New MSP here and am I ever glad I found this forum
An email reminder informed me about the new BR500 device and so I spent an afternoon finding out more about that and Insight Pro.
I read the documentation quite thoroughly and it raised more questions than it answered.
Fortunately @schumaku has seen fit to point out several of those "defects." I've found some more...
My main complaint is the requirement that EVERY organization requires both a business owner AND a manager with SEPARATE email addresses to register on the site. This is simply not practical in the real world.
I am grateful to subscribe to an email service that allows me to create "addresses on the fly" so that I can create myname.site_role@thedomain.com to fulfill these awful requirements - all the emails flow to my Outlook account. Keeping track of them is my responsibility. But I would NEVER subject my clients to this kind of nonsense. Their responsibility is to run their business; mine is to take care of their network and computers. I certainly don't want them going to Netgear's site and creating an account and setting up profiles. Ludicrous, simply ludicrous.
And don't get me started on 2FA. Why would Netgear decide to build something new - and unweildy - when they could simply use Google's Authenticator to accomplish the authorization?
Lastly (for this first post), I'm very concerned that there simply won't be sufficient traction for this new product line and that in a year or so, with little visible improvement, Netgear will either turn it off or into something else leaving hundreds (or only perhaps a handful) of MSPs without a rope and clients who have signed up for multi-year licenses holding on to unsupported hardware. There are too many features missing from this "first gen" product that I can't - in good conscience - roll it out to my clients..
Re: New MSP here and am I ever glad I found this forum
Hello,
Thanks for your input, in regards to account ownership. From your current setup it sounds like you are managing all orginizations and locations of your Insight account. By default the admin of the Insight Pro account can be the owner of an orginization by default if one has not been assisigned. Page 9 of the Insight Pro manual:
The admin can also be the business owner. For example, if an MSP owns the NETGEAR devices, leases the devices to a customer, and provides Software-as-a-Service (SaaS, including Insight Pro management) to the customer, the business owner and admin are identical.
As per design owners in an Insight Pro environment would be the owner of the devices and have no intention to manage or make changes to the devices. They can have access to autosupports that are generated and email alerts. The managers would in this setup have their own log in and be able to manage the devices on the owners orginization.
The 2FA is valid as there are other companies that offer their own 2FA solutions and we continue to make changes and improvements to our 2FA with Insight.
My main complaint is the requirement that EVERY organization requires both a business owner AND a manager with SEPARATE email addresses to register on the site. This is simply not practical in the real world.
The designers and the testes obviously don't understand the difference between roles and identities. One identity must be able to take many roles - like a consumer Insight, like Insight Pro owner for multiple organisations, like an Insight Pro manager for another set of organisations. What we have now - proof of concept, a prototype at best. Hey, I've even offered a Manager access to the Netgear project engineer to my test site months ago. And got an email - the normal netgear.com email - which can't be added, because it's obviously already "used" for a normal Insight or as an Insight Pro role. Told them in time - not even a response. And just had the same in the chat these hours. Again asked to fix the identity vs. role thingie. And earned silence.
And don't get me started on 2FA. Why would Netgear decide to build something new - and unweildy - when they could simply use Google's Authenticator to accomplish the authorization?
Here I must disagree. Not that I desperately like the (Ping Identity) based 2FA solution nor the childish portrait mobile phone oriented login "page", lacking of preset the input focus to the first field for the number, ... However, the pure challenge-response systems like the RFC 6238/RFC 4226 based implementation [Google Authenticator is just one of many possible and available implementations] are on the way out - even Google, Microsoft, or Facebook to it in a more modern way.
On the way in are Apps a (on a second device, e.g. a mobile) where you see a notification of the authentication attempt (as of now the current implementation for the Insight App or the Nighthawk App) is a little bit weak, we must see the IPv4 or IPv6 source address from where the auth request is triggered, the estimated country/state/region) before we can confirm the authentication attempt. Permitting this does run 100.5% reliable (currently it's not - either the notifications don't come to the App, or the confirmation don't lead to the intended login).
Lastly (for this first post), I'm very concerned that there simply won't be sufficient traction for this new product line and that in a year or so, with little visible improvement, Netgear will either turn it off or into something else leaving hundreds (or only perhaps a handful) of MSPs without a rope and clients who have signed up for multi-year licenses holding on to unsupported hardware. There are too many features missing from this "first gen" product that I can't - in good conscience - roll it out to my clients.
Core component would have been a business class router. What Netgear has specified, designed, and implemented with the BR500 is ways off. As of now, it's even a show stopper for Insight Pro. I used the wording "it's a joke". Even a bad one. In any aspect. Not just the front/back connectors and LED mess leading to the the rack mount problem. Either way it's wrong. And the other way it can't be mounted at all. What a crap. Have asked for a BR500 v2 hardware on the day of it's announcement. Of course - nobody had the butt to send me a Beta test sample. So they would have learnt that the 256 VLAN support from the specs is a lie - as of writing the VLAN translate to a untagged single port, with four port for VLAN, four DHCP servers. Edit: And to change this - to be specs compliant, with up to 256 VLAN (and the same amount of DHCP servers, mutiple M:1 and 1:1 NAT, ... - will take months we're told. As they know from where I'm coming from... So I _do_ compare to the object oriented ZyXEL UTM and VPN routers (not a secret: My babies.). BR500 is not even near to a ZyNOS based ZyWALL from decades ago. And I give not much about the marketing push on this simple VPN feature - because every average IT person (every small SOHO or SMB has one) is able to set-up a site-to-site VPN in a few minutes. And I'm still waiting for official firewall and VPN performance numbers from benchmarks. Not good dear Netgear. I'd have sent some more people to Timbuktu. One-way.
