Now that NS8 is the new star at the horizon, I am wondering how it can replace the complete and trusty old NS7 functionality based on Hosted cloud VPS only. I am not affiliated with anybody but tend to use Contabo.com VPS products, so that would be my comparison platform.
NS7:
1 single server
Firewall/Gateway
VPN + Virtual Interface (Dummy interface)
Wordpress
Asterisk
Dokukwiki
Nextcloud
NS8 basics:
1 x VPS as Node 1
1 x VPS as Node 2
1 x Virtual Network (10.x.x.x.x)
1 x VPS as Nethsecurity
Next to the costs, a total setup based on NS8 would be completely different and maybe even tricky.
Can we create/share and co-write a drawing for this based on draw.io or something accessible to all?
For NS7, you did not need two nodes, why do you now need 2 nodes AND a third node for NethSecurity?
On NS7, you could have also splitted it up, with heavy use modules on a second or third VPS besides the main VPS running eg AD and MailâŠ
NS8 can run all modules (besides NethSecurity) on a single node. Iâm using / testing this at home now, and it works. I do not use NethSecurity, I have a working OPNsense hardware firewall, which I do not intend to change.
A VPN between two hosts in the Internet is usually not something billed additionally. Unless your hoster blocks two hosts from communicating with another, which would work if they were at diferent hosters. This is not a specific NS7 / NS8 problem, this is a billing issue your hoster (may) have.
As to ârequiringâ a firewall like NethSecurity (Or OPNsense for that matterâŠ): Most hosters provide a âfront-endâ firewall to protect hosts from Internet attacks (In their own interest, and they know that most users / clients canât handle real firewallingâŠ). VPN can be handled by NethServer (NS7, and to some extant also NS8).
This is comparing apples with pears!
My 2 cents
Andy
PS:
Pear-PC was once an open-source emulation running on Intel based chips, to emulate a Power-PC, which is what then Apples were running on. It barely worked, at about 1 hundredth of the native speed of the CPU⊠Not really usable. And Apple still makes usable Desktops. (They can also run Windows or Linux Desktop OSâŠ)
Having multiple nodes is using the capabilities on the NS8 design, not strictly required but holding off on that is not wise. the portfolio of services of the various cloud providers vary a lot, Contabo will charge for a virtual network between nodes. Nethsecurity is an essential part of the comparison and required. I do not have a at home setup. Hence the title.
NS7 also had these âcapabilitiesâ and design options, as the illustration above shows. OK, you need a full ârootâ server, not a VPS, but itâs easily possible with NS7 - and also with NS8!
Splitting stuff up was already around in Mainframe times - as was virtualization.
The VPN is intended for road warriors and home users connecting to 1 of the NS8 nodes and have full access to all services provided by NS8 and modules. VPN as in Wireguard.
That would not be an option for an adding VPSâs as nodes is WAY much easier and WAY cheaper then adding full root/bare metal servers/nodes. Also adding a storage VPS for use with e.g. Nextcloud is MUCH easier and cheaper.
Now, as Electric is more consience positive, I âneedâ a TeslaâŠ
Not really a âcongruentâ comparison Matrix⊠!!!
A single bare metal Hypervisor like Proxmox can easily run 10-20 VMs (nodes) on a single host, but just as easily on 2 or three hosts, depending on load. VPS you need severalâŠ
Nah, just trying to see how I can achieve the same as I have now on NS7 with NS8. And next to that see how this works out architecture wise, budget wise and additional benefits.
Not a big to ask I guess, especially since NS7 will fade away, so just prepping here.
A NS8 cluster does not need to run behind a firewall device.
More specifically, if I want to run AD + File Server, I use a local node, not a cloud one. If I really must do it, a VPN for Windows clients is needed.
Thanks, so I can run a NS8 cluster (like a NS7 server) in the cloud âas isâ no additional features required to provide services to the public internet without specific firewall (NS7 gateway mode) ? And the NS8 cluster is fully secure/protected? If so, what is the added value to NS8 of Nethsecurity pls?
Yes.
NS8 has a built-in firewall that is used to expose only relevant ports to the public network: Firewall â NS8 documentation
Yes.
Itâs an UTM firewall and you can use it as any other firewall in your network, itâs just up to you.
Apart from this, NS8 can host NethSecurity controller and can collect metrics and logs from all connected firewall.
We also have some plans to integrate more NS8 and NethSecurity using other tools like an IPS or a SIEM.