Guidance on small business setup

Support
,
1

Hi All,

I’m currently looking at implementing Nethserver in our small business.

Currently two small offices serving 3-4 people in each, plus NextCloud hosted online in a VPS.

I have a cloud VPS running Nethserver with a second node in one of the offices for testing.

I’m looking for any advice on the best way to configure these? Could anyone point me at a good overall system design tutorial? I’ve found the documentation for individual elements, but can’t find anything that suggests best practice?

My plan would be for domain, dns, etc to all be managed though Nethserver for each office.

Considering NethSecurity as an option for each office as well, but not really looked at that side yet.

We currently have a FreePBX phone system - but potentially move that into the same ecosystem as well as a future development.

Any thoughts or guidance would be greatly appreciated.

Thanks

2

Hi and welcome!

So, what is the general idea, all in the cloud and Nethsecurity on premisses and VPN to the cloud? Several use Digital Ocean or Contabo

That would make home working/road warrior pretty easy too, also adding new offices

How about storage? Want to go for a S3 compatible storage witha. VPS provider, or use NS VPS onboard storage? I would opt for a seperate S3 compatible object storage.

Per office location or in the cloud? Beware that NethVoice is primarily intended for Nethsesis partners and has limited functionality in the Open Source and unsupported version.

How about the individual components setup such as (web)mail, groupware/calendering, domain (Samba/LDAP) etc?

Just poking around here :wink:

Again, welcome!

3

Hi @LayLow ,

Honestly, at the moment I’m not sure - that’s really what I’m looking for advice on.

Currently I have the Leader Node on the cloud VPS, with a worker node on a local VM inside Proxmox.

Leader node has domain and users, email, ejabberd and webtop on it. The worker node is setup as a provider for the domain and nextcloud.

We currently do groupware though our existing NextCloud - but I do like the look of WebTop and have also used SoGo in the past successfully.

It’s all experimental, so none of it is being used in production. I’m open to all suggestions about the best way to proceed.

I like the idea of the firewall being controlled from the same central location. We’re a small company so don’t have a dedicated IT department (other than me when not doing the actual job!)

Thanks for the input :slight_smile:

Kieran

4

So you need to create a high level architecture and make some descisions.

  1. Are we going full blown off-site to the cloud with a local/remote copy
  2. Where do we store our main data (security, accessibility, legislation, backup, copy)
  3. Do we use Nextcloud as our main collaboration platform, does it do what we want. Or do we break functionality apart into technology chuncks. (Mail, ActiveSync, Calendering, deleation)
  4. What to do with legacy apps that require windows? (if any)
  5. Do we go for SAMBA or LDAP (pro/con, possibilities)
  6. Do we expect home workers/take-overs/expansion
  7. How are we going to setup access to the cloud (VPN, site-to-site)
  8. How are we going to secure all sites/home offices (NethSecurity)
  9. Is our ‘cloud’ going to be VPS, or hardware and proxmox, or do we go on prem

So, the game here is asking as much questions as possible, en then construct a wishful profile of your IT setup. This is just me!, So let’s hope others chime in with idea’s.

cc: @capote @dan @transocean

5

I set this exact scenario up during the migration. It worked perfectly.

If you know how to install NS8, configure Samba/AD and add a worker node, you’ve already got everything sorted.

You can work with that.

I don’t use Nethsecurity; I have my local servers on a UniFi-managed network.

1 Like
6

Thanks @capote ,

I’ve manged to get one of the desktops connected to the domain and got a successful domain login. Any particular suggestions around DNS for the local networks? Currently I’ve just hard coded the DC IP address into the desktop to allow it to find the domain.

The desktop is Mint Linux - so not yet played with home directories - just domain login.

It’s helpful to know that the setup I’m playing with isn’t wildly off :slight_smile:

Overall unbelievably impressed with NethServer so far.

Thanks!

7

You should use split DNS.

  1. A public DNS server with the standard public DNS entries:
yourserver.com
mail.yourserver.com
  1. An internal server behind your gateway with the internal DNS entries:

nextcloud.office.yourserver.com

  1. You must define the internal server in the public DNS to enable the management of LE certificates

so there too

nextcloud.office.yourserver.com should point via CNAME to the WAN DNS of your office network.

Example:

dargels.de. 86400 IN A 152.53.121.241
vpn.dargels.de. 60 IN A 93.253.224.147 (my DynDNS-WAN-Port)
gw.home.dargels.de. 86400 IN CAME vpn.dargels.de.
nextcloud.home.dargels.de. 86400 IN CAME gw.home.dargels.de.
wiki.home.dargels.de. 86400 IN CAME gw.home.dargels.de.
collabora.home.dargels.de. 86400 IN CAME gw.home.dargels.de.
1 Like