During the last month, Nethesis had some meetings to plan the future of NethServer.
We would like to share our thoughts and get your feedback.
CentOS 8 is out for a year and it can be considered stable, but is it mature enough for our purposes?
We did some experiments and we found that:
- it’s a cloud-oriented distribution focused on containers
- many things we use in NethServer 7 are missing (notably SCL)
- it’s not a good distribution for an UTM firewall: nftables is the new default with limited firewalld support, also there is no shorewall or equivalent software
Network security will probably change very fast in the near future: is an UTM firewall still useful when all workers are remote? If nobody is at the office, does it make sense to have a firewall that filters internet traffic and protects just a few hosts?
The next-generation firewall will probably focus on zero-trust networks, VPNs and WAF.
And none of these applications can easily be built on top of CentOS 8.
We believe NethServer should focus on two main points:
- privacy: you own your data and you can store them anywhere you want
- simplicity: the configuration should be easy for administrators with little or no experience
Until now, we always followed CentOS schedule: when a new major version was out, we ported NethServer to it.
So, is it really worth porting NethServer 7 to CentOS 8? Mmh, not really.
When we switched from 6 to 7, we had new technologies that helped us to improve the product, like systemd and containers for Samba 4. CentOS doesn’t bring in any appealing technology.
If we remove the firewall part, what will NethServer be then? Will NethServer be just a platform for running containers?
Nowadays many NAS can run many more applications than NethServer.
Having a platform that just runs containers is not enough: applications should be configured, secured inside a backup and upgraded smoothly.
One of the most requested features from our customers is the ability to manage multiple NethServer installations from one place. This sounds much like an orchestrator, so we even dove a bit into things like Kubernetes and Nomad.
And of course, this is the right moment to make radical changes and embrace new technologies, like:
- replacing the esmith database with something more modern and cluster-aware (etcd, consul, redis)
- replacing perl templates with … ansible jinja? or no templates at all?
The IT world is running fast toward an ecosystem of distributed microservices: users and administrators just want access to services, no matter how they are handled under the hood.
These are our still open questions:
- does it still make sense to develop a distribution?
- is the all-in-one server still a valid solution?
- is it time to start the development of NethServer 8?
- should the NethServer 8 be just a solid base to run or orchestrate multiple services?
- what will be the base for the UTM firewall, if any?
NethServer 7 will be EOL in more than 4 years, so we have plenty of time to make a great NethServer 8 together!