I'd like to see the Command Center have an option for self hosted. Also would like to see support for certbot/lets encrypt.
Printable View
I'd like to see the Command Center have an option for self hosted. Also would like to see support for certbot/lets encrypt.
I don't think a self hosted command center is in the cards. But I have a crazy idea to try that might make something close. I'm waiting on another project to tick off the appropriate boxes. (Note, this project is NOT a router, I'm not trying to replace Untangle)
Thanks for all the comments and feedback on our 16.3 beta so far. Apologies if we didn't get the feature you were waiting for in this release, but we appreciate all your early testing and feedback. Every piece of feedback is important to us.
Some responses to comments in this thread
- 2FA is for OpenVPN. Note, we have 2FA through Command Center and you can link your Command Center account with your Google or Microsoft accounts.
- Self hosted Command Center (running your own Command Center) is not planned.
- Regarding Lets Encrypt, we see that is a very popular request on feedback.untangle.com. Please continue to share your use cases there (for remote administration, or for VPN for example).
We'll post back with a release candidate in a couple of weeks. Upgrades will be rolled out over time as we usually do for releases. If you want to get the upgrade soon after it's available, please send your appliance UID to support@untangle.com and ask to join the Early Upgrade list.
Here's my issue. With our self hosted stuff, most is behind a VPN for security. Even the public facing stuff we host uses geolocation filtering. That's something Untangle can't do, due to how many customers need to access it. To us, it's a security risk, and one that we may need to re-evaluate if that doesnt change.
Also any future support for certbot/lets encrypt?
2FA to get to admin, when the admin is exposed to the LAN without 2FA... IS NOT BLOODY 2FA! 2FA on OpenVPN is a WASTE OF TIME. Though I suppose someone will think otherwise. (badly I might add)
2FA the VPN when the bloody admin that controls the VPN isn't 2FA'd... ugh.... Yeah you can 2FA the Command Center, and that's good. But as long as a privilege account can access the local device without that 2FA... NOTHING is stopping a bot on an internal machine from wrecking the house.
Blind leading the blind. This is 2021, do you need a flashlight or something over there? YES, this has been overlooked by literally EVERYONE ELSE too. But it doesn't make the situation any less inexcusable.
This is exactly the sort of thing I need to SELL THIS MESS in 2021. Even at the premium prices we're charging.
ALL ADMIN LOGINS MUST BE MFA! ALL OF THEM! This is nonnegotiable at the prices you charge.
Imagine if command center got compromised. Just add it to the long list of companies.... That's the risk you are putting on all customers by not giving them the option to self host their own command center.
They did that... it's called untick the command center box. Back that up with a NGinx server with VPNs to all your boxes and some reverse proxy links. It's not hard to build your own "single pane of glass".
I'm working on something even better... but the fact that Untangle allows you to dis-enroll a device from the Command Center is all that I require.
That is, assuming the local admin is properly 2FA protected...
Seems the cpu and memory use have gone down quite a bit.