Sam,
For sure at the very beginning, for someone not understanding all the technical stuff but having only needs and boss with requests, asking to have theoretical approach to balance and discuss pros & cons has little meaning. I fully share.
However, we are discussing this since months, which give us time to:
- understand better technical stuff
- measure pros & cons of different choices
- refine requirements if needed
- at the end, make the right decision hopefully not to far from the ideal target, or at least understanding why the "perfect" world doesn't exists
Goal is not to tell you that you have - or not - to manage SMB. You are in this position right now and have this responsibility. Goal is to exchange and share our view, share our knowledge and achieve the best result. You don't know everything, neither I do but working together, we should achieve better result because there are some aspects you know and some other I know. But this means that we have to move from our respective positions.
Rephrasing this, I mean that at some point, one has to learn some technical stuff in order to move ahead. If we keep debate at the end-user level, the is very little we can do
Back to this technical stuff, I don't understand why you stick on this position, thinking that explicit proxy will need half a dozen of manually managed configuration options.
If I try to summarize what I currently have in mind:
1 -
Once explicit proxy is enabled, auto-discovery is highly suitable to avoid managing clients manually. This can be done 100% using Zentyal GUI if option you select is DNS, now that SRV and TXT records are available in Zentyal interface.However, pushing this via DHCP is very suitable too but not available in Zentyal GUI.2 -
WPAD server can be managed via Zentyal GUI but proxy.pac file (wpad.dat) has to me manually managed.3 -
in case of use of non standard HTTPS ports, squid conf has to be manually tweaked.What else?
- You
may have some (very few) devices not implementing auto-discovery.
- You
may have (here again very few) programs not using OS or browser settings to determine whenever proxy has to be used or not
- if you need profiling or identification, then authentication is required. Difficult here to have something (authentication) and the opposite (not to be bothered by authentication) at the same time
and as I wrote, once SSO (thanks to Keberos) will be there, we will discuss at length about security on workstations
but this is what you have to put in the balance to decide whenever explicit proxy is better than the few drawback. Once you have this in your hands, no one can decide for you because you are, at the end, the one operating and managing.
This is the way I perceive it
Then we may hope that Zentyal team, in a next version, will improve their platform and include these few interfaces so that everything can be done using Zentyal GUI. do not take it wrongly: it will never prevent to understand a bit of technique in order to make the right choice.