What i do not understand, however, is where the new use case or significant change in the use case is, that justifies to come up with a completely new solution approach.
Cloud tech stacks are there to solve a scale out problem, which they do very well, and which justifies for their complexity. However, nethserver has no scale out use case. In my opinion, it just inherits the complexity without providing the benefits.
Somehow I fail to understand why this is a good decision. Can you please explain the rationals?
i think @davidep and core architects can better answer these questions.
the main reason for the cloud architecture is in my basic understand is, it easy allows the multi node architecture, and thus, the ability to migrate quickly apps between nodes.
since we are now platform agnostic, we inherit the benefits in the same, maybe, you never know in future all OS might be supported, since the core manages apps which are containers etc.
Always with respect for the work of Nethesis and all those who do/do this INCREDIBLE work.
The only thing I see in the forum about NS8 are errors and more errors. Bugs and more bugs. A migration tool, which causes problems. Migration that, on the other hand, depends on which applications will not be able to be migrated, since NS8 is not NS7…
Furthermore, until now, I had everything I needed on a single server.
With NS8 this changes, and I have to have 2 servers; one for NS8 and one for NethSecurity. (Yes, I know about virtualization, but everyone is free to decide how/where to install a server)
I insist, always without detracting from your work and with all due respect.
But I also see it just inherits the complexity without providing the benefits.
I think have tried to have a product as polished as NS7 in a short time. As a Spanish expression says: “Corre, que nos pilla el toro” “Run, the bull will catch us”
3 Likes
The MAIN reason, as I see it is a follow up of the multiple issues NS7 has had due to the LTS issues (old libraries, old PHP, and all the issues multiple versions of MariaDB / PHP brought us, all trying to alleviate the issues of LTS running old stuff!
10 years LTS is too long a time!
My 2 cents
Andy
…but that’s exactly what you require users to do, since you provide no tooling at all to manage the underlying server. How do I configure the network? By manually editing configuration files. How do I update software? Using command-line tools. How do I reboot the server, for heaven’s sake? Using command-line tools.
I don’t in the least object to using containers as apps–given the current software environment, I think it makes a lot of sense. But discarding any way of managing the system itself still seems like a bad move.
I like that NS8 can run on a (small) variety of base OSs. I like, specifically, that I can run it on Debian. But I’d gladly give that up if it meant that there was an “official” management tool for basic management of the server itself. Sure, we can install Webmin, or Cockpit, or probably other things, but this really is a big hole in the product.
2 Likes
You’re not the only one. I figured out something similar…
and probably @Andy_Wismer forgot that.
Despite the commercial number 8 put for version, this is more like a 1.0 version product now. IMO currently closer to 0.8 considering bug reports and support requests I see here (not taking tour to Trello, actually).
I can only say… Which persons would go back to Windows 7, Mac OS X 10.4 Tiger or SLED 12? Or even… Slackware 14? Even 32 bit?
Beside some “incorrect details” into the page linked from alefattorini about “why container is better” (disk space is way more overhead in containers compared to single servers, virtual or not) currently container are common (sometimes… the only) way some products are delivered to customers/market. Allowing also easier major version changes of product or underlying components. Sometimes a container might be… disposable from the beginning.
Without underlying “good enough” distro to keep evolving SMEServer/NethServer, taking the burden risking to be left back as a market-ready alternative (it’s not ready yet but whathever) was far from ideal.
I’ve been critic with this decision and still I am now, but beside all the downsides (more than once were rebutted as “not so important” from dev team) I see the sense of that.
Luckily, all softwares on NS7 are more or less GPL with source available. It will not be fast and easy export data to other installations, but still possible thanks to dev documentation of NS7 and documentation of the provided package/module.
If at the end of the september (personal and probably wrong evaluated time) NS8 will be closer to 1.0 Beta that now is probably the migration process will be 98% of scenarios working flawlessly
2 Likes
Not really.
But all in one including firewall is something of the last millenium. And it also seems to be a state of mind, like using .local, .lan oir stuff like that.
And also: seriously considering using a single core hardware (extinct since about 20 years!) running as firewall, with “threat shield” and “suricata” running, and thinking it’s secure enough. Suricata, on an underpowered CPU just can’t even handle a 10 MBit internet connection without overloading the CPU…
Illusions are nice in life, especially when you believe your own. It’s also known as an “echo chamber”…
Note:
I’m NOT a fan of containers, and the bad security premises they bring along. The pita for handling random folder names IPs and ports all has to be added in.
I’m all in for virtualization, which has countless benefits even for SME / Home environments.
A real advantage of containerization is scalability - but the overhead for unneeded scalibility is often too much for a typical SME.
The need for several versions of eg MariaDB / PHP on the same system has more or less been obviated just by using a more current basis, which already comes with the latest and greatest PHP, MariaDB, et Al.
There are a LOT of requests / bug reports and similiar, however, a lot a put forward by a few users not really using the stuff.
Three LDAP servers on a VPS running a single node of NS8? Imaginary problems at the moment. These non-issues may help in tracking bugs, when they’re real issues, but wishful thinking of users eating up dev time for no real reason is kinda selfish in my opinion.
That the migration utility barfs so often at the BASIC stuff like file / mail / account provider migration is a no go! The quality of system messges in this respect is even below that of certain Microsoft Error messages! And: too often none show up, it just seems to hang.
Maybe check the date on your calendar / pc, it’s 2024! We are no more in the 1990ies.
Reusing 10 year old hardware for clients just ain’t professional in Europe! Especially not for security!
And still using proven wrong concepts of the ninties is just as bad.
My 2 cents
Andy
ah, someone seems to have come to my challenges as well. I miss the disk management features the most from NS7,
Network manageemnt is also mager issue.
Why is it hard or not possible to add a reboot, package manager etc on the user interface, surely…
Also, Fun fact to the dev.
not everyone has my energy of requesting for things, explaining and re-explaining why it is needed or important, especially considering a previous version of system supported it.
its like an accounting system that supported double entry accounting, and a new version removed that function in favour of invoice balances.
when informed we need charts of accounts and ledgers, requires alot of efforts explaining why that is needed. i still atleast have the energy of trying to explain and re-explain, others not so much.
while the approach is, key over the top features, we also need to pay tribute to the years of works put into play with the other features. is it so hard to port NS7 cockpit to rocky and alma versions of ns8, with some functions removes, and leaving networks and disk management and partitions etc. i think thats what users are asking for. remove all that has been implemented in ns8, add those that have been removed. containers are complex, oh so much so, you have no idea, and i am a dev. what about a non dev…
i love NS8, dont get me wrong, and i belive in the vision and see the future of what it holds and can hold in the SME or even enterprise space as business server, however i feel, we need more listening ears from dev.
1 Like
I agree from a technological evolutionary point of view, because how you write is a tangible reality. The good nethserver 7 is the result of many improvements applied over the years have made this product a truly flexible server. My first feeling with ns8 was not positive, difficult and sparse product, similar to that of a boxed server or windows server, where you modify very little. As much as my opinion may be worth, I am sure that ns8 will become an excellent server thanks to requests from the community in order to manage it more easily. After all, the architecture is different, the product is different, but this does not have to be synonymous with discouragement. I have had the opportunity to see that the dev team and many users, thanks to their commitment and efforts, have made improvements and ease of use to the neth servers. Finally, I remain optimistic that ns8 will be a NEW product that will bring with it the improvements requested by users.
1 Like
my sentiments as well.
I would say the release was great, and many test cases and bugs reported are due to results of way more many people using the system, and potentially using non convectional methods of setup that the developers would not in any way have identified unless other members tinkered with the system.
and 8.1 is around the corner that would bring with it alot of improvements, additions and improvements as suggested by users.
I, as a developer i am playing my role in shaping this new future by working as much as possible to contribute apps that would make NS8 a viable alternative to all other SMB and SME solutions out there.
I know the core dev can do it, but at the moment they are focused on delivering a robust product for the benefits of all
Is your opinion, i can relate with that but sometimes is the only way. Not feeling to say nothing different than my opinion, not “the truth” 
You’re correct about the unrealistic goal, but according to information that I have, Core 2 Solo CPU from Intel stopped delivering into 2010. More like 14. 
Indeed you’re correct, hardware vulnerabilities about speculative execution will mop the floor generating one of the biggest eWaste load of last decades; recently even the machined aluminium tower known as Apple got struck hard on that, in a really catastrophic way.
However it’s useless rant about hardware, on a software project, don’t you think?
It’s a consequence of paradigm shift. In NS7 that scenario was “three VMs”.
NS8, due to container constrains and capabilities, should be one installation on a VPS and be possible. If will not… why nethesis decided to complicate the wheel for having the same limitations? Only to allow faster migration than backup, shutdown, reinstall, restore while changing “metal”? 
Time will tell. As stated before, a “single server” cluster is an unreliable and overheaded cluster.
I do agree with his.
Not as long as people here constantly ask about old network NICs and drivers for NICs…
And reusing old hardware…
Not really, just user LazyLow trying to squeeze out more from his VPS for that specific issue.
NS8 can install 3 LDAPs, but only one will be accessible, ergo only one has a use. the others are “fantasy” problems he doesn’t really have, as on NS7 he wasn’t running any VMs (Not possible on a VPS!). I consider this egoistic wasting of valuable devs time - and you know as well as I do that NS8 needs a lot more “real” work done, solving real problems, not such fantastic questions.
And it’s certainly not helping migration from NS7, if you plan on using much more than was possible in NS7!
My 2 cents
Andy
That’s really funny!
I’m sorry, but your answer reads like this to me: “The ball is in your court.”
I am really surprised at the response my belly rumbling has triggered. Even if it doesn’t change anything about the current situation, it’s good to feel that I’m not alone in this.
What interests me now is what conclusions do the core development team draw from this? @stephdl @davidep @alefattorini Have you ever discussed internally which deficits in the community make acceptance more difficult? Can you not only understand the problems, but do you actively address them?
Do you have a plan for improving the user experience?
I hardly read anything about this in the announcements for NS8.1.
Or is it unfortunately our concern how to deal with it?
Perhaps it would be helpful to ask about the individual wishes and arguments expressed here separately, in order to measure the intensity of the pain and enable solutions to be prioritized?
As stated before…
checked all boxes for the hardware requirements.
Never read you writing “NethSec should support only multicore CPUs because 1 core is simply not enough.”
Anyway, i will understand if the 100mbit realm will be cut off for sake of more compact image, less clutter, lesser degree of complication. However… still not at that point.
@capote I feel you and I’d like to summarize for everyone
We extensively discussed the choice of NethServer 8 in the past. If you want, I can link here all the countless discussions we had, about whether it was the right choice and how to proceed. It wasn’t decided elsewhere; it was done here in the community. Perhaps some may not remember, or maybe they were distracted or had other things to do, which is normal. But saying that it wasn’t discussed with the community is untrue and unfair.
For those who don’t recall, below are the reasons that drove us (in some cases, forced us) to transition to NethServer 8:
- Need to be independent of the distribution (does anyone remember the CentOS EOL and the instability of Stream?)
- Having an updated technology stack
- Ease in creating new apps (e.g., containers)
- Ability to easily manage hybrid on-premise cloud situations
- Greater versatility compared to an all-in-one distribution, such as the ability to install the same app on a single node
NethSecurity
The choice of a similar technological stack compelled us to review the firewall aspect and separate it into a separate project (always open source), as many of you have requested over time and as similar firewalls already exist (e.g., pfSense, OPNsense), meaning a project that focuses solely on the firewall.
Bugs
We rebuilt everything from scratch with a completely new technology, so, naturally, there may still be some rough edges. However, I assure you that there are already many systems in production, and many more will be coming in the next few months. NethServer and NethSecurity are not toys but services for businesses.
I got you.
Over time, we will improve certain aspects related to LAN integration: we have added local destinations for backups, and with version 8.1, the DNS and DHCP services will be introduced. This seems to me to be in line with what you want, and it’s worth emphasizing.
4 Likes
I think we can both agree on:
- Still a lot of work to do for NS8…
- Even more work to be done for NethSecurity.
I will test drive NethSecurity, but at the moment, OPNsense works excellently!
I hardly ever use Suricata, as it eats up CPU, mostly for nothing.
However, Threat Shield seems popular on NS7 and therefore Suricata. And this seems the case here too.
So I will need more testing myself…
But this does not mean i will use either.
My 2 cents
Andy
X for doubt…
That is correct, was discussed…
hybrid on-premise hosting… situations…
Introduced a feature that was in NethService, NS6, NS7?
Such a novelty.
1 Like
I’m sorry man but your sarcasm is useless and counterproductive for the atmosphere of this community and even more so since you hold the role of community padawan in the title. I hope this is the last time I read it.
4 Likes
Sugarcoating the lacking of functionalities won’t make them appear. Marketing coating the unfinished status and growing pants and pains of the container orchestrator won’t make disappear the problems.
Community might become customers, that’s fair, however it’s not knowledge-free enough forn not perceive the difformity of the declarations to the status. Both projects are growing and need improvement: UI, UX, processes, documentation, system requirements.
It’s gonna be allright? I don’t know. Repeating “everything is fine” is way too much distant from the status, but repeating countless times makes me ask "Why is so important to say that? It’s an ad?
Please, remove the title.