Now that NS8 is the new star at the horizon, I am wondering how it can replace the complete and trusty old NS7 functionality based on Hosted cloud VPS only. I am not affiliated with anybody but tend to use Contabo.com VPS products, so that would be my comparison platform.
NS7:
1 single server
Firewall/Gateway
VPN + Virtual Interface (Dummy interface)
Wordpress
Asterisk
Dokukwiki
Nextcloud
NS8 basics:
1 x VPS as Node 1
1 x VPS as Node 2
1 x Virtual Network (10.x.x.x.x)
1 x VPS as Nethsecurity
Next to the costs, a total setup based on NS8 would be completely different and maybe even tricky.
Can we create/share and co-write a drawing for this based on draw.io or something accessible to all?
For NS7, you did not need two nodes, why do you now need 2 nodes AND a third node for NethSecurity?
On NS7, you could have also splitted it up, with heavy use modules on a second or third VPS besides the main VPS running eg AD and Mailā¦
NS8 can run all modules (besides NethSecurity) on a single node. Iām using / testing this at home now, and it works. I do not use NethSecurity, I have a working OPNsense hardware firewall, which I do not intend to change.
A VPN between two hosts in the Internet is usually not something billed additionally. Unless your hoster blocks two hosts from communicating with another, which would work if they were at diferent hosters. This is not a specific NS7 / NS8 problem, this is a billing issue your hoster (may) have.
As to ārequiringā a firewall like NethSecurity (Or OPNsense for that matterā¦): Most hosters provide a āfront-endā firewall to protect hosts from Internet attacks (In their own interest, and they know that most users / clients canāt handle real firewallingā¦). VPN can be handled by NethServer (NS7, and to some extant also NS8).
This is comparing apples with pears!
My 2 cents
Andy
PS:
Pear-PC was once an open-source emulation running on Intel based chips, to emulate a Power-PC, which is what then Apples were running on. It barely worked, at about 1 hundredth of the native speed of the CPUā¦ Not really usable. And Apple still makes usable Desktops. (They can also run Windows or Linux Desktop OSā¦)
Having multiple nodes is using the capabilities on the NS8 design, not strictly required but holding off on that is not wise. the portfolio of services of the various cloud providers vary a lot, Contabo will charge for a virtual network between nodes. Nethsecurity is an essential part of the comparison and required. I do not have a at home setup. Hence the title.
NS7 also had these ācapabilitiesā and design options, as the illustration above shows. OK, you need a full ārootā server, not a VPS, but itās easily possible with NS7 - and also with NS8!
Splitting stuff up was already around in Mainframe times - as was virtualization.
The VPN is intended for road warriors and home users connecting to 1 of the NS8 nodes and have full access to all services provided by NS8 and modules. VPN as in Wireguard.
That would not be an option for an adding VPSās as nodes is WAY much easier and WAY cheaper then adding full root/bare metal servers/nodes. Also adding a storage VPS for use with e.g. Nextcloud is MUCH easier and cheaper.
Now, as Electric is more consience positive, I āneedā a Teslaā¦
Not really a ācongruentā comparison Matrixā¦ !!!
A single bare metal Hypervisor like Proxmox can easily run 10-20 VMs (nodes) on a single host, but just as easily on 2 or three hosts, depending on load. VPS you need severalā¦
Nah, just trying to see how I can achieve the same as I have now on NS7 with NS8. And next to that see how this works out architecture wise, budget wise and additional benefits.
Not a big to ask I guess, especially since NS7 will fade away, so just prepping here.
A NS8 cluster does not need to run behind a firewall device.
More specifically, if I want to run AD + File Server, I use a local node, not a cloud one. If I really must do it, a VPN for Windows clients is needed.
Thanks, so I can run a NS8 cluster (like a NS7 server) in the cloud āas isā no additional features required to provide services to the public internet without specific firewall (NS7 gateway mode) ? And the NS8 cluster is fully secure/protected? If so, what is the added value to NS8 of Nethsecurity pls?
Yes.
NS8 has a built-in firewall that is used to expose only relevant ports to the public network: Firewall ā NS8 documentation
Yes.
Itās an UTM firewall and you can use it as any other firewall in your network, itās just up to you.
Apart from this, NS8 can host NethSecurity controller and can collect metrics and logs from all connected firewall.
We also have some plans to integrate more NS8 and NethSecurity using other tools like an IPS or a SIEM.
I am reviving this topic since I think more people are having a VPS ONLY situation.
I would like some thoughts on best practices to install and run NS8 on a VPS.
Especially having security and massive attempts and probes for open ports etc.
I would restrict this to a SINGLE node. I guess no dedicated firewall is possible then.
Is it also not possible to enable a firewall on the hosting OS (in my case Debian 12)?