Now that NS8 is the new star at the horizon, I am wondering how it can replace the complete and trusty old NS7 functionality based on Hosted cloud VPS only. I am not affiliated with anybody but tend to use Contabo.com VPS products, so that would be my comparison platform.
1 single server
VPN + Virtual Interface (Dummy interface)
1 x VPS as Node 1
1 x VPS as Node 2
1 x Virtual Network (10.x.x.x.x)
1 x VPS as Nethsecurity
Next to the costs, a total setup based on NS8 would be completely different and maybe even tricky.
Can we create/share and co-write a drawing for this based on draw.io or something accessible to all?
For NS7, you did not need two nodes, why do you now need 2 nodes AND a third node for NethSecurity?
On NS7, you could have also splitted it up, with heavy use modules on a second or third VPS besides the main VPS running eg AD and Mail…
NS8 can run all modules (besides NethSecurity) on a single node. I’m using / testing this at home now, and it works. I do not use NethSecurity, I have a working OPNsense hardware firewall, which I do not intend to change.
A VPN between two hosts in the Internet is usually not something billed additionally. Unless your hoster blocks two hosts from communicating with another, which would work if they were at diferent hosters. This is not a specific NS7 / NS8 problem, this is a billing issue your hoster (may) have.
As to “requiring” a firewall like NethSecurity (Or OPNsense for that matter…): Most hosters provide a “front-end” firewall to protect hosts from Internet attacks (In their own interest, and they know that most users / clients can’t handle real firewalling…). VPN can be handled by NethServer (NS7, and to some extant also NS8).
This is comparing apples with pears!
My 2 cents
Pear-PC was once an open-source emulation running on Intel based chips, to emulate a Power-PC, which is what then Apples were running on. It barely worked, at about 1 hundredth of the native speed of the CPU… Not really usable. And Apple still makes usable Desktops. (They can also run Windows or Linux Desktop OS…)
Having multiple nodes is using the capabilities on the NS8 design, not strictly required but holding off on that is not wise. the portfolio of services of the various cloud providers vary a lot, Contabo will charge for a virtual network between nodes. Nethsecurity is an essential part of the comparison and required. I do not have a at home setup. Hence the title.
That would not be an option for an adding VPS’s as nodes is WAY much easier and WAY cheaper then adding full root/bare metal servers/nodes. Also adding a storage VPS for use with e.g. Nextcloud is MUCH easier and cheaper.
Thanks, so I can run a NS8 cluster (like a NS7 server) in the cloud ‘as is’ no additional features required to provide services to the public internet without specific firewall (NS7 gateway mode) ? And the NS8 cluster is fully secure/protected? If so, what is the added value to NS8 of Nethsecurity pls?
It’s an UTM firewall and you can use it as any other firewall in your network, it’s just up to you.
Apart from this, NS8 can host NethSecurity controller and can collect metrics and logs from all connected firewall.
We also have some plans to integrate more NS8 and NethSecurity using other tools like an IPS or a SIEM.