You should buy both. Don’t mess around with VIP UAT.

Reolink might be another to consider.

OpenVAS is a vulnerability scanner that appears to be open source.

Metasploit is another that I think is free and might be open source.

True but it’s designed to be on networks that don’t have internet.

Tplink Omada doesn’t need a cloud connection. There’s plenty of other reasons to not like Omada but it’s something to consider. It’s also dirt cheap.

If any service has only username and password instead of mfa or password less then it’s not safe.

You also didn’t mention if you have automated patching or immutable backups enabled.

Even large streaming services drop their servers close to the users to make the experience good. They just do better at scaling.

You could federated authentication so only one ldap service is maintained. You could also sync media from one device to the other so you don’t need to manually update both.

Desktop streaming isn’t the same as web apps.

Modern desktop streaming is quite impressive. 100ms, 5% loss is no problem for most tasks. You don’t even notice it, and as a result your experience can sometimes be better.

Additionally you can offload some tasks to the local machine where appropriate.

You dont need to fit every users needs into a thin client setup, but you could fit probably 50% of all users onto one and they wouldn’t know any different. Think of the energy savings. Think of all that plastic that goes into a desktop or laptop that isn’t needed in a virtualized blade chassis. Think of the rolling performance upgrades. Think of never having your hardware go End of Support. Think of the old equipment that ends up properly e-wasted instead of shoved into a dump. Think of the batteries that no longer need to get produced.

I might play around with this idea and host my own non-profit Desktop as a Service.

I’ll repeat what I said elsewhere:

Renting PCs is probably overall cheaper and a lot better for the environment. Most people don’t need a machine, they just need a thin client and something to access a few apps maybe 30 mins a day.

Even “power users” don’t need a machine.

If there were a non-profit or not-for-profit that was selling maybe an rpi we’d be saving a lot of money and reducing climate harm.

I just don’t trust bezos to not be greedy.

This plugged into a raspberry pi would be a cheap alternative to a true kvm appliance.

https://openterface.com/product/minikvm/

You don’t need a kvm for 5 systems, just one for the machine that doesn’t have vpro.

Vpro is really only needed to get you into your bios or fix an issue where you disabled network somehow.

You could buy a standalone kvm. I think there’s one that uses a raspberry pi.

Or you could set up vnc or something similar on your host if you need a gui.

I would put vpro as a nice to have but not essential component option.

Non-vpro with amt will still get you to the pre-os screen I think.

You posted this into the /c/fediverse community. It should be in /c/news or somewhere else.

Might be best to delete it and post again.

Welcome!

It’s not clear what paid licensing gets you. What’s an Enterprise OS for example?

Set up a VPN to your router as a backup. If something goes down, you can still vpn into your LAN and reach all services.

Self signed certs are usually created with OpenSSL. Find an example online. If you own a domain create your cert against that name.

The better option is to get your backend also using let’s encrypt and change to https. The whole point of lets encrypt is “encrypt all the things”

You should be able to fix your browser cert error messages by adding the cert to your trusted root store. Easy to do on desktops, mobile devices might be harder to do without an MDM.

Enterprise firewalls can detect if you’re running services on non-standard ports.

For example if you try to use ssh on port 443, I block that.

If you try to use https on 8443 I block that.

Also if your domain is on a dynamic dns domain or is relatively new then it might get blocked.

It’s not common in enterprise to not auto-update.

Jellyfin logs will tell you if it’s transcoding. If you have a dvd you can use handbrake to convert it to any format you want.

If you stream to a different device and have the same issues and it’s also not transcoding then you can isolate the issue to your tv, network, or hypervisor.

What makes you think it’s the r usb-c adapter? Switch to wifi and see if there’s any difference. Try a 4k source that doesn’t need transcoding to confirm it’s not a hw acceleration issue.