Putting words where comes from…
Only I nominee Debian as “option” for an possible (not considered) leap if CentOS 8 would not fit the needs of NethServer. Leaving behind a such a stable and well supported distro is not a thing that the devs would consider without deep thinking and evaluating. The distro arrival is surely good and well mantained, but it’s not the shortest step in the world.
Also, the most “not nice” thing of CentOS 7 is Kernel 3.10. I know, is mantained maybe from the largest community of “server interest” developers, but consumer Linux is on 5.4 and several advantages are achieved from Kernel 4.1x or 3.10. I’m asking myself if the 3.1x kernel could properly/fully use the capabilites of chiplet-based CPU, unlocking the “full power” could be delivered, and i also don’t know (it’s me lacking of info) if such interesting things like NVMe and PCIe4 are on board or not for stable performance improvement.
Getting on topic… ARM is a really nice toy, but Small Medium Enterprise servers will be x64-based for at least 5 more years. Maybe some ARM boards will be interesting for small use services or non-x64 appliances (bit more efficient) but with such a loss of computational power. (I am eager to see the first embedded AMD Zen-Based APU/CPUs)
Moving away from such a stable and well maintained distro isn’t the thing to do on an impulse, not even after a nights sleep.
But if pushed far enough, I tend to plan ahead and verify my options. If the day X comes, where a drop of water makes the barrel overflow, I’ll be ready long ahead!
Hardware / CPU:
At the moment, there’s no real alternative for Intel / AMD, both which use x86 compatibility. ARM is nice, I use Raspberries even professionally, but comparing the CPUs of x86 and ARM isn’t really a fair comparison. And a SOC, like the Raspberry uses, does have it’s IO issues, as all peripherals including LAN are connected via a USB3 (RPi4) hub internally. And even though that sounds not too bad, you need to take into account, that a Raspberry can’t reach full USB3 speed.
Very interesting reading, especially for me who is fairly new in this forum and setting up our infrastructure based on ProxMox virtualized nethservers, which will serve infra services for mostly windows clients. I am also very happy with the options nethserver provides, and would like to add one thing to the wishlist. If in the future there will be a possibility to have a backup domain controller for AD I would really appreciate it.
Besides nethserver itself, which I think will do a nice job for our company I am very happy being part of this very kind and helpfull community.
Quite frank I’m a bit disappointed in el8 (too…), It seems to geared up in a specific direction and sure if this fits (whatever) requirements NS8 would have…
OT because of the disappointment looked around for rpm-dnf/yum based distro’s and gave Mageia an try. Please try to install a system to build on as “bare” as this with el8:
Given: no services like a firewall and such, needed to be added;
But isn’t this a beauty ? (yeh, love minimalistic)
IMHO you should rethinking the firewall for the future. It’s not just what is coming in. With IOT you need to watch what is going out of unsuspected devices and isolate those. (believe me: designing the hardware of those devices)
Well i’m here because I’m cloud-phobic and to some extent probaly more nethservians are. Can not (=EDIT) judge if this can be a feasible business case.
However personally do not see the BIG difference from a user perspective between an user session and a (cloud) container providing a service. Probably from an admin point of view it’s different though…
For me the big is how would a hybrid-cloud approach look like
Then, the Email Aliasing is a Pain in the * for example, just in our company alone, we run multiple brands.
we can’t get just an email for that domain; it has to be an alias of an already existing domain.
We have scenarios whereby, A person managing brand B, is not associated with brand A. why do they need to have an email for both brand A and brand B?
So, how we handle this. We have nethserver with all the bells and Whistles, as the Main ldap provider and “internal” email but then we have another email system. where all the other brands email is hosted.
Finally, DNS management. it would be cool to have a full DNS manager. one that is able to handle A,AAA,MX,NS,CNAME and all manner of DNS records.
So that we stop having another separate system for managing our DNS records.
The fact that Nethserver already has user delegtaion, we can then have user assigned to manage DNS of only specific domains.
Nextcloud being available on multiple URLs can be done, but it takes tweaking to the templates. But I’d expect, then, that everyone would still log in with their own email address, and the rest of it ought to Just Work™.
Meaning, also a different login methods can be defined for each of those instances.
For smaller situation. a built in login can be used. but for larger. ldap/SSO/ other public providers.
Yeah, I’m pretty sure that would require multiple Nextcloud instances. Nothing stopping you from putting Nextcloud in a vhost, of course, but it would be a manual install.
It just dawned on me while thinking through this; although this question is valid to a certain extent - I would almost say that its the wrong question to be asking. And if one really wants to ask this question, it should only be asked after you have the answer to the question:
Is it time to redefine our of understanding and definition of what an All-In-One server is?
If I may also diverge on a slight tangent: if NS 8 installs the various features using containerisation and the All-In-One server solution is no longer the focus, this does not necessarily mean that an admin cannot achieve an All-In-One solution. All they have to install the various containerised features on a single installation of NS 8 as opposed to multiple installations.
So although its good to ask the question if the All-In-One server is still a valid solution, I think its being asked or approached in the wrong way. Okay - not sure if the work wrong is the correct word, just not sure how to better phrase this.
Think one needs to approach it all completely differently and ask: If we had to start everything again completely from scratch, what do we to achieve and how do we want to achieve it? I think if one had to approach it from that angle, it may help to not only better phrase the question, one may be surprised to have either a partial or complete answer to the question.
One little feature I’ve seen and used elsewhere is the possibility / option to restore parts / segments of the config.
This would be stuff like:
Users & Groups
DHCP
DNS
Firewall (Maybe more split up)
VPN
iBays
etc…
OPNsense comes with this feature, and it’s very nice and practical to use this function to build a “Master” config which can be used for almost all clients.
There are some “Gotchas”, I know, among them dependencies and so on, but should not be impossible or even very difficult to implement.
It would also be a boon for growing companies / institutions using NethServer, to eg split of the mail part to a second NethServer.
If Docker comes in in full force, this feature will make things even more useable!
we are not productive yet, but should go prod asap. What I have setup until now, is three local and one remote nethserver, namely one for just dc, the others joined to the domain as member servers, one for file and printservices and a third one as firewall with dpi, gateway with Threatshield, Proxy. On a hosted server there is a fourth nethserver acting as mailserver and also hosting nextcloud (mainly serving filesharing, small group video conferencing, calendar and contacts via cal-/carddav to domain users) and including firewall services including IPsec VPN. Once productive and everything up and running, I will also setup a asterisk server with freepbx
Not sure if its worth doing the same trick with a lot of the other stuff, taking a step back to reflect and redefine definitions and understanding of feature features and ways of doing things.
Thank you all for taking time to respond to this topic, for sure we are gathering very interesting feedback!
Why not? We are open to all possibilities.
This would be a big change, but I do not know if the swithc would bring us some real benefits.
Still, we have 15 (20?) years of experience on RPM-based distribution and I would like to not through them into the trash bin.
Of course, but on a home firewall you usually do not need some advanced stuff like source natting, hair pinning, multi wan or advanced traffic shaping.
Maybe NethServer 8 could have a very simple firewall for local services and not acting as a firewall/gateway, which could be implemented on a different base.
We totally agree on this, I think this is one of the strongest point.
But in general, I do not think it make a real difference if you are installing NS on a Proxmox machine or on bare metal. The important thing is that you can choose to keep your data on premise.
I do not know, but I’m still using many providers with free IPv4 addresses
If the development of NS 8 will be delayed, we could even think about adding IPv6 on NS 7. But only the community is asking for IPv6, there is no business interest on it: it’s not easy to invest many resources on such implementation without a real profit.
I think we already have tones of feature request inside the forum and we already cherry picked the most asked ones. Of course, feel free to propose new ones! @alefattorini what do you think? Is a survey a good way to gather other feedback on this topic?
I agree: I see NS 8 running mostly on VMs and not the way around.
Yes, but a central configuration usually requires a dedicated system with some highly special configuration. So In my view, the central system would be Dartagnan which could configure multiple NS instances.
You can already do it: it’s just a couple API call inside a cron job to remove them when not needed any more.
We already have it, see Dartagnan .
I strongly believe that the multi-tenant is not a priority for NS, but it doesn’t mean we want to block this possible evolution. I see the multi-tenant more like as multiple instances of a single-tenant as James explained very well
I’m very interested on it. Would you like to do some examples? In your opinion, where should we focus to provide security for IOT devices?
I like the idea, it could be easier with a container approach!
Yes and no. We have a lot of statistics from our Enterprise installations but not from Community.
But since Enterprise installations should outnumber the Community ones, we could take some data-driven decisions. Still, requirements from community are often much different from business ones.