Results 1 to 9 of 9
  1. #1
    Master Untangler engine411's Avatar
    Join Date
    Dec 2008
    Posts
    280

    Default Use Untangle as small business server instead of Windows

    As the post title implies, I'm looking to remove Windows Server from my network and use Untangle more. I like Untangle, it's served us well for 10 years now, and while I can't prove it, I think it's saved our bacon more than once by prohibiting malware from going outside our network from an internal computer.

    Current setup:
    • Untangle, latest version, at the network edge. Network has around 30 computers/users.
    • Internally, UT is the gateway (plus all the other UT tasks like antimalware, etc) with Windows providing DHCP, DNS, Active Directory services.
    • We use Office365 for everything related to productivity - email, internal chat with Teams, file server also within Teams, Word, Excel, Planner, etc.



    Really, the only thing I need Windows Server Active Directory for (I think) is for routine user login to their Windows 10/11 computers. UT could do everything else, and since we barely use Group Policy (and if we need it, I can do it from a Win10 workstation), I'm questioning why I have Windows Active Directory servers (and CAL's) at all. And that's one of my questions - is there a way for UT to do the user login services too?

    I heard too that Office365/Microsoft365 has some form of user management, so I wonder if I could use Untangle + Office365 as a solution to remove the Windows Server Active Directory servers. Haven't had much time to look at that.

    Thoughts? Thanks in advance for any feedback.
    Lonnie, in Bird-in-Hand, Pennsylvania, a Firefighter to the Core (i7)
    Owner - Kauffman Orchards

  2. #2
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,877

    Default

    Honestly, you should probably be using Group Policy more, or, more likely, you are using it to push out configs that were set up years ago and are no longer aware of how much good it's doing.

    That said, if you truly are a small business (fewer than 15 people, with very little sharing of machines), you can probably get by just fine without Active Directory. You solve the login issue by just giving people new computers and letting them set up their own personal accounts.

    If you're a little bit larger you can tie in to your organizational O365 accounts using Azure AD (which costs, but you may already be paying this and it's cheaper than buying servers) and if it turns out you miss Group Policy after all you can replace it with InTune (which really costs, but again: servers).
    Last edited by jcoehoorn; 10-28-2021 at 02:05 PM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  3. #3
    Master Untangler engine411's Avatar
    Join Date
    Dec 2008
    Posts
    280

    Default

    Quote Originally Posted by jcoehoorn View Post

    If you're a little bit larger you can tie in to your organizational O365 accounts using Azure AD (which costs, but you may already be paying this and it's cheaper than buying servers) and if it turns out you miss Group Policy after all you can replace it with InTune (which really costs, but again: servers).
    Untangle can connect with Azure AD?
    Lonnie, in Bird-in-Hand, Pennsylvania, a Firefighter to the Core (i7)
    Owner - Kauffman Orchards

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,236

    Default

    Yes it can. If you want your domain gone however, AND you aren't paying for M365 Business Premium at a minimum, so you get Azure Online Premium Plan 1. You cannot rely on Windows Hello for Business to link your M365 logins on the desktops to Azure and get full MFA support therein.

    This doesn't matter a lot in many environments, BUT there is a curveball in here... if you decide to abandon your domain, you MUST create a personal Microsoft account for the business, and login with that account on each machine BEFORE YOU DEPLOY THEM.

    Fail to do this, and you'll lose the bitlocker keys, lose those and you're a bad patch / reboot away from no recovery of the system. Worse, the users will wind up making a personal account because of MS's nags, and THEY will walk out your door with the recovery keys instead. Which grants potentially unauthorized access to data in the process.

    Since AD can run on an Azure VM for $30 / month... Why would you abandon it? Just migrate it into Azure, setup a $15 / month Untangle in Azure to maintain a VPN tunnel, and move on. The most expensive part about this entire mess is the $40 / month to enable Azure backup to maintain the DC. But all of the above is only slightly more expensive than the $100 / month it costs to get Azure hosted Active Directory from MS which also lacks a backup.

    I will only abandon group policy, if inTune is in place. So far... my clients choose to maintain the above, rather than hike their monthly costs from $12.50 / user to $20 / user... especially when both costs go up another 20% in March.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Master Untangler engine411's Avatar
    Join Date
    Dec 2008
    Posts
    280

    Default

    Great info. Thanks all. We use Microsoft365 Business Standard currently, so I'm looking at the Azure AD options along with possibly upgrading to Microsoft365 Business Premium. I think there's a path there.
    Lonnie, in Bird-in-Hand, Pennsylvania, a Firefighter to the Core (i7)
    Owner - Kauffman Orchards

  6. #6
    Untangle Ninja
    Join Date
    Jan 2009
    Posts
    1,187

    Default

    @engine411 alternatively you could look at Nethserver as a replacement for MS user management

  7. #7
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,558

    Default

    M365 Business Premium....Azure.
    Why do you want a local active directory if you question why you need it...and if you're really not doing anything with it. Use those 365 Azure accounts instead.

    If this question were 20 years ago, looking for a linux equiv of Small Business Server Premium...my answer was "ClearOS"..which was an open source linux distro that had 1x appliance act as your firewall, email server, user directory, file/print server, database server, etc etc etc. Just like SBS Premium.
    Resident "Geek on a Harley" in Southeast Connecticut, USA.

  8. #8
    Master Untangler
    Join Date
    Oct 2013
    Posts
    261

    Default

    Quote Originally Posted by YeOldeStonecat View Post
    If this question were 20 years ago, looking for a linux equiv of Small Business Server Premium...my answer was "ClearOS"..
    Memories flooding in... I also used that for several years, back when it was still called "ClarkConnect" before becoming ClearOS much much later.

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,236

    Default

    Quote Originally Posted by oj88 View Post
    Memories flooding in... I also used that for several years, back when it was still called "ClarkConnect" before becoming ClearOS much much later.
    Another open source company blinded by greed and priced themselves out of their own market. It seems to be in the water.

    What's left is basically owned by HPe these days.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2