On Tue, 20 Oct 2009, Luke Quattrochi wrote: > On Tue, Oct 20, 2009 at 12:14 PM, <da...@lang.hm> wrote: > >> it may make sense for you, but my initial reaction is why not just use a >> VPN? >> >> why should your remote employees _not_ have access to your corporate >> resources. >> >> this doesn't even need to be a VPN on each machine, the cost of a router >> that can implement a site to site VPN is very low, that would give you the >> benifits of being on the WAN without the cost of the WAN connection. >> >> David Lang > > > I'm still having trouble seeing your perspective on the lock in issue but I > would rather not sidetrack the thread.
Ok. > Currently my remote sites are not even connected by VPN for a variety of > legitimate reasons. Rest assured that there are reasons these sites should > *not* have access to corporate resources. The big one (that I can talk > about) is that basically these sites don't generate enough revenue to pay > any forward to IT, so they don't get much in the way of support. > You did inspire some thought on my part though. The cost issues will still > be similar for my particular company between DirectAccess and a cheapy VPN. > The root problem is that our IT department is brutally small for the size > of our company. We don't have a network admin. Unfortunately I'm not one > of those brilliant do it all types, and I am best kept out of the Cisco > equipment. Any type of network configuration is done by consultant (meaning > they are rare, and this is limiting). This means even if I buy a cheap $400 > router for site to site VPN I have to pay an expensive hourly rate to get it > configured. > > For DirectAccess I don't need a consultant. I would need to buy a new > physical server, which means more cost justifcation. Since it can't be > behind NAT I can't just provision a VM on my ESX cluster like I do for > everything else. there is no one right answer for everyone. however, the thought of the corporate IT department _not_ managing desktop/laptop systems for some part of the company sound very short-sighted. yes, they aren't a profit center, and so can't produce cash to put into the IT group. But neither are the Security, QA, HR, Finance groups, and for that matter it's hard to quantify the revenue that your executive management generates. These people all need safe systems to use. In addition, having someone in one group use a system that hs sending everything they do to hackers somewhere can cost you a LOT of money (it usually has little effect, but when it does cost you something it tends to cost a LOT) you really do want to make sure that anti-virus and anti-spyware software is up to data on all systems, and ignoring some systems because they do not generate revenue saves money now, but is likely to cost a lot later. David Lang _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
