Doubts about NS8

I’ve used NS7 for my small business for several years. I never understood why it had a built in firewall. My understanding is you have to have two Ethernet interfaces for it to work, I wouldn’t want to explain that to another small business owner that sells flowers or something.
I service a lot of apartment management companies and by the time I walk in the front door they usually already have two firewalls/Gateways running. The Comcast gateway and usually a Meraki one. I’m no expert but maybe triple Nat is better than double Nat.
I use NS7 for email, next-cloud, and Deck to keep my small crew organized and working remotely.

Just fired up NS8 on my proxmox server and it looks like a simple way to provide a choice of remotely accessible services for running a small business.
I’d like to see GitHub - Leantime/leantime: Leantime is a strategic project management system for non-project managers. in the software area as it looks interesting, how hard would it be to add a docker container for that?
And yes please on wild card certs or dns-01 or whatever it’s called. Simple is better, we aren’t all running computer programming companies.
Just my opinion.

Hello,
Ns7 has built in gateway features. You can use as firewall, as a server or both at the same time, on the same installation. I can install third party services and repos without breaking anything. No problems on bare metal or virtualized.
This flexibility Is missing on NS8 and some people is suffering about this.
Especially when ns7 in installed on crappy old hardware on P4 single core and 3GB of RAM, but never stop.
Moving to virtualizzation and split services on 2 products could be a problem for old existing hardware.
I moved my ns7 (gateway + file server) from bare metal to proxmox, preparing final migration.
NS7 can run on a toaster.
NS8 requires more RAM, modern CPU to prevent container issues, should be installed on virtual enviroment.

The product changed.
We should wait for the NS8 final release, and wait for nethsecurity gateway too… the most wanted firewall ever.
This Is my opinion.

I’d suggest, if I may, migrate a copy to NS8.

To the devs and nethesis: I know NS8 is still in beta.

Hi @schulzstefan

I’ve also worked for clients using a 10 year old server for Proxmox - SME is not a uniform thing.
The only more or less universal criteria is between 1 and 500 employees…

Some companies have regular budgets, some have very opulent budgets, others have to turn every cent twice!

But the above example was among the better ones!

But not yet the top liga!

My 2 cents
Andy

That’s why I’m here, to try NS8.

To the devs and nethesis: I know NS8 is still in beta.

@sarz4fun

Hope you don’t get the following wrong.

@Andy_Wismer

Of course. Not.

Lot of customers we have (DAX, MDAX, DOW, …), do work with SAP, oracle, salesforce, or any kind of “TOP LIGA” ERP and BIG IT infrastructure. I cannot compete. I really try hard to match their standards. Not only in IT. I’m only a very little supplier.

As I already stated: things you can’t do for your own, you have to pay for.

In this very moment, I’m still able to do my IT for my own companies. Besides other things in the administration and production. Over 20 years with NO serious break in production. Did I miss an argument of a security point of new NS8 vs. NS7 structure? What coming up security dangers for NS7 do you see? Could you please be precise. Of course right now, for NS8 you need a (hardware) firewall. Easy to configure. Ehh?

Even before. Anybody remember DEC? I was dealing with NOVELL, yellow cable, with fibre lines, opto electronics and interfaces (inside different branches of a company, in different countries, with MODEMS) and PC’s in a time, and CODING, that I don’t want to miss for learning.

To be clear - I’m happy that this is the past. Beside the SPEED of connections (time is money), the NEEDS of a SME are nearly the same. The bottom line for a company seems to be: less money more profit. To translate in IT - less efforts (by matching the needs) means more time for core business. Whatever this might be. Did I miss the point? Does NS8 give me more time to take care for my core business, i.e. for a SME to make money?

I KNOW ABOUT THE GOLD STANDARD. Sorry for being loud.

In this very moment - as a company producing goods in Germany for over 70% export - our products do not allow the overhead for an IT department. If I’d have a choice I’d really like to have it in another way. I’m not doing IT for my personal fun. No, really not. That’s why I stated “never touch a running system”.

Again and again - I’m talking about SMALL MEDIUM ENTERPRISE and ONLY for myself. MITEL, SME, KOOZALI or NS7 is why I’ve chosen SME software a long time ago. BUT STILL VALID for me.

Mhmm, I got it: move, move, move. Click, click, click. “SME over 20 years in nearly the same way - don’t you think it’s time to MOVE?” Come on, let’s do something NEW.

I’m old enough to realize if things have no benefit to my needs and are trying to drive me in a direction I don’t want. In other words - as long as I don’t see any improvements from the standard and needs we now have, I’ll not follow.

No - please don’t tell me again - I really like to test new products. In fact it’s a part of my job. And not only in IT. I don’t want to live in the past. But I’m old enough to judge careful.

There’s always a choice. Again - this is my very personal opinion as being responsible for a SME.

Period. No more post from me.

Echoes from the Ivory Tower

• Is it for SME? – Yes, absolutely otherwise I loose my job and I’m still far from retirement! There are many platforms to run containers out there. I’m sorry if we reinvent some wheels, but they not fit SMEs as we have in Italy.

• Community vs Enterprise – Is it still worth to mention this FAQ: What is the NethServer Business Model? We do not deliver a finished product to the community, everybody has their part to play to do it.

• Containers effective portability – With containers, data is in another directory and has a different owner than what you expect. Porting a container volume to another node is something new to learn and still possible: I already recovered Nextcloud and Mattermost from a crashed NS8 node starting from bare disk image. See Trello card.

• Containers not maintainers – The software supply-chain has changed in the last 20 years. Distro-level package maintainers have retired or changed their job. Software comes directly from its creators and is quickly shipped in containers. We need more RAM to run them: we pay RAM vendors instead of paying distro package maintainers. RAM vendors are happy, maintainers… I don’t know.

• Containers bandwidth – Containers are bigger than packages. They require less metadata than package repositories for update checks. If we run update checks every day the monthly bandwidth usage might surprise you.

• Containers and opportunities – With containers we can quickly integrate more software, like DNS servers, single-sign-on and many other applications. I understand this looks far from now, because priority is on NS7 feature parity and migration.

• Complete firewall – Do not build a battle cruiser that is also a container ship. Firewall was moved to another nice, free and open source project: NethSecurity. It has NS8 integration too!

• Single file restore – Not a general need. In practice it is useful only for some applications, as explained in another thread.

• Fancy old times template system – In the sense of “configuration override”, not a general need. In practice it is useful only for some applications, as explained in another thread.

• Protocols for LAN backups – You are right and… luckily, we have a fantastic forum and community! We need it and we are working on it, as explained in another thread.

Surely it would be very valuable for a file server–that’s still in the plans for NS8, right? And if it’s implemented for that application, what prevents it from being used elsewhere? I don’t see any real value in it for, e.g., MariaDB or Mattermost, but if the feature is needed for some apps–and it is–why not make it available for all?

I think this is a case where people confuse a feature with its purpose. Surely there’s going to be some nostalgia–the e-smith template system has been around for 25 years, a practical eternity in computer terms–and there will be some who are thoroughly familiar with it and will need to learn something else. But the purpose of that system is to provide a means to configure a server in a certain way, and to generate the configurations for any pieces of software accordingly. If NS8 still does that, from a mostly-end-user perspective, I’m fine. I won’t claim to understand why you’ve made the change, but I know it’s made a great deal of work for you all, so I’m willing to assume you believe you have good reasons for it.

LAN backups could be improved–NFS and/or SMB really should be supported, IMO–but the complaint raised earlier was regarding local backups. As in, plug in a USB disk and back up to it.

As a complete side issue, why is the cluster-admin login page the way it is? Username on one screen, next, enter password on the next screen? It’s awkward and a waste of clicks, and I don’t see that it adds one iota of security. I know it’s getting popular lately, but it really seems like a waste.

Who’s gonna install a file server that could overwrite a whole day (or more) of work for retrieve a single file deleted?

Without granularity is not backup/restore, “simply” something equivalent to snapshotting or bare metal restore. Which is valuable, but don’t feel backup enough.

3 posts were split to a new topic: NS8 - virtual hosts disappearing

Hi friends,

i really understand every argument presented here. But I increasingly have the feeling that something is being talked up here that, on closer inspection, is real progress. Apart from the lack of a local backup option. That bothers me as well.

Regards…

Uwe

A post was merged into an existing topic: NS8 - virtual hosts disappearing

What do you mean? Could you explain?

Hi @alefattorini

I think Transocean means people are complainng for something actually going in the right direction, progress, moving forward, etc. All in all positive…

My 2 cents
Andy

Hi @Andy_Wismer and @alefattorini,

That is exactly what I wanted to express.

Regards…

Uwe

had made a similar request months ago, considering its more open than openproject

this is the reason why i had requested for a community call, so that there is a proper explaine rof how to istall standard solutions onto the NS8 instance, and how to build modules, both from simple to complex ones.

if i need to install say rainloop on the server, i should be able to do so (used that as example because its a well known system)

As @davidep said earlier in this thread

Containers and opportunities – With containers we can quickly integrate more software, like DNS servers, single-sign-on and many other applications. I understand this looks far from now, because priority is on NS7 feature parity and migration.

Sounds like this is on the road map but not a priority at the moment. I got excited when I read the beta2 announcement like a kid on Christmas eve.

Because currently many applications are delivered not with installer, but with container recipes.
As such

• only container platform is the software required for install
• distro-agnostic installer
• no conflicts with already installed software, for ports, services, versions or “generations”
• it’s simply faster, easier and cheaper for the developer

On the other hand

• increased system complexity (however container are not bleeding edge anymore, and currently are stable/mature product)
• increased skill and more system (and network) design required
• increased footprint for performance (with less memory usage compared to virtual guests)
• increased cpu consumption (internal network routing, and specifically for NethServer, also due to Wireguard)

Hello folks,

It’s been a while since I last wrote anything here.
I was always interested in how things were going with NS8.
Reading all this, I tried an installation.
I only have a QNAP NAS with Virtulisation Station available.
A VM with Debian was soon installed and the NS8 installation also worked and that with this hardware!
Hats off for that. But then the surprise was big.
This is a completely new system. Nothing is like it was.
I tried to understand the underlying system and have to admit that it is quite difficult for me.
I haven’t really found a good explanation. In the introduction of NS8 there is only one sentence. “Under the hood, NS8 is a container orchestrator.” That’s it.
For people not so well educated in IT, I’m sure it would be good to get a more detailed explanation about the basic function of NS8. The underlying function.
A new system that I understand, based on a good explanation, is much more easily accepted.
I managed to install a domain and a file server with a share. So far so good, but I didn’t really understand it.
I think many “part-time admins”, who have the responsibility in many SMEs, like me have the same problem.

I’m sure, many doubts about this new system can be dispelled with a good explanation.

Just my opinion.

BR Ralf