I think I first touched Hexnode in … 2021? I went through the setup three times, each time accepting the two week free trial. Every time the deadline arrived I’d be the only one with it installed and we’d just let it slide. This time I insisted on a paid account up front and after that trio of beatings in December, I don’t have to arm twist so much to get people to install it.
This tool is a bit too heavy for a single user, at just over $700/year for the fifteen device minimum. But for small groups it’s a handy way to ensure that they reach the right side of Paranoia: Pathological Or Professional?
Let’s have a look at this beast …
Attention Conservation Notice:
Hardcore device security stuff will be found within this post. If you don’t do the hands on, just make a mental note that it’s covered here, for the day when you realize you can no longer roam around undefended.
Initial Implementation:
The first thing you do with Hexnode is select one of four service levels. Since we have one of every type of device known to man, and the goal is to spread this framework to the masses, Ultra was the only choice. I’m not sure why they’re coy with the pricing here, it used to just say $5.90. I guess they want the leads and Ultra users will typically be the big fish.
Once you’ve picked your service level you’ll get a portal, which will look something like this. You append /enroll after the portal name and open that URL to enroll new devices.
https://disinfodrome.hexnodemdm.com
And once you log in, you’re presented with a list of what’s new, and what’s upcoming.
One of the things that surprised and pleased me is this - Linux is now supported.
The Linux support is partial - works on AMD64 systems, but not yet supported for the ARM64 in my Pi5 systems. I put in a request for them to add this, and I’m curious to see how long it takes. I presume it’s a simple task and it’s just the volume of requests they get that govern how long it will take.
Since there’s a lot of Apple gear around here, I had to set up an Apple Push Notification certificate. This is fairly smooth in terms of creating an SSL certificate, but it’s unusually fiddly for Apple, where they go to great lengths to make things super smooth.
This is why I had such trouble getting people to sign up …
Hexnode is the answer for what to do about lost or stolen devices, in addition to all the other features. And there are other access things that make the pack of ferals I run with even more skittish than normal.
What’s Next:
I’m doing the basic setup stuff for myself, but there will be one addition to the mix before the end of the month. I got that little Steetek quad port KVM right at the end of January, and the first three ports are Mac, Pi5, and the new Windows machine. Port number four is idle, but it’s going to get a management console machine.
The management machine could be anything, it just requires no remote access. I ended up with a low profile aluminum heat sink case for a Raspberry Pi5 and a 4GB board is just $76. Here’s the case and a credit card sized CAC smartcard for scale.
That style of case constrains the machine to just a 30mbyte/sec microSD card, but that’s fine for light admin duties. I’ll eventually end up with two of them - one on the desk for work, and another paired with a Mikrotik RB941 to create a mobile network sniffer.
Conclusion:
The last time I was the general desktop support guy was back before the turn of the century. Today everything is smaller, faster, and in general slicker, but the job has not changed in any fundamental way. The one thing that worries me is having Windows in the mix, because I haven’t used it since that long ago job, and if I’m forced to touch it I get to feeling stabby really quickly.
I am a teeny tiny bit mollified by my recent experiences with Windows 11. They of course moved every last thing in the interface, with no apparent motive beyond keeping people focused on constantly relearning their shite, but it IS easier to handle. The first thing I did with the new machine was to make a sector by sector backup of the drive using the Linux dd command. I intend to do terrible things to that system, so I can walk others through the recovery stuff, and I do not want to make an unintentional real repair situation. There’s no brain drain to a restore with dd, it’s just a one line command.
So there you have it. The name of the game here in Q1 of 2025 is force protection.