Slashdot Mirror
Google's Plan To Kill the Corporate Network
mask.of.sanity writes "Google has revealed details on its Beyond Corp project to scrap the notion of a corporate network and move to a zero-trust model. The company perhaps unsurprisingly considers the traditional notion of perimeter defense and its respective gadgetry as a dead duck, and has moved to authenticate and authorize its 42,000 staff so they can access Google HQ from anywhere (video). Google also revealed it was perhaps the biggest Apple shop in the world, with 43,000 devices deployed and staff only allowed to use Windows with a supporting business case."
Wow, Google has invented the VPN! What great innovators.
The world's burning. Moped Jesus spotted on I50. Details at 11.
why use so many Apple computers when there's your own awesome Chromebook?
with companies less profitable than google?
Mac's are expensive
most people don't own Mac's personally
lots of people use personal computers to VPN to work
how would it work with the files on file servers people use to get work done? like MS Access databases?
What happened to their internal deployment of Goobuntu?
http://en.wikipedia.org/wiki/Goobuntu
What a coincidence. Zero Trust is EXACTLY what I have in google.
The rj45 jacks in the office are just plain old dirty connections to the Inet. We each have multiple OpenVPN connections on our localhost giving us access to different parts of the network depending on our roles. It's convenient because our workstations work identically wherever we are ( home, work, coffee shop ) and it's convenient when someone leaves because operations just invalidates the VPN certs and the former employee is cut off no matter where they physically are. A side effect is whenever your VPN credentials don't work you're left wondering is you're about to get fired and ops just jumped the gun haha.
I came to the datacenter drunk with a fake ID, don't you want to be just like me?
I may be wrong with this but if your computer sends data to their meta inventory system, all the hacker needs is that data to replicate with some packet capture software and use that info to log in...wont it ?
PC Gaming enthousiast that gives comments, opinions and reviews on Games. I'm just having fun with games while doing let
Google lives in a fantasy world, where the WAN is as fast as the LAN. For me, both at home and in the workplace, you're talking about two and a half orders of magnitude difference. That's the whole reason all this cloud stuff, streaming (as opposed to download) video, etc all seems so bizarrely alien. You're talking about such a tremendous performance downgrade, that I just can't begin to really take it seriously.
I suppose the thinking is that they are planning for the future, when some day the WAN gets reasonably fast, where my home and business DSL line is replaced with fiber. Cool. Be ready, Google. But how are you going to spend those decades of waiting? Some cons are a little too long, IMHO.
Because even the smartest dogs are quite stupid by human standards.
mac's don't even real sever hardware and the laptops are unrepairable
http://www.cultofmac.com/251359/ifixit-finds-2013-retina-macbook-pros-as-unrepairable-you-can-get/
Vitamins.
There are two types of people in the world: Those who crave closure
I'm genuinely interested in this. You say repeatedly that it is convenient, but running a bunch of openVPN tunnels from my desktop/laptop doesn't sound convenient at all. The number of issues I have getting my openVPN connections through firewalls and NAT is very discouraging.
Please tell us more about your setup.
What type of work does the company and you do?
Approximately how many users work like this?
Does this company operate primarily as a standard physical office environment, or is this a distributed(work from home) startup?
Where are the servers, on-site, datacenter, cloud?
Approximately how many servers?
What type of applications are used, web, small applications like QB, MS Exchange or SQL systems?
What are the negative aspects of this system?
Why would Google buy Macs if they don't use OS X? They could use Linux on ANY cheaper computer they choose but bought Macs anyway.
I believe Google thinks like a lot of us: OS X for desktops, Linux for servers, a mix of iOS and Android for mobiles.
Get free satoshi (Bitcoin) and Dogecoins
From a security perspective, Google is right about the notion that your internal corporate network being "safe" is dead. Between all the laptops, tablets, smartphones and very portable USB devices, there really isn't a secure perimeter on your network. Security needs to be applied at each entry point to the network, whether that is wired (internal or external doesn't matter), wireless or virtual.
The summary implied that the need for security devices goes away once you give up the idea of a perimeter, but that isn't the case at all. The form that security comes in may change, but you still need it. Authenticated users connecting via secure tunnels doesn't eliminate the risk of malware, so you still need IPS and anti-malware devices (Fidelis, FireEye, etc.) to keep your protect company assets from valid authenticated users.
If you can't trust any of the devices on your network, then you need to inspect 100% of the traffic entering the network.
If I'm not mistaken, OSX was based on BSD, not Linux...
bork bork bork!
They picked a company that stands behind its platform over a platform that has no clear owner. It has nothing to do w/ how 'real' the UNIX is, or the license (okay, that may be a factor) or whether the company itself makes an arguable alternative.
I agree with you that GPU options are very limited with Macs, but why the hell would onboard video and 16GB of RAM not be good enough for regular desktop work?
Get free satoshi (Bitcoin) and Dogecoins
To get the taste of their owners face out of their mouths.
I am Bennett Haselton! I am Bennett Haselton!
Why would Google buy Macs if they don't use OS X? They could use Linux on ANY cheaper computer they choose but bought Macs anyway.
I believe Google thinks like a lot of us: OS X for desktops, Linux for servers, a mix of iOS and Android for mobiles.
Because Apple makes good, attractive, hardware? Besides, hardware cost is inconsequential compared to the cost of a developer, whether his laptop costs $1500 or $3000 doesn't matter. Our entire development team uses Macbooks - and of 12 users, only two of them run OSX. One of them is even geeky enough to paste a Tux logo over the light-up Apple logo.
Since they deploy on Linux servers, it makes sense to develop on Linux. Write-once run-anywhere still isn't a reality - obscure platform specific bugs can still come back to bite you.
Don't know about that, cats won't walk on a leash, a cat won't come when you call it.
Which would you consider smarter? Hint, it's probably the one that exercises it's own free will vs the will of it's owner.
I am Bennett Haselton! I am Bennett Haselton!
Google development is done on Linux but Mac laptops at Google run MacOS. Laptops (or chromebooks, there's a mix of both) aren't used for development (except via ssh, etc); they are used for email, web, etc.
You're kidding, right? Google - home of the cloud - is going to worry about local storage limits on drone machines. And...again...drone machines - onboard video is probably 4x as fast as they need it to be for nearly all conditions. They've rolled out fiber in an entire town; I'm going to guess that they've got a pretty speedy wireless system on campus.
Apple hardware is very limited if (a) you're looking for a bargain and aren't on a corporate buying plan, or if you're a hardcore gamer, or if you are running massive analysis software, or you are locked into industry software packages which are platform locked. None of that is an issue for desk machines at Google.
I'm not, in any way an Apple fan, but pretty much none of the problems you state are of any consequence to their usage profile.
Is it just my observation, or are there way too many stupid people in the world?
Well, based on Mach 2.5, which contained BSD 4.4 and Mach kernel code.
It's more about the locked ram choice then the size of it. 16 Is good now but 4 years down the road?
They buy Apples to save money?
Cue the frothing idiot tax minions....
Our entire development team uses Macbooks - and of 12 users, only two of them run OSX. One of them is even geeky enough to paste a Tux logo over the light-up Apple logo.
The last time I visited Google HQ (about 5 years ago) the most common setup I saw was Thinkpads running Linux with Macbooks running Linux in a close second.
Isn't it ironic?
free nutrients that didn't get absorbed the first time through.
even for humans, one's own feces are safe to eat, barring mouth sores and the like. there's nothing in it that didn't come out of you in the first place.
"They were pure niggers." – Noam Chomsky
Dogs eat cat poop, too.
I've yet to see a cat eat cat or dog poop.
Some places like to have so IT'S EASY to take out the HDD for data security. HP, dell and others even let you destroy the HDD when going under an warranty replace.
Will apple do that?
Four years from now I'll be using a one year old machine. :-) Any developer that I'm paying good money to is worth a new computer every three years. Compared to salary and benefits the cost of hardware is minimal.
"Almost every wise saying has an opposite one, no less wise, to balance it." - George Santayana
Wrong! Dogs are dumb, just easier to control and teach "tricks", since they are pack animals. Anyway, the cat's brain got twice the count of neurons than the dog's brain got.
posting to correct mod error - apologies.
sigs are for losers (except to point out that sigs are for losers)
or you are locked into industry software packages which are platform locked.
The reason behind Microsoft's hegemoney.
We play the game with the bravery of being out of range
How exactly is your example much different from any other Laptop.. the Dell laptops here (about half mac, half dell) have docking stations, and adapters needed for using HDMI in conference rooms just like the macs do... your additional cost example really makes no sense.
Michael J. Ryan - tracker1.info
some cats do eat their own poop.
dogs are more attracted to cat poop because it contains more nutrients; cats eat a diet heavily derived from organ meat, while dogs eat comparatively more bulk muscle.
"They were pure niggers." – Noam Chomsky
There is a large amount of bacteria that is just fine in your lower intestines, but with wreak havoc higher in the chain.
well some places to do push 4 years but with apple 2 years is out of date for some systems.
"...staff only allowed to use Windows with a supporting business case." That's why MS feels scroogled.
Actually, dogs are smarter than cats by all available measueres. Free will has nothing to do with intelligence.
In their whole talk they assumed the users of the services know what they are doing and how to behave. I'm sure that in Google's case all their workers are well trained, but I sure as hell couldn't allow VPN connections to our CRM database. Who knows what workers install on their laptops once they leave the office.
So you should cook it first?
Treat it like beef, and make sure you kill the e coli etc.
The mac pro (not the ashtray version, don't know what that's like) is still a solid workstation. You can cram 64GB of ECC RAM in it quite happily. I don't know how long Apple will keep making things like that though, now it's evident there is a lot more money to be made in the consumer market.
Because any cheap laptop is just that cheap. With the exception of the thinkpad (and even that can be a bit bulky) most laptops are still kinda shit. Macbook Pros are easily the best laptop you can have even if you never run OSX.
Keylog and steal their credentials and you've got a jumping off point to worm in to the rest of their network.
2-factor authentication helps, the key logger can only get one of the factors. The second, say a time based one time password (TOTP), is still secure.
even for humans, one's own feces are safe to eat, barring mouth sores and the like. there's nothing in it that didn't come out of you in the first place.
This is wrong. Bacteria are not evenly distributed throughout both the small and large intestines. Look up small intestinal bacterial overgrowth sometime.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
So does that mean (from your link) that men are 21% smarter than women? And women just appear smarter because they're pack animals?
I believe the earlier name for "cloud services" was timesharing. The 70's called and want their VM370/TSO back.
When I walk my dog, two stray cats join us for the walk. They happily follow us all around the block and were never afraid of the dog and the dog already lives with two house cats. So they may not walk on a leash but they will walk with you. I feed the two strays and provide outdoor shelter for them (plastic dog house I found in trash which I put a spare dog bed into). I would take them in if I already didn't already have two terrorists.
The available measures are somewhat broken though. Cats are just differently motivated. "Failing" an intelligence test that the cat has no interest in completing doesn't mean they're stupid.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
People keep bitching about the limited hardware choices with apple gear, but the simple fact is that whilst you may think you're getting something big by being able to tweak spec to the Nth degree, you simply don't. Games being an exception, somewhat.
The big performance jumps are had by upgrading from one generation to another, not by obsessing over minor differences between particular models of part within a particular product generation.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
4 years down the road the box is out of warranty/support and you'll get a massive performance jump by upgrading the machine - far more than sticking an extra few sticks of RAM in the box will give.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Given that apple offer applecare on machines for 3 years, false statement is false.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Because it's more of a pain in the arse than OS X to set up and make work with other systems, and doesn't really do much of anything that developers care about that OS X doesn't do. Other than run on cheap crappy hardware (been there, done that, been a Linux user since 1996. My primary machine has been a MacBook Pro since 2011.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Because additional cost to just buy apple instead of some other vendor = far less than the cost to re-invent the wheel. And you end up with nicer hardware to use (in terms of screen, trackpad, keyboard) and third party support from a major vendor with stores and support staff all over the world. It's a no brainer really.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I must confess, you have an astonishingly good idea there doctor.
-
Maybe because Apple uses proprietary cables and connectors that costs a lot more than standard equivalents? I've run shops with both Apple and Wintel and Apple costs more than twice as much when you factor in all the fluff. If you think that is a rounding error then you have a lot to learn about running a business.
No, but the difference between a $1200 Dell setup and a $2000 Apple setup compared to the salary of a $100,000 employee plus benefits is pretty famed small... I run windows Mac and Linux pretty regularly... I don't really see too much difference in one way or another... Windows has better infrastructure management tools and a greater attack vector... Mac has a shiny shell and a more consistent ui.
Michael J. Ryan - tracker1.info
It also depends on how strongly the cat has bonded with you and whether they grew up with the same cats from a very early age, all of which also makes a huge difference in their/our ability to communicate. (I strongly suspect certain phenotypes also are more predisposed to bonding/working with humans than others; people think of it as a breed trait, but IME "lookalikes" often carry it as well.)
The species is surprisingly like children in terms of their intellectual/communicative development being profoundly affected by how/how much we interact with them and how nutritious their food is. (By nutrition, Imean good ingredients like brown rice rather than indigestible corn fillers; some of the really pricy USbrands like Science Diet or Iams are low-quality.) So most people's idea of a cat's mind is based on the equivalent of a little kid left in front of the TV & living off junk food, rather than one whose parents give it a great balanced diet, read to & played educational games with it, if you see my drift. It's no shocker most people's idea of a normal cat is an uncommunicative creature that's constantly exhausted.
FWIWI'm not a breeder, my cats are spayed/neutered early on. I learned what I know from spending vast amounts of time rehabilitating unwanted kittens & young adult cats that won't be given a chance at the local "no-kill" shelter (ones that would panic and/or attack at random due to being abused, unhandled, or feral) for almost 30 years.
Here's one hopefully-good example of what I'm talking about: a friend's ex-farm-feral 'informing' her that he wanted more canned food. He seemingly got the urge to communicate and amazing bond with her from the Korat phenotype he matched (breeders saw him at the hospital and asked who sold him).
Now mostly at Usenet:comp.misc & SoylentNews.org (it's made of people!)
Lizards won't walk on a leash, and won't come when you call them. What does that prove? That lizards are smarter than most 6 year olds, and most dogs ?
Bingo Dictionary - Pragmatist, n. A myopic idealist.
I know this isn't the main point of the article, but I don't think Google can really claim the largest deployment of Macs. I think Apple's own deployment must be far larger. Per the 2013 annual report, Apple had 80,300 full-time equivalent employees. Then consider the possibility that Apple may outsource a large portion of their customer service, tech support, sales, and other customer-facing (non-retail) workers. Those people might work in remote locations, but would have to be using Macs connected to Apple's corporate network. I think 120,000 Macs would be a conservative estimate for worldwide deployment covering HQ/corporate, Apple Retail, AppleCare, Apple Online Store, iTunes/App Store, plus the staff that serve niche markets like education, enterprise and public sector. So I'm afraid Google can't claim #1. However, I can't think of any other company that could even come close to Google's number, so they're probably secure in the #2 spot. Plus, this number says "Apple devices" so if you include mobile devices, Apple's own number would almost certainly surge past 200,000.
The idea of a secure network and a VPN to get into it if you're working away from the office is all very fine, but the list of problems it throws up is huge - and it just gets bigger as your company expands:
- You almost invariably wind up with a two-tier experience. People who are in the office and get nice fast access to everything and people who are out of the office and everything's dog slow. Oh, sure, you can reduce this problem somewhat by putting servers in a colo, but now you've got to engineer systems so you don't wind up with everyone getting the dog slow experience. (I'm particularly looking at legacy file servers here; SMB was never really designed for use over a slow, high-latency link, though I understand newer versions of Windows Server have mostly cracked this).
- You don't gain an enormous amount of security. Even with a heavily locked-down perimeter firewall it's seldom that difficult to figure out a way to get information out, as long as you can get something nefarious in. And that really isn't difficult with a little light social engineering.
- Expanding beyond one office gets very expensive very fast. You need to be looking into Terminal Server, very fast (=expensive) links or have branch offices put up with terrible application performance. IT as an industry automatically assumes that multiple branches = huge business with a huge budget that takes IT very seriously (seriously, throw that bit of information into any proprietary system you're pricing up and watch the price skyrocket). I can tell you now that every single town has loads of small businesses spread across multiple branches that don't have a huge budget, don't feel the need to dedicate enormous resources to IT and they are absolutely loving the various web-based products such as espoused by Google.
Oh, sure, there's a lot of business applications that are designed on the assumption that you're a company in just one office - or if you have several offices, you have gigabit links between them - but I don't think Google really need to care too much about those.
If we are going to get into intelligence, both of those animals have one over humans. They get fed for free and we pick up their poop. All we get in return is response to cues that we mistake as emotion.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
How exactly? I have never had problems to set up anything on my Mint install, apt-get handles all the installations I need and I made a point that you should customize your own environment on my last post. For example I used to run a very customized version of blackbox before switching to cinnamon which I also customized to a lesser extent.
Granted I have almost no hands-on knowledge of macs and I work at a java / open source shop and these things are easy to set up on linux. But I _heard_ that command line capabilities are not as good a linux which is a major thing to worry about if you are a dev.
Google had implicit trust due to laziness and ignorance and the whole benefit of the doubt thing. Google knew all along there is no actual privacy, but their customers didn't see it as an issue, and Google profited off the difference - exploiting and selling that data that their users did not think to protect, and offering cloud services to people who did not consider whether the cloud was secure.
The NSA scandal blew that wide open. Now their whole business model is in jeopardy. Where previously they said trust us, now everyone is saying lets go overseas to find someone trustworthy. Trust cannot be regained, so what Google needs to do is convince everyone that trust is not an issue. You can't trust us, but you really shouldn't trust anyone. And look: it won't impact your profits, and it fact it will save you a lot of money.
So Google is eating their own dog food, playing their own guinea pig. They'll work out the technologies on themselves. They'll say look its working for us, and you should do this too. If they can pull this off - simultaneously eliminate trust and save money doing it - corporate America will be compelled to follow whether they like it or not, because they can't deny the dollars. And like sheep, the public will follow whatever their corporate overlords are doing.
This has an additional benefit: Google can now say to people: hey privacy isn't our problem, it's yours. If you have something to hide that's your responsibility. This can of course be spun as "save the children" vs. "hiding criminal activity from the NSA" to give it some teeth. It lets Google totally off the hook and gives them carte blanche to do anything they want with your data. I'm thinking they'll still give us the tools to do it, but they know that most people are too lazy and complacent to bother, and those few smart or paranoid enough to do to do it will only make themselves targets to the gov't. Except for corporations, who get a free pass to maintain privacy. Once the ecosystem shifts to no trust and no privacy, and laws are passed restricting "technologies that could be used to conceal criminal activity," it will be hard to have any privacy without going offline. (And really, it already is.)
This not only saves Google's business plan, it accelerates it. I'll bet Facebook is going to be all over this too.
Sexist arsehole?
Wow that one went right over your head.
I was pointing out (via parody) the absurdity of his argument for cats being smarter than dogs based on numbers of neurons.
And the "appear smarter" bit was also a pre-emptive dig at all the sexist geeks likely to take it at face value.
You keep mentioning this difference as a ratio of employer salary as if this matters. Should I also use this excuse to buy a $6000 desk? a $2000 chair? $10000 coffee machine? Where do you draw the line at servicing your $100k employees? Running a business is about increasing profit and reducing costs. Increasing your Capex by 100% needs a better justification than "Shiny".
I don't know.. maybe to keep your $100K+ employees happy? Employee churn costs about 3-6 months of salary for skilled positions of an employee with over a year of tenure in a company. Personally, I don't care *that* much... why don't you get your employees chromebooks? Then you can reduce your Capex by 80%.. YAY!
Michael J. Ryan - tracker1.info
And blue whales must be demi-gods.
What corporation in their right mind would put their data on some one el;se's servers? That opens it to government snooping as if it weere public data according to the administrations interpetation. It also removes it from their direct control.and it would need to be stored in duplicate at different sites, with archival backup. I coud never recommend that anyone store their data like that, let alone a coreporation. Like the power grid. It opens up many more avenues for failure and data compromise.
No need to be silly about it. Most people expect Windows is standard, just as they expect a standard chair and desk. If an employee threatened to walk because I wouldn't upgrade their Dell for an Apple the I'd be happy to let the jerk go.