cross-posted from: https://lemmy.ml/post/2956502

I have 15 VM’s running for clients and I’m looking for a way to keep the tools up to date without having to connect to each server and do it manually. A few examples are WinDirStat, Firefox, SSMS, Filelocator, etc.

We have expanded recently and I’m at the limits of doing this manually. These servers are not domain joined and are in separate virtual networks.

  • PutangInaMo@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I think you’re blowing this way out of proportion. It’s literally not a substantial amount of extra overhead, it’s minimal and for what one would provide in the long run it is worth mentioning.

    • BritishJ@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Well by the sounds of it, he has multiple clients. So then we’re talking multiple domains in a forest. Securing it all and doing it properly.

      So it’s a bit more than just running the domain setup wizard and joining the servers.

      • PutangInaMo@lemmy.world
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Why would there be more than a single domain and forest? Client size does not dictate the architecture and joining a client to the domain takes a few minutes manually. I don’t see what you’re getting at, sorry.

        Edit: instead of being upset and downvoted, whoever disagrees can provide an argument. I’m all for discussing this, I’ve been doing it for a long time and enjoy different opinions.

        • BritishJ@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          He said 15 VM’s running for clients. Now you would want to secure these clients from each other, restrict east to west movement. Adding them all on the same domain introduces security risk, reducing them risk and hiding clients from one and other in the same domain would take lots of effort. So just don’t put yourself in that situation and use multiple domains one domain for each client.

          • PutangInaMo@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Lol you can absolutely control E/W movement without needing multiple domains…

            Worst case you use a red forest as the admin forest, but with an environment that small there are plenty of other things you can do without making it that complicated while providing similar protection.

            • BritishJ@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Then you start getting things like Azure AD Sync etc. It’s best practice one domain per client. Not trying to make one domain work for multiple different clients.

              • PutangInaMo@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                You don’t need anything from Azure to do that. Authentication policy and silos are what enforces multi tenancy east west boundaries (among many, many other layers outside of the scope of this conversation).

                But it looks like I misread what the “client” context was initially. So that’s my bad. That does muddy the waters and would depend on what the agreements are between the companies and OP have. But this isn’t a technical constraint rather a business and legal decision.