevation attacks? Could certain 'tag manipulation' attacks grant unauthorised users access to sensitive files with less of a fingerprint to detect than more normal elevation of privilege attacks?
There are more, small, questions but the biggest one is:
6) How much of an admin overhead is administering this system be?
It seems to me that administering the tags could be fairly simple once you have our tagging rules set up as long as you don't have too many complexities in departmental data sharing to deal with but given that most businesses at the moment have an element on mix-'n'-match about departmental responsibilities required access to data may not be straight-forward and require a lot of tag planning. For dynamic companies who reconfigure often to meet short/medium term goals such a system may be unworkable. And how do you troubleshoot access rights quickly when DAC or file system permissions could be the issue? Will we now need to know powershell really well to work this thing correctly?
I could go on, but I won't, as many of my questions are founded in a lack of knowledge about DAC. What I will say is that many companies (particularly the smaller ones) don't effectively deploy security because of the complexities and overheads involved in such an endeavour. Any security features MS bring out must always keep in mind that simplicity can increase take-up and besides, these days we all have 1001 responsibilities as IT techs already. Time for design and admin is short.
here's hoping DAC has already kept that in mind because I think it could be very useful indeed (ironically in keeping file permission administration to a minimum, once it's set up correctly that is).
Although we haven't played with it much on our win 2008 servers yet the 2012 iteration of DAC does concern me on a number of levels. A few questions drifting through my mind are:
1) Will this work without the ReFs?
2) What's the overhead on performance for running such a service over a WAN, MPLS, VPN or other site-to-site link where limited bandwidth to the server may already slow the retrieval/opening operations on a file? (yes, yes. I know VDI would help solve that but our business isn't ready to deploy that tech yet. We have enough trouble with Citrix Metaframe and ESx 2.5!)
3) Will tagged files need to exist on the Win 2012 server? (cutting tech like NetApp filers and other NAS technologies out of the loop)
4) How tied to Ad8 is the new DAC? Will you need 2012 Native mode, for instance, or can the new DAC attributes be added to earlier AD implementations.
5) How will DAC affect the world of permissions elevation attacks? Could certain 'tag manipulation' attacks grant unauthorised users access to sensitive files with less of a fingerprint to detect than more normal elevation of privilege attacks?
There are more, small, questions but the biggest one is:
6) How much of an admin overhead is administering this system be?
It seems to me that administering the tags could be fairly simple once you have our tagging rules set up as long as you don't have too many complexities in departmental data sharing to deal with but given that most businesses at the moment have an element on mix-'n'-match about departmental responsibilities required access to data may not be straight-forward and require a lot of tag planning. For dynamic companies who reconfigure often to meet short/medium term goals such a system may be unworkable. And how do you troubleshoot access rights quickly when DAC or file system permissions could be the issue? Will we now need to know powershell really well to work this thing correctly?
I could go on, but I won't, as many of my questions are founded in a lack of knowledge about DAC. What I will say is that many companies (particularly the smaller ones) don't effectively deploy security because of the complexities and overheads involved in such an endeavour. Any security features MS bring out must always keep in mind that simplicity can increase take-up and besides, these days we all have 1001 responsibilities as IT techs already. Time for design and admin is short.
here's hoping DAC has already kept that in mind because I think it could be very useful indeed (ironically in keeping file permission administration to a minimum, once it's set up correctly that is).
"But Microsoft really has listened to customers"
That's the funniest thing I have ever read on TR. I'm still laughing. I may put that on a sign to bring me a smile every morning.
That's the funniest thing I have ever read on TR. I'm still laughing. I may put that on a sign to bring me a smile every morning.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
